upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-28 20:30:59 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
haproxy/src/proxy.c

5318 lines
166 KiB
C
Raw Normal View History

[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* Proxy variables and functions.
*
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
* Copyright 2000-2009 Willy Tarreau <w@1wt.eu>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
*/
#include <unistd.h>
[BUILD] fix 2 minor issues on AIX AIX does not know about MSG_DONTWAIT. Fortunately, nearly all sockets are already set to O_NONBLOCK, so it's not even required to change the code. It was only necessary to add this fcntl to the log socket which lacked it. The MSG_DONTWAIT value has been defined to zero when unset in order to make the code cleaner and more portable. Also, on AIX, "hz" is defined, which causes a problem with one function parameter in time.c. It's enough to rename the parameter there. Last, fix a missing #include <string.h> in proxy.c.
2007-11-30 12:38:35 -05:00
#include <string.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
MEDIUM: proxy: switch conf.name to cebis_tree This is used to index the proxy's name and it contains a copy of the pointer to the proxy's name in <id>. Changing that for a ceb_node placed just before <id> saves 32 bytes to the struct proxy, which is now 3112 bytes large. Here we need to continue to support duplicates since they're still allowed between type-incompatible proxies. Interestingly, the use of cebis_next_dup() instead of cebis_next() in proxy_find_by_name() allows us to get rid of an strcmp() that was performed for each use_backend rule. A test with a large config (100k backends) shows that we can get 3% extra performance on a config involving a static use_backend rule (3.09M to 3.18M rps), and even 4.5% on a dynamic rule selecting a random backend (2.47M to 2.59M).
2025-07-15 05:47:54 -04:00
#include <import/cebis_tree.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <import/eb32tree.h>
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
#include <haproxy/acl.h>
REORG: include: update all files to use haproxy/api.h or api-t.h if needed All files that were including one of the following include files have been updated to only include haproxy/api.h or haproxy/api-t.h once instead: - common/config.h - common/compat.h - common/compiler.h - common/defaults.h - common/initcall.h - common/tools.h The choice is simple: if the file only requires type definitions, it includes api-t.h, otherwise it includes the full api.h. In addition, in these files, explicit includes for inttypes.h and limits.h were dropped since these are now covered by api.h and api-t.h. No other change was performed, given that this patch is large and affects 201 files. At least one (tools.h) was already freestanding and didn't get the new one added.
2020-05-27 06:58:42 -04:00
#include <haproxy/api.h>
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
#include <haproxy/applet.h>
MEDIUM: proxy: implement dynamic backend creation Implement the required operations for "add backend" handler. This requires a new proxy allocation, settings copy from the specified default instance and proxy config finalization. All handlers registered via REGISTER_POST_PROXY_CHECK() are also called on the newly created instance. If no error were encountered, the newly created proxy is finally attached in the proxies list.
2025-12-18 03:51:27 -05:00
#include <haproxy/backend.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/capture-t.h>
REORG: include: move cfgparse.h to haproxy/cfgparse.h There's no point splitting the file in two since only cfgparse uses the types defined there. A few call places were updated and cleaned up. All of them were in C files which register keywords. There is nothing left in common/ now so this directory must not be used anymore.
2020-06-04 18:00:29 -04:00
#include <haproxy/cfgparse.h>
REORG: include: move cli.h to haproxy/cli{,-t}.h Almost no change except moving the cli_kw struct definition after the defines. Almost all users had both types&proto included, which is not surprizing since this code is old and it used to be the norm a decade ago. These places were cleaned.
2020-06-04 14:19:54 -04:00
#include <haproxy/cli.h>
MEDIUM: counters: manage shared counters using dedicated helpers proxies, listeners and server shared counters are now managed via helpers added in one of the previous commits. When guid is not set (ie: when not yet assigned), shared counters pointer is allocated using calloc() (local memory) and a flag is set on the shared counters struct to know how to manipulate (and free it). Else if guid is set, then it means that the counters may be shared so while for now we don't actually use a shared memory location the API is ready for that. The way it works, for proxies and servers (for which guid is not known during creation), we first call counters_{fe,be}_shared_get with guid not set, which results in local pointer being retrieved (as if we just manually called calloc() to retrieve a pointer). Later (during postparsing) if guid is set we try to upgrade the pointer from local to shared. Lastly, since the memory location for some objects (proxies and servers counters) may change from creation to postparsing, let's update counters->last_change member directly under counters_{fe,be}_shared_get() so we don't miss it. No change of behavior is expected, this is only preparation work.
2025-05-07 17:42:04 -04:00
#include <haproxy/counters.h>
REORG: include: move base64.h, errors.h and hash.h from common to to haproxy/ These ones do not depend on any other file. One used to include haproxy/api.h but that was solely for stddef.h.
2020-05-27 10:10:29 -04:00
#include <haproxy/errors.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/fd.h>
REORG: include: move filters.h to haproxy/filters{,-t}.h Just a minor change, moved the macro definitions upwards. A few caller files were updated since they didn't need to include it.
2020-06-04 15:29:29 -04:00
#include <haproxy/filters.h>
MINOR: cfgparse: move proxy post-init in a dedicated function A lot of proxies initialization code is delayed on post-parsing stage, as it depends on the configuration fully parsed. This is performed via a loop on proxies_list. Extract this code in a dedicated function proxy_finalize(). This patch will be useful for dynamic backends creation. Note that for the moment the code has been extracted as-is. With each new features, some init code was added there. This has become a giant loop with no real ordering. A future patch may provide some cleanup in order to reorganize this.
2026-01-30 10:31:04 -05:00
#include <haproxy/frontend.h>
REORG: include: split global.h into haproxy/global{,-t}.h global.h was one of the messiest files, it has accumulated tons of implicit dependencies and declares many globals that make almost all other file include it. It managed to silence a dependency loop between server.h and proxy.h by being well placed to pre-define the required structs, forcing struct proxy and struct server to be forward-declared in a significant number of files. It was split in to, one which is the global struct definition and the few macros and flags, and the rest containing the functions prototypes. The UNIX_MAX_PATH definition was moved to compat.h.
2020-06-04 11:05:57 -04:00
#include <haproxy/global.h>
MINOR: proxy: implement GUID support Implement proxy identiciation through GUID. As such, a guid_node member is inserted into proxy structure. A proxy keyword "guid" is defined to allow user to fix its value.
2024-03-26 10:26:43 -04:00
#include <haproxy/guid.h>
REORG: include: move http_ana.h to haproxy/http_ana{,-t}.h It was moved without any change, however many callers didn't need it at all. This was a consequence of the split of proto_http.c into several parts that resulted in many locations to still reference it.
2020-06-04 15:21:03 -04:00
#include <haproxy/http_ana.h>
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
#include <haproxy/http_htx.h>
MINOR: proxy/http_ext: introduce proxy forwarded option Introducing http_ext class for http extension related work that doesn't fit into existing http classes. HTTP extension "forwarded", introduced with 7239 RFC is now supported by haproxy. The option supports various modes from simple to complex usages involving custom sample expressions. Examples : # Those servers want the ip address and protocol of the client request # Resulting header would look like this: # forwarded: proto=http;for=127.0.0.1 backend www_default mode http option forwarded #equivalent to: option forwarded proto for # Those servers want the requested host and hashed client ip address # as well as client source port (you should use seed for xxh32 if ensuring # ip privacy is a concern) # Resulting header would look like this: # forwarded: host="haproxy.org";for="_000000007F2F367E:60138" backend www_host mode http option forwarded host for-expr src,xxh32,hex for_port # Those servers want custom data in host, for and by parameters # Resulting header would look like this: # forwarded: host="host.com";by=_haproxy;for="[::1]:10" backend www_custom mode http option forwarded host-expr str(host.com) by-expr str(_haproxy) for for_port-expr int(10) # Those servers want random 'for' obfuscated identifiers for request # tracing purposes while protecting sensitive IP information # Resulting header would look like this: # forwarded: for=_000000002B1F4D63 backend www_for_hide mode http option forwarded for-expr rand,hex By default (no argument provided), forwarded option will try to mimic x-forward-for common setups (source client ip address + source protocol) The option is not available for frontends. no option forwarded is supported. More info about 7239 RFC here: https://www.rfc-editor.org/rfc/rfc7239.html More info about the feature in doc/configuration.txt This should address feature request GH #575 Depends on: - "MINOR: http_htx: add http_append_header() to append value to header" - "MINOR: sample: add ARGC_OPT" - "MINOR: proxy: introduce http only options"
2022-12-28 09:37:57 -05:00
#include <haproxy/http_ext.h>
MINOR: proxy: add http_free_redirect_rule() function Adding http_free_redirect_rule() function to free a single redirect rule since it may be required to free rules outside of free_proxy() function. This patch is required for an upcoming bugfix. [for 2.2, free_proxy function did not exist (first seen in 2.4), thus http_free_redirect_rule() needs to be deducted from haproxy.c deinit() function if the patch is required]
2023-05-11 04:30:27 -04:00
#include <haproxy/http_rules.h>
REORG: mailers: move free_email_alert() to mailers.c free_email_alert() was declared in cfgparse.c, but it should belong to mailers.c instead.
2024-06-17 12:39:19 -04:00
#include <haproxy/mailers.h>
REORG: include: move listener.h to haproxy/listener{,-t}.h stdlib and list were missing from listener.h, otherwise it was OK.
2020-06-04 08:58:24 -04:00
#include <haproxy/listener.h>
MINOR: cfgparse: move proxy post-init in a dedicated function A lot of proxies initialization code is delayed on post-parsing stage, as it depends on the configuration fully parsed. This is performed via a loop on proxies_list. Extract this code in a dedicated function proxy_finalize(). This patch will be useful for dynamic backends creation. Note that for the moment the code has been extracted as-is. With each new features, some init code was added there. This has become a giant loop with no real ordering. A future patch may provide some cleanup in order to reorganize this.
2026-01-30 10:31:04 -05:00
#include <haproxy/lb_chash.h>
#include <haproxy/lb_fas.h>
#include <haproxy/lb_fwlc.h>
#include <haproxy/lb_fwrr.h>
#include <haproxy/lb_map.h>
#include <haproxy/lb_ss.h>
REORG: include: move log.h to haproxy/log{,-t}.h The current state of the logging is a real mess. The main problem is that almost all files include log.h just in order to have access to the alert/warning functions like ha_alert() etc, and don't care about logs. But log.h also deals with real logging as well as log-format and depends on stream.h and various other things. As such it forces a few heavy files like stream.h to be loaded early and to hide missing dependencies depending where it's loaded. Among the missing ones is syslog.h which was often automatically included resulting in no less than 3 users missing it. Among 76 users, only 5 could be removed, and probably 70 don't need the full set of dependencies. A good approach would consist in splitting that file in 3 parts: - one for error output ("errors" ?). - one for log_format processing - and one for actual logging.
2020-06-04 16:01:04 -04:00
#include <haproxy/log.h>
REORG: include: move obj_type.h to haproxy/obj_type{,-t}.h No change was necessary. It still includes lots of types/* files.
2020-06-04 05:29:21 -04:00
#include <haproxy/obj_type-t.h>
BUG/MINOR: proxy: fix default ALPN bind settings For "add backend" implementation, postparsing code in check_config_validity() from cfgparse.c has been extracted in a new dedicated function named proxy_finalize() into proxy.c. This has caused unexpected compilation issue as in the latter file TLSEXT_TYPE_application_layer_protocol_negotiation macro may be undefined, in particular when building without QUIC support. Thus, code related to default ALPN on binds is discarded after the preprocessing stage. Fix this by including openssl-compat header file into proxy source file. This should be sufficient to ensure SSL related defines are properly included. This should fix recent issues on SSL regtests. No need to backport.
2026-02-09 07:36:59 -05:00
#include <haproxy/openssl-compat.h> /* required for TLSEXT_TYPE_application_layer_protocol_negotiation */
REORG: include: move peers.h to haproxy/peers{,-t}.h The cfg_peers external declaration was moved to the main file instead of the type one. A few types were still missing from the proto, causing warnings in the functions prototypes (proxy, stick_table).
2020-06-04 12:38:21 -04:00
#include <haproxy/peers.h>
REORG: include: move common/memory.h to haproxy/pool.h Now the file is ready to be stored into its final destination. A few minor reorderings were performed to keep the file properly organized, making the various sections more visible (cache & lockless). In addition and to stay consistent, memory.c was renamed to pool.c.
2020-06-02 03:38:52 -04:00
#include <haproxy/pool.h>
MEDIUM: proxy: make soft_stop() stop most listeners using protocol_stop_now() One difficulty in soft-stopping is to make sure not to forget unlisted listeners. By first doing a pass using protocol_stop_now() we catch the vast majority of them. The few remaining ones are the ones belonging to a proxy having a grace period. For these ones, the proxy will arm its stop_time timer and emit a log message. Since neither UDP listeners nor peers use the grace period, we can already get rid of the special cases there since we know they will have been stopped by the protocols.
2020-10-07 10:52:43 -04:00
#include <haproxy/protocol.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/proto_tcp.h>
REORG: include: move proxy.h to haproxy/proxy{,-t}.h This one is particularly difficult to split because it provides all the functions used to manipulate a proxy state and to retrieve names or IDs for error reporting, and as such, it was included in 73 files (down to 68 after cleanup). It would deserve a small cleanup though the cut points are not obvious at the moment given the number of structs involved in the struct proxy itself.
2020-06-04 16:29:18 -04:00
#include <haproxy/proxy.h>
REORG: rename cs_utils.h to sc_strm.h This file contains all the stream-connector functions that are specific to application layers of type stream. So let's name it accordingly so that it's easier to figure what's located there. The alphabetical ordering of include files was preserved.
2022-05-27 03:25:10 -04:00
#include <haproxy/sc_strm.h>
MINOR: quic: QUIC transport parameters split. Make the transport parameters be standlone as much as possible as it consists only in encoding/decoding data into/from buffers. Reduce the size of xprt_quic.h. Unfortunalety, I think we will have to continue to include <xprt_quic-t.h> to use the trace API into this module.
2022-05-21 17:58:40 -04:00
#include <haproxy/quic_tp.h>
MINOR: cfgparse: move proxy post-init in a dedicated function A lot of proxies initialization code is delayed on post-parsing stage, as it depends on the configuration fully parsed. This is performed via a loop on proxies_list. Extract this code in a dedicated function proxy_finalize(). This patch will be useful for dynamic backends creation. Note that for the moment the code has been extracted as-is. With each new features, some init code was added there. This has become a giant loop with no real ordering. A future patch may provide some cleanup in order to reorganize this.
2026-01-30 10:31:04 -05:00
#include <haproxy/quic_tune.h>
REORG: include: move server.h to haproxy/server{,-t}.h extern struct dict server_name_dict was moved from the type file to the main file. A handful of inlined functions were moved at the bottom of the file. Call places were updated to use server-t.h when relevant, or to simply drop the entry when not needed.
2020-06-04 17:20:13 -04:00
#include <haproxy/server-t.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/signal.h>
MEDIUM: proxy: implement dynamic backend creation Implement the required operations for "add backend" handler. This requires a new proxy allocation, settings copy from the specified default instance and proxy config finalization. All handlers registered via REGISTER_POST_PROXY_CHECK() are also called on the newly created instance. If no error were encountered, the newly created proxy is finally attached in the proxies list.
2025-12-18 03:51:27 -05:00
#include <haproxy/stats.h>
REORG: stconn: rename conn_stream.{c,h} to stconn.{c,h} There's no more reason for keepin the code and definitions in conn_stream, let's move all that to stconn. The alphabetical ordering of include files was adjusted.
2022-05-27 03:47:12 -04:00
#include <haproxy/stconn.h>
REORG: include: move stream.h to haproxy/stream{,-t}.h This one was not easy because it was embarking many includes with it, which other files would automatically find. At least global.h, arg.h and tools.h were identified. 93 total locations were identified, 8 additional includes had to be added. In the rare files where it was possible to finalize the sorting of includes by adjusting only one or two extra lines, it was done. But all files would need to be rechecked and cleaned up now. It was the last set of files in types/ and proto/ and these directories must not be reused anymore.
2020-06-04 17:46:14 -04:00
#include <haproxy/stream.h>
REORG: include: move task.h to haproxy/task{,-t}.h The TASK_IS_TASKLET() macro was moved to the proto file instead of the type one. The proto part was a bit reordered to remove a number of ugly forward declaration of static inline functions. About a tens of C and H files had their dependency dropped since they were not using anything from task.h.
2020-06-04 11:25:40 -04:00
#include <haproxy/task.h>
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
#include <haproxy/tcpcheck.h>
MINOR: proxy: define "add backend" handler Define a basic CLI handler for "add backend". For now, this handler only performs a parsing of the name argument and return an error if a duplicate already exists. It runs under thread isolation, to guarantee thread safety during the proxy creation. This feature is considered in development. CLI command requires to set experimental-mode.
2025-12-17 04:57:40 -05:00
#include <haproxy/thread.h>
REORG: include: move time.h from common/ to haproxy/ This one is included almost everywhere and used to rely on a few other .h that are not needed (unistd, stdlib, standard.h). It could possibly make sense to split it into multiple parts to distinguish operations performed on timers and the internal time accounting, but at this point it does not appear much important.
2020-06-01 05:05:15 -04:00
#include <haproxy/time.h>
BUILD: proxy: include tools.h in proxy.c Many functions are used from tools.h but the file wasn't included and was inherited through others.
2021-05-08 07:02:07 -04:00
#include <haproxy/tools.h>
MEDIUM: uri_auth: implement clean uri_auth cleaning proxy auth_uri struct was manually cleaned up during deinit, but the logic behind was kind of akward because it was required to find out which ones were shared or not. Instead, let's switch to a proper refcount mechanism and free the auth_uri struct directly in proxy_free_common().
2024-11-13 13:54:32 -05:00
#include <haproxy/uri_auth.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
int listeners; /* # of proxy listeners, set by cfgparse */
MINOR: proxy: add a true list containing all proxies We have global proxies_list pointer which is announced as the list of "all existing proxies", but in fact it only represents regular proxies declared on the config file through "listen, frontend or backend" keywords It is ambiguous, and we currently don't have a straightforwrd method to iterate over all proxies (either public or internal ones) within haproxy Instead we still have to manually iterate over multiple lists (main proxies, log-forward proxies, peer proxies..) which is error-prone. In this patch we add a struct list member (8 bytes) inside struct proxy in order to store every proxy (except default ones) within a global "proxies" list which is actually representative for all proxies existing under haproxy process, like we already have for servers.
2025-05-09 10:02:09 -04:00
struct proxy *proxies_list = NULL; /* list of main proxies */
struct list proxies = LIST_HEAD_INIT(proxies); /* list of all proxies */
MEDIUM: proxy: index proxy ID using compact trees The proxy ID is currently stored as a 32-bit int using an eb32 tree. It's used essentially to find holes in order to automatically assign IDs, and to detect duplicates. Let's change this to use compact trees instead in order to save 24 bytes in struct proxy for this node, plus 8 bytes in the root (which is static so not much relevant here). Now the proxy is 3088 bytes large.
2025-08-23 13:57:29 -04:00
struct ceb_root *used_proxy_id = NULL; /* list of proxy IDs in use */
MEDIUM: proxy: switch conf.name to cebis_tree This is used to index the proxy's name and it contains a copy of the pointer to the proxy's name in <id>. Changing that for a ceb_node placed just before <id> saves 32 bytes to the struct proxy, which is now 3112 bytes large. Here we need to continue to support duplicates since they're still allowed between type-incompatible proxies. Interestingly, the use of cebis_next_dup() instead of cebis_next() in proxy_find_by_name() allows us to get rid of an strcmp() that was performed for each use_backend rule. A test with a large config (100k backends) shows that we can get 3% extra performance on a config involving a static use_backend rule (3.09M to 3.18M rps), and even 4.5% on a dynamic rule selecting a random backend (2.47M to 2.59M).
2025-07-15 05:47:54 -04:00
struct ceb_root *proxy_by_name = NULL; /* tree of proxies sorted by name */
struct ceb_root *defproxy_by_name = NULL; /* tree of default proxies sorted by name (dups possible) */
MINOR: proxy: simplify defaults proxies list storage Defaults proxies instance are stored in a global name tree. When there is a name conflict and the older entry cannot be simply discarded as it is already referenced, the older entry is instead removed from the name tree and inserted into the orphaned list. The purpose of the orphaned list was to guarantee that any remaining unreferenced defaults are purged either on postparsing or deinit. However, this is in fact completely useless. Indeed on postparsing, orphaned entries are always referenced. On deinit instead, defaults are already freed along the cleanup of all frontend/backend instances clean up, thanks to their refcounting. This patch streamlines this by removing orphaned list. Instead, a defaults section is inserted into a new global defaults_list during their whole lifetime. This is not strictly necessary but it ensures that defaults instances can still be accessed easily in the future if needed even if not present in the name tree. On deinit, a BUG_ON() is added to ensure that defaults_list is indeed emptied. Another benefit from this patch is to simplify the defaults deletion procedure. Orphaned simple list is replaced by a proper double linked list implementation, so a single LIST_DELETE() is now performed. This will be notably useful as defaults may be removed at runtime in the future if backends deletion at runtime is implemented.
2026-01-20 08:33:46 -05:00
struct list defaults_list = LIST_HEAD_INIT(defaults_list); /* list of all defaults proxies */
[MINOR] stats: add global event ID and count This counter will help quickly spot whether there are new errors or not. It is also assigned to each capture so that a script can keep trace of which capture was taken when.
2010-12-12 08:00:34 -05:00
unsigned int error_snapshot_id = 0; /* global ID assigned to each error then incremented */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: proxy: assign dynamic proxy ID Implement proxy ID generation for dynamic backends. This is performed through the already function existing proxy_get_next_id(). As an optimization, lookup will performed starting from a global variable <dynpx_next_id>. It is initialized to the greatest ID assigned after parsing, and updated each time a backend instance is created. When backend deletion will be implemented, it could be lowered to the newly available slot.
2025-12-23 10:15:47 -05:00
unsigned int dynpx_next_id = 0; /* lowest ID assigned to dynamic proxies */
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
/* CLI context used during "show servers {state|conn}" */
struct show_srv_ctx {
struct proxy *px; /* current proxy to dump or NULL */
struct server *sv; /* current server to dump or NULL */
uint only_pxid; /* dump only this proxy ID when explicit */
int show_conn; /* non-zero = "conn" otherwise "state" */
CLEANUP: proxy/cli: get rid of appctx->st2 in "show servers" Now that we have the show_srv_ctx, let's store a state in it. We only need two states here, header and list.
2022-05-05 13:26:18 -04:00
enum {
SHOW_SRV_HEAD = 0,
SHOW_SRV_LIST,
} state;
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
};
REORG: config: extract the proxy parser into cfgparse-listen.c This was the largest function of the whole file, taking a rough second to build alone. Let's move it to a distinct file along with a few dependencies. Doing so saved about 2 seconds on the total build time.
2018-11-11 09:40:36 -05:00
/* proxy->options */
const struct cfg_opt cfg_opts[] =
{
MINOR: proxy: explicitly permit abortonclose on frontends and clarify the doc The "abortonclose" option was recently deprecated in frontends because its action was essentially limited to the backend part (queuing etc). But in 3.3 we started to support it for TLS on frontends, though it would only work when placed in a defaults section. Let's officially support it in frontends, and take this opportunity to clarify the documentation on this topic, which was incomplete regarding frontend and TLS support. Now the doc tries to better cover the different use cases.
2025-10-08 02:34:43 -04:00
{ "abortonclose", PR_O_ABRT_CLOSE, PR_CAP_BE|PR_CAP_FE, 0, 0 },
REORG: config: extract the proxy parser into cfgparse-listen.c This was the largest function of the whole file, taking a rough second to build alone. Let's move it to a distinct file along with a few dependencies. Doing so saved about 2 seconds on the total build time.
2018-11-11 09:40:36 -05:00
{ "allbackups", PR_O_USE_ALL_BK, PR_CAP_BE, 0, 0 },
{ "checkcache", PR_O_CHK_CACHE, PR_CAP_BE, 0, PR_MODE_HTTP },
{ "clitcpka", PR_O_TCP_CLI_KA, PR_CAP_FE, 0, 0 },
{ "contstats", PR_O_CONTSTATS, PR_CAP_FE, 0, 0 },
{ "dontlognull", PR_O_NULLNOLOG, PR_CAP_FE, 0, 0 },
{ "http-buffer-request", PR_O_WREQ_BODY, PR_CAP_FE | PR_CAP_BE, 0, PR_MODE_HTTP },
MINOR: proxy: Add options to drop HTTP trailers during message forwarding In RFC9110, it is stated that trailers could be merged with the headers. While it should be performed with a speicial care, it may be a problem for some applications. To avoid any trouble with such applications, two new options were added to drop trailers during the message forwarding. On the backend, "http-drop-request-trailers" option can be enabled to drop trailers from the requests before sending them to the server. And on the frontend, "http-drop-response-trailers" option can be enabled to drop trailers from the responses before sending them to the client. The options can be defined in defaults sections and disabled with "no" keyword. This patch should fix the issue #2930.
2025-04-15 09:36:19 -04:00
{ "http-drop-request-trailers", PR_O_HTTP_DROP_REQ_TRLS, PR_CAP_BE, 0, PR_MODE_HTTP },
{ "http-drop-response-trailers", PR_O_HTTP_DROP_RES_TRLS, PR_CAP_FE, 0, PR_MODE_HTTP },
REORG: config: extract the proxy parser into cfgparse-listen.c This was the largest function of the whole file, taking a rough second to build alone. Let's move it to a distinct file along with a few dependencies. Doing so saved about 2 seconds on the total build time.
2018-11-11 09:40:36 -05:00
{ "http-ignore-probes", PR_O_IGNORE_PRB, PR_CAP_FE, 0, PR_MODE_HTTP },
MINOR: proxy: add option idle-close-on-response Avoid closing idle connections if a soft stop is in progress. By default, idle connections will be closed during a soft stop. In some environments, a client talking to the proxy may have prepared some idle connections in order to send requests later. If there is no proper retry on write errors, this can result in errors while haproxy is reloading. Even though a proper implementation should retry on connection/write errors, this option was introduced to support back compat with haproxy < v2.4. Indeed before v2.4, we were waiting for a last request to be able to add a "connection: close" header and advice the client to close the connection. In a real life example, this behavior was seen in AWS using the ALB in front of a haproxy. The end result was ALB sending 502 during haproxy reloads. This patch was tested on haproxy v2.4, with a regular reload on the process, and a constant trend of requests coming in. Before the patch, we see regular 502 returned to the client; when activating the option, the 502 disappear. This patch should help fixing github issue #1506. In order to unblock some v2.3 to v2.4 migraton, this patch should be backported up to v2.4 branch. Signed-off-by: William Dauchy <wdauchy@gmail.com> [wt: minor edits to the doc to mention other options to care about] Signed-off-by: Willy Tarreau <w@1wt.eu>
2022-01-05 16:53:24 -05:00
{ "idle-close-on-response", PR_O_IDLE_CLOSE_RESP, PR_CAP_FE, 0, PR_MODE_HTTP },
REORG: config: extract the proxy parser into cfgparse-listen.c This was the largest function of the whole file, taking a rough second to build alone. Let's move it to a distinct file along with a few dependencies. Doing so saved about 2 seconds on the total build time.
2018-11-11 09:40:36 -05:00
{ "prefer-last-server", PR_O_PREF_LAST, PR_CAP_BE, 0, PR_MODE_HTTP },
{ "logasap", PR_O_LOGASAP, PR_CAP_FE, 0, 0 },
{ "nolinger", PR_O_TCP_NOLING, PR_CAP_FE | PR_CAP_BE, 0, 0 },
{ "persist", PR_O_PERSIST, PR_CAP_BE, 0, 0 },
{ "srvtcpka", PR_O_TCP_SRV_KA, PR_CAP_BE, 0, 0 },
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#ifdef USE_TPROXY
REORG: config: extract the proxy parser into cfgparse-listen.c This was the largest function of the whole file, taking a rough second to build alone. Let's move it to a distinct file along with a few dependencies. Doing so saved about 2 seconds on the total build time.
2018-11-11 09:40:36 -05:00
{ "transparent", PR_O_TRANSP, PR_CAP_BE, 0, 0 },
#else
{ "transparent", 0, 0, 0, 0 },
#endif
{ NULL, 0, 0, 0, 0 }
};
/* proxy->options2 */
const struct cfg_opt cfg_opts2[] =
{
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#ifdef USE_LINUX_SPLICE
REORG: config: extract the proxy parser into cfgparse-listen.c This was the largest function of the whole file, taking a rough second to build alone. Let's move it to a distinct file along with a few dependencies. Doing so saved about 2 seconds on the total build time.
2018-11-11 09:40:36 -05:00
{ "splice-request", PR_O2_SPLIC_REQ, PR_CAP_FE|PR_CAP_BE, 0, 0 },
{ "splice-response", PR_O2_SPLIC_RTR, PR_CAP_FE|PR_CAP_BE, 0, 0 },
{ "splice-auto", PR_O2_SPLIC_AUT, PR_CAP_FE|PR_CAP_BE, 0, 0 },
#else
{ "splice-request", 0, 0, 0, 0 },
{ "splice-response", 0, 0, 0, 0 },
{ "splice-auto", 0, 0, 0, 0 },
#endif
MINOR: proxy: Rename accept-invalid-http-* options With these options, it is possible to accept some invalid messages that may considered as unsafe and may result as vulnerabilities. The naming is not explicit enough on this point. These option must really be considered as dangerous and only used as a temporary workaround. Unfortunately, when used, it is probably because there are some legacy and unsupported applications in place. Nevermind. The documentation warns about the use of these options. Now the name of the options itself is a warning. So now, "accept-invalid-http-request" and "accept-invalid-http-response" options are deprecated and replaced by "accept-unsafe-violations-in-http-request" and "accept-unsafe-violations-in-http-response" options.
2024-09-12 03:33:32 -04:00
{ "accept-unsafe-violations-in-http-request", PR_O2_REQBUG_OK, PR_CAP_FE, 0, PR_MODE_HTTP },
{ "accept-unsafe-violations-in-http-response", PR_O2_RSPBUG_OK, PR_CAP_BE, 0, PR_MODE_HTTP },
REORG: config: extract the proxy parser into cfgparse-listen.c This was the largest function of the whole file, taking a rough second to build alone. Let's move it to a distinct file along with a few dependencies. Doing so saved about 2 seconds on the total build time.
2018-11-11 09:40:36 -05:00
{ "dontlog-normal", PR_O2_NOLOGNORM, PR_CAP_FE, 0, 0 },
{ "log-separate-errors", PR_O2_LOGERRORS, PR_CAP_FE, 0, 0 },
{ "log-health-checks", PR_O2_LOGHCHKS, PR_CAP_BE, 0, 0 },
{ "socket-stats", PR_O2_SOCKSTAT, PR_CAP_FE, 0, 0 },
{ "tcp-smart-accept", PR_O2_SMARTACC, PR_CAP_FE, 0, 0 },
{ "tcp-smart-connect", PR_O2_SMARTCON, PR_CAP_BE, 0, 0 },
{ "independent-streams", PR_O2_INDEPSTR, PR_CAP_FE|PR_CAP_BE, 0, 0 },
{ "http-use-proxy-header", PR_O2_USE_PXHDR, PR_CAP_FE, 0, PR_MODE_HTTP },
{ "http-pretend-keepalive", PR_O2_FAKE_KA, PR_CAP_BE, 0, PR_MODE_HTTP },
{ "http-no-delay", PR_O2_NODELAY, PR_CAP_FE|PR_CAP_BE, 0, PR_MODE_HTTP },
MEDIUM: mux-h1: Add the support of headers adjustment for bogus HTTP/1 apps There is no standard case for HTTP header names because, as stated in the RFC7230, they are case-insensitive. So applications must handle them in a case-insensitive manner. But some bogus applications erroneously rely on the case used by most browsers. This problem becomes critical with HTTP/2 because all header names must be exchanged in lowercase. And HAProxy uses the same convention. All header names are sent in lowercase to clients and servers, regardless of the HTTP version. This design choice is linked to the HTX implementation. So, for previous versions (2.0 and 1.9), a workaround is to disable the HTX mode to fall back to the legacy HTTP mode. Since the legacy HTTP mode was removed, some users reported interoperability issues because their application was not able anymore to handle HTTP/1 message received from HAProxy. So, we've decided to add a way to change the case of some headers before sending them. It is now possible to define a "mapping" between a lowercase header name and a version supported by the bogus application. To do so, you must use the global directives "h1-case-adjust" and "h1-case-adjust-file". Then options "h1-case-adjust-bogus-client" and "h1-case-adjust-bogus-server" may be used in proxy sections to enable the conversion. See the configuration manual for more info. Of course, our advice is to urgently upgrade these applications for interoperability concerns and because they may be vulnerable to various types of content smuggling attacks. But, if your are really forced to use an unmaintained bogus application, you may use these directive, at your own risks. If it is relevant, this feature may be backported to 2.0.
2019-07-22 10:18:24 -04:00
BUG/MINOR: h1: Support headers case adjustment for TCP proxies On frontend side, "h1-case-adjust-bogus-client" option is now supported in TCP mode. It is important to be able to adjust the case of response headers when a connection is routed to an HTTP backend. In this case, the client connection is upgraded to H1. On backend side, "h1-case-adjust-bogus-server" option is now also supported in TCP mode to be able to perform HTTP health-checks with a case adjustment of the request headers. This patch should be backported as far as 2.0.
2022-09-06 04:09:40 -04:00
{"h1-case-adjust-bogus-client", PR_O2_H1_ADJ_BUGCLI, PR_CAP_FE, 0, 0 },
{"h1-case-adjust-bogus-server", PR_O2_H1_ADJ_BUGSRV, PR_CAP_BE, 0, 0 },
MINOR: mux-h1/proxy: Add a proxy option to disable clear h2 upgrade By default, HAProxy is able to implicitly upgrade an H1 client connection to an H2 connection if the first request it receives from a given HTTP connection matches the HTTP/2 connection preface. This way, it is possible to support H1 and H2 clients on a non-SSL connections. It could be a problem if for any reason, the H2 upgrade is not acceptable. "option disable-h2-upgrade" may now be used to disable it, per proxy. The main puprose of this option is to let an admin to totally disable the H2 support for security reasons. Recently, a critical issue in the HPACK decoder was fixed, forcing everyone to upgrade their HAProxy version to fix the bug. It is possible to disable H2 for SSL connections, but not on clear ones. This option would have been a viable workaround.
2020-06-02 11:33:56 -04:00
{"disable-h2-upgrade", PR_O2_NO_H2_UPGRADE, PR_CAP_FE, 0, PR_MODE_HTTP },
REORG: config: extract the proxy parser into cfgparse-listen.c This was the largest function of the whole file, taking a rough second to build alone. Let's move it to a distinct file along with a few dependencies. Doing so saved about 2 seconds on the total build time.
2018-11-11 09:40:36 -05:00
{ NULL, 0, 0, 0 }
};
MINOR: proxy: add proxy->options3 proxy->options2 is almost full, yet we will add new log-forward options in upcoming patches so we anticipate that by adding a new {no_}options3 and cfg_opts3[] to further extend proxy options
2025-03-07 04:55:31 -05:00
/* proxy->options3 */
const struct cfg_opt cfg_opts3[] =
{
MINOR: log: migrate log-forward options from proxy->options2 to options3 Migrate recently added log-forward section options, currently stored under proxy->options2 to proxy->options3 since proxy->options2 is running out of space and we plan on adding more log-forward options.
2025-03-07 05:00:59 -05:00
{"assume-rfc6587-ntf", PR_O3_ASSUME_RFC6587_NTF, PR_CAP_FE, 0, PR_MODE_SYSLOG },
{"dont-parse-log", PR_O3_DONTPARSELOG, PR_CAP_FE, 0, PR_MODE_SYSLOG },
MINOR: proxy: add proxy->options3 proxy->options2 is almost full, yet we will add new log-forward options in upcoming patches so we anticipate that by adding a new {no_}options3 and cfg_opts3[] to further extend proxy options
2025-03-07 04:55:31 -05:00
{ NULL, 0, 0, 0 }
};
MINOR: proxy/stktable: add resolve_stick_rule helper function Simplify stick and store sticktable proxy rules postparsing by adding a sticking rule entry resolve (postparsing) function. This will ease code maintenance.
2023-08-08 05:37:59 -04:00
/* Helper function to resolve a single sticking rule after config parsing.
* Returns 1 for success and 0 for failure
*/
int resolve_stick_rule(struct proxy *curproxy, struct sticking_rule *mrule)
{
struct stktable *target;
if (mrule->table.name)
target = stktable_find_by_name(mrule->table.name);
else
target = curproxy->table;
if (!target) {
ha_alert("Proxy '%s': unable to find stick-table '%s'.\n",
curproxy->id, mrule->table.name ? mrule->table.name : curproxy->id);
return 0;
}
else if (!stktable_compatible_sample(mrule->expr, target->type)) {
ha_alert("Proxy '%s': type of fetch not usable with type of stick-table '%s'.\n",
curproxy->id, mrule->table.name ? mrule->table.name : curproxy->id);
return 0;
}
/* success */
ha_free(&mrule->table.name);
mrule->table.t = target;
stktable_alloc_data_type(target, STKTABLE_DT_SERVER_ID, NULL, NULL);
stktable_alloc_data_type(target, STKTABLE_DT_SERVER_KEY, NULL, NULL);
if (!in_proxies_list(target->proxies_list, curproxy)) {
curproxy->next_stkt_ref = target->proxies_list;
target->proxies_list = curproxy;
}
return 1;
}
MINOR: log/backend: prevent stick table and stick rules with LOG mode Report a warning and prevent errors if user tries to declare a stick table or use stick rules within a log backend.
2023-11-16 05:29:58 -05:00
void free_stick_rules(struct list *rules)
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
{
struct sticking_rule *rule, *ruleb;
list_for_each_entry_safe(rule, ruleb, rules, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&rule->list);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
free_acl_cond(rule->cond);
release_sample_expr(rule->expr);
free(rule);
}
}
MINOR: proxy: add free_server_rules() helper function Take the px->server_rules freeing part out of free_proxy() and make it a dedicated helper function so that it becomes possible to use it from anywhere.
2023-11-23 10:27:45 -05:00
void free_server_rules(struct list *srules)
{
struct server_rule *srule, *sruleb;
list_for_each_entry_safe(srule, sruleb, srules, list) {
LIST_DELETE(&srule->list);
free_acl_cond(srule->cond);
MEDIUM: tree-wide: add logformat expressions wrapper log format expressions are broadly used within the code: once they are parsed from input string, they are converted to a linked list of logformat nodes. We're starting to face some limitations because we're simply storing the converted expression as a generic logformat_node list. The first issue we're facing is that storing logformat expressions that way doesn't allow us to add metadata alongside the list, which is part of the prerequites for implementing log-profiles. Another issue with storing logformat expressions as generic lists of logformat_node elements is that it's starting to become really hard to tell when we rely on logformat expressions or not in the code given that there isn't always a comment near the list declaration or manipulation to indicate that it's relying on logformat expressions under the hood, so this adds some complexity for code maintenance. This patch looks quite impressive due to changes in a lot of header and source files (since logformat expressions are broadly used), but it does a simple thing: it defines the lf_expr structure which itself holds a generic list of logformat nodes, and then declares some helpers to manipulate lf_expr elements and fixes the code so that we now exclusively manipulate logformat_node lists as lf_expr elements outside of log.c. For now, lf_expr struct only contains the list of logformat nodes (no additional metadata), but now that we have dedicated type and helpers, doing so in the future won't be problematic at all and won't require extensive code changes.
2024-02-23 09:57:21 -05:00
lf_expr_deinit(&srule->expr);
MINOR: proxy: add free_server_rules() helper function Take the px->server_rules freeing part out of free_proxy() and make it a dedicated helper function so that it becomes possible to use it from anywhere.
2023-11-23 10:27:45 -05:00
free(srule->file);
free(srule);
}
}
MINOR: proxy: add proxy_free_common() helper function As shown by previous patch series, having to free some common proxy struct members twice (in free_proxy() and proxy_free_defaults()) is error-prone: we often overlook one of the two free locations when adding new features. To prevent such bugs from being introduced in the future, and also avoid code duplication, we now have a proxy_free_common() function to free all proxy struct members that are common to all proxy types (either regular or default ones). This should greatly improve code maintenance related to proxy freeing logic.
2024-06-10 13:31:19 -04:00
/* Frees proxy members that are common to all proxy types (either regular or
* default ones) for a proxy that's about to be destroyed.
* This is a subset of the complete proxy or default proxy deinit code.
*/
static inline void proxy_free_common(struct proxy *px)
{
struct acl *acl, *aclb;
struct logger *log, *logb;
BUG/MEDIUM: proxy: fix UAF with {tcp,http}checks logformat expressions When parsing a logformat expression using parse_logformat_string(), the caller passes the proxy under which the expression is found as argument. This information allows the logformat expression API to check if the expression is compatible with the proxy settings. Since 7a21c3a ("MAJOR: log: implement proper postparsing for logformat expressions"), the proxy compatibilty checks are postponed after the proxy is fully parsed to ensure proxy properties are fully resolved for checks consistency. The way it works, is that each time parse_logformat_string() is called for a given expression and proxy, it schedules the expression for postchecking by appending the expression to the list of pending expression checks on the proxy (lf_checks struct). Then, when the proxy is called with the REGISTER_POST_PROXY_CHECK() hook, it iterates over unchecked expressions and performs the check, then it removes the expression from its list. However, I overlooked a special case: if a logformat expression is used on a proxy that is disabled or a default proxy: REGISTER_POST_PROXY_CHECK() hook is never called. Because of that, lf expressions may still point to the proxy after the proxy is freed. For most logformat expressions, this isn't an issue because they are stored within the proxy itself, but this isn't the case with {tcp,http}checks logformat expressions: during deinit() sequence, all proxies are first cleaned up, and only then shared checks are freed. Because of that, the below config will trigger UAF since 7a21c3a: uaf.conf: listen dummy bind localhost:2222 backend testback disabled mode http option httpchk http-check send hdr test "test" http-check expect status 200 haproxy -f uaf.conf -c: ==152096== Invalid write of size 8 ==152096== at 0x21C317: lf_expr_deinit (log.c:3491) ==152096== by 0x2334A3: free_tcpcheck_http_hdr (tcpcheck.c:84) ==152096== by 0x2334A3: free_tcpcheck_http_hdr (tcpcheck.c:79) ==152096== by 0x2334A3: free_tcpcheck_http_hdrs (tcpcheck.c:98) ==152096== by 0x23365A: free_tcpcheck.part.0 (tcpcheck.c:130) ==152096== by 0x2338B1: free_tcpcheck (tcpcheck.c:108) ==152096== by 0x2338B1: deinit_tcpchecks (tcpcheck.c:3780) ==152096== by 0x2CF9A4: deinit (haproxy.c:2949) ==152096== by 0x2D0065: deinit_and_exit (haproxy.c:3052) ==152096== by 0x169BC0: main (haproxy.c:3996) ==152096== Address 0x52a8df8 is 6,968 bytes inside a block of size 7,168 free'd ==152096== at 0x484B27F: free (vg_replace_malloc.c:872) ==152096== by 0x2CF8AD: deinit (haproxy.c:2906) ==152096== by 0x2D0065: deinit_and_exit (haproxy.c:3052) ==152096== by 0x169BC0: main (haproxy.c:3996) To fix the issue, let's ensure in proxy_free_common() that no unchecked expressions may still point to the proxy after the proxy is freed by purging the list (DEL_INIT is used to reset list items). Special thanks to GH user @mhameed who filed a comprehensive issue with all the relevant information required to reproduce the bug (see GH #2597), after having first reported the issue on the alpine project bug tracker.
2024-06-10 14:21:02 -04:00
struct lf_expr *lf, *lfb;
MINOR: proxy: add proxy_free_common() helper function As shown by previous patch series, having to free some common proxy struct members twice (in free_proxy() and proxy_free_defaults()) is error-prone: we often overlook one of the two free locations when adding new features. To prevent such bugs from being introduced in the future, and also avoid code duplication, we now have a proxy_free_common() function to free all proxy struct members that are common to all proxy types (either regular or default ones). This should greatly improve code maintenance related to proxy freeing logic.
2024-06-10 13:31:19 -04:00
CLEANUP: proxy: detach the name node in proxy_free_common() instead This changes commit d2a9149f0 ("BUG/MINOR: proxy: always detach a proxy from the names tree on free()") to be cleaner. Aurlien spotted that the free(p->id) was indeed already done in proxy_free_common(), which is called before we delete the node. That's still a bit ugly and it only works because ebpt_delete() does not dereference the key during the operation. Better play safe and delete the entry before freeing it, that's more future-proof.
2025-04-19 04:21:19 -04:00
/* note that the node's key points to p->id */
MEDIUM: proxy: switch conf.name to cebis_tree This is used to index the proxy's name and it contains a copy of the pointer to the proxy's name in <id>. Changing that for a ceb_node placed just before <id> saves 32 bytes to the struct proxy, which is now 3112 bytes large. Here we need to continue to support duplicates since they're still allowed between type-incompatible proxies. Interestingly, the use of cebis_next_dup() instead of cebis_next() in proxy_find_by_name() allows us to get rid of an strcmp() that was performed for each use_backend rule. A test with a large config (100k backends) shows that we can get 3% extra performance on a config involving a static use_backend rule (3.09M to 3.18M rps), and even 4.5% on a dynamic rule selecting a random backend (2.47M to 2.59M).
2025-07-15 05:47:54 -04:00
cebis_item_delete((px->cap & PR_CAP_DEF) ? &defproxy_by_name : &proxy_by_name, conf.name_node, id, px);
MINOR: proxy: add proxy_free_common() helper function As shown by previous patch series, having to free some common proxy struct members twice (in free_proxy() and proxy_free_defaults()) is error-prone: we often overlook one of the two free locations when adding new features. To prevent such bugs from being introduced in the future, and also avoid code duplication, we now have a proxy_free_common() function to free all proxy struct members that are common to all proxy types (either regular or default ones). This should greatly improve code maintenance related to proxy freeing logic.
2024-06-10 13:31:19 -04:00
ha_free(&px->id);
MINOR: proxy: add a true list containing all proxies We have global proxies_list pointer which is announced as the list of "all existing proxies", but in fact it only represents regular proxies declared on the config file through "listen, frontend or backend" keywords It is ambiguous, and we currently don't have a straightforwrd method to iterate over all proxies (either public or internal ones) within haproxy Instead we still have to manually iterate over multiple lists (main proxies, log-forward proxies, peer proxies..) which is error-prone. In this patch we add a struct list member (8 bytes) inside struct proxy in order to store every proxy (except default ones) within a global "proxies" list which is actually representative for all proxies existing under haproxy process, like we already have for servers.
2025-05-09 10:02:09 -04:00
LIST_DEL_INIT(&px->global_list);
MINOR: proxy: use the global file names for conf->file Proxy file names are assigned a bit everywhere (resolvers, peers, cli, logs, proxy). All these elements were enumerated and now use copy_file_name(). The only ha_free() call was turned to drop_file_name(). As a bonus side effect, a 300k backend config saved 14 MB of RAM.
2024-09-19 09:35:11 -04:00
drop_file_name(&px->conf.file);
MEDIUM: stats: avoid 1 indirection by storing the shared stats directly in counters struct Between 3.2 and 3.3-dev we noticed a noticeable performance regression due to stats handling. After bisecting, Willy found out that recent work to split stats computing accross multiple thread groups (stats sharding) was responsible for that performance regression. We're looking at roughly 20% performance loss. More precisely, it is the added indirections, multiplied by the number of statistics that are updated for each request, which in the end causes a significant amount of time being spent resolving pointers. We noticed that the fe_counters_shared and be_counters_shared structures which are currently allocated in dedicated memory since a0dcab5c ("MAJOR: counters: add shared counters base infrastructure") are no longer huge since 16eb0fab31 ("MAJOR: counters: dispatch counters over thread groups") because they now essentially hold flags plus the per-thread group id pointer mapping, not the counters themselves. As such we decided to try merging fe_counters_shared and be_counters_shared in their parent structures. The cost is slight memory overhead for the parent structure, but it allows to get rid of one pointer indirection. This patch alone yields visible performance gains and almost restores 3.2 stats performance. counters_fe_shared_get() was renamed to counters_fe_shared_prepare() and now returns either failure or success instead of a pointer because we don't need to retrieve a shared pointer anymore, the function takes care of initializing existing pointer.
2025-07-22 11:15:02 -04:00
counters_fe_shared_drop(&px->fe_counters.shared);
counters_be_shared_drop(&px->be_counters.shared);
MINOR: proxy: add proxy_free_common() helper function As shown by previous patch series, having to free some common proxy struct members twice (in free_proxy() and proxy_free_defaults()) is error-prone: we often overlook one of the two free locations when adding new features. To prevent such bugs from being introduced in the future, and also avoid code duplication, we now have a proxy_free_common() function to free all proxy struct members that are common to all proxy types (either regular or default ones). This should greatly improve code maintenance related to proxy freeing logic.
2024-06-10 13:31:19 -04:00
ha_free(&px->check_command);
ha_free(&px->check_path);
ha_free(&px->cookie_name);
ha_free(&px->rdp_cookie_name);
ha_free(&px->dyncookie_key);
ha_free(&px->cookie_domain);
ha_free(&px->cookie_attrs);
ha_free(&px->lbprm.arg_str);
ha_free(&px->capture_name);
istfree(&px->monitor_uri);
ha_free(&px->conn_src.iface_name);
#if defined(CONFIG_HAP_TRANSPARENT)
ha_free(&px->conn_src.bind_hdr_name);
#endif
istfree(&px->server_id_hdr_name);
istfree(&px->header_unique_id);
http_ext_clean(px);
list_for_each_entry_safe(acl, aclb, &px->acl, list) {
LIST_DELETE(&acl->list);
prune_acl(acl);
free(acl);
}
free_act_rules(&px->tcp_req.inspect_rules);
free_act_rules(&px->tcp_rep.inspect_rules);
free_act_rules(&px->tcp_req.l4_rules);
free_act_rules(&px->tcp_req.l5_rules);
free_act_rules(&px->http_req_rules);
free_act_rules(&px->http_res_rules);
free_act_rules(&px->http_after_res_rules);
MEDIUM: quic: implement quic-initial rules Implement a new set of rules labelled as quic-initial. These rules as specific to QUIC. They are scheduled to be executed early on Initial packet parsing, prior a new QUIC connection instantiation. Contrary to tcp-request connection, this allows to reject traffic earlier, most notably by avoiding unnecessary QUIC SSL handshake processing. A new module quic_rules is created. Its main function quic_init_exec_rules() is called on Initial packet parsing in function quic_rx_pkt_retrieve_conn(). For the moment, only "accept" and "dgram-drop" are valid actions. Both are final. The latter drops silently the Initial packet instead of allocating a new QUIC connection.
2024-07-18 12:25:43 -04:00
#ifdef USE_QUIC
free_act_rules(&px->quic_init_rules);
#endif
MINOR: proxy: add proxy_free_common() helper function As shown by previous patch series, having to free some common proxy struct members twice (in free_proxy() and proxy_free_defaults()) is error-prone: we often overlook one of the two free locations when adding new features. To prevent such bugs from being introduced in the future, and also avoid code duplication, we now have a proxy_free_common() function to free all proxy struct members that are common to all proxy types (either regular or default ones). This should greatly improve code maintenance related to proxy freeing logic.
2024-06-10 13:31:19 -04:00
lf_expr_deinit(&px->logformat);
lf_expr_deinit(&px->logformat_sd);
lf_expr_deinit(&px->logformat_error);
lf_expr_deinit(&px->format_unique_id);
list_for_each_entry_safe(log, logb, &px->loggers, list) {
LIST_DEL_INIT(&log->list);
free_logger(log);
}
BUG/MEDIUM: proxy: fix UAF with {tcp,http}checks logformat expressions When parsing a logformat expression using parse_logformat_string(), the caller passes the proxy under which the expression is found as argument. This information allows the logformat expression API to check if the expression is compatible with the proxy settings. Since 7a21c3a ("MAJOR: log: implement proper postparsing for logformat expressions"), the proxy compatibilty checks are postponed after the proxy is fully parsed to ensure proxy properties are fully resolved for checks consistency. The way it works, is that each time parse_logformat_string() is called for a given expression and proxy, it schedules the expression for postchecking by appending the expression to the list of pending expression checks on the proxy (lf_checks struct). Then, when the proxy is called with the REGISTER_POST_PROXY_CHECK() hook, it iterates over unchecked expressions and performs the check, then it removes the expression from its list. However, I overlooked a special case: if a logformat expression is used on a proxy that is disabled or a default proxy: REGISTER_POST_PROXY_CHECK() hook is never called. Because of that, lf expressions may still point to the proxy after the proxy is freed. For most logformat expressions, this isn't an issue because they are stored within the proxy itself, but this isn't the case with {tcp,http}checks logformat expressions: during deinit() sequence, all proxies are first cleaned up, and only then shared checks are freed. Because of that, the below config will trigger UAF since 7a21c3a: uaf.conf: listen dummy bind localhost:2222 backend testback disabled mode http option httpchk http-check send hdr test "test" http-check expect status 200 haproxy -f uaf.conf -c: ==152096== Invalid write of size 8 ==152096== at 0x21C317: lf_expr_deinit (log.c:3491) ==152096== by 0x2334A3: free_tcpcheck_http_hdr (tcpcheck.c:84) ==152096== by 0x2334A3: free_tcpcheck_http_hdr (tcpcheck.c:79) ==152096== by 0x2334A3: free_tcpcheck_http_hdrs (tcpcheck.c:98) ==152096== by 0x23365A: free_tcpcheck.part.0 (tcpcheck.c:130) ==152096== by 0x2338B1: free_tcpcheck (tcpcheck.c:108) ==152096== by 0x2338B1: deinit_tcpchecks (tcpcheck.c:3780) ==152096== by 0x2CF9A4: deinit (haproxy.c:2949) ==152096== by 0x2D0065: deinit_and_exit (haproxy.c:3052) ==152096== by 0x169BC0: main (haproxy.c:3996) ==152096== Address 0x52a8df8 is 6,968 bytes inside a block of size 7,168 free'd ==152096== at 0x484B27F: free (vg_replace_malloc.c:872) ==152096== by 0x2CF8AD: deinit (haproxy.c:2906) ==152096== by 0x2D0065: deinit_and_exit (haproxy.c:3052) ==152096== by 0x169BC0: main (haproxy.c:3996) To fix the issue, let's ensure in proxy_free_common() that no unchecked expressions may still point to the proxy after the proxy is freed by purging the list (DEL_INIT is used to reset list items). Special thanks to GH user @mhameed who filed a comprehensive issue with all the relevant information required to reproduce the bug (see GH #2597), after having first reported the issue on the alpine project bug tracker.
2024-06-10 14:21:02 -04:00
/* ensure that remaining lf_expr that were not postchecked (ie: disabled
CLEANUP: log/proxy: fix comment in proxy_free_common() Thanks to previous commit, logformat expressions for default proxies are also postchecked, adjusting a comment that suggests it's not the case.
2024-06-11 04:52:37 -04:00
* proxy) don't keep a reference on the proxy which is about to be freed.
BUG/MEDIUM: proxy: fix UAF with {tcp,http}checks logformat expressions When parsing a logformat expression using parse_logformat_string(), the caller passes the proxy under which the expression is found as argument. This information allows the logformat expression API to check if the expression is compatible with the proxy settings. Since 7a21c3a ("MAJOR: log: implement proper postparsing for logformat expressions"), the proxy compatibilty checks are postponed after the proxy is fully parsed to ensure proxy properties are fully resolved for checks consistency. The way it works, is that each time parse_logformat_string() is called for a given expression and proxy, it schedules the expression for postchecking by appending the expression to the list of pending expression checks on the proxy (lf_checks struct). Then, when the proxy is called with the REGISTER_POST_PROXY_CHECK() hook, it iterates over unchecked expressions and performs the check, then it removes the expression from its list. However, I overlooked a special case: if a logformat expression is used on a proxy that is disabled or a default proxy: REGISTER_POST_PROXY_CHECK() hook is never called. Because of that, lf expressions may still point to the proxy after the proxy is freed. For most logformat expressions, this isn't an issue because they are stored within the proxy itself, but this isn't the case with {tcp,http}checks logformat expressions: during deinit() sequence, all proxies are first cleaned up, and only then shared checks are freed. Because of that, the below config will trigger UAF since 7a21c3a: uaf.conf: listen dummy bind localhost:2222 backend testback disabled mode http option httpchk http-check send hdr test "test" http-check expect status 200 haproxy -f uaf.conf -c: ==152096== Invalid write of size 8 ==152096== at 0x21C317: lf_expr_deinit (log.c:3491) ==152096== by 0x2334A3: free_tcpcheck_http_hdr (tcpcheck.c:84) ==152096== by 0x2334A3: free_tcpcheck_http_hdr (tcpcheck.c:79) ==152096== by 0x2334A3: free_tcpcheck_http_hdrs (tcpcheck.c:98) ==152096== by 0x23365A: free_tcpcheck.part.0 (tcpcheck.c:130) ==152096== by 0x2338B1: free_tcpcheck (tcpcheck.c:108) ==152096== by 0x2338B1: deinit_tcpchecks (tcpcheck.c:3780) ==152096== by 0x2CF9A4: deinit (haproxy.c:2949) ==152096== by 0x2D0065: deinit_and_exit (haproxy.c:3052) ==152096== by 0x169BC0: main (haproxy.c:3996) ==152096== Address 0x52a8df8 is 6,968 bytes inside a block of size 7,168 free'd ==152096== at 0x484B27F: free (vg_replace_malloc.c:872) ==152096== by 0x2CF8AD: deinit (haproxy.c:2906) ==152096== by 0x2D0065: deinit_and_exit (haproxy.c:3052) ==152096== by 0x169BC0: main (haproxy.c:3996) To fix the issue, let's ensure in proxy_free_common() that no unchecked expressions may still point to the proxy after the proxy is freed by purging the list (DEL_INIT is used to reset list items). Special thanks to GH user @mhameed who filed a comprehensive issue with all the relevant information required to reproduce the bug (see GH #2597), after having first reported the issue on the alpine project bug tracker.
2024-06-10 14:21:02 -04:00
*/
list_for_each_entry_safe(lf, lfb, &px->conf.lf_checks, list)
LIST_DEL_INIT(&lf->list);
MINOR: proxy: add proxy_free_common() helper function As shown by previous patch series, having to free some common proxy struct members twice (in free_proxy() and proxy_free_defaults()) is error-prone: we often overlook one of the two free locations when adding new features. To prevent such bugs from being introduced in the future, and also avoid code duplication, we now have a proxy_free_common() function to free all proxy struct members that are common to all proxy types (either regular or default ones). This should greatly improve code maintenance related to proxy freeing logic.
2024-06-10 13:31:19 -04:00
chunk_destroy(&px->log_tag);
BUG/MINOR: proxy: fix email-alert leak on deinit() (2nd try) As shown in GH #2608 and ("BUG/MEDIUM: proxy: fix email-alert invalid free"), simply calling free_email_alert() from free_proxy() is not the right thing to do. In this patch, we reuse proxy->email_alert.set memory space to introduce proxy->email_alert.flags in order to support 2 flags: PR_EMAIL_ALERT_SET (to mimic proxy->email_alert.set) and PR_EMAIL_ALERT_RESOLVED (set once init_email_alert() was called on the proxy to resolve email_alert.mailer pointer). Thanks to PR_EMAIL_ALERT_RESOLVED flag, free_email_alert() may now properly handle the freeing of proxy email_alert settings: if the RESOLVED flag is set, then it means the .email_alert.mailers.name parsing hint was replaced by the actual mailers pointer, thus no free should be attempted. No backport needed: as described in ("BUG/MEDIUM: proxy: fix email-alert invalid free"), this historical leak is not sensitive as it cannot be triggered during runtime.. thus given that the fix is not backport- friendly, it's not worth the trouble.
2024-06-17 12:53:48 -04:00
free_email_alert(px);
MEDIUM: uri_auth: implement clean uri_auth cleaning proxy auth_uri struct was manually cleaned up during deinit, but the logic behind was kind of akward because it was required to find out which ones were shared or not. Instead, let's switch to a proper refcount mechanism and free the auth_uri struct directly in proxy_free_common().
2024-11-13 13:54:32 -05:00
stats_uri_auth_drop(px->uri_auth);
px->uri_auth = NULL;
MINOR: proxy: add proxy_free_common() helper function As shown by previous patch series, having to free some common proxy struct members twice (in free_proxy() and proxy_free_defaults()) is error-prone: we often overlook one of the two free locations when adding new features. To prevent such bugs from being introduced in the future, and also avoid code duplication, we now have a proxy_free_common() function to free all proxy struct members that are common to all proxy types (either regular or default ones). This should greatly improve code maintenance related to proxy freeing logic.
2024-06-10 13:31:19 -04:00
}
MINOR: proxy: add deinit_proxy() helper func Same as free_proxy(), but does not free the base proxy pointer (ie: the proxy itself may not be allocated) Goal is to be able to cleanup statically allocated dummy proxies.
2025-04-10 04:37:33 -04:00
/* deinit all <p> proxy members, but doesn't touch to the parent pointer
* itself
*/
void deinit_proxy(struct proxy *p)
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
{
MINOR: server: return the next srv instance on free_server As a convenience, return the next server instance from servers list on free_server. This is particularily useful when using this function on the servers list without having to save of the next pointer before calling it.
2021-08-25 09:03:46 -04:00
struct server *s;
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
struct cap_hdr *h,*h_next;
struct listener *l,*l_next;
struct bind_conf *bind_conf, *bind_back;
struct acl_cond *cond, *condb;
struct switching_rule *rule, *ruleb;
struct redirect_rule *rdr, *rdrb;
struct proxy_deinit_fct *pxdf;
struct server_deinit_fct *srvdf;
MINOR: proxy: check if p is NULL in free_proxy() Check if p is NULL before trying to do anything in free_proxy(), like most free()-like function do.
2021-08-20 04:16:37 -04:00
if (!p)
return;
MINOR: proxy: add proxy_free_common() helper function As shown by previous patch series, having to free some common proxy struct members twice (in free_proxy() and proxy_free_defaults()) is error-prone: we often overlook one of the two free locations when adding new features. To prevent such bugs from being introduced in the future, and also avoid code duplication, we now have a proxy_free_common() function to free all proxy struct members that are common to all proxy types (either regular or default ones). This should greatly improve code maintenance related to proxy freeing logic.
2024-06-10 13:31:19 -04:00
proxy_free_common(p);
/* regular proxy specific cleanup */
MEDIUM: backend: add new "balance hash <expr>" algorithm Almost all of our hash-based LB algorithms are implemented as special cases of something that can now be achieved using sample expressions, and some of them have adopted some options to adapt their behavior in ways that could also be achieved using converters. There are users who want to hash other parameters that are combined into variables, and who set headers from these values and use "balance hdr(name)" for this. Instead of constantly implementing specific options and having users hack around when they want a real hash, let's implement a native hash mode that applies to a standard sample expression. This way, any fetchable element (including variables) may be used to construct the hash, even modified by any converter if desired.
2022-04-25 04:25:34 -04:00
release_sample_expr(p->lbprm.expr);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
free(p->server_state_file_name);
free(p->invalid_rep);
free(p->invalid_req);
if ((p->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_MAP)
free(p->lbprm.map.srv);
list_for_each_entry_safe(cond, condb, &p->mon_fail_cond, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&cond->list);
MINOR: tree-wide: use free_acl_cond() where relevant Now that we have free_acl_cond(cond) function that does cond prune then frees cond, replace all occurences of this pattern: | prune_acl_cond(cond) | free(cond) with: | free_acl_cond(cond)
2023-05-11 06:29:51 -04:00
free_acl_cond(cond);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
}
MINOR: proxy: implement GUID support Implement proxy identiciation through GUID. As such, a guid_node member is inserted into proxy structure. A proxy keyword "guid" is defined to allow user to fix its value.
2024-03-26 10:26:43 -04:00
guid_remove(&p->guid);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
EXTRA_COUNTERS_FREE(p->extra_counters_fe);
EXTRA_COUNTERS_FREE(p->extra_counters_be);
BUG/MINOR: proxy: free persist_rules force-persist proxy keyword is converted into a persist_rule, stored in proxy persist_rules list member. Each new rule is dynamically allocated during parsing. This commit fixes the memory leak on deinit due to a missing free on persist_rules list entries. This is done via deinit_proxy() modification. Each rule in the list is freed, along with its associated ACL condition type. This can be backported to every stable version.
2026-01-14 05:19:13 -05:00
list_for_each_entry_safe(rule, ruleb, &p->persist_rules, list) {
LIST_DELETE(&rule->list);
free_acl_cond(rule->cond);
free(rule);
}
MINOR: proxy: add free_server_rules() helper function Take the px->server_rules freeing part out of free_proxy() and make it a dedicated helper function so that it becomes possible to use it from anywhere.
2023-11-23 10:27:45 -05:00
free_server_rules(&p->server_rules);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
list_for_each_entry_safe(rule, ruleb, &p->switching_rules, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&rule->list);
MINOR: tree-wide: use free_acl_cond() where relevant Now that we have free_acl_cond(cond) function that does cond prune then frees cond, replace all occurences of this pattern: | prune_acl_cond(cond) | free(cond) with: | free_acl_cond(cond)
2023-05-11 06:29:51 -04:00
free_acl_cond(rule->cond);
BUG/MINOR: proxy: fix logformat expression leak in use_backend rules When support for dynamic names was added for use_backend rules in 702d44f2f ("MEDIUM: proxy: support use_backend with dynamic names"), the sample expression resulting from parse_logformat_string() was only freed for non dynamic rules (when the expression resolved to a simple string node). But for complex expressions (ie: multiple nodes), rule->dynamic was set but the expression was never released, resulting in a small memory leak when freeing the parent proxy. To fix the issue, in free_proxy(), we free the switching rule expression if the switching rule is dynamic. This should be backported to every stable versions. [ada: prior to 2.9, free_logformat_list() helper did not exist: we may use the same manual sample expr freeing logic as in server_rules pruning right above it]
2024-03-13 11:29:38 -04:00
if (rule->dynamic)
MEDIUM: tree-wide: add logformat expressions wrapper log format expressions are broadly used within the code: once they are parsed from input string, they are converted to a linked list of logformat nodes. We're starting to face some limitations because we're simply storing the converted expression as a generic logformat_node list. The first issue we're facing is that storing logformat expressions that way doesn't allow us to add metadata alongside the list, which is part of the prerequites for implementing log-profiles. Another issue with storing logformat expressions as generic lists of logformat_node elements is that it's starting to become really hard to tell when we rely on logformat expressions or not in the code given that there isn't always a comment near the list declaration or manipulation to indicate that it's relying on logformat expressions under the hood, so this adds some complexity for code maintenance. This patch looks quite impressive due to changes in a lot of header and source files (since logformat expressions are broadly used), but it does a simple thing: it defines the lf_expr structure which itself holds a generic list of logformat nodes, and then declares some helpers to manipulate lf_expr elements and fixes the code so that we now exclusively manipulate logformat_node lists as lf_expr elements outside of log.c. For now, lf_expr struct only contains the list of logformat nodes (no additional metadata), but now that we have dedicated type and helpers, doing so in the future won't be problematic at all and won't require extensive code changes.
2024-02-23 09:57:21 -05:00
lf_expr_deinit(&rule->be.expr);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
free(rule->file);
free(rule);
}
list_for_each_entry_safe(rdr, rdrb, &p->redirect_rules, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&rdr->list);
MINOR: proxy: add http_free_redirect_rule() function Adding http_free_redirect_rule() function to free a single redirect rule since it may be required to free rules outside of free_proxy() function. This patch is required for an upcoming bugfix. [for 2.2, free_proxy function did not exist (first seen in 2.4), thus http_free_redirect_rule() needs to be deducted from haproxy.c deinit() function if the patch is required]
2023-05-11 04:30:27 -04:00
http_free_redirect_rule(rdr);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
}
free_stick_rules(&p->storersp_rules);
free_stick_rules(&p->sticking_rules);
h = p->req_cap;
while (h) {
BUG/MEDIUM: rules: Be able to use captures defined in defaults section Since the 2.5, it is possible to define TCP/HTTP ruleset in defaults sections. However, rules defining a capture in defaults sections was not properly handled because they was not shared with the proxies inheriting from the defaults section. This led to crash when haproxy tried to store a new capture. So now, to fix the issue, when a new proxy is created, the list of captures points to the list of its defaults section. It may be NULL or not. All new caputres are prepended to this list. It is not a problem to share the same defaults section between several proxies, because it is not altered and we take care to not release it when corresponding proxies are freed but only when defaults proxies are freed. To do so, defaults proxies are now unreferenced at the end of free_proxy() function instead of the beginning. This patch should fix the issue #1674. It must be backported to 2.5.
2022-04-25 08:30:58 -04:00
if (p->defpx && h == p->defpx->req_cap)
break;
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
h_next = h->next;
free(h->name);
pool_destroy(h->pool);
free(h);
h = h_next;
}/* end while(h) */
h = p->rsp_cap;
while (h) {
BUG/MEDIUM: rules: Be able to use captures defined in defaults section Since the 2.5, it is possible to define TCP/HTTP ruleset in defaults sections. However, rules defining a capture in defaults sections was not properly handled because they was not shared with the proxies inheriting from the defaults section. This led to crash when haproxy tried to store a new capture. So now, to fix the issue, when a new proxy is created, the list of captures points to the list of its defaults section. It may be NULL or not. All new caputres are prepended to this list. It is not a problem to share the same defaults section between several proxies, because it is not altered and we take care to not release it when corresponding proxies are freed but only when defaults proxies are freed. To do so, defaults proxies are now unreferenced at the end of free_proxy() function instead of the beginning. This patch should fix the issue #1674. It must be backported to 2.5.
2022-04-25 08:30:58 -04:00
if (p->defpx && h == p->defpx->rsp_cap)
break;
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
h_next = h->next;
free(h->name);
pool_destroy(h->pool);
free(h);
h = h_next;
}/* end while(h) */
s = p->srv;
while (s) {
list_for_each_entry(srvdf, &server_deinit_list, list)
srvdf->fct(s);
BUG/MINOR: server: dont depend on proxy for server cleanup in srv_drop() In commit b5ee8bebfc ("MINOR: server: always call ssl->destroy_srv when available"), we made it so srv_drop() doesn't depend on proxy to perform server cleanup. It turns out this is now mandatory, because during deinit, free_proxy() can occur before the final srv_drop(). This is the case when using Lua scripts for instance. In 2a9436f96 ("MINOR: lbprm: Add method to deinit server and proxy") we added a freeing check under srv_drop() that depends on the proxy. Because of that UAF may occur during deinit when using a Lua script that manipulate server objects. To fix the issue, let's perform the lbprm server deinit logic under free_proxy() directly, where the DEINIT server hooks are evaluated. Also, to prevent similar bugs in the future, let's explicitly document in srv_drop() that server cleanups should assume that the proxy may already be freed. No backport needed unless 2a9436f96 is.
2025-05-12 10:09:15 -04:00
if (p->lbprm.server_deinit)
p->lbprm.server_deinit(s);
MEDIUM: server: extend refcount for all servers In a future patch, it will be possible to remove at runtime every servers, both static and dynamic. This requires to extend the server refcount for all instances. First, refcount manipulation functions have been renamed to better express the API usage. * srv_refcount_use -> srv_take The refcount is always initialize to 1 on the server creation in new_server. It's also incremented for each check/agent configured on a server instance. * free_server -> srv_drop This decrements the refcount and if null, the server is freed, so code calling it must not use the server reference after it. As a bonus, this function now returns the next server instance. This is useful when calling on the server loop without having to save the next pointer before each invocation. In these functions, remove the checks that prevent refcount on non-dynamic servers. Each reference to "dynamic" in variable/function naming have been eliminated as well.
2021-08-25 09:34:53 -04:00
s = srv_drop(s);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
}/* end while(s) */
BUG/MINOR: proxy/server: free default-server on deinit proxy default-server is a specific type of server that is not allocated using new_server(): it is directly stored within the parent proxy structure. However, since it may contain some default config options that may be inherited by regular servers, it is also subject to dynamic members (strings, structures..) that needs to be deallocated when the parent proxy is cleaned up. Unfortunately, srv_drop() may not be used directly from p->defsrv since this function is meant to be used on regular servers only (those created using new_server()). To circumvent this, we're splitting srv_drop() to make a new function called srv_free_params() that takes care of the member cleaning which originally takes place in srv_drop(). This function is exposed through server.h, so it may be called from outside server.c. Thanks to this, calling srv_free_params(&p->defsrv) from free_proxy() prevents any memory leaks due to dynamic parameters allocated when parsing a default-server line from a proxy section. This partially fixes GH #2173 and may be backported to 2.8. [While it could also be relevant for other stable versions, the patch won't apply due to architectural changes / name changes between 2.4 => 2.6 and then 2.6 => 2.8. Considering this is a minor fix that only makes memory analyzers happy during deinit paths (at least for <= 2.8), it might not be worth the trouble to backport them any further?]
2023-06-01 06:07:43 -04:00
/* also free default-server parameters since some of them might have
* been dynamically allocated (e.g.: config hints, cookies, ssl..)
*/
MEDIUM: proxy: take the defsrv out of the struct proxy The server struct has gone huge over time (~3.8kB), and having a copy of it in the defsrv section of the struct proxy costs a lot of RAM, that is not needed anymore at run time. This patch replaces this struct with a dynamically allocated one. The field is allocated and initialized during alloc_new_proxy() and is freed when the proxy is destroyed for now. But the goal will be to support freeing it after parsing the section.
2025-07-10 10:16:24 -04:00
if (p->defsrv) {
srv_free_params(p->defsrv);
MEDIUM: server: introduce srv_alloc()/srv_free() to alloc/free a server It happens that we free servers at various places in the code, both on error paths and at runtime thanks to the "server delete" feature. In order to switch to an aligned struct, we'll need to change the calloc() and free() calls. Let's first spot them and switch them to srv_alloc() and srv_free() instead of using calloc() and either free() or ha_free(). An easy trap to fall into is that some of them are default-server entries. The new srv_free() function also resets the pointer like ha_free() does. This was done by running the following coccinelle script all over the code: @@ struct server *srv; @@ ( - free(srv) + srv_free(&srv) | - ha_free(&srv) + srv_free(&srv) ) @@ struct server *srv; expression e1; expression e2; @@ ( - srv = malloc(e1) + srv = srv_alloc() | - srv = calloc(e1, e2) + srv = srv_alloc() ) This is marked medium because despite spotting all call places, we can never rule out the possibility that some out-of-tree patches would allocate their own servers and continue to use the old API... at their own risk.
2025-08-13 05:52:59 -04:00
srv_free(&p->defsrv);
MEDIUM: proxy: take the defsrv out of the struct proxy The server struct has gone huge over time (~3.8kB), and having a copy of it in the defsrv section of the struct proxy costs a lot of RAM, that is not needed anymore at run time. This patch replaces this struct with a dynamically allocated one. The field is allocated and initialized during alloc_new_proxy() and is freed when the proxy is destroyed for now. But the goal will be to support freeing it after parsing the section.
2025-07-10 10:16:24 -04:00
}
BUG/MINOR: proxy/server: free default-server on deinit proxy default-server is a specific type of server that is not allocated using new_server(): it is directly stored within the parent proxy structure. However, since it may contain some default config options that may be inherited by regular servers, it is also subject to dynamic members (strings, structures..) that needs to be deallocated when the parent proxy is cleaned up. Unfortunately, srv_drop() may not be used directly from p->defsrv since this function is meant to be used on regular servers only (those created using new_server()). To circumvent this, we're splitting srv_drop() to make a new function called srv_free_params() that takes care of the member cleaning which originally takes place in srv_drop(). This function is exposed through server.h, so it may be called from outside server.c. Thanks to this, calling srv_free_params(&p->defsrv) from free_proxy() prevents any memory leaks due to dynamic parameters allocated when parsing a default-server line from a proxy section. This partially fixes GH #2173 and may be backported to 2.8. [While it could also be relevant for other stable versions, the patch won't apply due to architectural changes / name changes between 2.4 => 2.6 and then 2.6 => 2.8. Considering this is a minor fix that only makes memory analyzers happy during deinit paths (at least for <= 2.8), it might not be worth the trouble to backport them any further?]
2023-06-01 06:07:43 -04:00
MINOR: lbprm: Add method to deinit server and proxy Add two new methods to lbprm, server_deinit() and proxy_deinit(), in case something should be done at the lbprm level when removing servers and proxies.
2025-03-25 12:24:46 -04:00
if (p->lbprm.proxy_deinit)
p->lbprm.proxy_deinit(p);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
list_for_each_entry_safe(l, l_next, &p->conf.listeners, by_fe) {
MINOR: listener: implement GUID support This commit is similar with the two previous ones. Its purpose is to add GUID support on listeners. Due to bind_conf and listeners configuration, some specifities were required. Its possible to define several listeners on a single bind line, for example by specifying multiple addresses. As such, it's impossible to support a "guid" keyword on a bind line. The problem is exacerbated by the cloning of listeners when sharding is used. To resolve this, a new keyword "guid-prefix" is defined for bind lines. It allows to specify a string which will be used as a prefix for automatically generated GUID for each listeners attached to a bind_conf. Automatic GUID listeners generation is implemented via a new function bind_generate_guid(). It is called on post-parsing, after bind_complete_thread_setup(). For each listeners on a bind_conf, a new GUID is generated with bind_conf prefix and the index of the listener relative to other listeners in the bind_conf. This last value is stored in a new bind_conf field named <guid_idx>. If a GUID cannot be inserted, for example due to a non-unique value, an error is returned, startup is interrupted with configuration rejected.
2024-04-02 04:44:08 -04:00
guid_remove(&l->guid);
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&l->by_fe);
LIST_DELETE(&l->by_bind);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
free(l->name);
MINOR: listeners: Add support for a label on bind line It is now possile to set a label on a bind line. All sockets attached to this bind line inherits from this label. The idea is to be able to groud of sockets. For now, there is no mechanism to create these groups, this must be done by hand.
2025-05-26 01:38:11 -04:00
free(l->label);
MINOR: listener: define per-thr struct Create a new structure li_per_thread. This is uses as an array in the listener structure, with an entry allocated per thread. The new function li_init_per_thr is responsible of the allocation. For now, li_per_thread contains fields only useful for QUIC listeners. As such, it is only allocated for QUIC listeners.
2022-01-25 10:21:47 -05:00
free(l->per_thr);
MAJOR: counters: add shared counters base infrastructure Shareable counters are not tagged as shared counters and are dynamically allocated in separate memory area as a prerequisite for being stored in shared memory area. For now, GUID and threads groups are not taken into account, this is only a first step. also we ensure all counters are now manipulated using atomic operations, namely, "last_change" counter is now read from and written to using atomic ops. Despite the numerous changes caused by the counters being moved away from counters struct, no change of behavior should be expected.
2025-04-08 12:16:38 -04:00
if (l->counters) {
MEDIUM: stats: avoid 1 indirection by storing the shared stats directly in counters struct Between 3.2 and 3.3-dev we noticed a noticeable performance regression due to stats handling. After bisecting, Willy found out that recent work to split stats computing accross multiple thread groups (stats sharding) was responsible for that performance regression. We're looking at roughly 20% performance loss. More precisely, it is the added indirections, multiplied by the number of statistics that are updated for each request, which in the end causes a significant amount of time being spent resolving pointers. We noticed that the fe_counters_shared and be_counters_shared structures which are currently allocated in dedicated memory since a0dcab5c ("MAJOR: counters: add shared counters base infrastructure") are no longer huge since 16eb0fab31 ("MAJOR: counters: dispatch counters over thread groups") because they now essentially hold flags plus the per-thread group id pointer mapping, not the counters themselves. As such we decided to try merging fe_counters_shared and be_counters_shared in their parent structures. The cost is slight memory overhead for the parent structure, but it allows to get rid of one pointer indirection. This patch alone yields visible performance gains and almost restores 3.2 stats performance. counters_fe_shared_get() was renamed to counters_fe_shared_prepare() and now returns either failure or success instead of a pointer because we don't need to retrieve a shared pointer anymore, the function takes care of initializing existing pointer.
2025-07-22 11:15:02 -04:00
counters_fe_shared_drop(&l->counters->shared);
MAJOR: counters: add shared counters base infrastructure Shareable counters are not tagged as shared counters and are dynamically allocated in separate memory area as a prerequisite for being stored in shared memory area. For now, GUID and threads groups are not taken into account, this is only a first step. also we ensure all counters are now manipulated using atomic operations, namely, "last_change" counter is now read from and written to using atomic ops. Despite the numerous changes caused by the counters being moved away from counters struct, no change of behavior should be expected.
2025-04-08 12:16:38 -04:00
free(l->counters);
}
MINOR: rhttp: large renaming to use rhttp prefix Previous commit renames 'proto_reverse_connect' module to 'proto_rhttp'. This commits follows this by replacing various custom prefix by 'rhttp_' to make the code uniform. Note that 'reverse_' prefix was kept in connection module. This is because if a new reversable protocol not based on HTTP is implemented, it may be necessary to reused the same connection function which are protocol agnostic.
2023-11-21 05:10:34 -05:00
task_destroy(l->rx.rhttp.task);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
EXTRA_COUNTERS_FREE(l->extra_counters);
free(l);
}
/* Release unused SSL configs. */
list_for_each_entry_safe(bind_conf, bind_back, &p->conf.bind, by_fe) {
if (bind_conf->xprt->destroy_bind_conf)
bind_conf->xprt->destroy_bind_conf(bind_conf);
free(bind_conf->file);
free(bind_conf->arg);
BUG/MINOR: proxy: add missing interface bind free in free_proxy bind->settings.interface hint is allocated when "interface" keyword is specified on a bind line, but the string isn't explicitly freed in proxy_free, resulting in minor memory leak on deinit paths when the keyword is being used. It partially fixes GH #2173 and may be backported to all stable versions. [in 2.2 free_proxy did not exist so the patch must be applied directly in deinit() function from haproxy.c]
2023-06-01 04:58:44 -04:00
free(bind_conf->settings.interface);
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&bind_conf->by_fe);
MINOR: listener: implement GUID support This commit is similar with the two previous ones. Its purpose is to add GUID support on listeners. Due to bind_conf and listeners configuration, some specifities were required. Its possible to define several listeners on a single bind line, for example by specifying multiple addresses. As such, it's impossible to support a "guid" keyword on a bind line. The problem is exacerbated by the cloning of listeners when sharding is used. To resolve this, a new keyword "guid-prefix" is defined for bind lines. It allows to specify a string which will be used as a prefix for automatically generated GUID for each listeners attached to a bind_conf. Automatic GUID listeners generation is implemented via a new function bind_generate_guid(). It is called on post-parsing, after bind_complete_thread_setup(). For each listeners on a bind_conf, a new GUID is generated with bind_conf prefix and the index of the listener relative to other listeners in the bind_conf. This last value is stored in a new bind_conf field named <guid_idx>. If a GUID cannot be inserted, for example due to a non-unique value, an error is returned, startup is interrupted with configuration rejected.
2024-04-02 04:44:08 -04:00
free(bind_conf->guid_prefix);
MINOR: rhttp: large renaming to use rhttp prefix Previous commit renames 'proto_reverse_connect' module to 'proto_rhttp'. This commits follows this by replacing various custom prefix by 'rhttp_' to make the code uniform. Note that 'reverse_' prefix was kept in connection module. This is because if a new reversable protocol not based on HTTP is implemented, it may be necessary to reused the same connection function which are protocol agnostic.
2023-11-21 05:10:34 -05:00
free(bind_conf->rhttp_srvname);
MINOR: proto-tcp: Add support for TCP MD5 signature for listeners and servers This patch adds the support for the RFC2385 (Protection of BGP Sessions via the + TCP MD5 Signature Option) for the listeners and the servers. The feature is only available on Linux. Keywords are not exposed otherwise. By setting "tcp-md5sig <password>" option on a bind line, TCP segments of all connections instantiated from the listening socket will be signed with a 16-byte MD5 digest. The same option can be set on a server line to protect outgoing connections to the corresponding server. The primary use case for this option is to allow BGP to protect itself against the introduction of spoofed TCP segments into the connection stream. But it can be useful for any very long-lived TCP connections. A reg-test was added and it will be executed only on linux. All other targets are excluded.
2025-07-03 09:16:47 -04:00
free(bind_conf->tcp_md5sig);
MINOR: listener: add the "cc" bind keyword to set the TCP congestion controller It is possible on at least Linux and FreeBSD to set the congestion control algorithm to be used with incoming connections, among the list of supported and permitted ones. Let's expose this setting with "cc". Permission issues might be reported (as warnings).
2025-09-17 11:03:42 -04:00
free(bind_conf->cc_algo);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
free(bind_conf);
}
flt_deinit(p);
list_for_each_entry(pxdf, &proxy_deinit_list, list)
pxdf->fct(p);
free(p->desc);
MEDIUM: proxy/http_ext: implement dynamic http_ext proxy http-only options implemented in http_ext were statically stored within proxy struct. We're making some changes so that http_ext are now stored in a dynamically allocated structs. http_ext related structs are only allocated when needed to save some space whenever possible, and they are automatically freed upon proxy deletion. Related PX_O_HTTP{7239,XFF,XOT) option flags were removed because we're now considering an http_ext option as 'active' if it is allocated (ptr is not NULL) A few checks (and BUG_ON) were added to make these changes safe because it adds some (acceptable) complexity to the previous design. Also, proxy.http was renamed to proxy.http_ext to make things more explicit.
2023-01-09 05:09:03 -05:00
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
task_destroy(p->task);
pool_destroy(p->req_cap_pool);
pool_destroy(p->rsp_cap_pool);
BUG/MINOR: proxy/stktable: missing frees on proxy cleanup In 1b8e68e ("MEDIUM: stick-table: Stop handling stick-tables as proxies.") we forgot to free the table pointer which is now dynamically allocated. Let's take this opportunity to also fix a missing free in the table itself (the table expire task wasn't properly destroyed) This patch depends on: - "MINOR: stktable: add sktable_deinit function" It should be backported in every stable versions.
2023-11-16 10:18:14 -05:00
MINOR: stktable: add stktable_deinit function Adding sktable_deinit() helper function to properly cleanup a sticktable that was initialized using stktable_init().
2023-11-16 10:17:12 -05:00
stktable_deinit(p->table);
BUG/MINOR: proxy/stktable: missing frees on proxy cleanup In 1b8e68e ("MEDIUM: stick-table: Stop handling stick-tables as proxies.") we forgot to free the table pointer which is now dynamically allocated. Let's take this opportunity to also fix a missing free in the table itself (the table expire task wasn't properly destroyed) This patch depends on: - "MINOR: stktable: add sktable_deinit function" It should be backported in every stable versions.
2023-11-16 10:18:14 -05:00
ha_free(&p->table);
MINOR: proxies: Add a per-thread group field to struct proxy. Add a per-thread group field to struct proxy, that will contain a struct queue, as well as a new field, "queueslength". This is currently unused, so should change nothing. Please note that proxy_init_per_thr() must now be called for each proxy once the thread groups number is known.
2025-01-15 10:10:43 -05:00
ha_free(&p->per_tgrp);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
HA_RWLOCK_DESTROY(&p->lbprm.lock);
HA_RWLOCK_DESTROY(&p->lock);
BUG/MEDIUM: rules: Be able to use captures defined in defaults section Since the 2.5, it is possible to define TCP/HTTP ruleset in defaults sections. However, rules defining a capture in defaults sections was not properly handled because they was not shared with the proxies inheriting from the defaults section. This led to crash when haproxy tried to store a new capture. So now, to fix the issue, when a new proxy is created, the list of captures points to the list of its defaults section. It may be NULL or not. All new caputres are prepended to this list. It is not a problem to share the same defaults section between several proxies, because it is not altered and we take care to not release it when corresponding proxies are freed but only when defaults proxies are freed. To do so, defaults proxies are now unreferenced at the end of free_proxy() function instead of the beginning. This patch should fix the issue #1674. It must be backported to 2.5.
2022-04-25 08:30:58 -04:00
proxy_unref_defaults(p);
MINOR: proxy: add deinit_proxy() helper func Same as free_proxy(), but does not free the base proxy pointer (ie: the proxy itself may not be allocated) Goal is to be able to cleanup statically allocated dummy proxies.
2025-04-10 04:37:33 -04:00
}
/* deinit and free <p> proxy */
void free_proxy(struct proxy *p)
{
deinit_proxy(p);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
ha_free(&p);
}
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
/*
[MINOR] adjust error messages about conflicting proxies It's not easy to report useful information to help the user quickly fix a configuration. This patch : - removes the word "listener" in favor of "proxy" as it has been used since the beginning ; - ensures that the same function (hence the same words) will be used to report capabilities of a proxy being declared and an existing proxy ; - avoid the term "conflicting capabilities" in favor of "overlapping capabilities" which is more exact. - just report that the same name is reused in case of warnings
2007-11-04 01:04:43 -05:00
* This function returns a string containing a name describing capabilities to
* report comprehensible error messages. Specifically, it will return the words
MINOR: proxy: add a new capability PR_CAP_DEF In order to more easily distinguish a default proxy from a standard one, let's introduce a new capability PR_CAP_DEF.
2021-02-12 03:43:33 -05:00
* "frontend", "backend" when appropriate, "defaults" if it corresponds to a
* defaults section, or "proxy" for all other cases including the proxies
* declared in "listen" mode.
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
*/
[MINOR] adjust error messages about conflicting proxies It's not easy to report useful information to help the user quickly fix a configuration. This patch : - removes the word "listener" in favor of "proxy" as it has been used since the beginning ; - ensures that the same function (hence the same words) will be used to report capabilities of a proxy being declared and an existing proxy ; - avoid the term "conflicting capabilities" in favor of "overlapping capabilities" which is more exact. - just report that the same name is reused in case of warnings
2007-11-04 01:04:43 -05:00
const char *proxy_cap_str(int cap)
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
{
MINOR: proxy: add a new capability PR_CAP_DEF In order to more easily distinguish a default proxy from a standard one, let's introduce a new capability PR_CAP_DEF.
2021-02-12 03:43:33 -05:00
if (cap & PR_CAP_DEF)
return "defaults";
[MINOR] adjust error messages about conflicting proxies It's not easy to report useful information to help the user quickly fix a configuration. This patch : - removes the word "listener" in favor of "proxy" as it has been used since the beginning ; - ensures that the same function (hence the same words) will be used to report capabilities of a proxy being declared and an existing proxy ; - avoid the term "conflicting capabilities" in favor of "overlapping capabilities" which is more exact. - just report that the same name is reused in case of warnings
2007-11-04 01:04:43 -05:00
if ((cap & PR_CAP_LISTEN) != PR_CAP_LISTEN) {
if (cap & PR_CAP_FE)
return "frontend";
else if (cap & PR_CAP_BE)
return "backend";
}
return "proxy";
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
}
[MEDIUM] Implement and use generic findproxy and relax duplicated proxy check This patch: - adds proxy_mode_str() similar to proxy_type_str() - adds a generic findproxy function used with default_backend/setbe/use_backed - rewrite default_backend/senbe/use_backed to use introduced findproxy() - relaxes duplicated proxy check - changes capabilities displaying from "%X" to "%s" with a call to proxy_type_str()
2007-11-03 18:41:58 -04:00
/*
* This function returns a string containing the mode of the proxy in a format
* suitable for error messages.
*/
const char *proxy_mode_str(int mode) {
if (mode == PR_MODE_TCP)
return "tcp";
else if (mode == PR_MODE_HTTP)
return "http";
MEDIUM: cli: implement 'mode cli' proxy analyzers This patch implements analysers for parsing the CLI and extra features for the master's CLI. For each command (sent alone, or separated by ; or \n) the request analyser will determine to which server it should send the request. The 'mode cli' proxy is able to parse a prefix for each command which is used to select the apropriate server. The prefix start by @ and is followed by "master", the PID preceded by ! or the relative PID. (e.g. @master, @1, @!1234). The servers are not round-robined anymore. The command is sent with a SHUTW which force the server to close the connection after sending its response. However the proxy allows a keepalive connection on the client side and does not close. The response analyser does not do much stuff, it only reinits the connection when it received a close from the server, and forward the response. It does not analyze the response data. The only guarantee of the end of the response is the close of the server, we can't rely on the double \n since it's not send by every command. This could be reimplemented later as a filter.
2018-10-26 08:47:40 -04:00
else if (mode == PR_MODE_CLI)
return "cli";
BUG/MINOR: add missing modes in proxy_mode_str() Add the missing PR_MODE_SYSLOG and PR_MODE_PEERS in proxy_mode_str(). Could be backported in every maintained versions.
2022-03-08 05:50:59 -05:00
else if (mode == PR_MODE_SYSLOG)
return "syslog";
else if (mode == PR_MODE_PEERS)
return "peers";
MEDIUM: proxy/spoe: Add a SPOP mode The SPOE was significantly lightened. It is now possible to refactor it to use a dedicated multiplexer. The first step is to add a SPOP mode for proxies. The corresponding multiplexer mode is also added. For now, there is no SPOP multiplexer, so it is only declarative. But at the end, the SPOP multiplexer will be automatically selected for servers inside a SPOP backend. The related issue is #2502.
2024-07-04 03:58:12 -04:00
else if (mode == PR_MODE_SPOP)
return "spop";
[MEDIUM] Implement and use generic findproxy and relax duplicated proxy check This patch: - adds proxy_mode_str() similar to proxy_type_str() - adds a generic findproxy function used with default_backend/setbe/use_backed - rewrite default_backend/senbe/use_backed to use introduced findproxy() - relaxes duplicated proxy check - changes capabilities displaying from "%X" to "%s" with a call to proxy_type_str()
2007-11-03 18:41:58 -04:00
else
return "unknown";
}
MINOR: proxy: refactor mode parsing Define a new utility function str_to_proxy_mode() which is able to convert a string into the corresponding proxy mode if possible. This new function is used for the parsing of "mode" configuration proxy keyword. This patch will be reused for dynamic backend implementation, in order to parse a similar "mode" argument via a CLI handler.
2026-01-12 08:47:51 -05:00
/* Convert <mode> string into proxy mode type. PR_MODES is returned for unknown values. */
enum pr_mode str_to_proxy_mode(const char *mode)
{
if (strcmp(mode, "http") == 0)
return PR_MODE_HTTP;
else if (strcmp(mode, "tcp") == 0)
return PR_MODE_TCP;
else if (strcmp(mode, "log") == 0)
return PR_MODE_SYSLOG;
else if (strcmp(mode, "spop") == 0)
return PR_MODE_SPOP;
return PR_MODES;
}
MINOR: cfgparse/proxy: also support spelling fixes on options Some are not always easy to spot with "chk" vs "check" or hyphens at some places and not at others. Now entering "option http-close" properly suggests "httpclose" and "option tcp-chk" suggests "tcp-check". There's no need to consider the proxy's capabilities, what matters is to figure what related word the user tried to spell, and there are not that many options anyway.
2021-03-15 06:11:55 -04:00
/* try to find among known options the one that looks closest to <word> by
* counting transitions between letters, digits and other characters. Will
* return the best matching word if found, otherwise NULL. An optional array
* of extra words to compare may be passed in <extra>, but it must then be
* terminated by a NULL entry. If unused it may be NULL.
*/
const char *proxy_find_best_option(const char *word, const char **extra)
{
uint8_t word_sig[1024];
uint8_t list_sig[1024];
const char *best_ptr = NULL;
int dist, best_dist = INT_MAX;
int index;
make_word_fingerprint(word_sig, word);
for (index = 0; cfg_opts[index].name; index++) {
make_word_fingerprint(list_sig, cfg_opts[index].name);
dist = word_fingerprint_distance(word_sig, list_sig);
if (dist < best_dist) {
best_dist = dist;
best_ptr = cfg_opts[index].name;
}
}
for (index = 0; cfg_opts2[index].name; index++) {
make_word_fingerprint(list_sig, cfg_opts2[index].name);
dist = word_fingerprint_distance(word_sig, list_sig);
if (dist < best_dist) {
best_dist = dist;
best_ptr = cfg_opts2[index].name;
}
}
while (extra && *extra) {
make_word_fingerprint(list_sig, *extra);
dist = word_fingerprint_distance(word_sig, list_sig);
if (dist < best_dist) {
best_dist = dist;
best_ptr = *extra;
}
extra++;
}
if (best_dist > 2 * strlen(word) || (best_ptr && best_dist > 2 * strlen(best_ptr)))
best_ptr = NULL;
return best_ptr;
}
MINOR: proxy: add proxy_get_next_id() to find next free proxy ID This was previously achieved via the generic get_next_id() but we'll soon get rid of generic ID trees so let's have a dedicated proxy_get_next_id().
2025-08-23 13:24:21 -04:00
/* This function returns the first unused proxy ID greater than or equal to
* <from> in used_proxy_id. Zero is returned if no spare one is found (should
* never happen).
*/
uint proxy_get_next_id(uint from)
{
MEDIUM: proxy: index proxy ID using compact trees The proxy ID is currently stored as a 32-bit int using an eb32 tree. It's used essentially to find holes in order to automatically assign IDs, and to detect duplicates. Let's change this to use compact trees instead in order to save 24 bytes in struct proxy for this node, plus 8 bytes in the root (which is static so not much relevant here). Now the proxy is 3088 bytes large.
2025-08-23 13:57:29 -04:00
const struct proxy *px;
MINOR: proxy: add proxy_get_next_id() to find next free proxy ID This was previously achieved via the generic get_next_id() but we'll soon get rid of generic ID trees so let's have a dedicated proxy_get_next_id().
2025-08-23 13:24:21 -04:00
do {
MEDIUM: proxy: index proxy ID using compact trees The proxy ID is currently stored as a 32-bit int using an eb32 tree. It's used essentially to find holes in order to automatically assign IDs, and to detect duplicates. Let's change this to use compact trees instead in order to save 24 bytes in struct proxy for this node, plus 8 bytes in the root (which is static so not much relevant here). Now the proxy is 3088 bytes large.
2025-08-23 13:57:29 -04:00
px = ceb32_item_lookup_ge(&used_proxy_id, conf.uuid_node, uuid, from, struct proxy);
if (!px || px->uuid > from)
MINOR: proxy: add proxy_get_next_id() to find next free proxy ID This was previously achieved via the generic get_next_id() but we'll soon get rid of generic ID trees so let's have a dedicated proxy_get_next_id().
2025-08-23 13:24:21 -04:00
return from; /* available */
from++;
} while (from);
return from;
}
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
/* This function parses a "timeout" statement in a proxy section. It returns
* -1 if there is any error, 1 for a warning, otherwise zero. If it does not
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
* return zero, it will write an error or warning message into a preallocated
* buffer returned at <err>. The trailing is not be written. The function must
* be called with <args> pointing to the first command line word, with <proxy>
* pointing to the proxy being parsed, and <defpx> to the default proxy or NULL.
* As a special case for compatibility with older configs, it also accepts
* "{cli|srv|con}timeout" in args[0].
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
*/
[MEDIUM] modularize the "timeout" keyword configuration parser The "timeout" keyword already relied on an external parser, let's make use of the new keyword registration mechanism.
2008-07-09 14:34:27 -04:00
static int proxy_parse_timeout(char **args, int section, struct proxy *proxy,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MINOR: config: pass the file and line to config keyword parsers This will be needed when we need to create bind config settings.
2012-09-18 14:02:48 -04:00
char **err)
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
{
unsigned timeout;
int retval, cap;
const char *res, *name;
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
int *tv = NULL;
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const int *td = NULL;
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
retval = 0;
[MEDIUM] modularize the "timeout" keyword configuration parser The "timeout" keyword already relied on an external parser, let's make use of the new keyword registration mechanism.
2008-07-09 14:34:27 -04:00
/* simply skip "timeout" but remain compatible with old form */
if (strcmp(args[0], "timeout") == 0)
args++;
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
name = args[0];
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(args[0], "client") == 0) {
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
name = "client";
[CLEANUP] grouped all timeouts in one structure All known timeouts in a proxy have been grouped into a "timeout" sub-structure.
2007-12-02 19:38:36 -05:00
tv = &proxy->timeout.client;
td = &defpx->timeout.client;
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
cap = PR_CAP_FE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "tarpit") == 0) {
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
tv = &proxy->timeout.tarpit;
td = &defpx->timeout.tarpit;
[MINOR] tarpit timeout is also allowed in backends Since the tarpit action may be set in backends too, its timeout must be configurable there.
2008-01-06 07:40:03 -05:00
cap = PR_CAP_FE | PR_CAP_BE;
MINOR: quic: Rename "handshake" timeout to "client-hs" Use a more specific name for this timeout to distinguish it from a possible future one on the server side. Also update the documentation.
2023-11-17 12:03:20 -05:00
} else if (strcmp(args[0], "client-hs") == 0) {
tv = &proxy->timeout.client_hs;
td = &defpx->timeout.client_hs;
MINOR: proxy: Add "handshake" new timeout (frontend side) Add a new timeout for the handshake, on the frontend side only. Such a hanshake will be typically used for TLS hanshakes during client connections to TLS/TCP or QUIC frontends.
2023-11-14 12:31:38 -05:00
cap = PR_CAP_FE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "http-keep-alive") == 0) {
[MINOR] http: add a separate "http-keep-alive" timeout This one is used to wait for next request after a response was sent to the client.
2010-01-10 08:46:16 -05:00
tv = &proxy->timeout.httpka;
td = &defpx->timeout.httpka;
cap = PR_CAP_FE | PR_CAP_BE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "http-request") == 0) {
[MEDIUM] introduce "timeout http-request" in frontends In order to offer DoS protection, it may be required to lower the maximum accepted time to receive a complete HTTP request without affecting the client timeout. This helps protecting against established connections on which nothing is sent. The client timeout cannot offer a good protection against this abuse because it is an inactivity timeout, which means that if the attacker sends one character every now and then, the timeout will not trigger. With the HTTP request timeout, no matter what speed the client types, the request will be aborted if it does not complete in time.
2008-01-06 07:24:40 -05:00
tv = &proxy->timeout.httpreq;
td = &defpx->timeout.httpreq;
[MINOR] http: take http request timeout from the backend Since we can now switch from TCP to HTTP, we need to be able to apply the HTTP request timeout after switching. That means we need to take it from the backend and not from the frontend. Since the backend points to the frontend before switching, that changes nothing for the normal case.
2009-07-12 04:03:17 -04:00
cap = PR_CAP_FE | PR_CAP_BE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "server") == 0) {
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
name = "server";
[CLEANUP] grouped all timeouts in one structure All known timeouts in a proxy have been grouped into a "timeout" sub-structure.
2007-12-02 19:38:36 -05:00
tv = &proxy->timeout.server;
td = &defpx->timeout.server;
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
cap = PR_CAP_BE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "connect") == 0) {
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
name = "connect";
[CLEANUP] grouped all timeouts in one structure All known timeouts in a proxy have been grouped into a "timeout" sub-structure.
2007-12-02 19:38:36 -05:00
tv = &proxy->timeout.connect;
td = &defpx->timeout.connect;
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
cap = PR_CAP_BE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "check") == 0) {
[MEDIUM]: rework checks handling This patch adds two new variables: fastinter and downinter. When server state is: - non-transitionally UP -> inter (no change) - transitionally UP (going down), unchecked or transitionally DOWN (going up) -> fastinter - down -> downinter It allows to set something like: server sr6 127.0.51.61:80 cookie s6 check inter 10000 downinter 20000 fastinter 500 fall 3 weight 40 In the above example haproxy uses 10000ms between checks but as soon as one check fails fastinter (500ms) is used. If server is down downinter (20000) is used or fastinter (500ms) if one check pass. Fastinter is also used when haproxy starts. New "timeout.check" variable was added, if set haproxy uses it as an additional read timeout, but only after a connection has been already established. I was thinking about using "timeout.server" here but most people set this with an addition reserve but still want checks to kick out laggy servers. Please also note that in most cases check request is much simpler and faster to handle than normal requests so this timeout should be smaller. I also changed the timeout used for check connections establishing. Changes from the previous version: - use tv_isset() to check if the timeout is set, - use min("timeout connect", "inter") but only if "timeout check" is set as this min alone may be to short for full (connect + read) check, - debug code (fprintf) commented/removed - documentation Compile tested only (sorry!) as I'm currently traveling but changes are rather small and trivial.
2008-01-20 19:54:06 -05:00
tv = &proxy->timeout.check;
td = &defpx->timeout.check;
cap = PR_CAP_BE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "queue") == 0) {
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
tv = &proxy->timeout.queue;
td = &defpx->timeout.queue;
cap = PR_CAP_BE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "tunnel") == 0) {
MEDIUM: session: add support for tunnel timeouts Tunnel timeouts are used when TCP connections are forwarded, or when forwarding upgraded HTTP connections (WebSocket) as well as CONNECT requests to proxies. This timeout allows long-lived sessions to be supported without having to set large timeouts to normal requests.
2012-05-12 06:50:00 -04:00
tv = &proxy->timeout.tunnel;
td = &defpx->timeout.tunnel;
cap = PR_CAP_BE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "client-fin") == 0) {
MEDIUM: session: implement half-closed timeouts (client-fin and server-fin) Long-lived sessions are often subject to half-closed sessions resulting in a lot of sessions appearing in FIN_WAIT state in the system tables, and no way for haproxy to get rid of them. This typically happens because clients suddenly disconnect without sending any packet (eg: FIN or RST was lost in the path), and while the server detects this using an applicative heart beat, haproxy does not close the connection. This patch adds two new timeouts : "timeout client-fin" and "timeout server-fin". The former allows one to override the client-facing timeout when a FIN has been received or sent. The latter does the same for server-facing connections, which is less useful.
2014-05-10 08:30:07 -04:00
tv = &proxy->timeout.clientfin;
td = &defpx->timeout.clientfin;
cap = PR_CAP_FE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "server-fin") == 0) {
MEDIUM: session: implement half-closed timeouts (client-fin and server-fin) Long-lived sessions are often subject to half-closed sessions resulting in a lot of sessions appearing in FIN_WAIT state in the system tables, and no way for haproxy to get rid of them. This typically happens because clients suddenly disconnect without sending any packet (eg: FIN or RST was lost in the path), and while the server detects this using an applicative heart beat, haproxy does not close the connection. This patch adds two new timeouts : "timeout client-fin" and "timeout server-fin". The former allows one to override the client-facing timeout when a FIN has been received or sent. The latter does the same for server-facing connections, which is less useful.
2014-05-10 08:30:07 -04:00
tv = &proxy->timeout.serverfin;
td = &defpx->timeout.serverfin;
cap = PR_CAP_BE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "clitimeout") == 0) {
MEDIUM: Make '(cli|con|srv)timeout' directive fatal They were deprecated with HAProxy 1.5. Time to remove them.
2019-05-14 14:57:59 -04:00
memprintf(err, "the '%s' directive is not supported anymore since HAProxy 2.1. Use 'timeout client'.", args[0]);
return -1;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "srvtimeout") == 0) {
MEDIUM: Make '(cli|con|srv)timeout' directive fatal They were deprecated with HAProxy 1.5. Time to remove them.
2019-05-14 14:57:59 -04:00
memprintf(err, "the '%s' directive is not supported anymore since HAProxy 2.1. Use 'timeout server'.", args[0]);
return -1;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "contimeout") == 0) {
MEDIUM: Make '(cli|con|srv)timeout' directive fatal They were deprecated with HAProxy 1.5. Time to remove them.
2019-05-14 14:57:59 -04:00
memprintf(err, "the '%s' directive is not supported anymore since HAProxy 2.1. Use 'timeout connect'.", args[0]);
return -1;
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
} else {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
memprintf(err,
"'timeout' supports 'client', 'server', 'connect', 'check', "
MINOR: proxy: Add "handshake" new timeout (frontend side) Add a new timeout for the handshake, on the frontend side only. Such a hanshake will be typically used for TLS hanshakes during client connections to TLS/TCP or QUIC frontends.
2023-11-14 12:31:38 -05:00
"'queue', 'handshake', 'http-keep-alive', 'http-request', 'tunnel', 'tarpit', "
MEDIUM: session: implement half-closed timeouts (client-fin and server-fin) Long-lived sessions are often subject to half-closed sessions resulting in a lot of sessions appearing in FIN_WAIT state in the system tables, and no way for haproxy to get rid of them. This typically happens because clients suddenly disconnect without sending any packet (eg: FIN or RST was lost in the path), and while the server detects this using an applicative heart beat, haproxy does not close the connection. This patch adds two new timeouts : "timeout client-fin" and "timeout server-fin". The former allows one to override the client-facing timeout when a FIN has been received or sent. The latter does the same for server-facing connections, which is less useful.
2014-05-10 08:30:07 -04:00
"'client-fin' and 'server-fin' (got '%s')",
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
args[0]);
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
return -1;
}
if (*args[1] == 0) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
memprintf(err, "'timeout %s' expects an integer value (in milliseconds)", name);
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
return -1;
}
res = parse_time_err(args[1], &timeout, TIME_UNIT_MS);
MEDIUM: tools: improve time format error detection As reported in GH issue #109 and in discourse issue https://discourse.haproxy.org/t/haproxy-returns-408-or-504-error-when-timeout-client-value-is-every-25d the time parser doesn't error on overflows nor underflows. This is a recurring problem which additionally has the bad taste of taking a long time before hitting the user. This patch makes parse_time_err() return special error codes for overflows and underflows, and adds the control in the call places to report suitable errors depending on the requested unit. In practice, underflows are almost never returned as the parsing function takes care of rounding values up, so this might possibly happen on 64-bit overflows returning exactly zero after rounding though. It is not really possible to cut the patch into pieces as it changes the function's API, hence all callers. Tests were run on about every relevant part (cookie maxlife/maxidle, server inter, stats timeout, timeout*, cli's set timeout command, tcp-request/response inspect-delay).
2019-06-07 13:00:37 -04:00
if (res == PARSE_TIME_OVER) {
memprintf(err, "timer overflow in argument '%s' to 'timeout %s' (maximum value is 2147483647 ms or ~24.8 days)",
args[1], name);
return -1;
}
else if (res == PARSE_TIME_UNDER) {
memprintf(err, "timer underflow in argument '%s' to 'timeout %s' (minimum non-null value is 1 ms)",
args[1], name);
return -1;
}
else if (res) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
memprintf(err, "unexpected character '%c' in 'timeout %s'", *res, name);
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
return -1;
}
MEDIUM: config: warn on unitless timeouts < 100 ms From time to time we face a configuration with very small timeouts which look accidental because there could be expectations that they're expressed in seconds and not milliseconds. This commit adds a check for non-nul unitless values smaller than 100 and emits a warning suggesting to append an explicit unit if that was the intent. Only the common timeouts, the server check intervals and the resolvers hold and timeout values were covered for now. All the code needs to be manually reviewed to verify if it supports emitting warnings. This may break some configs using "zero-warning", but greps in existing configs indicate that these are extremely rare and solely intentionally done during tests. At least even if a user leaves that after a test, it will be more obvious when reading 10ms that something's probably not correct.
2024-11-18 13:47:59 -05:00
if (warn_if_lower(args[1], 100)) {
memprintf(err, "'timeout %s %u' in %s '%s' is suspiciously small for a value in milliseconds. Please use an explicit unit ('%ums') if that was the intent.",
name, timeout, proxy_type_str(proxy), proxy->id, timeout);
retval = 1;
}
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
if (!(proxy->cap & cap)) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
memprintf(err, "'timeout %s' will be ignored because %s '%s' has no %s capability",
name, proxy_type_str(proxy), proxy->id,
(cap & PR_CAP_BE) ? "backend" : "frontend");
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
retval = 1;
}
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
else if (defpx && *tv != *td) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
memprintf(err, "overwriting 'timeout %s' which was already specified", name);
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
retval = 1;
}
MEDIUM: proxy: make timeout parser a bit stricter Twice in a week I found people were surprized by a "conditional timeout" not being respected, because they add "if <cond>" after a timeout, and since they don't see any error nor read the doc, the expect it to work. Let's make the timeout parser reject extra arguments to avoid these situations.
2014-05-22 02:24:46 -04:00
if (*args[2] != 0) {
memprintf(err, "'timeout %s' : unexpected extra argument '%s' after value '%s'.", name, args[2], args[1]);
retval = -1;
}
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
*tv = MS_TO_TICKS(timeout);
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
return retval;
}
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
/* This function parses a "rate-limit" statement in a proxy section. It returns
* -1 if there is any error, 1 for a warning, otherwise zero. If it does not
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
* return zero, it will write an error or warning message into a preallocated
* buffer returned at <err>. The function must be called with <args> pointing
* to the first command line word, with <proxy> pointing to the proxy being
* parsed, and <defpx> to the default proxy or NULL.
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
*/
static int proxy_parse_rate_limit(char **args, int section, struct proxy *proxy,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MINOR: config: pass the file and line to config keyword parsers This will be needed when we need to create bind config settings.
2012-09-18 14:02:48 -04:00
char **err)
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
{
CLEANUP: proxy: simplify proxy_parse_rate_limit proxy checks rate-limits are valid for both frontend and listen, but not backend; so we can simplify this check in a similar manner as it is done in e.g max-keep-alive-queue. this should fix github issue #449 Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2020-01-15 19:34:27 -05:00
int retval;
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
char *res;
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
unsigned int *tv = NULL;
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const unsigned int *td = NULL;
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
unsigned int val;
retval = 0;
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
if (strcmp(args[1], "sessions") == 0) {
[MINOR] compute the max of sessions/s on fe/be/srv Some users want to keep the max sessions/s seen on servers, frontends and backends for capacity planning. It's easy to grab it while the session count is updated, so let's keep it.
2009-05-10 12:52:49 -04:00
tv = &proxy->fe_sps_lim;
td = &defpx->fe_sps_lim;
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
}
else {
memprintf(err, "'%s' only supports 'sessions' (got '%s')", args[0], args[1]);
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
return -1;
}
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
if (*args[2] == 0) {
memprintf(err, "'%s %s' expects expects an integer value (in sessions/second)", args[0], args[1]);
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
return -1;
}
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
val = strtoul(args[2], &res, 0);
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
if (*res) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
memprintf(err, "'%s %s' : unexpected character '%c' in integer value '%s'", args[0], args[1], *res, args[2]);
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
return -1;
}
CLEANUP: proxy: simplify proxy_parse_rate_limit proxy checks rate-limits are valid for both frontend and listen, but not backend; so we can simplify this check in a similar manner as it is done in e.g max-keep-alive-queue. this should fix github issue #449 Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2020-01-15 19:34:27 -05:00
if (!(proxy->cap & PR_CAP_FE)) {
memprintf(err, "%s %s will be ignored because %s '%s' has no frontend capability",
args[0], args[1], proxy_type_str(proxy), proxy->id);
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
retval = 1;
}
else if (defpx && *tv != *td) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
memprintf(err, "overwriting %s %s which was already specified", args[0], args[1]);
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
retval = 1;
}
*tv = val;
return retval;
}
MINOR: http: implement the max-keep-alive-queue setting Finn Arne Gangstad suggested that we should have the ability to break keep-alive when the target server has reached its maxconn and that a number of connections are present in the queue. After some discussion around his proposed patch, the following solution was suggested : have a per-proxy setting to fix a limit to the number of queued connections on a server after which we break keep-alive. This ensures that even in high latency networks where keep-alive is beneficial, we try to find a different server. This patch is partially based on his original proposal and implements this configurable threshold.
2014-04-25 07:58:37 -04:00
/* This function parses a "max-keep-alive-queue" statement in a proxy section.
* It returns -1 if there is any error, 1 for a warning, otherwise zero. If it
* does not return zero, it will write an error or warning message into a
* preallocated buffer returned at <err>. The function must be called with
* <args> pointing to the first command line word, with <proxy> pointing to
* the proxy being parsed, and <defpx> to the default proxy or NULL.
*/
static int proxy_parse_max_ka_queue(char **args, int section, struct proxy *proxy,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MINOR: http: implement the max-keep-alive-queue setting Finn Arne Gangstad suggested that we should have the ability to break keep-alive when the target server has reached its maxconn and that a number of connections are present in the queue. After some discussion around his proposed patch, the following solution was suggested : have a per-proxy setting to fix a limit to the number of queued connections on a server after which we break keep-alive. This ensures that even in high latency networks where keep-alive is beneficial, we try to find a different server. This patch is partially based on his original proposal and implements this configurable threshold.
2014-04-25 07:58:37 -04:00
char **err)
{
int retval;
char *res;
unsigned int val;
retval = 0;
if (*args[1] == 0) {
memprintf(err, "'%s' expects expects an integer value (or -1 to disable)", args[0]);
return -1;
}
val = strtol(args[1], &res, 0);
if (*res) {
memprintf(err, "'%s' : unexpected character '%c' in integer value '%s'", args[0], *res, args[1]);
return -1;
}
if (!(proxy->cap & PR_CAP_BE)) {
memprintf(err, "%s will be ignored because %s '%s' has no backend capability",
args[0], proxy_type_str(proxy), proxy->id);
retval = 1;
}
/* we store <val+1> so that a user-facing value of -1 is stored as zero (default) */
proxy->max_ka_queue = val + 1;
return retval;
}
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
/* This function parses a "declare" statement in a proxy section. It returns -1
* if there is any error, 1 for warning, otherwise 0. If it does not return zero,
* it will write an error or warning message into a preallocated buffer returned
* at <err>. The function must be called with <args> pointing to the first command
* line word, with <proxy> pointing to the proxy being parsed, and <defpx> to the
* default proxy or NULL.
*/
static int proxy_parse_declare(char **args, int section, struct proxy *curpx,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
char **err)
{
/* Capture keyword wannot be declared in a default proxy. */
if (curpx == defpx) {
MINOR: Fix typos in error messages in the proxy subsystem Fix typos in error messages that will be user-visible in the proxy subsystem.
2018-11-15 14:50:44 -05:00
memprintf(err, "'%s' not available in default section", args[0]);
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
return -1;
}
CLEANUP: Fix spelling errors in comments This is from the output of codespell. It's done at once over a bunch of files and only affects comments, so there is nothing user-visible. No backport needed.
2021-01-07 23:35:52 -05:00
/* Capture keyword is only available in frontend. */
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
if (!(curpx->cap & PR_CAP_FE)) {
MINOR: Fix typos in error messages in the proxy subsystem Fix typos in error messages that will be user-visible in the proxy subsystem.
2018-11-15 14:50:44 -05:00
memprintf(err, "'%s' only available in frontend or listen section", args[0]);
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
return -1;
}
/* Check mandatory second keyword. */
if (!args[1] || !*args[1]) {
memprintf(err, "'%s' needs a second keyword that specify the type of declaration ('capture')", args[0]);
return -1;
}
CLEANUP: fix typos in the proxy subsystem Fix typos in the code comments of the proxy subsystem.
2018-11-15 14:46:55 -05:00
/* Actually, declare is only available for declaring capture
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
* slot, but in the future it can declare maps or variables.
CLEANUP: fix typos in the proxy subsystem Fix typos in the code comments of the proxy subsystem.
2018-11-15 14:46:55 -05:00
* So, this section permits to check and switch according with
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
* the second keyword.
*/
if (strcmp(args[1], "capture") == 0) {
char *error = NULL;
long len;
struct cap_hdr *hdr;
/* Check the next keyword. */
if (!args[2] || !*args[2] ||
(strcmp(args[2], "response") != 0 &&
strcmp(args[2], "request") != 0)) {
memprintf(err, "'%s %s' requires a direction ('request' or 'response')", args[0], args[1]);
return -1;
}
/* Check the 'len' keyword. */
if (!args[3] || !*args[3] || strcmp(args[3], "len") != 0) {
memprintf(err, "'%s %s' requires a capture length ('len')", args[0], args[1]);
return -1;
}
/* Check the length value. */
if (!args[4] || !*args[4]) {
memprintf(err, "'%s %s': 'len' requires a numeric value that represents the "
"capture length",
args[0], args[1]);
return -1;
}
/* convert the length value. */
len = strtol(args[4], &error, 10);
if (*error != '\0') {
memprintf(err, "'%s %s': cannot parse the length '%s'.",
args[0], args[1], args[3]);
return -1;
}
/* check length. */
if (len <= 0) {
memprintf(err, "length must be > 0");
return -1;
}
/* register the capture. */
CLEANUP: uniformize last argument of malloc/calloc Instead of repeating the type of the LHS argument (sizeof(struct ...)) in calls to malloc/calloc, we directly use the pointer name (sizeof(*...)). The following Coccinelle patch was used: @@ type T; T *x; @@ x = malloc( - sizeof(T) + sizeof(*x) ) @@ type T; T *x; @@ x = calloc(1, - sizeof(T) + sizeof(*x) ) When the LHS is not just a variable name, no change is made. Moreover, the following patch was used to ensure that "1" is consistently used as a first argument of calloc, not the last one: @@ @@ calloc( + 1, ... - ,1 )
2016-04-03 07:48:43 -04:00
hdr = calloc(1, sizeof(*hdr));
BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare A memory allocation failure happening during proxy_parse_declare while processing the "capture" keyword and allocating a cap_hdr structure would have resulted in a crash. This function is only called during configuration parsing. It was raised in GitHub issue #1233. It could be backported to all stable branches.
2021-05-12 12:04:46 -04:00
if (!hdr) {
memprintf(err, "proxy '%s': out of memory while registering a capture", curpx->id);
return -1;
}
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
hdr->name = NULL; /* not a header capture */
hdr->namelen = 0;
hdr->len = len;
hdr->pool = create_pool("caphdr", hdr->len + 1, MEM_F_SHARED);
BUG/MINOR: config: check capture pool creations for failures A few capture pools can fail in case of too large values for example. These include the req_uri, capture, and caphdr pools, and may be triggered with "tune.http.logurilen 2147483647" in the global section, or one of these in a frontend: capture request header name len 2147483647 http-request capture src len 2147483647 tcp-request content capture src len 2147483647 These seem to be the only occurrences where create_pool()'s return value is assigned without being checked, so let's add the proper check for errors there. This can be backported as a hardening measure though the risks and impacts are extremely low.
2026-01-26 05:13:29 -05:00
if (!hdr->pool) {
memprintf(err, "out of memory");
free(hdr);
return -1;
}
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
if (strcmp(args[2], "request") == 0) {
hdr->next = curpx->req_cap;
hdr->index = curpx->nb_req_cap++;
curpx->req_cap = hdr;
}
if (strcmp(args[2], "response") == 0) {
hdr->next = curpx->rsp_cap;
hdr->index = curpx->nb_rsp_cap++;
curpx->rsp_cap = hdr;
}
return 0;
}
else {
memprintf(err, "unknown declaration type '%s' (supports 'capture')", args[1]);
return -1;
}
}
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
/* This function parses a "retry-on" statement */
static int
proxy_parse_retry_on(char **args, int section, struct proxy *curpx,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
char **err)
{
int i;
if (!(*args[1])) {
memprintf(err, "'%s' needs at least one keyword to specify when to retry", args[0]);
return -1;
}
if (!(curpx->cap & PR_CAP_BE)) {
memprintf(err, "'%s' only available in backend or listen section", args[0]);
return -1;
}
curpx->retry_type = 0;
for (i = 1; *(args[i]); i++) {
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(args[i], "conn-failure") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_CONN_FAILED;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "empty-response") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_DISCONNECTED;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "response-timeout") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_TIMEOUT;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "401") == 0)
MINOR: stream: Add level 7 retries on http error 401, 403 Level-7 retries are only possible with a restricted number of HTTP return codes. While it is usually not safe to retry on 401 and 403, I came up with an authentication backend which was not synchronizing authentication of users. While not perfect, being allowed to also retry on those return codes is really helpful and acts as a hotfix until we can fix the backend. Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
2020-11-12 05:14:05 -05:00
curpx->retry_type |= PR_RE_401;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "403") == 0)
MINOR: stream: Add level 7 retries on http error 401, 403 Level-7 retries are only possible with a restricted number of HTTP return codes. While it is usually not safe to retry on 401 and 403, I came up with an authentication backend which was not synchronizing authentication of users. While not perfect, being allowed to also retry on those return codes is really helpful and acts as a hotfix until we can fix the backend. Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
2020-11-12 05:14:05 -05:00
curpx->retry_type |= PR_RE_403;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "404") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_404;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "408") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_408;
MINOR: proxy: Add support of 421-Misdirected-Request in retry-on status The "421" status can now be specified on retry-on directives. PR_RE_* flags were updated to remains sorted. This patch should fix the issue #2794. It is quite simple so it may safely be backported to 3.1 if necessary.
2024-11-28 05:45:51 -05:00
else if (strcmp(args[i], "421") == 0)
curpx->retry_type |= PR_RE_421;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "425") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_425;
MINOR: proxy: Add support of 429-Too-Many-Requests in retry-on status The "429" status can now be specified on retry-on directives. PR_RE_* flags were updated to remains sorted. This patch should fix the issue #2687. It is quite simple so it may safely be backported to 3.0 if necessary.
2024-08-27 13:09:08 -04:00
else if (strcmp(args[i], "429") == 0)
curpx->retry_type |= PR_RE_429;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "500") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_500;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "501") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_501;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "502") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_502;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "503") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_503;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "504") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_504;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "0rtt-rejected") == 0)
MEDIUM: streams: Add a way to replay failed 0rtt requests. Add a new keyword for retry-on, 0rtt-rejected. If set, we will try to replay requests for which we sent early data that got rejected by the server. If that option is set, we will attempt to use 0rtt if "allow-0rtt" is set on the server line even if the client didn't send early data.
2019-05-03 16:46:27 -04:00
curpx->retry_type |= PR_RE_EARLY_ERROR;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "junk-response") == 0)
MEDIUM: streams: Add a new keyword for retry-on, "junk-response" Add a way to retry requests if we got a junk response from the server, ie an incomplete response, or something that is not valid HTTP. To do so, one can use the new "junk-response" keyword for retry-on.
2019-05-03 17:01:47 -04:00
curpx->retry_type |= PR_RE_JUNK_REQUEST;
MINOR: streams: Introduce a new retry-on keyword, all-retryable-errors. Add a new retry-on keyword, "all-retryable-errors", that activates retry for all errors that are considered retryable. This currently activates retry for "conn-failure", "empty-response", "junk-respones", "response-timeout", "0rtt-rejected", "500", "502", "503" and "504".
2019-05-10 12:05:40 -04:00
else if (!(strcmp(args[i], "all-retryable-errors")))
curpx->retry_type |= PR_RE_CONN_FAILED | PR_RE_DISCONNECTED |
PR_RE_TIMEOUT | PR_RE_500 | PR_RE_502 |
PR_RE_503 | PR_RE_504 | PR_RE_EARLY_ERROR |
PR_RE_JUNK_REQUEST;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "none") == 0) {
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
if (i != 1 || *args[i + 1]) {
memprintf(err, "'%s' 'none' keyworld only usable alone", args[0]);
return -1;
}
} else {
memprintf(err, "'%s': unknown keyword '%s'", args[0], args[i]);
return -1;
}
}
return 0;
}
MEDIUM: lb-chash: add directive hash-preserve-affinity When using hash-based load balancing, requests are always assigned to the server corresponding to the hash bucket for the balancing key, without taking maxconn or maxqueue into account, unlike in other load balancing methods like 'first'. This adds a new backend directive that can be used to take maxconn and possibly maxqueue in that context. This can be used when hashing is desired to achieve cache locality, but sending requests to a different server is preferable to queuing for a long time or failing requests when the initial server is saturated. By default, affinity is preserved as was the case previously. When 'hash-preserve-affinity' is set to 'maxqueue', servers are considered successively in the order of the hash ring until a server that does not have a full queue is found. When 'maxconn' is set on a server, queueing cannot be disabled, as 'maxqueue=0' means unlimited. To support picking a different server when a server is at 'maxconn' irrespective of the queue, 'hash-preserve-affinity' can be set to 'maxconn'.
2025-03-21 06:27:21 -04:00
/* This function parses a "hash-preserve-affinity" statement */
static int
proxy_parse_hash_preserve_affinity(char **args, int section, struct proxy *curpx,
const struct proxy *defpx, const char *file, int line,
char **err)
{
if (!(*args[1])) {
memprintf(err, "'%s' needs a keyword to specify when to preserve hash affinity", args[0]);
return -1;
}
if (!(curpx->cap & PR_CAP_BE)) {
memprintf(err, "'%s' only available in backend or listen section", args[0]);
return -1;
}
curpx->options3 &= ~PR_O3_HASHAFNTY_MASK;
if (strcmp(args[1], "always") == 0)
curpx->options3 |= PR_O3_HASHAFNTY_ALWS;
else if (strcmp(args[1], "maxconn") == 0)
curpx->options3 |= PR_O3_HASHAFNTY_MAXCONN;
else if (strcmp(args[1], "maxqueue") == 0)
curpx->options3 |= PR_O3_HASHAFNTY_MAXQUEUE;
else {
memprintf(err, "'%s': unknown keyword '%s'", args[0], args[1]);
return -1;
}
return 0;
}
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#ifdef TCP_KEEPCNT
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
/* This function parses "{cli|srv}tcpka-cnt" statements */
static int proxy_parse_tcpka_cnt(char **args, int section, struct proxy *proxy,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
char **err)
{
int retval;
char *res;
unsigned int tcpka_cnt;
retval = 0;
if (*args[1] == 0) {
memprintf(err, "'%s' expects an integer value", args[0]);
return -1;
}
tcpka_cnt = strtol(args[1], &res, 0);
if (*res) {
memprintf(err, "'%s' : unexpected character '%c' in integer value '%s'", args[0], *res, args[1]);
return -1;
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(args[0], "clitcpka-cnt") == 0) {
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
if (!(proxy->cap & PR_CAP_FE)) {
memprintf(err, "%s will be ignored because %s '%s' has no frontend capability",
args[0], proxy_type_str(proxy), proxy->id);
retval = 1;
}
proxy->clitcpka_cnt = tcpka_cnt;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "srvtcpka-cnt") == 0) {
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
if (!(proxy->cap & PR_CAP_BE)) {
memprintf(err, "%s will be ignored because %s '%s' has no backend capability",
args[0], proxy_type_str(proxy), proxy->id);
retval = 1;
}
proxy->srvtcpka_cnt = tcpka_cnt;
} else {
/* unreachable */
memprintf(err, "'%s': unknown keyword", args[0]);
return -1;
}
return retval;
}
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#endif
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#ifdef TCP_KEEPIDLE
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
/* This function parses "{cli|srv}tcpka-idle" statements */
static int proxy_parse_tcpka_idle(char **args, int section, struct proxy *proxy,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
char **err)
{
int retval;
const char *res;
unsigned int tcpka_idle;
retval = 0;
if (*args[1] == 0) {
memprintf(err, "'%s' expects an integer value", args[0]);
return -1;
}
res = parse_time_err(args[1], &tcpka_idle, TIME_UNIT_S);
if (res == PARSE_TIME_OVER) {
memprintf(err, "timer overflow in argument '%s' to '%s' (maximum value is 2147483647 ms or ~24.8 days)",
args[1], args[0]);
return -1;
}
else if (res == PARSE_TIME_UNDER) {
memprintf(err, "timer underflow in argument '%s' to '%s' (minimum non-null value is 1 ms)",
args[1], args[0]);
return -1;
}
else if (res) {
memprintf(err, "unexpected character '%c' in argument to <%s>.\n", *res, args[0]);
return -1;
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(args[0], "clitcpka-idle") == 0) {
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
if (!(proxy->cap & PR_CAP_FE)) {
memprintf(err, "%s will be ignored because %s '%s' has no frontend capability",
args[0], proxy_type_str(proxy), proxy->id);
retval = 1;
}
proxy->clitcpka_idle = tcpka_idle;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "srvtcpka-idle") == 0) {
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
if (!(proxy->cap & PR_CAP_BE)) {
memprintf(err, "%s will be ignored because %s '%s' has no backend capability",
args[0], proxy_type_str(proxy), proxy->id);
retval = 1;
}
proxy->srvtcpka_idle = tcpka_idle;
} else {
/* unreachable */
memprintf(err, "'%s': unknown keyword", args[0]);
return -1;
}
return retval;
}
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#endif
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#ifdef TCP_KEEPINTVL
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
/* This function parses "{cli|srv}tcpka-intvl" statements */
static int proxy_parse_tcpka_intvl(char **args, int section, struct proxy *proxy,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
char **err)
{
int retval;
const char *res;
unsigned int tcpka_intvl;
retval = 0;
if (*args[1] == 0) {
memprintf(err, "'%s' expects an integer value", args[0]);
return -1;
}
res = parse_time_err(args[1], &tcpka_intvl, TIME_UNIT_S);
if (res == PARSE_TIME_OVER) {
memprintf(err, "timer overflow in argument '%s' to '%s' (maximum value is 2147483647 ms or ~24.8 days)",
args[1], args[0]);
return -1;
}
else if (res == PARSE_TIME_UNDER) {
memprintf(err, "timer underflow in argument '%s' to '%s' (minimum non-null value is 1 ms)",
args[1], args[0]);
return -1;
}
else if (res) {
memprintf(err, "unexpected character '%c' in argument to <%s>.\n", *res, args[0]);
return -1;
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(args[0], "clitcpka-intvl") == 0) {
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
if (!(proxy->cap & PR_CAP_FE)) {
memprintf(err, "%s will be ignored because %s '%s' has no frontend capability",
args[0], proxy_type_str(proxy), proxy->id);
retval = 1;
}
proxy->clitcpka_intvl = tcpka_intvl;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "srvtcpka-intvl") == 0) {
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
if (!(proxy->cap & PR_CAP_BE)) {
memprintf(err, "%s will be ignored because %s '%s' has no backend capability",
args[0], proxy_type_str(proxy), proxy->id);
retval = 1;
}
proxy->srvtcpka_intvl = tcpka_intvl;
} else {
/* unreachable */
memprintf(err, "'%s': unknown keyword", args[0]);
return -1;
}
return retval;
}
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#endif
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
MEDIUM: proxy: force traffic on unpublished/disabled backends A recent patch has introduced a new state for proxies : unpublished backends. Such backends won't be eligilible for traffic, thus use_backend/default_backend rules which target them won't match and content switching rules processing will continue. This patch defines a new frontend keywords 'force-be-switch'. This keyword allows to ignore unpublished or disabled state. Thus, use_backend/default_backend will match even if the target backend is unpublished or disabled. This is useful to be able to test a backend instance before exposing it outside. This new keyword is converted into a persist rule of new type PERSIST_TYPE_BE_SWITCH, stored in persist_rules list proxy member. This is the only persist rule applicable to frontend side. Prior to this commit, pure frontend proxies persist_rules list were always empty. This new features requires adjustment in process_switching_rules(). Now, when a use_backend/default_backend rule matches with an non eligible backend, frontend persist_rules are inspected to detect if a force-be-switch is present so that the backend may be selected.
2026-01-07 08:15:14 -05:00
static int proxy_parse_force_be_switch(char **args, int section_type, struct proxy *curpx,
const struct proxy *defpx, const char *file, int line,
char **err)
{
struct acl_cond *cond = NULL;
struct persist_rule *rule;
if (curpx->cap & PR_CAP_DEF) {
memprintf(err, "'%s' not allowed in 'defaults' section.", args[0]);
goto err;
}
if (!(curpx->cap & PR_CAP_FE)) {
memprintf(err, "'%s' only available in frontend or listen section.", args[0]);
goto err;
}
if (strcmp(args[1], "if") != 0 && strcmp(args[1], "unless") != 0) {
memprintf(err, "'%s' requires either 'if' or 'unless' followed by a condition.", args[0]);
goto err;
}
if (!(cond = build_acl_cond(file, line, &curpx->acl, curpx, (const char **)args + 1, err))) {
memprintf(err, "'%s' : %s.", args[0], *err);
goto err;
}
if (warnif_cond_conflicts(cond, SMP_VAL_FE_REQ_CNT, err)) {
memprintf(err, "'%s' : %s.", args[0], *err);
goto err;
}
rule = calloc(1, sizeof(*rule));
if (!rule) {
memprintf(err, "'%s' : out of memory.", args[0]);
goto err;
}
rule->cond = cond;
rule->type = PERSIST_TYPE_BE_SWITCH;
LIST_INIT(&rule->list);
LIST_APPEND(&curpx->persist_rules, &rule->list);
return 0;
err:
free_acl_cond(cond);
return -1;
}
MINOR: proxy: implement GUID support Implement proxy identiciation through GUID. As such, a guid_node member is inserted into proxy structure. A proxy keyword "guid" is defined to allow user to fix its value.
2024-03-26 10:26:43 -04:00
static int proxy_parse_guid(char **args, int section_type, struct proxy *curpx,
const struct proxy *defpx, const char *file, int line,
char **err)
{
const char *guid;
char *guid_err = NULL;
if (curpx->cap & PR_CAP_DEF) {
ha_alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, line, args[0]);
return -1;
}
if (!*args[1]) {
memprintf(err, "'%s' : expects an argument", args[0]);
return -1;
}
guid = args[1];
if (guid_insert(&curpx->obj_type, guid, &guid_err)) {
memprintf(err, "'%s': %s", args[0], guid_err);
ha_free(&guid_err);
return -1;
}
return 0;
}
MINOR: proxy: support storing defaults sections into their own tree Now we'll have a tree of named defaults sections. The regular insertion and lookup functions take care of the capability in order to select the appropriate tree. A new function proxy_destroy_defaults() removes a proxy from this tree and frees it entirely.
2021-02-12 07:52:11 -05:00
/* This function inserts proxy <px> into the tree of known proxies (regular
* ones or defaults depending on px->cap & PR_CAP_DEF). The proxy's name is
* used as the storing key so it must already have been initialized.
MEDIUM: proxy: create a tree to store proxies by name Large configurations can take time to parse when thousands of backends are in use. Let's store all the proxies in trees. findproxy_mode() has been modified to use the tree for lookups, which has divided the parsing time by about 2.5. But many lookups are still present at many places and need to be dealt with.
2014-03-15 02:22:35 -04:00
*/
void proxy_store_name(struct proxy *px)
{
MEDIUM: proxy: switch conf.name to cebis_tree This is used to index the proxy's name and it contains a copy of the pointer to the proxy's name in <id>. Changing that for a ceb_node placed just before <id> saves 32 bytes to the struct proxy, which is now 3112 bytes large. Here we need to continue to support duplicates since they're still allowed between type-incompatible proxies. Interestingly, the use of cebis_next_dup() instead of cebis_next() in proxy_find_by_name() allows us to get rid of an strcmp() that was performed for each use_backend rule. A test with a large config (100k backends) shows that we can get 3% extra performance on a config involving a static use_backend rule (3.09M to 3.18M rps), and even 4.5% on a dynamic rule selecting a random backend (2.47M to 2.59M).
2025-07-15 05:47:54 -04:00
struct ceb_root **root = (px->cap & PR_CAP_DEF) ? &defproxy_by_name : &proxy_by_name;
MINOR: proxy: support storing defaults sections into their own tree Now we'll have a tree of named defaults sections. The regular insertion and lookup functions take care of the capability in order to select the appropriate tree. A new function proxy_destroy_defaults() removes a proxy from this tree and frees it entirely.
2021-02-12 07:52:11 -05:00
MEDIUM: proxy: switch conf.name to cebis_tree This is used to index the proxy's name and it contains a copy of the pointer to the proxy's name in <id>. Changing that for a ceb_node placed just before <id> saves 32 bytes to the struct proxy, which is now 3112 bytes large. Here we need to continue to support duplicates since they're still allowed between type-incompatible proxies. Interestingly, the use of cebis_next_dup() instead of cebis_next() in proxy_find_by_name() allows us to get rid of an strcmp() that was performed for each use_backend rule. A test with a large config (100k backends) shows that we can get 3% extra performance on a config involving a static use_backend rule (3.09M to 3.18M rps), and even 4.5% on a dynamic rule selecting a random backend (2.47M to 2.59M).
2025-07-15 05:47:54 -04:00
cebis_item_insert(root, conf.name_node, id, px);
MEDIUM: proxy: create a tree to store proxies by name Large configurations can take time to parse when thousands of backends are in use. Let's store all the proxies in trees. findproxy_mode() has been modified to use the tree for lookups, which has divided the parsing time by about 2.5. But many lookups are still present at many places and need to be dealt with.
2014-03-15 02:22:35 -04:00
}
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
/* Returns a pointer to the first proxy matching capabilities <cap> and id
* <id>. NULL is returned if no match is found. If <table> is non-zero, it
* only considers proxies having a table.
[MINOR] proxy: make findproxy() return proxies from numeric IDs too Sometimes it's useful to be able to search a proxy by its numeric ID, so let's add support for names such as #<id>.
2011-08-02 05:25:54 -04:00
*/
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
struct proxy *proxy_find_by_id(int id, int cap, int table)
CLEANUP: proxy: make the proxy lookup functions more user-friendly First, findproxy() was renamed proxy_find_by_name() so that its explicit that a name is required for the lookup. Second, we give this function the ability to search for tables if needed. Third we now provide inline wrappers to pass the appropriate PR_CAP_* flags and to explicitly look up a frontend, backend or table.
2015-05-26 05:24:42 -04:00
{
MEDIUM: proxy: index proxy ID using compact trees The proxy ID is currently stored as a 32-bit int using an eb32 tree. It's used essentially to find holes in order to automatically assign IDs, and to detect duplicates. Let's change this to use compact trees instead in order to save 24 bytes in struct proxy for this node, plus 8 bytes in the root (which is static so not much relevant here). Now the proxy is 3088 bytes large.
2025-08-23 13:57:29 -04:00
struct proxy *px;
[MINOR] server tracking: don't care about the tracked server's mode Right now, an HTTP server cannot track a TCP server and vice-versa. This patch enables proxy tracking without relying on the proxy's mode (tcp/http/health). It only requires a matching proxy name to exist. The original function was renamed to findproxy_mode().
2009-11-01 21:27:13 -05:00
MEDIUM: proxy: index proxy ID using compact trees The proxy ID is currently stored as a 32-bit int using an eb32 tree. It's used essentially to find holes in order to automatically assign IDs, and to detect duplicates. Let's change this to use compact trees instead in order to save 24 bytes in struct proxy for this node, plus 8 bytes in the root (which is static so not much relevant here). Now the proxy is 3088 bytes large.
2025-08-23 13:57:29 -04:00
for (px = ceb32_item_lookup(&used_proxy_id, conf.uuid_node, uuid, id, struct proxy);
px ; px = ceb32_item_next_dup(&used_proxy_id, conf.uuid_node, uuid, px)) {
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
if ((px->cap & cap) != cap)
continue;
MEDIUM: proxy: make findproxy() use trees to look up proxies Both proxy IDs and names are now looked up from the trees.
2014-03-15 02:43:51 -04:00
MEDIUM: stick-table: Stop handling stick-tables as proxies. This patch adds the support for the "table" line parsing in "peers" sections to declare stick-table in such sections. This also prevents the user from having to declare dummy backends sections with a unique stick-table inside. Even if still supported, this usage will become deprecated. To do so, the ->table member of proxy struct which is a stktable struct is replaced by a pointer to a stktable struct allocated at parsing time in src/cfgparse-listen.c for the dummy stick-table backends and in src/cfgparse.c for "peers" sections. This has an impact on the code for stick-table sample converters and on the stickiness rules parsers which first store the name of the dummy before resolving the rules. This patch replaces proxy_tbl_by_name() calls by stktable_find_by_name() calls to lookup for stick-tables stored in "stktable_by_name" ebtree at parsing time. There is only one remaining place where proxy_tbl_by_name() is used: src/hlua.c. At several places in the code we relied on the fact that ->size member of stick-table was equal to zero to consider the stick-table was present by not configured, this do not make sense anymore as ->table member of struct proxyis fow now on a pointer. These tests are replaced by a test on ->table value itself. In "peers" section we do not have to temporary store the name of the section the stick-table are attached to because this name is obviously already known just after having entered this "peers" section. About the CLI stick-table I/O handler, the pointer to proxy struct is replaced by a pointer to a stktable struct.
2019-03-14 02:07:41 -04:00
if (table && (!px->table || !px->table->size))
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
continue;
MEDIUM: proxy: make findproxy() use trees to look up proxies Both proxy IDs and names are now looked up from the trees.
2014-03-15 02:43:51 -04:00
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
return px;
}
return NULL;
}
MEDIUM: proxy: make findproxy() use trees to look up proxies Both proxy IDs and names are now looked up from the trees.
2014-03-15 02:43:51 -04:00
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
/* Returns a pointer to the first proxy matching either name <name>, or id
* <name> if <name> begins with a '#'. NULL is returned if no match is found.
MINOR: proxy: support storing defaults sections into their own tree Now we'll have a tree of named defaults sections. The regular insertion and lookup functions take care of the capability in order to select the appropriate tree. A new function proxy_destroy_defaults() removes a proxy from this tree and frees it entirely.
2021-02-12 07:52:11 -05:00
* If <table> is non-zero, it only considers proxies having a table. The search
* is made into the regular proxies, unless <cap> has PR_CAP_DEF set in which
* case it's searched into the defproxy tree.
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
*/
struct proxy *proxy_find_by_name(const char *name, int cap, int table)
{
struct proxy *curproxy;
CLEANUP: proxy: make the proxy lookup functions more user-friendly First, findproxy() was renamed proxy_find_by_name() so that its explicit that a name is required for the lookup. Second, we give this function the ability to search for tables if needed. Third we now provide inline wrappers to pass the appropriate PR_CAP_* flags and to explicitly look up a frontend, backend or table.
2015-05-26 05:24:42 -04:00
MINOR: proxy: support storing defaults sections into their own tree Now we'll have a tree of named defaults sections. The regular insertion and lookup functions take care of the capability in order to select the appropriate tree. A new function proxy_destroy_defaults() removes a proxy from this tree and frees it entirely.
2021-02-12 07:52:11 -05:00
if (*name == '#' && !(cap & PR_CAP_DEF)) {
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
curproxy = proxy_find_by_id(atoi(name + 1), cap, table);
if (curproxy)
MINOR: proxy: simply ignore duplicates in proxy name lookups Now that we can't have duplicate proxies with similar capabilities, we can remove some painful check. The first one is the check that made the lookup function return NULL when a duplicate is found, as it prevented it from being used in the config parser to detect duplicates.
2015-05-26 05:35:41 -04:00
return curproxy;
[MINOR] server tracking: don't care about the tracked server's mode Right now, an HTTP server cannot track a TCP server and vice-versa. This patch enables proxy tracking without relying on the proxy's mode (tcp/http/health). It only requires a matching proxy name to exist. The original function was renamed to findproxy_mode().
2009-11-01 21:27:13 -05:00
}
MEDIUM: proxy: make findproxy() use trees to look up proxies Both proxy IDs and names are now looked up from the trees.
2014-03-15 02:43:51 -04:00
else {
MEDIUM: proxy: switch conf.name to cebis_tree This is used to index the proxy's name and it contains a copy of the pointer to the proxy's name in <id>. Changing that for a ceb_node placed just before <id> saves 32 bytes to the struct proxy, which is now 3112 bytes large. Here we need to continue to support duplicates since they're still allowed between type-incompatible proxies. Interestingly, the use of cebis_next_dup() instead of cebis_next() in proxy_find_by_name() allows us to get rid of an strcmp() that was performed for each use_backend rule. A test with a large config (100k backends) shows that we can get 3% extra performance on a config involving a static use_backend rule (3.09M to 3.18M rps), and even 4.5% on a dynamic rule selecting a random backend (2.47M to 2.59M).
2025-07-15 05:47:54 -04:00
struct ceb_root **root;
MEDIUM: proxy: make findproxy() use trees to look up proxies Both proxy IDs and names are now looked up from the trees.
2014-03-15 02:43:51 -04:00
MINOR: proxy: support storing defaults sections into their own tree Now we'll have a tree of named defaults sections. The regular insertion and lookup functions take care of the capability in order to select the appropriate tree. A new function proxy_destroy_defaults() removes a proxy from this tree and frees it entirely.
2021-02-12 07:52:11 -05:00
root = (cap & PR_CAP_DEF) ? &defproxy_by_name : &proxy_by_name;
MEDIUM: proxy: switch conf.name to cebis_tree This is used to index the proxy's name and it contains a copy of the pointer to the proxy's name in <id>. Changing that for a ceb_node placed just before <id> saves 32 bytes to the struct proxy, which is now 3112 bytes large. Here we need to continue to support duplicates since they're still allowed between type-incompatible proxies. Interestingly, the use of cebis_next_dup() instead of cebis_next() in proxy_find_by_name() allows us to get rid of an strcmp() that was performed for each use_backend rule. A test with a large config (100k backends) shows that we can get 3% extra performance on a config involving a static use_backend rule (3.09M to 3.18M rps), and even 4.5% on a dynamic rule selecting a random backend (2.47M to 2.59M).
2025-07-15 05:47:54 -04:00
for (curproxy = cebis_item_lookup(root, conf.name_node, id, name, struct proxy);
curproxy; curproxy = cebis_item_next_dup(root, conf.name_node, id, curproxy)) {
MEDIUM: proxy: make findproxy() use trees to look up proxies Both proxy IDs and names are now looked up from the trees.
2014-03-15 02:43:51 -04:00
if ((curproxy->cap & cap) != cap)
continue;
[MINOR] server tracking: don't care about the tracked server's mode Right now, an HTTP server cannot track a TCP server and vice-versa. This patch enables proxy tracking without relying on the proxy's mode (tcp/http/health). It only requires a matching proxy name to exist. The original function was renamed to findproxy_mode().
2009-11-01 21:27:13 -05:00
MEDIUM: stick-table: Stop handling stick-tables as proxies. This patch adds the support for the "table" line parsing in "peers" sections to declare stick-table in such sections. This also prevents the user from having to declare dummy backends sections with a unique stick-table inside. Even if still supported, this usage will become deprecated. To do so, the ->table member of proxy struct which is a stktable struct is replaced by a pointer to a stktable struct allocated at parsing time in src/cfgparse-listen.c for the dummy stick-table backends and in src/cfgparse.c for "peers" sections. This has an impact on the code for stick-table sample converters and on the stickiness rules parsers which first store the name of the dummy before resolving the rules. This patch replaces proxy_tbl_by_name() calls by stktable_find_by_name() calls to lookup for stick-tables stored in "stktable_by_name" ebtree at parsing time. There is only one remaining place where proxy_tbl_by_name() is used: src/hlua.c. At several places in the code we relied on the fact that ->size member of stick-table was equal to zero to consider the stick-table was present by not configured, this do not make sense anymore as ->table member of struct proxyis fow now on a pointer. These tests are replaced by a test on ->table value itself. In "peers" section we do not have to temporary store the name of the section the stick-table are attached to because this name is obviously already known just after having entered this "peers" section. About the CLI stick-table I/O handler, the pointer to proxy struct is replaced by a pointer to a stktable struct.
2019-03-14 02:07:41 -04:00
if (table && (!curproxy->table || !curproxy->table->size))
CLEANUP: proxy: make the proxy lookup functions more user-friendly First, findproxy() was renamed proxy_find_by_name() so that its explicit that a name is required for the lookup. Second, we give this function the ability to search for tables if needed. Third we now provide inline wrappers to pass the appropriate PR_CAP_* flags and to explicitly look up a frontend, backend or table.
2015-05-26 05:24:42 -04:00
continue;
MINOR: proxy: simply ignore duplicates in proxy name lookups Now that we can't have duplicate proxies with similar capabilities, we can remove some painful check. The first one is the check that made the lookup function return NULL when a duplicate is found, as it prevented it from being used in the config parser to detect duplicates.
2015-05-26 05:35:41 -04:00
return curproxy;
MEDIUM: proxy: make findproxy() use trees to look up proxies Both proxy IDs and names are now looked up from the trees.
2014-03-15 02:43:51 -04:00
}
}
MINOR: proxy: simply ignore duplicates in proxy name lookups Now that we can't have duplicate proxies with similar capabilities, we can remove some painful check. The first one is the check that made the lookup function return NULL when a duplicate is found, as it prevented it from being used in the config parser to detect duplicates.
2015-05-26 05:35:41 -04:00
return NULL;
[MINOR] server tracking: don't care about the tracked server's mode Right now, an HTTP server cannot track a TCP server and vice-versa. This patch enables proxy tracking without relying on the proxy's mode (tcp/http/health). It only requires a matching proxy name to exist. The original function was renamed to findproxy_mode().
2009-11-01 21:27:13 -05:00
}
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
/* Finds the best match for a proxy with capabilities <cap>, name <name> and id
* <id>. At most one of <id> or <name> may be different provided that <cap> is
* valid. Either <id> or <name> may be left unspecified (0). The purpose is to
* find a proxy based on some information from a previous configuration, across
* reloads or during information exchange between peers.
*
* Names are looked up first if present, then IDs are compared if present. In
* case of an inexact match whatever is forced in the configuration has
* precedence in the following order :
* - 1) forced ID (proves a renaming / change of proxy type)
* - 2) proxy name+type (may indicate a move if ID differs)
* - 3) automatic ID+type (may indicate a renaming)
*
* Depending on what is found, we can end up in the following situations :
*
* name id cap | possible causes
* -------------+-----------------
* -- -- -- | nothing found
* -- -- ok | nothing found
* -- ok -- | proxy deleted, ID points to next one
* -- ok ok | proxy renamed, or deleted with ID pointing to next one
* ok -- -- | proxy deleted, but other half with same name still here (before)
* ok -- ok | proxy's ID changed (proxy moved in the config file)
* ok ok -- | proxy deleted, but other half with same name still here (after)
* ok ok ok | perfect match
*
* Upon return if <diff> is not NULL, it is zeroed then filled with up to 3 bits :
MINOR: proxy: bit field for proxy_find_best_match diff status function proxy_find_best_match can update the caller by updating an int provided in argument. For now, proxy_find_best_match hardcode bit values 0x01, 0x02 and 0x04, which is not understandable when reading a code exploiting them. This patch defines 3 macros with a more explicit wording, so further reading of a code exploiting the magic bit values will be understandable more easily.
2015-07-03 05:03:33 -04:00
* - PR_FBM_MISMATCH_ID : proxy was found but ID differs
* (and ID was not zero)
* - PR_FBM_MISMATCH_NAME : proxy was found by ID but name differs
* (and name was not NULL)
* - PR_FBM_MISMATCH_PROXYTYPE : a proxy of different type was found with
* the same name and/or id
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
*
* Only a valid proxy is returned. If capabilities do not match, NULL is
* returned. The caller can check <diff> to report detailed warnings / errors,
* and decide whether or not to use what was found.
*/
struct proxy *proxy_find_best_match(int cap, const char *name, int id, int *diff)
{
struct proxy *byname;
struct proxy *byid;
if (!name && !id)
return NULL;
if (diff)
*diff = 0;
byname = byid = NULL;
if (name) {
byname = proxy_find_by_name(name, cap, 0);
if (byname && (!id || byname->uuid == id))
return byname;
}
CLEANUP: fix typos in the proxy subsystem Fix typos in the code comments of the proxy subsystem.
2018-11-15 14:46:55 -05:00
/* remaining possibilities :
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
* - name not set
* - name set but not found
* - name found, but ID doesn't match.
*/
if (id) {
byid = proxy_find_by_id(id, cap, 0);
if (byid) {
if (byname) {
/* id+type found, name+type found, but not all 3.
* ID wins only if forced, otherwise name wins.
*/
if (byid->options & PR_O_FORCED_ID) {
if (diff)
MINOR: proxy: bit field for proxy_find_best_match diff status function proxy_find_best_match can update the caller by updating an int provided in argument. For now, proxy_find_best_match hardcode bit values 0x01, 0x02 and 0x04, which is not understandable when reading a code exploiting them. This patch defines 3 macros with a more explicit wording, so further reading of a code exploiting the magic bit values will be understandable more easily.
2015-07-03 05:03:33 -04:00
*diff |= PR_FBM_MISMATCH_NAME;
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
return byid;
}
else {
if (diff)
MINOR: proxy: bit field for proxy_find_best_match diff status function proxy_find_best_match can update the caller by updating an int provided in argument. For now, proxy_find_best_match hardcode bit values 0x01, 0x02 and 0x04, which is not understandable when reading a code exploiting them. This patch defines 3 macros with a more explicit wording, so further reading of a code exploiting the magic bit values will be understandable more easily.
2015-07-03 05:03:33 -04:00
*diff |= PR_FBM_MISMATCH_ID;
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
return byname;
}
}
CLEANUP: fix typos in the proxy subsystem Fix typos in the code comments of the proxy subsystem.
2018-11-15 14:46:55 -05:00
/* remaining possibilities :
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
* - name not set
* - name set but not found
*/
if (name && diff)
MINOR: proxy: bit field for proxy_find_best_match diff status function proxy_find_best_match can update the caller by updating an int provided in argument. For now, proxy_find_best_match hardcode bit values 0x01, 0x02 and 0x04, which is not understandable when reading a code exploiting them. This patch defines 3 macros with a more explicit wording, so further reading of a code exploiting the magic bit values will be understandable more easily.
2015-07-03 05:03:33 -04:00
*diff |= PR_FBM_MISMATCH_NAME;
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
return byid;
}
/* ID not found */
if (byname) {
if (diff)
MINOR: proxy: bit field for proxy_find_best_match diff status function proxy_find_best_match can update the caller by updating an int provided in argument. For now, proxy_find_best_match hardcode bit values 0x01, 0x02 and 0x04, which is not understandable when reading a code exploiting them. This patch defines 3 macros with a more explicit wording, so further reading of a code exploiting the magic bit values will be understandable more easily.
2015-07-03 05:03:33 -04:00
*diff |= PR_FBM_MISMATCH_ID;
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
return byname;
}
}
CLEANUP: fix typos in the proxy subsystem Fix typos in the code comments of the proxy subsystem.
2018-11-15 14:46:55 -05:00
/* All remaining possibilities will lead to NULL. If we can report more
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
* detailed information to the caller about changed types and/or name,
* we'll do it. For example, we could detect that "listen foo" was
* split into "frontend foo_ft" and "backend foo_bk" if IDs are forced.
* - name not set, ID not found
* - name not found, ID not set
* - name not found, ID not found
*/
if (!diff)
return NULL;
if (name) {
byname = proxy_find_by_name(name, 0, 0);
if (byname && (!id || byname->uuid == id))
MINOR: proxy: bit field for proxy_find_best_match diff status function proxy_find_best_match can update the caller by updating an int provided in argument. For now, proxy_find_best_match hardcode bit values 0x01, 0x02 and 0x04, which is not understandable when reading a code exploiting them. This patch defines 3 macros with a more explicit wording, so further reading of a code exploiting the magic bit values will be understandable more easily.
2015-07-03 05:03:33 -04:00
*diff |= PR_FBM_MISMATCH_PROXYTYPE;
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
}
if (id) {
byid = proxy_find_by_id(id, 0, 0);
if (byid) {
if (!name)
MINOR: proxy: bit field for proxy_find_best_match diff status function proxy_find_best_match can update the caller by updating an int provided in argument. For now, proxy_find_best_match hardcode bit values 0x01, 0x02 and 0x04, which is not understandable when reading a code exploiting them. This patch defines 3 macros with a more explicit wording, so further reading of a code exploiting the magic bit values will be understandable more easily.
2015-07-03 05:03:33 -04:00
*diff |= PR_FBM_MISMATCH_PROXYTYPE; /* only type changed */
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
else if (byid->options & PR_O_FORCED_ID)
MINOR: proxy: bit field for proxy_find_best_match diff status function proxy_find_best_match can update the caller by updating an int provided in argument. For now, proxy_find_best_match hardcode bit values 0x01, 0x02 and 0x04, which is not understandable when reading a code exploiting them. This patch defines 3 macros with a more explicit wording, so further reading of a code exploiting the magic bit values will be understandable more easily.
2015-07-03 05:03:33 -04:00
*diff |= PR_FBM_MISMATCH_NAME | PR_FBM_MISMATCH_PROXYTYPE; /* name and type changed */
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
/* otherwise it's a different proxy that was returned */
}
}
return NULL;
}
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
/* This function checks that the designated proxy has no http directives
* enabled. It will output a warning if there are, and will fix some of them.
* It returns the number of fatal errors encountered. This should be called
* at the end of the configuration parsing if the proxy is not in http mode.
* The <file> argument is used to construct the error message.
*/
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
int proxy_cfg_ensure_no_http(struct proxy *curproxy)
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
{
if (curproxy->cookie_name != NULL) {
MINOR: errors: specify prefix "config" for parsing output Set "config :" as a prefix for the user messages context before starting the configuration parsing. All following stderr output will be prefixed by it. As a consequence, remove extraneous prefix "config" already specified in various ha_alert/warning/notice calls.
2021-06-04 12:22:08 -04:00
ha_warning("cookie will be ignored for %s '%s' (needs 'mode http').\n",
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
proxy_type_str(curproxy), curproxy->id);
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
}
[MINOR] backend: separate declarations of LB algos from their lookup method LB algo macros were composed of the LB algo by itself without any indication of the method to use to look up a server (the lb function itself). This method was implied by the LB algo, which was not very convenient to add more algorithms. Now we have several fields in the LB macros, some to describe what to look for in the requests, some to describe how to transform that (kind of algo) and some to describe what lookup function to use. The next patch will make it possible to factor out some code for all algos which rely on a map.
2009-10-03 06:21:20 -04:00
if (curproxy->lbprm.algo & BE_LB_NEED_HTTP) {
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
curproxy->lbprm.algo &= ~BE_LB_ALGO;
curproxy->lbprm.algo |= BE_LB_ALGO_RR;
MINOR: errors: specify prefix "config" for parsing output Set "config :" as a prefix for the user messages context before starting the configuration parsing. All following stderr output will be prefixed by it. As a consequence, remove extraneous prefix "config" already specified in various ha_alert/warning/notice calls.
2021-06-04 12:22:08 -04:00
ha_warning("Layer 7 hash not possible for %s '%s' (needs 'mode http'). Falling back to round robin.\n",
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
proxy_type_str(curproxy), curproxy->id);
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
}
MINOR: Implements new log format of option tcplog clf Some systems require log formats in the CLF format and that meant that I could not send my logs for proxies in mode tcp to those servers. This implements a format that uses log variables that are compatble with TCP mode frontends and replaces traditional HTTP values in the CLF format to make them stand out. Instead of logging method and URI like this "GET /example HTTP/1.1" it will log "TCP " and for a response code I used "000" so it would be easy to separate from legitimate HTTP traffic. Now your log servers that require a CLF format can see the timings for TCP traffic as well as HTTP.
2024-08-13 14:25:38 -04:00
if (curproxy->logformat.str == default_http_log_format) {
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
/* Note: we don't change the directive's file:line number */
MEDIUM: proxy/log: leverage lf_expr API for logformat preparsing Currently, the way proxy-oriented logformat directives are handled is way too complicated. Indeed, "log-format", "log-format-error", "log-format-sd" and "unique-id-format" all rely on preparsing hints stored inside proxy->conf member struct. Those preparsing hints include the original string that should be compiled once the proxy parameters are known plus the config file and line number where the string was found to generate precise error messages in case of failure during the compiling process that happens within check_config_validity(). Now that lf_expr API permits to compile a lf_expr struct that was previously prepared (with original string and config hints), let's leverage lf_expr_compile() from check_config_validity() and instead of relying on individual proxy->conf hints for each logformat expression, store string and config hints in the lf_expr struct directly and use lf_expr helpers funcs to handle them when relevant (ie: original logformat string freeing is now done at a central place inside lf_expr_deinit(), which allows for some simplifications) Doing so allows us to greatly simplify the preparsing logic for those 4 proxy directives, and to finally save some space in the proxy struct. Also, since httpclient proxy has its "logformat" automatically compiled in check_config_validity(), we now use the file hint from the logformat expression struct to set an explicit name that will be reported in case of error ("parsing [httpclient:0] : ...") and remove the extraneous check in httpclient_precheck() (logformat was parsed twice previously..)
2024-03-05 09:44:43 -05:00
curproxy->logformat.str = default_tcp_log_format;
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("parsing [%s:%d] : 'option httplog' not usable with %s '%s' (needs 'mode http'). Falling back to 'option tcplog'.\n",
MEDIUM: proxy/log: leverage lf_expr API for logformat preparsing Currently, the way proxy-oriented logformat directives are handled is way too complicated. Indeed, "log-format", "log-format-error", "log-format-sd" and "unique-id-format" all rely on preparsing hints stored inside proxy->conf member struct. Those preparsing hints include the original string that should be compiled once the proxy parameters are known plus the config file and line number where the string was found to generate precise error messages in case of failure during the compiling process that happens within check_config_validity(). Now that lf_expr API permits to compile a lf_expr struct that was previously prepared (with original string and config hints), let's leverage lf_expr_compile() from check_config_validity() and instead of relying on individual proxy->conf hints for each logformat expression, store string and config hints in the lf_expr struct directly and use lf_expr helpers funcs to handle them when relevant (ie: original logformat string freeing is now done at a central place inside lf_expr_deinit(), which allows for some simplifications) Doing so allows us to greatly simplify the preparsing logic for those 4 proxy directives, and to finally save some space in the proxy struct. Also, since httpclient proxy has its "logformat" automatically compiled in check_config_validity(), we now use the file hint from the logformat expression struct to set an explicit name that will be reported in case of error ("parsing [httpclient:0] : ...") and remove the extraneous check in httpclient_precheck() (logformat was parsed twice previously..)
2024-03-05 09:44:43 -05:00
curproxy->logformat.conf.file, curproxy->logformat.conf.line,
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
proxy_type_str(curproxy), curproxy->id);
BUG/MINOR: fix option httplog validation with TCP frontends Option httplog needs to be checked only once the proxy has been validated, so that its final mode (tcp/http) can be used. Also we need to check for httplog before checking the log format, so that we can report a warning about this specific option and not about the format it implies.
2012-05-31 13:30:26 -04:00
}
MINOR: Implements new log format of option tcplog clf Some systems require log formats in the CLF format and that meant that I could not send my logs for proxies in mode tcp to those servers. This implements a format that uses log variables that are compatble with TCP mode frontends and replaces traditional HTTP values in the CLF format to make them stand out. Instead of logging method and URI like this "GET /example HTTP/1.1" it will log "TCP " and for a response code I used "000" so it would be easy to separate from legitimate HTTP traffic. Now your log servers that require a CLF format can see the timings for TCP traffic as well as HTTP.
2024-08-13 14:25:38 -04:00
else if (curproxy->logformat.str == clf_http_log_format) {
/* Note: we don't change the directive's file:line number */
curproxy->logformat.str = clf_tcp_log_format;
ha_warning("parsing [%s:%d] : 'option httplog clf' not usable with %s '%s' (needs 'mode http'). Falling back to 'option tcplog clf'.\n",
curproxy->logformat.conf.file, curproxy->logformat.conf.line,
proxy_type_str(curproxy), curproxy->id);
}
MEDIUM: proxy/log: leverage lf_expr API for logformat preparsing Currently, the way proxy-oriented logformat directives are handled is way too complicated. Indeed, "log-format", "log-format-error", "log-format-sd" and "unique-id-format" all rely on preparsing hints stored inside proxy->conf member struct. Those preparsing hints include the original string that should be compiled once the proxy parameters are known plus the config file and line number where the string was found to generate precise error messages in case of failure during the compiling process that happens within check_config_validity(). Now that lf_expr API permits to compile a lf_expr struct that was previously prepared (with original string and config hints), let's leverage lf_expr_compile() from check_config_validity() and instead of relying on individual proxy->conf hints for each logformat expression, store string and config hints in the lf_expr struct directly and use lf_expr helpers funcs to handle them when relevant (ie: original logformat string freeing is now done at a central place inside lf_expr_deinit(), which allows for some simplifications) Doing so allows us to greatly simplify the preparsing logic for those 4 proxy directives, and to finally save some space in the proxy struct. Also, since httpclient proxy has its "logformat" automatically compiled in check_config_validity(), we now use the file hint from the logformat expression struct to set an explicit name that will be reported in case of error ("parsing [httpclient:0] : ...") and remove the extraneous check in httpclient_precheck() (logformat was parsed twice previously..)
2024-03-05 09:44:43 -05:00
else if (curproxy->logformat.str == default_https_log_format) {
MINOR: ssl: Define a default https log format This patch adds a new httpslog option and a new HTTP over SSL log-format that expands the default HTTP format and adds SSL specific information.
2021-07-29 03:45:52 -04:00
/* Note: we don't change the directive's file:line number */
MEDIUM: proxy/log: leverage lf_expr API for logformat preparsing Currently, the way proxy-oriented logformat directives are handled is way too complicated. Indeed, "log-format", "log-format-error", "log-format-sd" and "unique-id-format" all rely on preparsing hints stored inside proxy->conf member struct. Those preparsing hints include the original string that should be compiled once the proxy parameters are known plus the config file and line number where the string was found to generate precise error messages in case of failure during the compiling process that happens within check_config_validity(). Now that lf_expr API permits to compile a lf_expr struct that was previously prepared (with original string and config hints), let's leverage lf_expr_compile() from check_config_validity() and instead of relying on individual proxy->conf hints for each logformat expression, store string and config hints in the lf_expr struct directly and use lf_expr helpers funcs to handle them when relevant (ie: original logformat string freeing is now done at a central place inside lf_expr_deinit(), which allows for some simplifications) Doing so allows us to greatly simplify the preparsing logic for those 4 proxy directives, and to finally save some space in the proxy struct. Also, since httpclient proxy has its "logformat" automatically compiled in check_config_validity(), we now use the file hint from the logformat expression struct to set an explicit name that will be reported in case of error ("parsing [httpclient:0] : ...") and remove the extraneous check in httpclient_precheck() (logformat was parsed twice previously..)
2024-03-05 09:44:43 -05:00
curproxy->logformat.str = default_tcp_log_format;
MINOR: ssl: Define a default https log format This patch adds a new httpslog option and a new HTTP over SSL log-format that expands the default HTTP format and adds SSL specific information.
2021-07-29 03:45:52 -04:00
ha_warning("parsing [%s:%d] : 'option httpslog' not usable with %s '%s' (needs 'mode http'). Falling back to 'option tcplog'.\n",
MEDIUM: proxy/log: leverage lf_expr API for logformat preparsing Currently, the way proxy-oriented logformat directives are handled is way too complicated. Indeed, "log-format", "log-format-error", "log-format-sd" and "unique-id-format" all rely on preparsing hints stored inside proxy->conf member struct. Those preparsing hints include the original string that should be compiled once the proxy parameters are known plus the config file and line number where the string was found to generate precise error messages in case of failure during the compiling process that happens within check_config_validity(). Now that lf_expr API permits to compile a lf_expr struct that was previously prepared (with original string and config hints), let's leverage lf_expr_compile() from check_config_validity() and instead of relying on individual proxy->conf hints for each logformat expression, store string and config hints in the lf_expr struct directly and use lf_expr helpers funcs to handle them when relevant (ie: original logformat string freeing is now done at a central place inside lf_expr_deinit(), which allows for some simplifications) Doing so allows us to greatly simplify the preparsing logic for those 4 proxy directives, and to finally save some space in the proxy struct. Also, since httpclient proxy has its "logformat" automatically compiled in check_config_validity(), we now use the file hint from the logformat expression struct to set an explicit name that will be reported in case of error ("parsing [httpclient:0] : ...") and remove the extraneous check in httpclient_precheck() (logformat was parsed twice previously..)
2024-03-05 09:44:43 -05:00
curproxy->logformat.conf.file, curproxy->logformat.conf.line,
MINOR: ssl: Define a default https log format This patch adds a new httpslog option and a new HTTP over SSL log-format that expands the default HTTP format and adds SSL specific information.
2021-07-29 03:45:52 -04:00
proxy_type_str(curproxy), curproxy->id);
}
BUG/MINOR: fix option httplog validation with TCP frontends Option httplog needs to be checked only once the proxy has been validated, so that its final mode (tcp/http) can be used. Also we need to check for httplog before checking the log format, so that we can report a warning about this specific option and not about the format it implies.
2012-05-31 13:30:26 -04:00
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
return 0;
}
MINOR: log/backend: ensure log exclusive params are not used in other modes add proxy_cfg_ensure_no_log() function (similar to proxy_cfg_ensure_no_http()) to ensure at the end of proxy parsing that no log exclusive options are found if the proxy is not in log mode.
2023-11-15 06:18:52 -05:00
/* This function checks that the designated proxy has no log directives
* enabled. It will output a warning if there are, and will fix some of them.
* It returns the number of fatal errors encountered. This should be called
* at the end of the configuration parsing if the proxy is not in log mode.
* The <file> argument is used to construct the error message.
*/
int proxy_cfg_ensure_no_log(struct proxy *curproxy)
{
if (curproxy->lbprm.algo & BE_LB_NEED_LOG) {
curproxy->lbprm.algo &= ~BE_LB_ALGO;
curproxy->lbprm.algo |= BE_LB_ALGO_RR;
ha_warning("Unusable balance algorithm for %s '%s' (needs 'mode log'). Falling back to round robin.\n",
proxy_type_str(curproxy), curproxy->id);
}
return 0;
}
MINOR: proxy: remove proxy_preset_defaults() Function proxy_preset_defaults() purpose has evolved over time. Originally, it was only used to initialize defaults proxies instances. Until today, it was extended so that all proxies use it. Its objective is to initialize settings to common default values. To remove the confusion, this function is now removed. Its content is integrated directly into init_new_proxy().
2026-01-20 05:41:37 -05:00
/* Perform the most basic initialization of <p> proxy and define some common
* default parameters values. Any new proxy or peer should be initialized via
* this function.
[BUG] proxy: stats frontend and peers were missing many initializers This was revealed with one of the very latest patches which caused the listener_queue not to be initialized on the stats socket frontend. And in fact a number of other ones were missing too. This is getting so boring that now we'll always make use of the same function to initialize any proxy. Doing so has even saved about 500 bytes on the binary due to the avoided code redundancy. No backport is needed.
2011-07-28 19:49:03 -04:00
*/
void init_new_proxy(struct proxy *p)
{
memset(p, 0, sizeof(struct proxy));
MAJOR: connection: replace struct target with a pointer to an enum Instead of storing a couple of (int, ptr) in the struct connection and the struct session, we use a different method : we only store a pointer to an integer which is stored inside the target object and which contains a unique type identifier. That way, the pointer allows us to retrieve the object type (by dereferencing it) and the object's address (by computing the displacement in the target structure). The NULL pointer always corresponds to OBJ_TYPE_NONE. This reduces the size of the connection and session structs. It also simplifies target assignment and compare. In order to improve the generated code, we try to put the obj_type element at the beginning of all the structs (listener, server, proxy, si_applet), so that the original and target pointers are always equal. A lot of code was touched by massive replaces, but the changes are not that important.
2012-11-11 18:42:33 -05:00
p->obj_type = OBJ_TYPE_PROXY;
MINOR: proxy: add a true list containing all proxies We have global proxies_list pointer which is announced as the list of "all existing proxies", but in fact it only represents regular proxies declared on the config file through "listen, frontend or backend" keywords It is ambiguous, and we currently don't have a straightforwrd method to iterate over all proxies (either public or internal ones) within haproxy Instead we still have to manually iterate over multiple lists (main proxies, log-forward proxies, peer proxies..) which is error-prone. In this patch we add a struct list member (8 bytes) inside struct proxy in order to store every proxy (except default ones) within a global "proxies" list which is actually representative for all proxies existing under haproxy process, like we already have for servers.
2025-05-09 10:02:09 -04:00
LIST_INIT(&p->global_list);
MINOR: proxy: simplify defaults proxies list storage Defaults proxies instance are stored in a global name tree. When there is a name conflict and the older entry cannot be simply discarded as it is already referenced, the older entry is instead removed from the name tree and inserted into the orphaned list. The purpose of the orphaned list was to guarantee that any remaining unreferenced defaults are purged either on postparsing or deinit. However, this is in fact completely useless. Indeed on postparsing, orphaned entries are always referenced. On deinit instead, defaults are already freed along the cleanup of all frontend/backend instances clean up, thanks to their refcounting. This patch streamlines this by removing orphaned list. Instead, a defaults section is inserted into a new global defaults_list during their whole lifetime. This is not strictly necessary but it ensures that defaults instances can still be accessed easily in the future if needed even if not present in the name tree. On deinit, a BUG_ON() is added to ensure that defaults_list is indeed emptied. Another benefit from this patch is to simplify the defaults deletion procedure. Orphaned simple list is replaced by a proper double linked list implementation, so a single LIST_DELETE() is now performed. This will be notably useful as defaults may be removed at runtime in the future if backends deletion at runtime is implemented.
2026-01-20 08:33:46 -05:00
LIST_INIT(&p->el);
[BUG] proxy: stats frontend and peers were missing many initializers This was revealed with one of the very latest patches which caused the listener_queue not to be initialized on the stats socket frontend. And in fact a number of other ones were missing too. This is getting so boring that now we'll always make use of the same function to initialize any proxy. Doing so has even saved about 500 bytes on the binary due to the avoided code redundancy. No backport is needed.
2011-07-28 19:49:03 -04:00
LIST_INIT(&p->acl);
LIST_INIT(&p->http_req_rules);
MEDIUM: http: add a new "http-response" ruleset Some actions were clearly missing to process response headers. This patch adds a new "http-response" ruleset which provides the following actions : - allow : stop evaluating http-response rules - deny : stop and reject the response with a 502 - add-header : add a header in log-format mode - set-header : set a header in log-format mode
2013-06-11 10:06:12 -04:00
LIST_INIT(&p->http_res_rules);
MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding This patch introduces the 'http-after-response' rules. These rules are evaluated at the end of the response analysis, just before the data forwarding, on ALL HTTP responses, the server ones but also all responses generated by HAProxy. Thanks to this ruleset, it is now possible for instance to add some headers to the responses generated by the stats applet. Following actions are supported : * allow * add-header * del-header * replace-header * replace-value * set-header * set-status * set-var * strict-mode * unset-var
2020-01-22 03:26:35 -05:00
LIST_INIT(&p->http_after_res_rules);
[BUG] proxy: stats frontend and peers were missing many initializers This was revealed with one of the very latest patches which caused the listener_queue not to be initialized on the stats socket frontend. And in fact a number of other ones were missing too. This is getting so boring that now we'll always make use of the same function to initialize any proxy. Doing so has even saved about 500 bytes on the binary due to the avoided code redundancy. No backport is needed.
2011-07-28 19:49:03 -04:00
LIST_INIT(&p->redirect_rules);
LIST_INIT(&p->mon_fail_cond);
LIST_INIT(&p->switching_rules);
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
LIST_INIT(&p->server_rules);
[BUG] proxy: stats frontend and peers were missing many initializers This was revealed with one of the very latest patches which caused the listener_queue not to be initialized on the stats socket frontend. And in fact a number of other ones were missing too. This is getting so boring that now we'll always make use of the same function to initialize any proxy. Doing so has even saved about 500 bytes on the binary due to the avoided code redundancy. No backport is needed.
2011-07-28 19:49:03 -04:00
LIST_INIT(&p->persist_rules);
LIST_INIT(&p->sticking_rules);
LIST_INIT(&p->storersp_rules);
LIST_INIT(&p->tcp_req.inspect_rules);
LIST_INIT(&p->tcp_rep.inspect_rules);
LIST_INIT(&p->tcp_req.l4_rules);
MEDIUM: tcp: add registration and processing of TCP L5 rules This commit introduces "tcp-request session" rules. These are very much like "tcp-request connection" rules except that they're processed after the handshake, so it is possible to consider SSL information and addresses rewritten by the proxy protocol header in actions. This is particularly useful to track proxied sources as this was not possible before, given that tcp-request content rules are processed after each HTTP request. Similarly it is possible to assign the proxied source address or the client's cert to a variable.
2016-10-21 10:37:51 -04:00
LIST_INIT(&p->tcp_req.l5_rules);
MEDIUM: quic: implement quic-initial rules Implement a new set of rules labelled as quic-initial. These rules as specific to QUIC. They are scheduled to be executed early on Initial packet parsing, prior a new QUIC connection instantiation. Contrary to tcp-request connection, this allows to reject traffic earlier, most notably by avoiding unnecessary QUIC SSL handshake processing. A new module quic_rules is created. Its main function quic_init_exec_rules() is called on Initial packet parsing in function quic_rx_pkt_retrieve_conn(). For the moment, only "accept" and "dgram-drop" are valid actions. Both are final. The latter drops silently the Initial packet instead of allocating a new QUIC connection.
2024-07-18 12:25:43 -04:00
#ifdef USE_QUIC
LIST_INIT(&p->quic_init_rules);
#endif
MEDIUM: list: Separate "locked" list from regular list. Instead of using the same type for regular linked lists and "autolocked" linked lists, use a separate type, "struct mt_list", for the autolocked one, and introduce a set of macros, similar to the LIST_* macros, with the MT_ prefix. When we use the same entry for both regular list and autolocked list, as is done for the "list" field in struct connection, we know have to explicitely cast it to struct mt_list when using MT_ macros.
2019-08-08 09:47:21 -04:00
MT_LIST_INIT(&p->listener_queue);
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
LIST_INIT(&p->loggers);
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
LIST_INIT(&p->conf.bind);
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
LIST_INIT(&p->conf.listeners);
MEDIUM: proxy: Add a directive to reference an http-errors section in a proxy It is now possible to import in a proxy, fully or partially, error files declared in an http-errors section. It may be done using the "errorfiles" directive, followed by a name and optionally a list of status code. If there is no status code specified, all error files of the http-errors section are imported. Otherwise, only error files associated to the listed status code are imported. For instance : http-errors my-errors errorfile 400 ... errorfile 403 ... errorfile 404 ... frontend frt errorfiles my-errors 403 404 # ==> error 400 not imported
2020-01-13 09:52:01 -05:00
LIST_INIT(&p->conf.errors);
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
LIST_INIT(&p->conf.args.list);
MAJOR: log: implement proper postparsing for logformat expressions This patch tries to address a design flaw with how logformat expressions are parsed from config. Indeed, some parse_logformat_string() calls are performed during config parsing when the proxy mode is not yet known. Here's a config example that illustrates the issue: defaults mode tcp listen test bind :8888 http-response set-header custom-hdr "%trl" # needs http mode http The above config should work, because the effective proxy mode is http, yet haproxy fails with this error: [ALERT] (99051) : config : parsing [repro.conf:6] : error detected in proxy 'test' while parsing 'http-response set-header' rule : format tag 'trl' is reserved for HTTP mode. To fix the issue once and for all, let's implement smart postparsing for logformat expressions encountered during config parsing: - split parse_logformat_string() (and subfonctions) in order to create a new lf_expr_postcheck() function that must be called to finish preparing and checking the logformat expression once the proxy type is known. - save some config hints info during parse_logformat_string() to generate more precise error messages during lf_expr_postcheck(), if needed, we rely on curpx->conf.args.{file,line} hints for that because parse_logformat_string() doesn't know about current file and line number. - lf_expr_postcheck() uses PR_FL_CHECKED proxy flag to know if the function may try to make the proxy compatible with the expression, or if it should simply fail as soon as an incompatibility is detected. - if parse_logformat_string() is called from an unchecked proxy, then schedule the expression for postparsing, else (ie: during runtime), run the postcheck right away. This change will also allow for some logformat expression error handling simplifications in the future.
2024-02-23 11:26:32 -05:00
LIST_INIT(&p->conf.lf_checks);
MINOR: filters: Extract proxy stuff from the struct filter Now, filter's configuration (.id, .conf and .ops fields) is stored in the structure 'flt_conf'. So proxies own a flt_conf list instead of a filter list. When a filter is attached to a stream, it gets a pointer on its configuration. This avoids mixing the filter's context (owns by a stream) and its configuration (owns by a proxy). It also saves 2 pointers per filter instance.
2016-02-04 07:40:26 -05:00
LIST_INIT(&p->filter_configs);
MEDIUM: checks: Add a list of vars to set before executing a tpc-check ruleset A list of variables is now associated to each tcp-check ruleset. It is more a less a list of set-var expressions. This list may be filled during the configuration parsing. The listed variables will then be set during each execution of the tcp-check healthcheck, at the begining, before execution of the the first tcp-check rule. This patch is mandatory to convert all protocol checks to tcp-checks. It is a way to customize shared tcp-check rulesets.
2020-04-02 12:05:11 -04:00
LIST_INIT(&p->tcpcheck_rules.preset_vars);
[BUG] proxy: stats frontend and peers were missing many initializers This was revealed with one of the very latest patches which caused the listener_queue not to be initialized on the stats socket frontend. And in fact a number of other ones were missing too. This is getting so boring that now we'll always make use of the same function to initialize any proxy. Doing so has even saved about 500 bytes on the binary due to the avoided code redundancy. No backport is needed.
2011-07-28 19:49:03 -04:00
MAJOR: leastconn; Revamp the way servers are ordered. For leastconn, servers used to just be stored in an ebtree. Each server would be one node. Change that so that nodes contain multiple mt_lists. Each list will contain servers that share the same key (typically meaning they have the same number of connections). Using mt_lists means that as long as tree elements already exist, moving a server from one tree element to another does no longer require the lbprm write lock. We use multiple mt_lists to reduce the contention when moving a server from one tree element to another. A list in the new element will be chosen randomly. We no longer remove a tree element as soon as they no longer contain any server. Instead, we keep a list of all elements, and when we need a new element, we look at that list only if it contains a number of elements already, otherwise we'll allocate a new one. Keeping nodes in the tree ensures that we very rarely have to take the lbrpm write lock (as it only happens when we're moving the server to a position for which no element is currently in the tree). The number of mt_lists used is defined as FWLC_NB_LISTS. The number of tree elements we want to keep is defined as FWLC_MIN_FREE_ENTRIES, both in defaults.h. The value used were picked afrer experimentation, and seems to be the best choice of performances vs memory usage. Doing that gives a good boost in performances when a lot of servers are used. With a configuration using 500 servers, before that patch, about 830000 requests per second could be processed, with that patch, about 1550000 requests per second are processed, on an 64-cores AMD, using 1200 concurrent connections.
2025-03-26 12:16:48 -04:00
MT_LIST_INIT(&p->lbprm.lb_free_list);
MEDIUM: listener: index listener ID using compact trees The listener ID is currently stored as a 32-bit int using an eb32 tree. It's used essentially to find holes in order to automatically assign IDs, and to detect duplicates. Let's change this to use compact trees instead in order to save 24 bytes in struct listener for this node, plus 8 bytes in struct proxy. The struct listener is now 704 bytes large, and the struct proxy 3080.
2025-08-24 05:12:49 -04:00
p->conf.used_listener_id = NULL;
MEDIUM: server: index server ID using compact trees The server ID is currently stored as a 32-bit int using an eb32 tree. It's used essentially to find holes in order to automatically assign IDs, and to detect duplicates. Let's change this to use compact trees instead in order to save 24 bytes in struct server for this node, plus 8 bytes in struct proxy. The server struct is still 3904 bytes large (due to alignment) and the proxy struct is 3072.
2025-08-24 05:21:02 -04:00
p->conf.used_server_id = NULL;
MEDIUM: server: switch addr_node to cebis_tree This contains the text representation of the server's address, for use with stick-tables with "srvkey addr". Switching them to a compact node saves 24 more bytes from this structure. The key was moved to an external pointer "addr_key" right after the node. The server struct is now 3968 bytes (down from 4032) due to alignment, and the proxy struct shrinks by 8 bytes to 3152.
2025-07-07 09:13:15 -04:00
p->used_server_addr = NULL;
MEDIUM: proxy: only take defaults when a default proxy is passed. The proxy initialization code relies on three phases, allocation, pre-initialization, and assignments from defaults. This last part is entirely taken from the defaults proxy when arguments are set. This sensibly complexifies the initialization code as it requires to always have a default proxy. This patch instead first applies the original default settings on a proxy, and then uses those from a default proxy only if one such is used. This will allow to initialize a proxy out of any default proxy while still using valid defaults. A careful inspection of the function showed that only 4 fields used to be set regardless of the default proxy, and those were moved to init_new_proxy() where they ought to have been in the first place.
2021-02-12 03:15:16 -05:00
[BUG] proxy: stats frontend and peers were missing many initializers This was revealed with one of the very latest patches which caused the listener_queue not to be initialized on the stats socket frontend. And in fact a number of other ones were missing too. This is getting so boring that now we'll always make use of the same function to initialize any proxy. Doing so has even saved about 500 bytes on the binary due to the avoided code redundancy. No backport is needed.
2011-07-28 19:49:03 -04:00
/* Timeouts are defined as -1 */
proxy_reset_timeouts(p);
p->tcp_rep.inspect_delay = TICK_ETERNITY;
MEDIUM: proxy: add the global frontend to the list of normal proxies Since recent changes on the global frontend, it was not possible anymore to soft-reload a process which had a stats socket because the socket would not be disabled upon reload. The only solution to this endless madness is to have the global frontend part of normal proxies. Since we don't want to get an ID that shifts all other proxies and causes trouble in deployed environments, we assign it ID #0 which other proxies can't grab, and we don't report it in the stats pages.
2012-10-04 02:47:34 -04:00
/* initial uuid is unassigned (-1) */
p->uuid = -1;
MEDIUM: threads/proxy: Add a lock per proxy and atomically update proxy vars Now, each proxy contains a lock that must be used when necessary to protect it. Moreover, all proxy's counters are now updated using atomic operations.
2017-06-02 09:33:24 -04:00
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
/* Default to only allow L4 retries */
p->retry_type = PR_RE_CONN_FAILED;
MINOR: stconn: stream instantiation from proxy callback Add a pointer to function to proxies as ->stream_new_from_sc proxy struct member to instantiate stream from connection as this is done by all the muxes when they call sc_new_from_endp(). The default value for this pointer is obviously stream_new() which is exported by this patch.
2026-02-11 08:43:58 -05:00
p->stream_new_from_sc = stream_new;
MINOR: proxy: implement GUID support Implement proxy identiciation through GUID. As such, a guid_node member is inserted into proxy structure. A proxy keyword "guid" is defined to allow user to fix its value.
2024-03-26 10:26:43 -04:00
guid_init(&p->guid);
BUG/MEDIUM: stats: prevent crash if counters not alloc with dummy one Define a per-thread counters allocated with the greatest size of any stat module counters. This variable is named trash_counters. When using a proxy without allocated counters, return the trash counters from EXTRA_COUNTERS_GET instead of a dangling pointer to prevent segfault. This is useful for all the proxies used internally and not belonging to the global proxy list. As these objects does not appears on the stat report, it does not matter to use the dummy counters. For this fix to be functional, the extra counters are explicitly initialized to NULL on proxy/server/listener init functions. Most notably, the crash has already been detected with the following vtc: - reg-tests/lua/txn_get_priv.vtc - reg-tests/peers/tls_basic_sync.vtc - reg-tests/peers/tls_basic_sync_wo_stkt_backend.vtc There is probably other parts that may be impacted (SPOE for example). This bug was introduced in the current release and do not need to be backported. The faulty commits are "MINOR: ssl: count client hello for stats" and "MINOR: ssl: add counters for ssl sessions".
2020-11-10 08:24:31 -05:00
p->extra_counters_fe = NULL;
p->extra_counters_be = NULL;
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_INIT(&p->lock);
BUG/MEDIUM: proxy: always initialize the default settings after init The proxy's initialization is rather odd. First, init_new_proxy() is called to zero all the lists and certain values, except those that can come from defaults, which are initialized by proxy_preset_defaults(). The default server settings are also only set there. This results in these settings not to be set for a number of internal proxies that do not explicitly call proxy_preset_defaults() after allocation, such as sink and log forwarders. This was revealed by last commit 79aa63823 ("MINOR: server: always initialize pp_tlvs for default servers") which crashes in log parsers when applied to certain proxies which did not initialize their default servers. In theory this should be backported, however it would be desirable to wait a bit before backporting it, in case certain parts would rely on these elements not being initialized.
2023-11-13 03:17:05 -05:00
MINOR: proxy: remove proxy_preset_defaults() Function proxy_preset_defaults() purpose has evolved over time. Originally, it was only used to initialize defaults proxies instances. Until today, it was extended so that all proxies use it. Its objective is to initialize settings to common default values. To remove the confusion, this function is now removed. Its content is integrated directly into init_new_proxy().
2026-01-20 05:41:37 -05:00
lf_expr_init(&p->logformat);
lf_expr_init(&p->logformat_sd);
lf_expr_init(&p->format_unique_id);
lf_expr_init(&p->logformat_error);
/* initialize parameters to common default values */
p->mode = PR_MODE_TCP;
p->options |= PR_O_REUSE_SAFE;
p->max_out_conns = MAX_SRV_LIST;
p->email_alert.level = LOG_ALERT;
p->load_server_state_from_file = PR_SRV_STATE_FILE_UNSPEC;
if (!(p->cap & PR_CAP_INT)) {
p->maxconn = cfg_maxpconn;
p->conn_retries = CONN_RETRIES;
}
else {
p->options2 |= PR_O2_INDEPSTR;
p->timeout.connect = 5000;
}
[BUG] proxy: stats frontend and peers were missing many initializers This was revealed with one of the very latest patches which caused the listener_queue not to be initialized on the stats socket frontend. And in fact a number of other ones were missing too. This is getting so boring that now we'll always make use of the same function to initialize any proxy. Doing so has even saved about 500 bytes on the binary due to the avoided code redundancy. No backport is needed.
2011-07-28 19:49:03 -04:00
}
MINOR: proxies: Add a per-thread group field to struct proxy. Add a per-thread group field to struct proxy, that will contain a struct queue, as well as a new field, "queueslength". This is currently unused, so should change nothing. Please note that proxy_init_per_thr() must now be called for each proxy once the thread groups number is known.
2025-01-15 10:10:43 -05:00
/* Initialize per-thread proxy fields */
int proxy_init_per_thr(struct proxy *px)
{
int i;
BUG/MEDIUM: proxy: use aligned allocations for struct proxy_per_tgroup In 3.2, commit f879b9a18 ("MINOR: proxies: Add a per-thread group field to struct proxy") introduced struct proxy_per_tgroup that is declared as thread_aligned, but is allocated using calloc(). Thus it is at risk of crashing on machines using instructions requiring 64-byte alignment such as AVX512. Let's use ha_aligned_zalloc_typed() instead of malloc(). For 3.2, we don't have aligned allocations, so instead the THREAD_ALIGNED() will have to be removed from the struct definition. Alternately, we could manually align it as is done for fdtab.
2025-11-07 16:10:45 -05:00
px->per_tgrp = ha_aligned_zalloc_typed(global.nbtgroups, typeof(*px->per_tgrp));
MINOR: proxies: Add a per-thread group field to struct proxy. Add a per-thread group field to struct proxy, that will contain a struct queue, as well as a new field, "queueslength". This is currently unused, so should change nothing. Please note that proxy_init_per_thr() must now be called for each proxy once the thread groups number is known.
2025-01-15 10:10:43 -05:00
for (i = 0; i < global.nbtgroups; i++)
queue_init(&px->per_tgrp[i].queue, px, NULL);
return 0;
}
MINOR: cfgparse: move proxy post-init in a dedicated function A lot of proxies initialization code is delayed on post-parsing stage, as it depends on the configuration fully parsed. This is performed via a loop on proxies_list. Extract this code in a dedicated function proxy_finalize(). This patch will be useful for dynamic backends creation. Note that for the moment the code has been extracted as-is. With each new features, some init code was added there. This has become a giant loop with no real ordering. A future patch may provide some cleanup in order to reorganize this.
2026-01-30 10:31:04 -05:00
int proxy_finalize(struct proxy *px, int *err_code)
{
struct bind_conf *bind_conf;
struct server *newsrv;
struct switching_rule *rule;
struct server_rule *srule;
struct sticking_rule *mrule;
struct logger *tmplogger;
unsigned int next_id;
int cfgerr = 0;
char *err = NULL;
int i;
/* check and reduce the bind-proc of each listener */
list_for_each_entry(bind_conf, &px->conf.bind, by_fe) {
int mode = conn_pr_mode_to_proto_mode(px->mode);
const struct mux_proto_list *mux_ent;
int ret;
/* Check the mux protocols, if any; before the check the ALPN */
if (bind_conf->xprt && bind_conf->xprt == xprt_get(XPRT_QUIC)) {
if (!bind_conf->mux_proto) {
/* No protocol was specified. If we're using QUIC at the transport
* layer, we'll instantiate it as a mux as well. If QUIC is not
* compiled in, this will remain NULL.
*/
bind_conf->mux_proto = get_mux_proto(ist("quic"));
}
if (bind_conf->options & BC_O_ACC_PROXY) {
ha_alert("Binding [%s:%d] for %s %s: QUIC protocol does not support PROXY protocol yet."
" 'accept-proxy' option cannot be used with a QUIC listener.\n",
bind_conf->file, bind_conf->line,
proxy_type_str(px), px->id);
cfgerr++;
}
}
if (bind_conf->mux_proto) {
/* it is possible that an incorrect mux was referenced
* due to the proxy's mode not being taken into account
* on first pass. Let's adjust it now.
*/
mux_ent = conn_get_best_mux_entry(bind_conf->mux_proto->token, PROTO_SIDE_FE, mode);
if (!mux_ent || !isteq(mux_ent->token, bind_conf->mux_proto->token)) {
ha_alert("%s '%s' : MUX protocol '%.*s' is not usable for 'bind %s' at [%s:%d].\n",
proxy_type_str(px), px->id,
(int)bind_conf->mux_proto->token.len,
bind_conf->mux_proto->token.ptr,
bind_conf->arg, bind_conf->file, bind_conf->line);
cfgerr++;
}
else {
if ((mux_ent->mux->flags & MX_FL_FRAMED) && !(bind_conf->options & BC_O_USE_SOCK_DGRAM)) {
ha_alert("%s '%s' : frame-based MUX protocol '%.*s' is incompatible with stream transport of 'bind %s' at [%s:%d].\n",
proxy_type_str(px), px->id,
(int)bind_conf->mux_proto->token.len,
bind_conf->mux_proto->token.ptr,
bind_conf->arg, bind_conf->file, bind_conf->line);
cfgerr++;
}
else if (!(mux_ent->mux->flags & MX_FL_FRAMED) && !(bind_conf->options & BC_O_USE_SOCK_STREAM)) {
ha_alert("%s '%s' : stream-based MUX protocol '%.*s' is incompatible with framed transport of 'bind %s' at [%s:%d].\n",
proxy_type_str(px), px->id,
(int)bind_conf->mux_proto->token.len,
bind_conf->mux_proto->token.ptr,
bind_conf->arg, bind_conf->file, bind_conf->line);
cfgerr++;
}
}
/* update the mux */
bind_conf->mux_proto = mux_ent;
}
/* HTTP frontends with "h2" as ALPN/NPN will work in
* HTTP/2 and absolutely require buffers 16kB or larger.
*/
#ifdef USE_OPENSSL
/* no-alpn ? If so, it's the right moment to remove it */
if (bind_conf->ssl_conf.alpn_str && !bind_conf->ssl_conf.alpn_len) {
ha_free(&bind_conf->ssl_conf.alpn_str);
}
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
else if (!bind_conf->ssl_conf.alpn_str && !bind_conf->ssl_conf.npn_str &&
((bind_conf->options & BC_O_USE_SSL) || bind_conf->xprt == xprt_get(XPRT_QUIC)) &&
px->mode == PR_MODE_HTTP && global.tune.bufsize >= 16384) {
/* Neither ALPN nor NPN were explicitly set nor disabled, we're
* in HTTP mode with an SSL or QUIC listener, we can enable ALPN.
* Note that it's in binary form. First we try to set the ALPN from
* mux proto if set. Otherwise rely on the default ALPN.
*/
if (bind_conf->mux_proto && bind_conf->mux_proto->alpn)
bind_conf->ssl_conf.alpn_str = strdup(bind_conf->mux_proto->alpn);
else if (bind_conf->xprt == xprt_get(XPRT_QUIC))
bind_conf->ssl_conf.alpn_str = strdup("\002h3");
else
bind_conf->ssl_conf.alpn_str = strdup("\002h2\010http/1.1");
if (!bind_conf->ssl_conf.alpn_str) {
ha_alert("Proxy '%s': out of memory while trying to allocate a default alpn string in 'bind %s' at [%s:%d].\n",
px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
cfgerr++;
*err_code |= ERR_FATAL | ERR_ALERT;
goto out;
}
bind_conf->ssl_conf.alpn_len = strlen(bind_conf->ssl_conf.alpn_str);
}
#endif /* TLSEXT_TYPE_application_layer_protocol_negotiation */
if (px->mode == PR_MODE_HTTP && global.tune.bufsize < 16384) {
#ifdef OPENSSL_NPN_NEGOTIATED
/* check NPN */
if (bind_conf->ssl_conf.npn_str && strstr(bind_conf->ssl_conf.npn_str, "\002h2")) {
ha_alert("HTTP frontend '%s' enables HTTP/2 via NPN at [%s:%d], so global.tune.bufsize must be at least 16384 bytes (%d now).\n",
px->id, bind_conf->file, bind_conf->line, global.tune.bufsize);
cfgerr++;
}
#endif /* OPENSSL_NPN_NEGOTIATED */
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
/* check ALPN */
if (bind_conf->ssl_conf.alpn_str && strstr(bind_conf->ssl_conf.alpn_str, "\002h2")) {
ha_alert("HTTP frontend '%s' enables HTTP/2 via ALPN at [%s:%d], so global.tune.bufsize must be at least 16384 bytes (%d now).\n",
px->id, bind_conf->file, bind_conf->line, global.tune.bufsize);
cfgerr++;
}
#endif /* TLSEXT_TYPE_application_layer_protocol_negotiation */
} /* HTTP && bufsize < 16384 */
#endif /* USE_OPENSSL */
#ifdef USE_QUIC
if (bind_conf->xprt == xprt_get(XPRT_QUIC)) {
const struct quic_cc_algo *cc_algo = bind_conf->quic_cc_algo ?
bind_conf->quic_cc_algo : default_quic_cc_algo;
if (!(cc_algo->flags & QUIC_CC_ALGO_FL_OPT_PACING) &&
!(quic_tune.fe.fb_opts & QUIC_TUNE_FB_TX_PACING)) {
ha_warning("Binding [%s:%d] for %s %s: using the selected congestion algorithm without pacing may cause slowdowns or high loss rates during transfers.\n",
bind_conf->file, bind_conf->line,
proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
}
}
#endif /* USE_QUIC */
/* finish the bind setup */
ret = bind_complete_thread_setup(bind_conf, err_code);
if (ret != 0) {
cfgerr += ret;
if (*err_code & ERR_FATAL)
goto out;
}
if (bind_generate_guid(bind_conf)) {
cfgerr++;
*err_code |= ERR_FATAL | ERR_ALERT;
goto out;
}
}
switch (px->mode) {
case PR_MODE_TCP:
cfgerr += proxy_cfg_ensure_no_http(px);
cfgerr += proxy_cfg_ensure_no_log(px);
break;
case PR_MODE_HTTP:
cfgerr += proxy_cfg_ensure_no_log(px);
px->http_needed = 1;
break;
case PR_MODE_CLI:
cfgerr += proxy_cfg_ensure_no_http(px);
cfgerr += proxy_cfg_ensure_no_log(px);
break;
case PR_MODE_SYSLOG:
/* this mode is initialized as the classic tcp proxy */
cfgerr += proxy_cfg_ensure_no_http(px);
break;
case PR_MODE_SPOP:
cfgerr += proxy_cfg_ensure_no_http(px);
cfgerr += proxy_cfg_ensure_no_log(px);
break;
case PR_MODE_PEERS:
case PR_MODES:
/* should not happen, bug gcc warn missing switch statement */
ha_alert("%s '%s' cannot initialize this proxy mode (peers) in this way. NOTE: PLEASE REPORT THIS TO DEVELOPERS AS YOU'RE NOT SUPPOSED TO BE ABLE TO CREATE A CONFIGURATION TRIGGERING THIS!\n",
proxy_type_str(px), px->id);
cfgerr++;
break;
}
if (!(px->cap & PR_CAP_INT) && (px->cap & PR_CAP_FE) && LIST_ISEMPTY(&px->conf.listeners)) {
ha_warning("%s '%s' has no 'bind' directive. Please declare it as a backend if this was intended.\n",
proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
}
if (px->cap & PR_CAP_BE) {
if (px->lbprm.algo & BE_LB_KIND) {
if (px->options & PR_O_TRANSP) {
ha_alert("%s '%s' cannot use both transparent and balance mode.\n",
proxy_type_str(px), px->id);
cfgerr++;
}
else if (px->options & PR_O_DISPATCH) {
ha_warning("dispatch address of %s '%s' will be ignored in balance mode.\n",
proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
}
}
else if (!(px->options & (PR_O_TRANSP | PR_O_DISPATCH))) {
/* If no LB algo is set in a backend, and we're not in
* transparent mode, dispatch mode nor proxy mode, we
* want to use balance random by default.
*/
px->lbprm.algo &= ~BE_LB_ALGO;
px->lbprm.algo |= BE_LB_ALGO_RND;
}
}
if (px->options & PR_O_DISPATCH)
px->options &= ~PR_O_TRANSP;
else if (px->options & PR_O_TRANSP)
px->options &= ~PR_O_DISPATCH;
if ((px->tcpcheck_rules.flags & TCPCHK_RULES_UNUSED_HTTP_RS)) {
ha_warning("%s '%s' uses http-check rules without 'option httpchk', so the rules are ignored.\n",
proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
}
if ((px->options2 & PR_O2_CHK_ANY) == PR_O2_TCPCHK_CHK &&
(px->tcpcheck_rules.flags & TCPCHK_RULES_PROTO_CHK) != TCPCHK_RULES_HTTP_CHK) {
if (px->options & PR_O_DISABLE404) {
ha_warning("'%s' will be ignored for %s '%s' (requires 'option httpchk').\n",
"disable-on-404", proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
px->options &= ~PR_O_DISABLE404;
}
if (px->options2 & PR_O2_CHK_SNDST) {
ha_warning("'%s' will be ignored for %s '%s' (requires 'option httpchk').\n",
"send-state", proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
px->options2 &= ~PR_O2_CHK_SNDST;
}
}
if ((px->options2 & PR_O2_CHK_ANY) == PR_O2_EXT_CHK) {
if (!global.external_check) {
ha_alert("Proxy '%s' : '%s' unable to find required 'global.external-check'.\n",
px->id, "option external-check");
cfgerr++;
}
if (!px->check_command) {
ha_alert("Proxy '%s' : '%s' unable to find required 'external-check command'.\n",
px->id, "option external-check");
cfgerr++;
}
if (!(global.tune.options & GTUNE_INSECURE_FORK)) {
ha_warning("Proxy '%s' : 'insecure-fork-wanted' not enabled in the global section, '%s' will likely fail.\n",
px->id, "option external-check");
*err_code |= ERR_WARN;
}
}
if (px->email_alert.flags & PR_EMAIL_ALERT_SET) {
if (!(px->email_alert.mailers.name && px->email_alert.from && px->email_alert.to)) {
ha_warning("'email-alert' will be ignored for %s '%s' (the presence any of "
"'email-alert from', 'email-alert level' 'email-alert mailers', "
"'email-alert myhostname', or 'email-alert to' "
"requires each of 'email-alert from', 'email-alert mailers' and 'email-alert to' "
"to be present).\n",
proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
free_email_alert(px);
}
if (!px->email_alert.myhostname)
px->email_alert.myhostname = strdup(hostname);
}
if (px->check_command) {
int clear = 0;
if ((px->options2 & PR_O2_CHK_ANY) != PR_O2_EXT_CHK) {
ha_warning("'%s' will be ignored for %s '%s' (requires 'option external-check').\n",
"external-check command", proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
clear = 1;
}
if (px->check_command[0] != '/' && !px->check_path) {
ha_alert("Proxy '%s': '%s' does not have a leading '/' and 'external-check path' is not set.\n",
px->id, "external-check command");
cfgerr++;
}
if (clear) {
ha_free(&px->check_command);
}
}
if (px->check_path) {
if ((px->options2 & PR_O2_CHK_ANY) != PR_O2_EXT_CHK) {
ha_warning("'%s' will be ignored for %s '%s' (requires 'option external-check').\n",
"external-check path", proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
ha_free(&px->check_path);
}
}
/* if a default backend was specified, let's find it */
if (px->defbe.name) {
struct proxy *target;
target = proxy_be_by_name(px->defbe.name);
if (!target) {
ha_alert("Proxy '%s': unable to find required default_backend: '%s'.\n",
px->id, px->defbe.name);
cfgerr++;
} else if (target == px) {
ha_alert("Proxy '%s': loop detected for default_backend: '%s'.\n",
px->id, px->defbe.name);
cfgerr++;
} else if (target->mode != px->mode &&
!(px->mode == PR_MODE_TCP && target->mode == PR_MODE_HTTP)) {
ha_alert("%s %s '%s' (%s:%d) tries to use incompatible %s %s '%s' (%s:%d) as its default backend (see 'mode').\n",
proxy_mode_str(px->mode), proxy_type_str(px), px->id,
px->conf.file, px->conf.line,
proxy_mode_str(target->mode), proxy_type_str(target), target->id,
target->conf.file, target->conf.line);
cfgerr++;
} else {
free(px->defbe.name);
px->defbe.be = target;
/* Emit a warning if this proxy also has some servers */
if (px->srv) {
ha_warning("In proxy '%s', the 'default_backend' rule always has precedence over the servers, which will never be used.\n",
px->id);
*err_code |= ERR_WARN;
}
if (target->mode == PR_MODE_HTTP) {
/* at least one of the used backends will provoke an
* HTTP upgrade
*/
px->options |= PR_O_HTTP_UPG;
}
}
}
/* find the target proxy for 'use_backend' rules */
list_for_each_entry(rule, &px->switching_rules, list) {
struct proxy *target;
struct logformat_node *node;
char *pxname;
/* Try to parse the string as a log format expression. If the result
* of the parsing is only one entry containing a simple string, then
* it's a standard string corresponding to a static rule, thus the
* parsing is cancelled and be.name is restored to be resolved.
*/
pxname = rule->be.name;
lf_expr_init(&rule->be.expr);
px->conf.args.ctx = ARGC_UBK;
px->conf.args.file = rule->file;
px->conf.args.line = rule->line;
err = NULL;
if (!parse_logformat_string(pxname, px, &rule->be.expr, 0, SMP_VAL_FE_HRQ_HDR, &err)) {
ha_alert("Parsing [%s:%d]: failed to parse use_backend rule '%s' : %s.\n",
rule->file, rule->line, pxname, err);
free(err);
cfgerr++;
continue;
}
node = LIST_NEXT(&rule->be.expr.nodes.list, struct logformat_node *, list);
if (!lf_expr_isempty(&rule->be.expr)) {
if (node->type != LOG_FMT_TEXT || node->list.n != &rule->be.expr.nodes.list) {
rule->dynamic = 1;
free(pxname);
/* backend is not yet known so we cannot assume its type,
* thus we should consider that at least one of the used
* backends may provoke HTTP upgrade
*/
px->options |= PR_O_HTTP_UPG;
continue;
}
/* Only one element in the list, a simple string: free the expression and
* fall back to static rule
*/
lf_expr_deinit(&rule->be.expr);
}
rule->dynamic = 0;
rule->be.name = pxname;
target = proxy_be_by_name(rule->be.name);
if (!target) {
ha_alert("Proxy '%s': unable to find required use_backend: '%s'.\n",
px->id, rule->be.name);
cfgerr++;
} else if (target == px) {
ha_alert("Proxy '%s': loop detected for use_backend: '%s'.\n",
px->id, rule->be.name);
cfgerr++;
} else if (target->mode != px->mode &&
!(px->mode == PR_MODE_TCP && target->mode == PR_MODE_HTTP)) {
ha_alert("%s %s '%s' (%s:%d) tries to use incompatible %s %s '%s' (%s:%d) in a 'use_backend' rule (see 'mode').\n",
proxy_mode_str(px->mode), proxy_type_str(px), px->id,
px->conf.file, px->conf.line,
proxy_mode_str(target->mode), proxy_type_str(target), target->id,
target->conf.file, target->conf.line);
cfgerr++;
} else {
ha_free(&rule->be.name);
rule->be.backend = target;
if (target->mode == PR_MODE_HTTP) {
/* at least one of the used backends will provoke an
* HTTP upgrade
*/
px->options |= PR_O_HTTP_UPG;
}
}
*err_code |= warnif_tcp_http_cond(px, rule->cond);
}
/* find the target server for 'use_server' rules */
list_for_each_entry(srule, &px->server_rules, list) {
struct server *target;
struct logformat_node *node;
char *server_name;
/* We try to parse the string as a log format expression. If the result of the parsing
* is only one entry containing a single string, then it's a standard string corresponding
* to a static rule, thus the parsing is cancelled and we fall back to setting srv.ptr.
*/
server_name = srule->srv.name;
lf_expr_init(&srule->expr);
px->conf.args.ctx = ARGC_USRV;
err = NULL;
if (!parse_logformat_string(server_name, px, &srule->expr, 0, SMP_VAL_FE_HRQ_HDR, &err)) {
ha_alert("Parsing [%s:%d]; use-server rule failed to parse log-format '%s' : %s.\n",
srule->file, srule->line, server_name, err);
free(err);
cfgerr++;
continue;
}
node = LIST_NEXT(&srule->expr.nodes.list, struct logformat_node *, list);
if (!lf_expr_isempty(&srule->expr)) {
if (node->type != LOG_FMT_TEXT || node->list.n != &srule->expr.nodes.list) {
srule->dynamic = 1;
free(server_name);
continue;
}
/* Only one element in the list, a simple string: free the expression and
* fall back to static rule
*/
lf_expr_deinit(&srule->expr);
}
srule->dynamic = 0;
srule->srv.name = server_name;
target = server_find_by_name(px, srule->srv.name);
*err_code |= warnif_tcp_http_cond(px, srule->cond);
if (!target) {
ha_alert("%s '%s' : unable to find server '%s' referenced in a 'use-server' rule.\n",
proxy_type_str(px), px->id, srule->srv.name);
cfgerr++;
continue;
}
ha_free(&srule->srv.name);
srule->srv.ptr = target;
target->flags |= SRV_F_NON_PURGEABLE;
}
/* find the target table for 'stick' rules */
list_for_each_entry(mrule, &px->sticking_rules, list) {
px->be_req_ana |= AN_REQ_STICKING_RULES;
if (mrule->flags & STK_IS_STORE)
px->be_rsp_ana |= AN_RES_STORE_RULES;
if (!resolve_stick_rule(px, mrule))
cfgerr++;
*err_code |= warnif_tcp_http_cond(px, mrule->cond);
}
/* find the target table for 'store response' rules */
list_for_each_entry(mrule, &px->storersp_rules, list) {
px->be_rsp_ana |= AN_RES_STORE_RULES;
if (!resolve_stick_rule(px, mrule))
cfgerr++;
}
/* check validity for 'tcp-request' layer 4/5/6/7 rules */
cfgerr += check_action_rules(&px->tcp_req.l4_rules, px, err_code);
cfgerr += check_action_rules(&px->tcp_req.l5_rules, px, err_code);
cfgerr += check_action_rules(&px->tcp_req.inspect_rules, px, err_code);
cfgerr += check_action_rules(&px->tcp_rep.inspect_rules, px, err_code);
cfgerr += check_action_rules(&px->http_req_rules, px, err_code);
cfgerr += check_action_rules(&px->http_res_rules, px, err_code);
cfgerr += check_action_rules(&px->http_after_res_rules, px, err_code);
/* Warn is a switch-mode http is used on a TCP listener with servers but no backend */
if (!px->defbe.name && LIST_ISEMPTY(&px->switching_rules) && px->srv) {
if ((px->options & PR_O_HTTP_UPG) && px->mode == PR_MODE_TCP)
ha_warning("Proxy '%s' : 'switch-mode http' configured for a %s %s with no backend. "
"Incoming connections upgraded to HTTP cannot be routed to TCP servers\n",
px->id, proxy_mode_str(px->mode), proxy_type_str(px));
}
if (px->table && px->table->peers.name) {
struct peers *curpeers;
for (curpeers = cfg_peers; curpeers; curpeers = curpeers->next) {
if (strcmp(curpeers->id, px->table->peers.name) == 0) {
ha_free(&px->table->peers.name);
px->table->peers.p = curpeers;
break;
}
}
if (!curpeers) {
ha_alert("Proxy '%s': unable to find sync peers '%s'.\n",
px->id, px->table->peers.name);
ha_free(&px->table->peers.name);
px->table->peers.p = NULL;
cfgerr++;
}
else if (curpeers->disabled) {
/* silently disable this peers section */
px->table->peers.p = NULL;
}
else if (!curpeers->peers_fe) {
ha_alert("Proxy '%s': unable to find local peer '%s' in peers section '%s'.\n",
px->id, localpeer, curpeers->id);
px->table->peers.p = NULL;
cfgerr++;
}
}
if (px->email_alert.mailers.name) {
struct mailers *curmailers = mailers;
for (curmailers = mailers; curmailers; curmailers = curmailers->next) {
if (strcmp(curmailers->id, px->email_alert.mailers.name) == 0)
break;
}
if (!curmailers) {
ha_alert("Proxy '%s': unable to find mailers '%s'.\n",
px->id, px->email_alert.mailers.name);
free_email_alert(px);
cfgerr++;
}
else {
err = NULL;
if (init_email_alert(curmailers, px, &err)) {
ha_alert("Proxy '%s': %s.\n", px->id, err);
free(err);
cfgerr++;
}
}
}
if (px->uri_auth && !(px->uri_auth->flags & STAT_F_CONVDONE) &&
!LIST_ISEMPTY(&px->uri_auth->http_req_rules) &&
(px->uri_auth->userlist || px->uri_auth->auth_realm )) {
ha_alert("%s '%s': stats 'auth'/'realm' and 'http-request' can't be used at the same time.\n",
"proxy", px->id);
cfgerr++;
goto out_uri_auth_compat;
}
if (px->uri_auth && px->uri_auth->userlist &&
(!(px->uri_auth->flags & STAT_F_CONVDONE) ||
LIST_ISEMPTY(&px->uri_auth->http_req_rules))) {
const char *uri_auth_compat_req[10];
struct act_rule *rule;
i = 0;
/* build the ACL condition from scratch. We're relying on anonymous ACLs for that */
uri_auth_compat_req[i++] = "auth";
if (px->uri_auth->auth_realm) {
uri_auth_compat_req[i++] = "realm";
uri_auth_compat_req[i++] = px->uri_auth->auth_realm;
}
uri_auth_compat_req[i++] = "unless";
uri_auth_compat_req[i++] = "{";
uri_auth_compat_req[i++] = "http_auth(.internal-stats-userlist)";
uri_auth_compat_req[i++] = "}";
uri_auth_compat_req[i++] = "";
rule = parse_http_req_cond(uri_auth_compat_req, "internal-stats-auth-compat", 0, px);
if (!rule) {
cfgerr++;
goto out;
}
LIST_APPEND(&px->uri_auth->http_req_rules, &rule->list);
if (px->uri_auth->auth_realm) {
ha_free(&px->uri_auth->auth_realm);
}
px->uri_auth->flags |= STAT_F_CONVDONE;
}
out_uri_auth_compat:
/* check whether we have a logger that uses RFC5424 log format */
list_for_each_entry(tmplogger, &px->loggers, list) {
if (tmplogger->format == LOG_FORMAT_RFC5424) {
if (!px->logformat_sd.str) {
/* set the default logformat_sd_string */
px->logformat_sd.str = default_rfc5424_sd_log_format;
}
break;
}
}
/* compile the log format */
if (!(px->cap & PR_CAP_FE)) {
lf_expr_deinit(&px->logformat);
lf_expr_deinit(&px->logformat_sd);
}
if (px->logformat.str) {
px->conf.args.ctx = ARGC_LOG;
px->conf.args.file = px->logformat.conf.file;
px->conf.args.line = px->logformat.conf.line;
err = NULL;
if (!lf_expr_compile(&px->logformat, &px->conf.args,
LOG_OPT_MANDATORY|LOG_OPT_MERGE_SPACES,
SMP_VAL_FE_LOG_END, &err) ||
!lf_expr_postcheck(&px->logformat, px, &err)) {
ha_alert("Parsing [%s:%d]: failed to parse log-format : %s.\n",
px->logformat.conf.file, px->logformat.conf.line, err);
free(err);
cfgerr++;
}
px->conf.args.file = NULL;
px->conf.args.line = 0;
}
if (px->logformat_sd.str) {
px->conf.args.ctx = ARGC_LOGSD;
px->conf.args.file = px->logformat_sd.conf.file;
px->conf.args.line = px->logformat_sd.conf.line;
err = NULL;
if (!lf_expr_compile(&px->logformat_sd, &px->conf.args,
LOG_OPT_MANDATORY|LOG_OPT_MERGE_SPACES,
SMP_VAL_FE_LOG_END, &err) ||
!add_to_logformat_list(NULL, NULL, LF_SEPARATOR, &px->logformat_sd, &err) ||
!lf_expr_postcheck(&px->logformat_sd, px, &err)) {
ha_alert("Parsing [%s:%d]: failed to parse log-format-sd : %s.\n",
px->logformat_sd.conf.file, px->logformat_sd.conf.line, err);
free(err);
cfgerr++;
}
px->conf.args.file = NULL;
px->conf.args.line = 0;
}
if (px->format_unique_id.str) {
int where = 0;
px->conf.args.ctx = ARGC_UIF;
px->conf.args.file = px->format_unique_id.conf.file;
px->conf.args.line = px->format_unique_id.conf.line;
err = NULL;
if (px->cap & PR_CAP_FE)
where |= SMP_VAL_FE_HRQ_HDR;
if (px->cap & PR_CAP_BE)
where |= SMP_VAL_BE_HRQ_HDR;
if (!lf_expr_compile(&px->format_unique_id, &px->conf.args,
LOG_OPT_HTTP|LOG_OPT_MERGE_SPACES, where, &err) ||
!lf_expr_postcheck(&px->format_unique_id, px, &err)) {
ha_alert("Parsing [%s:%d]: failed to parse unique-id : %s.\n",
px->format_unique_id.conf.file, px->format_unique_id.conf.line, err);
free(err);
cfgerr++;
}
px->conf.args.file = NULL;
px->conf.args.line = 0;
}
if (px->logformat_error.str) {
px->conf.args.ctx = ARGC_LOG;
px->conf.args.file = px->logformat_error.conf.file;
px->conf.args.line = px->logformat_error.conf.line;
err = NULL;
if (!lf_expr_compile(&px->logformat_error, &px->conf.args,
LOG_OPT_MANDATORY|LOG_OPT_MERGE_SPACES,
SMP_VAL_FE_LOG_END, &err) ||
!lf_expr_postcheck(&px->logformat_error, px, &err)) {
ha_alert("Parsing [%s:%d]: failed to parse error-log-format : %s.\n",
px->logformat_error.conf.file, px->logformat_error.conf.line, err);
free(err);
cfgerr++;
}
px->conf.args.file = NULL;
px->conf.args.line = 0;
}
/* "balance hash" needs to compile its expression
* (log backends will handle this in proxy log postcheck)
*/
if (px->mode != PR_MODE_SYSLOG &&
(px->lbprm.algo & BE_LB_ALGO) == BE_LB_ALGO_SMP) {
int idx = 0;
const char *args[] = {
px->lbprm.arg_str,
NULL,
};
err = NULL;
px->conf.args.ctx = ARGC_USRV; // same context as use_server.
px->lbprm.expr =
sample_parse_expr((char **)args, &idx,
px->conf.file, px->conf.line,
&err, &px->conf.args, NULL);
if (!px->lbprm.expr) {
ha_alert("%s '%s' [%s:%d]: failed to parse 'balance hash' expression '%s' in : %s.\n",
proxy_type_str(px), px->id,
px->conf.file, px->conf.line,
px->lbprm.arg_str, err);
ha_free(&err);
cfgerr++;
}
else if (!(px->lbprm.expr->fetch->val & SMP_VAL_BE_SET_SRV)) {
ha_alert("%s '%s' [%s:%d]: error detected while parsing 'balance hash' expression '%s' "
"which requires information from %s, which is not available here.\n",
proxy_type_str(px), px->id,
px->conf.file, px->conf.line,
px->lbprm.arg_str, sample_src_names(px->lbprm.expr->fetch->use));
cfgerr++;
}
else if (px->mode == PR_MODE_HTTP && (px->lbprm.expr->fetch->use & SMP_USE_L6REQ)) {
ha_warning("%s '%s' [%s:%d]: L6 sample fetch <%s> will be ignored in 'balance hash' expression in HTTP mode.\n",
proxy_type_str(px), px->id,
px->conf.file, px->conf.line,
px->lbprm.arg_str);
}
else
px->http_needed |= !!(px->lbprm.expr->fetch->use & SMP_USE_HTTP_ANY);
}
/* only now we can check if some args remain unresolved.
* This must be done after the users and groups resolution.
*/
err = NULL;
i = smp_resolve_args(px, &err);
cfgerr += i;
if (i) {
indent_msg(&err, 8);
ha_alert("%s%s\n", i > 1 ? "multiple argument resolution errors:" : "", err);
ha_free(&err);
} else
cfgerr += acl_find_targets(px);
if (!(px->cap & PR_CAP_INT) && (px->mode == PR_MODE_TCP || px->mode == PR_MODE_HTTP) &&
(((px->cap & PR_CAP_FE) && !px->timeout.client) ||
((px->cap & PR_CAP_BE) && (px->srv) &&
(!px->timeout.connect ||
(!px->timeout.server && (px->mode == PR_MODE_HTTP || !px->timeout.tunnel)))))) {
ha_warning("missing timeouts for %s '%s'.\n"
" | While not properly invalid, you will certainly encounter various problems\n"
" | with such a configuration. To fix this, please ensure that all following\n"
" | timeouts are set to a non-zero value: 'client', 'connect', 'server'.\n",
proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
}
/* Historically, the tarpit and queue timeouts were inherited from contimeout.
* We must still support older configurations, so let's find out whether those
* parameters have been set or must be copied from contimeouts.
*/
if (!px->timeout.tarpit)
px->timeout.tarpit = px->timeout.connect;
if ((px->cap & PR_CAP_BE) && !px->timeout.queue)
px->timeout.queue = px->timeout.connect;
if ((px->tcpcheck_rules.flags & TCPCHK_RULES_UNUSED_TCP_RS)) {
ha_warning("%s '%s' uses tcp-check rules without 'option tcp-check', so the rules are ignored.\n",
proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
}
/* ensure that cookie capture length is not too large */
if (px->capture_len >= global.tune.cookie_len) {
ha_warning("truncating capture length to %d bytes for %s '%s'.\n",
global.tune.cookie_len - 1, proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
px->capture_len = global.tune.cookie_len - 1;
}
/* The small pools required for the capture lists */
if (px->nb_req_cap) {
px->req_cap_pool = create_pool("ptrcap",
px->nb_req_cap * sizeof(char *),
MEM_F_SHARED);
}
if (px->nb_rsp_cap) {
px->rsp_cap_pool = create_pool("ptrcap",
px->nb_rsp_cap * sizeof(char *),
MEM_F_SHARED);
}
switch (px->load_server_state_from_file) {
case PR_SRV_STATE_FILE_UNSPEC:
px->load_server_state_from_file = PR_SRV_STATE_FILE_NONE;
break;
case PR_SRV_STATE_FILE_GLOBAL:
if (!global.server_state_file) {
ha_warning("backend '%s' configured to load server state file from global section 'server-state-file' directive. Unfortunately, 'server-state-file' is not set!\n",
px->id);
*err_code |= ERR_WARN;
}
break;
}
/* first, we will invert the servers list order */
newsrv = NULL;
while (px->srv) {
struct server *next;
next = px->srv->next;
px->srv->next = newsrv;
newsrv = px->srv;
if (!next)
break;
px->srv = next;
}
/* Check that no server name conflicts. This causes trouble in the stats.
* We only emit an error for the first conflict affecting each server,
* in order to avoid combinatory explosion if all servers have the same
* name. Since servers names are stored in a tree before landing here,
* we simply have to check for the current server's duplicates to spot
* conflicts.
*/
for (newsrv = px->srv; newsrv; newsrv = newsrv->next) {
struct server *other_srv;
/* Note: internal servers are not always registered and
* they do not conflict.
*/
if (!ceb_intree(&newsrv->conf.name_node))
continue;
MINOR: proxy: improve code when checking server name conflicts During proxy_finalize(), a lookup is performed over the servers by name tree to detect any collision. Only the first conflict for each server instance is reported to avoid a combinatory explosion with too many alerts shown. Previously, this was written using a for loop without any iteration. Replace this by a simple if statement as this is cleaner. This should fix github issue #3276.
2026-02-23 04:10:05 -05:00
if ((other_srv = cebis_item_prev_dup(&px->conf.used_server_name, conf.name_node, id, newsrv))) {
MINOR: cfgparse: move proxy post-init in a dedicated function A lot of proxies initialization code is delayed on post-parsing stage, as it depends on the configuration fully parsed. This is performed via a loop on proxies_list. Extract this code in a dedicated function proxy_finalize(). This patch will be useful for dynamic backends creation. Note that for the moment the code has been extracted as-is. With each new features, some init code was added there. This has become a giant loop with no real ordering. A future patch may provide some cleanup in order to reorganize this.
2026-01-30 10:31:04 -05:00
ha_alert("parsing [%s:%d] : %s '%s', another server named '%s' was already defined at line %d, please use distinct names.\n",
newsrv->conf.file, newsrv->conf.line,
proxy_type_str(px), px->id,
newsrv->id, other_srv->conf.line);
cfgerr++;
MINOR: proxy: improve code when checking server name conflicts During proxy_finalize(), a lookup is performed over the servers by name tree to detect any collision. Only the first conflict for each server instance is reported to avoid a combinatory explosion with too many alerts shown. Previously, this was written using a for loop without any iteration. Replace this by a simple if statement as this is cleaner. This should fix github issue #3276.
2026-02-23 04:10:05 -05:00
continue;
MINOR: cfgparse: move proxy post-init in a dedicated function A lot of proxies initialization code is delayed on post-parsing stage, as it depends on the configuration fully parsed. This is performed via a loop on proxies_list. Extract this code in a dedicated function proxy_finalize(). This patch will be useful for dynamic backends creation. Note that for the moment the code has been extracted as-is. With each new features, some init code was added there. This has become a giant loop with no real ordering. A future patch may provide some cleanup in order to reorganize this.
2026-01-30 10:31:04 -05:00
}
}
/* assign automatic UIDs to servers which don't have one yet */
next_id = 1;
newsrv = px->srv;
while (newsrv != NULL) {
if (!newsrv->puid) {
/* server ID not set, use automatic numbering with first
* spare entry starting with next_svid.
*/
next_id = server_get_next_id(px, next_id);
newsrv->puid = next_id;
server_index_id(px, newsrv);
}
next_id++;
newsrv = newsrv->next;
}
px->lbprm.wmult = 1; /* default weight multiplier */
px->lbprm.wdiv = 1; /* default weight divider */
/*
* If this server supports a maxconn parameter, it needs a dedicated
* tasks to fill the emptied slots when a connection leaves.
* Also, resolve deferred tracking dependency if needed.
*/
newsrv = px->srv;
while (newsrv != NULL) {
set_usermsgs_ctx(newsrv->conf.file, newsrv->conf.line, &newsrv->obj_type);
srv_minmax_conn_apply(newsrv);
/* this will also properly set the transport layer for
* prod and checks
* if default-server have use_ssl, prerare ssl init
* without activating it */
if (newsrv->use_ssl == 1 || newsrv->check.use_ssl == 1 ||
(newsrv->proxy->options & PR_O_TCPCHK_SSL) ||
((newsrv->flags & SRV_F_DEFSRV_USE_SSL) && newsrv->use_ssl != 1)) {
if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv)
cfgerr += xprt_get(XPRT_SSL)->prepare_srv(newsrv);
else if (xprt_get(XPRT_QUIC) && xprt_get(XPRT_QUIC)->prepare_srv)
cfgerr += xprt_get(XPRT_QUIC)->prepare_srv(newsrv);
}
BUG/MINOR: server: set auto SNI for dynamic servers Auto SNI configuration is configured during check config validity. However, nothing was implemented for dynamic servers. Fix this by implementing auto SNI configuration during "add server" CLI handler. Auto SNI configuration code is moved in a dedicated function srv_configure_auto_sni() called both for static and dynamic servers. Along with this, allows the keyword "no-sni-auto" on dynamic servers, so that this process can be deactivated if wanted. Note that "sni-auto" remains unavailable as it only makes sense with default-servers which are never used for dynamic server creation. This must be backported up to 3.3.
2026-02-19 10:31:25 -05:00
/* In HTTP only, if the SNI is not set and we can rely on the
* host header value, fill the sni expression accordingly
*/
if (newsrv->proxy->mode == PR_MODE_HTTP &&
(newsrv->use_ssl == 1 || (newsrv->flags & SRV_F_DEFSRV_USE_SSL)) &&
!newsrv->sni_expr && !(newsrv->ssl_ctx.options & SRV_SSL_O_NO_AUTO_SNI)) {
if (srv_configure_auto_sni(newsrv, err_code, &err)) {
ha_alert("parsing [%s:%d]: %s.\n",
newsrv->conf.file, newsrv->conf.line, err);
ha_free(&err);
++cfgerr;
if (*err_code & ERR_ABORT)
BUG/MINOR: proxy: detect strdup error on server auto SNI There was no check on the result of strdup() used to setup auto SNI on a server instance during check config validity. In case of failure, the error would be silently ignored as the following server_parse_exprs() does nothing when <sni_expr> server field is NULL. Hence, no SNI would be used on the server, without any error nor warning reported. Fix this by adding a check on strdup() return value. On error, ERR_ABORT is reported along with an alert, parsing should be interrupted as soon as possible. This must be backported up to 3.3. Note that the related code in this case is present in cfgparse.c source file.
2026-02-19 10:04:04 -05:00
goto out;
BUG/MINOR: server: set auto SNI for dynamic servers Auto SNI configuration is configured during check config validity. However, nothing was implemented for dynamic servers. Fix this by implementing auto SNI configuration during "add server" CLI handler. Auto SNI configuration code is moved in a dedicated function srv_configure_auto_sni() called both for static and dynamic servers. Along with this, allows the keyword "no-sni-auto" on dynamic servers, so that this process can be deactivated if wanted. Note that "sni-auto" remains unavailable as it only makes sense with default-servers which are never used for dynamic server creation. This must be backported up to 3.3.
2026-02-19 10:31:25 -05:00
goto next_srv;
MINOR: cfgparse: move proxy post-init in a dedicated function A lot of proxies initialization code is delayed on post-parsing stage, as it depends on the configuration fully parsed. This is performed via a loop on proxies_list. Extract this code in a dedicated function proxy_finalize(). This patch will be useful for dynamic backends creation. Note that for the moment the code has been extracted as-is. With each new features, some init code was added there. This has become a giant loop with no real ordering. A future patch may provide some cleanup in order to reorganize this.
2026-01-30 10:31:04 -05:00
}
}
if ((newsrv->flags & SRV_F_FASTOPEN) &&
((px->retry_type & (PR_RE_DISCONNECTED | PR_RE_TIMEOUT)) !=
(PR_RE_DISCONNECTED | PR_RE_TIMEOUT)))
ha_warning("server has tfo activated, the backend should be configured with at least 'conn-failure', 'empty-response' and 'response-timeout' or we wouldn't be able to retry the connection on failure.\n");
if (newsrv->trackit) {
if (srv_apply_track(newsrv, px)) {
++cfgerr;
goto next_srv;
}
}
next_srv:
reset_usermsgs_ctx();
newsrv = newsrv->next;
}
/*
* Try to generate dynamic cookies for servers now.
* It couldn't be done earlier, since at the time we parsed
* the server line, we may not have known yet that we
* should use dynamic cookies, or the secret key may not
* have been provided yet.
*/
if (px->ck_opts & PR_CK_DYNAMIC) {
newsrv = px->srv;
while (newsrv != NULL) {
srv_set_dyncookie(newsrv);
newsrv = newsrv->next;
}
}
/* We have to initialize the server lookup mechanism depending
* on what LB algorithm was chosen.
*/
px->lbprm.algo &= ~(BE_LB_LKUP | BE_LB_PROP_DYN);
switch (px->lbprm.algo & BE_LB_KIND) {
case BE_LB_KIND_RR:
if ((px->lbprm.algo & BE_LB_PARM) == BE_LB_RR_STATIC) {
px->lbprm.algo |= BE_LB_LKUP_MAP;
init_server_map(px);
} else if ((px->lbprm.algo & BE_LB_PARM) == BE_LB_RR_RANDOM) {
px->lbprm.algo |= BE_LB_LKUP_CHTREE | BE_LB_PROP_DYN;
if (chash_init_server_tree(px) < 0) {
cfgerr++;
}
} else {
px->lbprm.algo |= BE_LB_LKUP_RRTREE | BE_LB_PROP_DYN;
fwrr_init_server_groups(px);
}
break;
case BE_LB_KIND_CB:
if ((px->lbprm.algo & BE_LB_PARM) == BE_LB_CB_LC) {
px->lbprm.algo |= BE_LB_LKUP_LCTREE | BE_LB_PROP_DYN;
fwlc_init_server_tree(px);
} else {
px->lbprm.algo |= BE_LB_LKUP_FSTREE | BE_LB_PROP_DYN;
fas_init_server_tree(px);
}
break;
case BE_LB_KIND_HI:
if ((px->lbprm.algo & BE_LB_HASH_TYPE) == BE_LB_HASH_CONS) {
px->lbprm.algo |= BE_LB_LKUP_CHTREE | BE_LB_PROP_DYN;
if (chash_init_server_tree(px) < 0) {
cfgerr++;
}
} else {
px->lbprm.algo |= BE_LB_LKUP_MAP;
init_server_map(px);
}
break;
case BE_LB_KIND_SA:
if ((px->lbprm.algo & BE_LB_PARM) == BE_LB_SA_SS) {
px->lbprm.algo |= BE_LB_PROP_DYN;
init_server_ss(px);
}
break;
}
HA_RWLOCK_INIT(&px->lbprm.lock);
if (px->options & PR_O_LOGASAP)
px->to_log &= ~LW_BYTES;
if (!(px->cap & PR_CAP_INT) && (px->mode == PR_MODE_TCP || px->mode == PR_MODE_HTTP) &&
(px->cap & PR_CAP_FE) && LIST_ISEMPTY(&px->loggers) &&
(!lf_expr_isempty(&px->logformat) || !lf_expr_isempty(&px->logformat_sd))) {
ha_warning("log format ignored for %s '%s' since it has no log address.\n",
proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
}
if (px->mode != PR_MODE_HTTP && !(px->options & PR_O_HTTP_UPG)) {
int optnum;
if (px->uri_auth) {
ha_warning("'stats' statement ignored for %s '%s' as it requires HTTP mode.\n",
proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
stats_uri_auth_drop(px->uri_auth);
px->uri_auth = NULL;
}
if (px->capture_name) {
ha_warning("'capture' statement ignored for %s '%s' as it requires HTTP mode.\n",
proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
}
if (isttest(px->monitor_uri)) {
ha_warning("'monitor-uri' statement ignored for %s '%s' as it requires HTTP mode.\n",
proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
}
if (!LIST_ISEMPTY(&px->http_req_rules)) {
ha_warning("'http-request' rules ignored for %s '%s' as they require HTTP mode.\n",
proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
}
if (!LIST_ISEMPTY(&px->http_res_rules)) {
ha_warning("'http-response' rules ignored for %s '%s' as they require HTTP mode.\n",
proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
}
if (!LIST_ISEMPTY(&px->http_after_res_rules)) {
ha_warning("'http-after-response' rules ignored for %s '%s' as they require HTTP mode.\n",
proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
}
if (!LIST_ISEMPTY(&px->redirect_rules)) {
ha_warning("'redirect' rules ignored for %s '%s' as they require HTTP mode.\n",
proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
}
for (optnum = 0; cfg_opts[optnum].name; optnum++) {
if (cfg_opts[optnum].mode == PR_MODE_HTTP &&
(px->cap & cfg_opts[optnum].cap) &&
(px->options & cfg_opts[optnum].val)) {
ha_warning("'option %s' ignored for %s '%s' as it requires HTTP mode.\n",
cfg_opts[optnum].name, proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
px->options &= ~cfg_opts[optnum].val;
}
}
for (optnum = 0; cfg_opts2[optnum].name; optnum++) {
if (cfg_opts2[optnum].mode == PR_MODE_HTTP &&
(px->cap & cfg_opts2[optnum].cap) &&
(px->options2 & cfg_opts2[optnum].val)) {
ha_warning("'option %s' ignored for %s '%s' as it requires HTTP mode.\n",
cfg_opts2[optnum].name, proxy_type_str(px), px->id);
*err_code |= ERR_WARN;
px->options2 &= ~cfg_opts2[optnum].val;
}
}
#if defined(CONFIG_HAP_TRANSPARENT)
if (px->conn_src.bind_hdr_occ) {
px->conn_src.bind_hdr_occ = 0;
ha_warning("%s '%s' : ignoring use of header %s as source IP in non-HTTP mode.\n",
proxy_type_str(px), px->id, px->conn_src.bind_hdr_name);
*err_code |= ERR_WARN;
}
#endif /* CONFIG_HAP_TRANSPARENT */
}
/*
* ensure that we're not cross-dressing a TCP server into HTTP.
*/
newsrv = px->srv;
while (newsrv != NULL) {
if ((px->mode != PR_MODE_HTTP) && newsrv->rdr_len) {
ha_alert("%s '%s' : server cannot have cookie or redirect prefix in non-HTTP mode.\n",
proxy_type_str(px), px->id);
cfgerr++;
}
if ((px->mode != PR_MODE_HTTP) && newsrv->cklen) {
ha_warning("%s '%s' : ignoring cookie for server '%s' as HTTP mode is disabled.\n",
proxy_type_str(px), px->id, newsrv->id);
*err_code |= ERR_WARN;
}
if ((newsrv->flags & SRV_F_MAPPORTS) && (px->options2 & PR_O2_RDPC_PRST)) {
ha_warning("%s '%s' : RDP cookie persistence will not work for server '%s' because it lacks an explicit port number.\n",
proxy_type_str(px), px->id, newsrv->id);
*err_code |= ERR_WARN;
}
#if defined(CONFIG_HAP_TRANSPARENT)
if (px->mode != PR_MODE_HTTP && newsrv->conn_src.bind_hdr_occ) {
newsrv->conn_src.bind_hdr_occ = 0;
ha_warning("%s '%s' : server %s cannot use header %s as source IP in non-HTTP mode.\n",
proxy_type_str(px), px->id, newsrv->id, newsrv->conn_src.bind_hdr_name);
*err_code |= ERR_WARN;
}
#endif /* CONFIG_HAP_TRANSPARENT */
if ((px->mode != PR_MODE_HTTP) && (px->options & PR_O_REUSE_MASK) != PR_O_REUSE_NEVR)
px->options &= ~PR_O_REUSE_MASK;
if (px->mode == PR_MODE_SPOP)
px->options |= PR_O_REUSE_ALWS;
if ((px->mode != PR_MODE_HTTP) && newsrv->flags & SRV_F_RHTTP) {
ha_alert("%s '%s' : server %s uses reverse HTTP addressing which can only be used with HTTP mode.\n",
proxy_type_str(px), px->id, newsrv->id);
cfgerr++;
*err_code |= ERR_FATAL | ERR_ALERT;
goto out;
}
newsrv = newsrv->next;
}
/* Check filter configuration, if any */
cfgerr += flt_check(px);
if (px->cap & PR_CAP_FE) {
if (!px->accept)
px->accept = frontend_accept;
if (!LIST_ISEMPTY(&px->tcp_req.inspect_rules) ||
(px->defpx && !LIST_ISEMPTY(&px->defpx->tcp_req.inspect_rules)))
px->fe_req_ana |= AN_REQ_INSPECT_FE;
if (px->mode == PR_MODE_HTTP) {
px->fe_req_ana |= AN_REQ_WAIT_HTTP | AN_REQ_HTTP_PROCESS_FE;
px->fe_rsp_ana |= AN_RES_WAIT_HTTP | AN_RES_HTTP_PROCESS_FE;
}
if (px->mode == PR_MODE_CLI) {
px->fe_req_ana |= AN_REQ_WAIT_CLI;
px->fe_rsp_ana |= AN_RES_WAIT_CLI;
}
/* both TCP and HTTP must check switching rules */
px->fe_req_ana |= AN_REQ_SWITCHING_RULES;
/* Add filters analyzers if needed */
if (!LIST_ISEMPTY(&px->filter_configs)) {
px->fe_req_ana |= AN_REQ_FLT_START_FE | AN_REQ_FLT_XFER_DATA | AN_REQ_FLT_END;
px->fe_rsp_ana |= AN_RES_FLT_START_FE | AN_RES_FLT_XFER_DATA | AN_RES_FLT_END;
}
}
if (px->cap & PR_CAP_BE) {
if (!LIST_ISEMPTY(&px->tcp_req.inspect_rules) ||
(px->defpx && !LIST_ISEMPTY(&px->defpx->tcp_req.inspect_rules)))
px->be_req_ana |= AN_REQ_INSPECT_BE;
if (!LIST_ISEMPTY(&px->tcp_rep.inspect_rules) ||
(px->defpx && !LIST_ISEMPTY(&px->defpx->tcp_rep.inspect_rules)))
px->be_rsp_ana |= AN_RES_INSPECT;
if (px->mode == PR_MODE_HTTP) {
px->be_req_ana |= AN_REQ_WAIT_HTTP | AN_REQ_HTTP_INNER | AN_REQ_HTTP_PROCESS_BE;
px->be_rsp_ana |= AN_RES_WAIT_HTTP | AN_RES_HTTP_PROCESS_BE;
}
/* If the backend does requires RDP cookie persistence, we have to
* enable the corresponding analyser.
*/
if (px->options2 & PR_O2_RDPC_PRST)
px->be_req_ana |= AN_REQ_PRST_RDP_COOKIE;
/* Add filters analyzers if needed */
if (!LIST_ISEMPTY(&px->filter_configs)) {
px->be_req_ana |= AN_REQ_FLT_START_BE | AN_REQ_FLT_XFER_DATA | AN_REQ_FLT_END;
px->be_rsp_ana |= AN_RES_FLT_START_BE | AN_RES_FLT_XFER_DATA | AN_RES_FLT_END;
}
}
/* Check the mux protocols, if any, for each server attached to
* the current proxy */
for (newsrv = px->srv; newsrv; newsrv = newsrv->next) {
int mode = conn_pr_mode_to_proto_mode(px->mode);
const struct mux_proto_list *mux_ent;
if (srv_is_quic(newsrv)) {
if (!newsrv->mux_proto) {
/* Force QUIC as mux-proto on server with quic addresses, similarly to bind on FE side. */
newsrv->mux_proto = get_mux_proto(ist("quic"));
}
}
if (!newsrv->mux_proto)
continue;
/* it is possible that an incorrect mux was referenced
* due to the proxy's mode not being taken into account
* on first pass. Let's adjust it now.
*/
mux_ent = conn_get_best_mux_entry(newsrv->mux_proto->token, PROTO_SIDE_BE, mode);
if (!mux_ent || !isteq(mux_ent->token, newsrv->mux_proto->token)) {
ha_alert("%s '%s' : MUX protocol '%.*s' is not usable for server '%s' at [%s:%d].\n",
proxy_type_str(px), px->id,
(int)newsrv->mux_proto->token.len,
newsrv->mux_proto->token.ptr,
newsrv->id, newsrv->conf.file, newsrv->conf.line);
cfgerr++;
}
else {
if ((mux_ent->mux->flags & MX_FL_FRAMED) && !srv_is_quic(newsrv)) {
ha_alert("%s '%s' : MUX protocol '%.*s' is incompatible with stream transport used by server '%s' at [%s:%d].\n",
proxy_type_str(px), px->id,
(int)newsrv->mux_proto->token.len,
newsrv->mux_proto->token.ptr,
newsrv->id, newsrv->conf.file, newsrv->conf.line);
cfgerr++;
}
else if (!(mux_ent->mux->flags & MX_FL_FRAMED) && srv_is_quic(newsrv)) {
ha_alert("%s '%s' : MUX protocol '%.*s' is incompatible with framed transport used by server '%s' at [%s:%d].\n",
proxy_type_str(px), px->id,
(int)newsrv->mux_proto->token.len,
newsrv->mux_proto->token.ptr,
newsrv->id, newsrv->conf.file, newsrv->conf.line);
cfgerr++;
}
}
/* update the mux */
newsrv->mux_proto = mux_ent;
}
/* Allocate default tcp-check rules for proxies without
* explicit rules.
*/
if (px->cap & PR_CAP_BE) {
if (!(px->options2 & PR_O2_CHK_ANY)) {
struct tcpcheck_ruleset *rs = NULL;
struct tcpcheck_rules *rules = &px->tcpcheck_rules;
px->options2 |= PR_O2_TCPCHK_CHK;
rs = find_tcpcheck_ruleset("*tcp-check");
if (!rs) {
rs = create_tcpcheck_ruleset("*tcp-check");
if (rs == NULL) {
ha_alert("config: %s '%s': out of memory.\n",
proxy_type_str(px), px->id);
cfgerr++;
}
}
free_tcpcheck_vars(&rules->preset_vars);
rules->list = &rs->rules;
rules->flags = 0;
}
}
out:
if (cfgerr)
*err_code |= ERR_ALERT | ERR_FATAL;
return cfgerr;
}
MINOR: proxy: move the defproxy freeing code to proxy.c This used to be open-coded in cfgparse-listen.c when facing a "defaults" keyword. Let's move this into proxy_free_defaults(). This code is ugly and doesn't even reset the just freed pointers. Let's not change this yet. This code should probably be merged with a generic proxy deinit function called from deinit(). However there's a catch on uri_auth which cannot be freed because it might be used by one or several proxies. We definitely need refcounts there!
2021-02-12 04:38:49 -05:00
/* Frees all dynamic settings allocated on a default proxy that's about to be
MINOR: proxy: add proxy_free_common() helper function As shown by previous patch series, having to free some common proxy struct members twice (in free_proxy() and proxy_free_defaults()) is error-prone: we often overlook one of the two free locations when adding new features. To prevent such bugs from being introduced in the future, and also avoid code duplication, we now have a proxy_free_common() function to free all proxy struct members that are common to all proxy types (either regular or default ones). This should greatly improve code maintenance related to proxy freeing logic.
2024-06-10 13:31:19 -04:00
* destroyed. Note that most of the fields are not even reset, so extreme care
MINOR: proxy: remove proxy_preset_defaults() Function proxy_preset_defaults() purpose has evolved over time. Originally, it was only used to initialize defaults proxies instances. Until today, it was extended so that all proxies use it. Its objective is to initialize settings to common default values. To remove the confusion, this function is now removed. Its content is integrated directly into init_new_proxy().
2026-01-20 05:41:37 -05:00
* is required here.
MINOR: proxy: move the defproxy freeing code to proxy.c This used to be open-coded in cfgparse-listen.c when facing a "defaults" keyword. Let's move this into proxy_free_defaults(). This code is ugly and doesn't even reset the just freed pointers. Let's not change this yet. This code should probably be merged with a generic proxy deinit function called from deinit(). However there's a catch on uri_auth which cannot be freed because it might be used by one or several proxies. We definitely need refcounts there!
2021-02-12 04:38:49 -05:00
*/
MINOR: proxy: refactor defaults proxies API This patch renames functions which deal with defaults section. A common "defaults_px_" prefix is defined. This serves as a marker to identify functions which can only be used with proxies defaults capability. New BUG_ON() are enforced to ensure this is valid. Also, older proxy_unref_or_destroy_defaults() is renamed defaults_px_detach().
2026-01-22 05:16:14 -05:00
static void defaults_px_free(struct proxy *defproxy)
MINOR: proxy: move the defproxy freeing code to proxy.c This used to be open-coded in cfgparse-listen.c when facing a "defaults" keyword. Let's move this into proxy_free_defaults(). This code is ugly and doesn't even reset the just freed pointers. Let's not change this yet. This code should probably be merged with a generic proxy deinit function called from deinit(). However there's a catch on uri_auth which cannot be freed because it might be used by one or several proxies. We definitely need refcounts there!
2021-02-12 04:38:49 -05:00
{
BUG/MEDIUM: rules: Be able to use captures defined in defaults section Since the 2.5, it is possible to define TCP/HTTP ruleset in defaults sections. However, rules defining a capture in defaults sections was not properly handled because they was not shared with the proxies inheriting from the defaults section. This led to crash when haproxy tried to store a new capture. So now, to fix the issue, when a new proxy is created, the list of captures points to the list of its defaults section. It may be NULL or not. All new caputres are prepended to this list. It is not a problem to share the same defaults section between several proxies, because it is not altered and we take care to not release it when corresponding proxies are freed but only when defaults proxies are freed. To do so, defaults proxies are now unreferenced at the end of free_proxy() function instead of the beginning. This patch should fix the issue #1674. It must be backported to 2.5.
2022-04-25 08:30:58 -04:00
struct cap_hdr *h,*h_next;
BUG/MINOR: proxy: Release ACLs and TCP/HTTP rules of default proxies It is now possible to have TCP/HTTP rules and ACLs defined in defaults sections. So we must try to release corresponding lists when a default proxy is destroyed. No backport needed.
2021-10-15 08:33:34 -04:00
MINOR: proxy: add proxy_free_common() helper function As shown by previous patch series, having to free some common proxy struct members twice (in free_proxy() and proxy_free_defaults()) is error-prone: we often overlook one of the two free locations when adding new features. To prevent such bugs from being introduced in the future, and also avoid code duplication, we now have a proxy_free_common() function to free all proxy struct members that are common to all proxy types (either regular or default ones). This should greatly improve code maintenance related to proxy freeing logic.
2024-06-10 13:31:19 -04:00
proxy_free_common(defproxy);
/* default proxy specific cleanup */
MINOR: proxy: add checks for defsrv's validity Now we only copy the default server's settings if such a default server exists, otherwise we only initialize it. At the moment it always exists. The change is mostly performed in srv_settings_cpy() since that's where each caller passes through, and there's no point duplicating that test everywhere.
2025-07-10 11:03:13 -04:00
if (defproxy->defsrv)
ha_free((char **)&defproxy->defsrv->conf.file);
CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) This makes the code more readable and less prone to copy-paste errors. In addition, it allows to place some __builtin_constant_p() predicates to trigger a link-time error in case the compiler knows that the freed area is constant. It will also produce compile-time error if trying to free something that is not a regular pointer (e.g. a function). The DEBUG_MEM_STATS macro now also defines an instance for ha_free() so that all these calls can be checked. 178 occurrences were converted. The vast majority of them were handled by the following Coccinelle script, some slightly refined to better deal with "&*x" or with long lines: @ rule @ expression E; @@ - free(E); - E = NULL; + ha_free(&E); It was verified that the resulting code is the same, more or less a handful of cases where the compiler optimized slightly differently the temporary variable that holds the copy of the pointer. A non-negligible amount of {free(str);str=NULL;str_len=0;} are still present in the config part (mostly header names in proxies). These ones should also be cleaned for the same reasons, and probably be turned into ist strings.
2021-02-20 04:46:51 -05:00
ha_free(&defproxy->defbe.name);
MEDIUM: server: introduce srv_alloc()/srv_free() to alloc/free a server It happens that we free servers at various places in the code, both on error paths and at runtime thanks to the "server delete" feature. In order to switch to an aligned struct, we'll need to change the calloc() and free() calls. Let's first spot them and switch them to srv_alloc() and srv_free() instead of using calloc() and either free() or ha_free(). An easy trap to fall into is that some of them are default-server entries. The new srv_free() function also resets the pointer like ha_free() does. This was done by running the following coccinelle script all over the code: @@ struct server *srv; @@ ( - free(srv) + srv_free(&srv) | - ha_free(&srv) + srv_free(&srv) ) @@ struct server *srv; expression e1; expression e2; @@ ( - srv = malloc(e1) + srv = srv_alloc() | - srv = calloc(e1, e2) + srv = srv_alloc() ) This is marked medium because despite spotting all call places, we can never rule out the possibility that some out-of-tree patches would allocate their own servers and continue to use the old API... at their own risk.
2025-08-13 05:52:59 -04:00
srv_free(&defproxy->defsrv);
BUG/MINOR: proxy: Release ACLs and TCP/HTTP rules of default proxies It is now possible to have TCP/HTTP rules and ACLs defined in defaults sections. So we must try to release corresponding lists when a default proxy is destroyed. No backport needed.
2021-10-15 08:33:34 -04:00
BUG/MEDIUM: rules: Be able to use captures defined in defaults section Since the 2.5, it is possible to define TCP/HTTP ruleset in defaults sections. However, rules defining a capture in defaults sections was not properly handled because they was not shared with the proxies inheriting from the defaults section. This led to crash when haproxy tried to store a new capture. So now, to fix the issue, when a new proxy is created, the list of captures points to the list of its defaults section. It may be NULL or not. All new caputres are prepended to this list. It is not a problem to share the same defaults section between several proxies, because it is not altered and we take care to not release it when corresponding proxies are freed but only when defaults proxies are freed. To do so, defaults proxies are now unreferenced at the end of free_proxy() function instead of the beginning. This patch should fix the issue #1674. It must be backported to 2.5.
2022-04-25 08:30:58 -04:00
h = defproxy->req_cap;
while (h) {
h_next = h->next;
free(h->name);
pool_destroy(h->pool);
free(h);
h = h_next;
}
h = defproxy->rsp_cap;
while (h) {
h_next = h->next;
free(h->name);
pool_destroy(h->pool);
free(h);
h = h_next;
}
MINOR: proxy: move the defproxy freeing code to proxy.c This used to be open-coded in cfgparse-listen.c when facing a "defaults" keyword. Let's move this into proxy_free_defaults(). This code is ugly and doesn't even reset the just freed pointers. Let's not change this yet. This code should probably be merged with a generic proxy deinit function called from deinit(). However there's a catch on uri_auth which cannot be freed because it might be used by one or several proxies. We definitely need refcounts there!
2021-02-12 04:38:49 -05:00
proxy_release_conf_errors(defproxy);
deinit_proxy_tcpcheck(defproxy);
}
MINOR: proxy: refactor defaults proxies API This patch renames functions which deal with defaults section. A common "defaults_px_" prefix is defined. This serves as a marker to identify functions which can only be used with proxies defaults capability. New BUG_ON() are enforced to ensure this is valid. Also, older proxy_unref_or_destroy_defaults() is renamed defaults_px_detach().
2026-01-22 05:16:14 -05:00
/* Removes <px> defaults instance from the name tree, free its content and
* storage. This must only be used if <px> is unreferenced.
MINOR: proxy: support storing defaults sections into their own tree Now we'll have a tree of named defaults sections. The regular insertion and lookup functions take care of the capability in order to select the appropriate tree. A new function proxy_destroy_defaults() removes a proxy from this tree and frees it entirely.
2021-02-12 07:52:11 -05:00
*/
MINOR: proxy: refactor defaults proxies API This patch renames functions which deal with defaults section. A common "defaults_px_" prefix is defined. This serves as a marker to identify functions which can only be used with proxies defaults capability. New BUG_ON() are enforced to ensure this is valid. Also, older proxy_unref_or_destroy_defaults() is renamed defaults_px_detach().
2026-01-22 05:16:14 -05:00
void defaults_px_destroy(struct proxy *px)
MINOR: proxy: support storing defaults sections into their own tree Now we'll have a tree of named defaults sections. The regular insertion and lookup functions take care of the capability in order to select the appropriate tree. A new function proxy_destroy_defaults() removes a proxy from this tree and frees it entirely.
2021-02-12 07:52:11 -05:00
{
MINOR: proxy: refactor defaults proxies API This patch renames functions which deal with defaults section. A common "defaults_px_" prefix is defined. This serves as a marker to identify functions which can only be used with proxies defaults capability. New BUG_ON() are enforced to ensure this is valid. Also, older proxy_unref_or_destroy_defaults() is renamed defaults_px_detach().
2026-01-22 05:16:14 -05:00
BUG_ON(!(px->cap & PR_CAP_DEF));
MINOR: proxy: Be able to reference the defaults section used by a proxy A proxy may now references the defaults section it is used. To do so, a pointer on the default proxy was added in the proxy structure. And a refcount must be used to track proxies using a default proxy. A default proxy is destroyed iff its refcount is equal to zero and when it drops to zero. All this stuff must be performed during init/deinit staged for now. All unreferenced default proxies are removed after the configuration parsing. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 03:50:53 -04:00
BUG_ON(px->conf.refcount != 0);
BUG/MINOR: proxy: fix deinit crash on defaults with duplicate name A defaults proxy instance may be move into the orphaned list when it is replaced by a newer section with the same name. This is attached via <next> member as a single linked list entry. However, proxy free does not clear <next> attach point. This causes a crash on deinit if orphaned list is not empty. First, all frontend/backend instances are freed. This triggers the release of every referenced defaults instances as their refcount reach zero, but orphaned list is not clean up. A loop is then conducted on orphaned list via proxy_destroy_all_unref_defaults(). This causes a segfault due to access on already freed entries. To fix this, this patch extends proxy_destroy_defaults(). If orphaned list is not empty, a loop is performed to remove a possible entry of the currently released defaults instance. This ensures that loop over orphaned list won't be able to access to already freed entries. This bug is pretty rare as it requires to have duplicate name in defaults sections, and also to use settings which forces defaults referencing, such as TCP/HTTP rules. This can be reproduced with the minimal config here : defaults def http-request return status 200 frontend fe bind :20080 defaults def Note that in fact orphaned list looping is not strictly necessary, as defaults instances are automatically removed via refcounting. This will be the purpose of a future patch. However, to limit the risk of regression on stable releases during backport, this patch uses the more direct approach for now. This must be backported up to 3.1.
2026-01-22 09:20:31 -05:00
MINOR: proxy: refactor defaults proxies API This patch renames functions which deal with defaults section. A common "defaults_px_" prefix is defined. This serves as a marker to identify functions which can only be used with proxies defaults capability. New BUG_ON() are enforced to ensure this is valid. Also, older proxy_unref_or_destroy_defaults() is renamed defaults_px_detach().
2026-01-22 05:16:14 -05:00
cebis_item_delete(&defproxy_by_name, conf.name_node, id, px);
MINOR: proxy: simplify defaults proxies list storage Defaults proxies instance are stored in a global name tree. When there is a name conflict and the older entry cannot be simply discarded as it is already referenced, the older entry is instead removed from the name tree and inserted into the orphaned list. The purpose of the orphaned list was to guarantee that any remaining unreferenced defaults are purged either on postparsing or deinit. However, this is in fact completely useless. Indeed on postparsing, orphaned entries are always referenced. On deinit instead, defaults are already freed along the cleanup of all frontend/backend instances clean up, thanks to their refcounting. This patch streamlines this by removing orphaned list. Instead, a defaults section is inserted into a new global defaults_list during their whole lifetime. This is not strictly necessary but it ensures that defaults instances can still be accessed easily in the future if needed even if not present in the name tree. On deinit, a BUG_ON() is added to ensure that defaults_list is indeed emptied. Another benefit from this patch is to simplify the defaults deletion procedure. Orphaned simple list is replaced by a proper double linked list implementation, so a single LIST_DELETE() is now performed. This will be notably useful as defaults may be removed at runtime in the future if backends deletion at runtime is implemented.
2026-01-20 08:33:46 -05:00
LIST_DELETE(&px->el);
BUG/MINOR: proxy: fix deinit crash on defaults with duplicate name A defaults proxy instance may be move into the orphaned list when it is replaced by a newer section with the same name. This is attached via <next> member as a single linked list entry. However, proxy free does not clear <next> attach point. This causes a crash on deinit if orphaned list is not empty. First, all frontend/backend instances are freed. This triggers the release of every referenced defaults instances as their refcount reach zero, but orphaned list is not clean up. A loop is then conducted on orphaned list via proxy_destroy_all_unref_defaults(). This causes a segfault due to access on already freed entries. To fix this, this patch extends proxy_destroy_defaults(). If orphaned list is not empty, a loop is performed to remove a possible entry of the currently released defaults instance. This ensures that loop over orphaned list won't be able to access to already freed entries. This bug is pretty rare as it requires to have duplicate name in defaults sections, and also to use settings which forces defaults referencing, such as TCP/HTTP rules. This can be reproduced with the minimal config here : defaults def http-request return status 200 frontend fe bind :20080 defaults def Note that in fact orphaned list looping is not strictly necessary, as defaults instances are automatically removed via refcounting. This will be the purpose of a future patch. However, to limit the risk of regression on stable releases during backport, this patch uses the more direct approach for now. This must be backported up to 3.1.
2026-01-22 09:20:31 -05:00
MINOR: proxy: refactor defaults proxies API This patch renames functions which deal with defaults section. A common "defaults_px_" prefix is defined. This serves as a marker to identify functions which can only be used with proxies defaults capability. New BUG_ON() are enforced to ensure this is valid. Also, older proxy_unref_or_destroy_defaults() is renamed defaults_px_detach().
2026-01-22 05:16:14 -05:00
defaults_px_free(px);
MINOR: proxy: support storing defaults sections into their own tree Now we'll have a tree of named defaults sections. The regular insertion and lookup functions take care of the capability in order to select the appropriate tree. A new function proxy_destroy_defaults() removes a proxy from this tree and frees it entirely.
2021-02-12 07:52:11 -05:00
free(px);
}
MINOR: proxy: Be able to reference the defaults section used by a proxy A proxy may now references the defaults section it is used. To do so, a pointer on the default proxy was added in the proxy structure. And a refcount must be used to track proxies using a default proxy. A default proxy is destroyed iff its refcount is equal to zero and when it drops to zero. All this stuff must be performed during init/deinit staged for now. All unreferenced default proxies are removed after the configuration parsing. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 03:50:53 -04:00
/* delete all unreferenced default proxies. A default proxy is unreferenced if
* its refcount is equal to zero.
*/
MINOR: proxy: refactor defaults proxies API This patch renames functions which deal with defaults section. A common "defaults_px_" prefix is defined. This serves as a marker to identify functions which can only be used with proxies defaults capability. New BUG_ON() are enforced to ensure this is valid. Also, older proxy_unref_or_destroy_defaults() is renamed defaults_px_detach().
2026-01-22 05:16:14 -05:00
void defaults_px_destroy_all_unref(void)
MEDIUM: proxy: store the default proxies in a tree by name Now default proxies are stored into a dedicated tree, sorted by name. Only unnamed entries are not kept upon new section creation. The very first call to cfg_parse_listen() will automatically allocate a dummy defaults section which corresponds to the previous static one, since the code requires to have one at a few places. The first immediately visible benefit is that it allows to reuse alloc_new_proxy() to allocate a defaults section instead of doing it by hand. And the secret goal is to allow to keep multiple named defaults section in memory to reuse them from various proxies.
2021-02-12 08:08:31 -05:00
{
MINOR: proxy: add a list of orphaned defaults sections We'll soon delete unreferenced and duplicated named defaults sections from the list of proxies. The problem with this is that this list (in fact a name-based tree) is used to release all of them at the end. Let's add a list of orphaned defaults sections, typically those containing "http-check send" statements or various other rules, and that are implicitly inherited by a proxy hence have a non-zero refcount while also having a name. These now makes it possible to remove them from the name index while still keeping their memory around for the lifetime of the process, and cleaning it at the end.
2024-09-20 09:59:04 -04:00
struct proxy *px, *nx;
MEDIUM: proxy: store the default proxies in a tree by name Now default proxies are stored into a dedicated tree, sorted by name. Only unnamed entries are not kept upon new section creation. The very first call to cfg_parse_listen() will automatically allocate a dummy defaults section which corresponds to the previous static one, since the code requires to have one at a few places. The first immediately visible benefit is that it allows to reuse alloc_new_proxy() to allocate a defaults section instead of doing it by hand. And the secret goal is to allow to keep multiple named defaults section in memory to reuse them from various proxies.
2021-02-12 08:08:31 -05:00
MEDIUM: proxy: switch conf.name to cebis_tree This is used to index the proxy's name and it contains a copy of the pointer to the proxy's name in <id>. Changing that for a ceb_node placed just before <id> saves 32 bytes to the struct proxy, which is now 3112 bytes large. Here we need to continue to support duplicates since they're still allowed between type-incompatible proxies. Interestingly, the use of cebis_next_dup() instead of cebis_next() in proxy_find_by_name() allows us to get rid of an strcmp() that was performed for each use_backend rule. A test with a large config (100k backends) shows that we can get 3% extra performance on a config involving a static use_backend rule (3.09M to 3.18M rps), and even 4.5% on a dynamic rule selecting a random backend (2.47M to 2.59M).
2025-07-15 05:47:54 -04:00
for (px = cebis_item_first(&defproxy_by_name, conf.name_node, id, struct proxy); px; px = nx) {
MEDIUM: proxy: store the default proxies in a tree by name Now default proxies are stored into a dedicated tree, sorted by name. Only unnamed entries are not kept upon new section creation. The very first call to cfg_parse_listen() will automatically allocate a dummy defaults section which corresponds to the previous static one, since the code requires to have one at a few places. The first immediately visible benefit is that it allows to reuse alloc_new_proxy() to allocate a defaults section instead of doing it by hand. And the secret goal is to allow to keep multiple named defaults section in memory to reuse them from various proxies.
2021-02-12 08:08:31 -05:00
BUG_ON(!(px->cap & PR_CAP_DEF));
MEDIUM: proxy: switch conf.name to cebis_tree This is used to index the proxy's name and it contains a copy of the pointer to the proxy's name in <id>. Changing that for a ceb_node placed just before <id> saves 32 bytes to the struct proxy, which is now 3112 bytes large. Here we need to continue to support duplicates since they're still allowed between type-incompatible proxies. Interestingly, the use of cebis_next_dup() instead of cebis_next() in proxy_find_by_name() allows us to get rid of an strcmp() that was performed for each use_backend rule. A test with a large config (100k backends) shows that we can get 3% extra performance on a config involving a static use_backend rule (3.09M to 3.18M rps), and even 4.5% on a dynamic rule selecting a random backend (2.47M to 2.59M).
2025-07-15 05:47:54 -04:00
nx = cebis_item_next(&defproxy_by_name, conf.name_node, id, px);
MINOR: proxy: Be able to reference the defaults section used by a proxy A proxy may now references the defaults section it is used. To do so, a pointer on the default proxy was added in the proxy structure. And a refcount must be used to track proxies using a default proxy. A default proxy is destroyed iff its refcount is equal to zero and when it drops to zero. All this stuff must be performed during init/deinit staged for now. All unreferenced default proxies are removed after the configuration parsing. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 03:50:53 -04:00
if (!px->conf.refcount)
MINOR: proxy: refactor defaults proxies API This patch renames functions which deal with defaults section. A common "defaults_px_" prefix is defined. This serves as a marker to identify functions which can only be used with proxies defaults capability. New BUG_ON() are enforced to ensure this is valid. Also, older proxy_unref_or_destroy_defaults() is renamed defaults_px_detach().
2026-01-22 05:16:14 -05:00
defaults_px_destroy(px);
MEDIUM: proxy: store the default proxies in a tree by name Now default proxies are stored into a dedicated tree, sorted by name. Only unnamed entries are not kept upon new section creation. The very first call to cfg_parse_listen() will automatically allocate a dummy defaults section which corresponds to the previous static one, since the code requires to have one at a few places. The first immediately visible benefit is that it allows to reuse alloc_new_proxy() to allocate a defaults section instead of doing it by hand. And the secret goal is to allow to keep multiple named defaults section in memory to reuse them from various proxies.
2021-02-12 08:08:31 -05:00
}
MINOR: proxy: add a list of orphaned defaults sections We'll soon delete unreferenced and duplicated named defaults sections from the list of proxies. The problem with this is that this list (in fact a name-based tree) is used to release all of them at the end. Let's add a list of orphaned defaults sections, typically those containing "http-check send" statements or various other rules, and that are implicitly inherited by a proxy hence have a non-zero refcount while also having a name. These now makes it possible to remove them from the name index while still keeping their memory around for the lifetime of the process, and cleaning it at the end.
2024-09-20 09:59:04 -04:00
}
MINOR: proxy: refactor defaults proxies API This patch renames functions which deal with defaults section. A common "defaults_px_" prefix is defined. This serves as a marker to identify functions which can only be used with proxies defaults capability. New BUG_ON() are enforced to ensure this is valid. Also, older proxy_unref_or_destroy_defaults() is renamed defaults_px_detach().
2026-01-22 05:16:14 -05:00
/* Removes <px> defaults from the name tree. This operation is useful when a
* section is made invisible by a newer instance with the same name. If <px> is
MINOR: proxy: simplify defaults proxies list storage Defaults proxies instance are stored in a global name tree. When there is a name conflict and the older entry cannot be simply discarded as it is already referenced, the older entry is instead removed from the name tree and inserted into the orphaned list. The purpose of the orphaned list was to guarantee that any remaining unreferenced defaults are purged either on postparsing or deinit. However, this is in fact completely useless. Indeed on postparsing, orphaned entries are always referenced. On deinit instead, defaults are already freed along the cleanup of all frontend/backend instances clean up, thanks to their refcounting. This patch streamlines this by removing orphaned list. Instead, a defaults section is inserted into a new global defaults_list during their whole lifetime. This is not strictly necessary but it ensures that defaults instances can still be accessed easily in the future if needed even if not present in the name tree. On deinit, a BUG_ON() is added to ensure that defaults_list is indeed emptied. Another benefit from this patch is to simplify the defaults deletion procedure. Orphaned simple list is replaced by a proper double linked list implementation, so a single LIST_DELETE() is now performed. This will be notably useful as defaults may be removed at runtime in the future if backends deletion at runtime is implemented.
2026-01-20 08:33:46 -05:00
* not referenced it is freed immediately, else it is kept in defaults_list.
MINOR: proxy: add a list of orphaned defaults sections We'll soon delete unreferenced and duplicated named defaults sections from the list of proxies. The problem with this is that this list (in fact a name-based tree) is used to release all of them at the end. Let's add a list of orphaned defaults sections, typically those containing "http-check send" statements or various other rules, and that are implicitly inherited by a proxy hence have a non-zero refcount while also having a name. These now makes it possible to remove them from the name index while still keeping their memory around for the lifetime of the process, and cleaning it at the end.
2024-09-20 09:59:04 -04:00
*/
MINOR: proxy: refactor defaults proxies API This patch renames functions which deal with defaults section. A common "defaults_px_" prefix is defined. This serves as a marker to identify functions which can only be used with proxies defaults capability. New BUG_ON() are enforced to ensure this is valid. Also, older proxy_unref_or_destroy_defaults() is renamed defaults_px_detach().
2026-01-22 05:16:14 -05:00
void defaults_px_detach(struct proxy *px)
MINOR: proxy: add a list of orphaned defaults sections We'll soon delete unreferenced and duplicated named defaults sections from the list of proxies. The problem with this is that this list (in fact a name-based tree) is used to release all of them at the end. Let's add a list of orphaned defaults sections, typically those containing "http-check send" statements or various other rules, and that are implicitly inherited by a proxy hence have a non-zero refcount while also having a name. These now makes it possible to remove them from the name index while still keeping their memory around for the lifetime of the process, and cleaning it at the end.
2024-09-20 09:59:04 -04:00
{
MINOR: proxy: refactor defaults proxies API This patch renames functions which deal with defaults section. A common "defaults_px_" prefix is defined. This serves as a marker to identify functions which can only be used with proxies defaults capability. New BUG_ON() are enforced to ensure this is valid. Also, older proxy_unref_or_destroy_defaults() is renamed defaults_px_detach().
2026-01-22 05:16:14 -05:00
BUG_ON(!(px->cap & PR_CAP_DEF));
cebis_item_delete(&defproxy_by_name, conf.name_node, id, px);
MINOR: proxy: simplify defaults proxies list storage Defaults proxies instance are stored in a global name tree. When there is a name conflict and the older entry cannot be simply discarded as it is already referenced, the older entry is instead removed from the name tree and inserted into the orphaned list. The purpose of the orphaned list was to guarantee that any remaining unreferenced defaults are purged either on postparsing or deinit. However, this is in fact completely useless. Indeed on postparsing, orphaned entries are always referenced. On deinit instead, defaults are already freed along the cleanup of all frontend/backend instances clean up, thanks to their refcounting. This patch streamlines this by removing orphaned list. Instead, a defaults section is inserted into a new global defaults_list during their whole lifetime. This is not strictly necessary but it ensures that defaults instances can still be accessed easily in the future if needed even if not present in the name tree. On deinit, a BUG_ON() is added to ensure that defaults_list is indeed emptied. Another benefit from this patch is to simplify the defaults deletion procedure. Orphaned simple list is replaced by a proper double linked list implementation, so a single LIST_DELETE() is now performed. This will be notably useful as defaults may be removed at runtime in the future if backends deletion at runtime is implemented.
2026-01-20 08:33:46 -05:00
if (!px->conf.refcount)
MINOR: proxy: refactor defaults proxies API This patch renames functions which deal with defaults section. A common "defaults_px_" prefix is defined. This serves as a marker to identify functions which can only be used with proxies defaults capability. New BUG_ON() are enforced to ensure this is valid. Also, older proxy_unref_or_destroy_defaults() is renamed defaults_px_detach().
2026-01-22 05:16:14 -05:00
defaults_px_destroy(px);
MINOR: proxy: simplify defaults proxies list storage Defaults proxies instance are stored in a global name tree. When there is a name conflict and the older entry cannot be simply discarded as it is already referenced, the older entry is instead removed from the name tree and inserted into the orphaned list. The purpose of the orphaned list was to guarantee that any remaining unreferenced defaults are purged either on postparsing or deinit. However, this is in fact completely useless. Indeed on postparsing, orphaned entries are always referenced. On deinit instead, defaults are already freed along the cleanup of all frontend/backend instances clean up, thanks to their refcounting. This patch streamlines this by removing orphaned list. Instead, a defaults section is inserted into a new global defaults_list during their whole lifetime. This is not strictly necessary but it ensures that defaults instances can still be accessed easily in the future if needed even if not present in the name tree. On deinit, a BUG_ON() is added to ensure that defaults_list is indeed emptied. Another benefit from this patch is to simplify the defaults deletion procedure. Orphaned simple list is replaced by a proper double linked list implementation, so a single LIST_DELETE() is now performed. This will be notably useful as defaults may be removed at runtime in the future if backends deletion at runtime is implemented.
2026-01-20 08:33:46 -05:00
/* If not destroyed, <px> can still be accessed in <defaults_list>. */
MEDIUM: proxy: store the default proxies in a tree by name Now default proxies are stored into a dedicated tree, sorted by name. Only unnamed entries are not kept upon new section creation. The very first call to cfg_parse_listen() will automatically allocate a dummy defaults section which corresponds to the previous static one, since the code requires to have one at a few places. The first immediately visible benefit is that it allows to reuse alloc_new_proxy() to allocate a defaults section instead of doing it by hand. And the secret goal is to allow to keep multiple named defaults section in memory to reuse them from various proxies.
2021-02-12 08:08:31 -05:00
}
MEDIUM: proxy: implement persistent named defaults This patch changes the handling of named defaults sections. Prior to this patch, every unreferenced defaults proxies were removed on post parsing. Now by default, these sections are kept after postparsing and only purged on deinit. The objective is to allow reusing them as base configuration for dynamic backends. To implement this, refcount of every still addressable named sections is incremented by one after parsing. This ensures that they won't be removed even if referencing proxies are removed at runtime. This is done via the new function proxy_ref_all_defaults(). To ensure defaults instances are still properly removed on deinit, the inverse operation is performed : refcount is decremented by one on every defaults sections via proxy_unref_all_defaults(). The original behavior can still be used by using the new global keyword tune.defaults.purge. This is useful for users using configuration with large number of defaults and not interested in dynamic backends creation.
2025-12-18 12:09:13 -05:00
void defaults_px_ref_all(void)
{
struct proxy *px;
for (px = cebis_item_first(&defproxy_by_name, conf.name_node, id, struct proxy);
px;
px = cebis_item_next(&defproxy_by_name, conf.name_node, id, px)) {
++px->conf.refcount;
}
}
void defaults_px_unref_all(void)
{
struct proxy *px, *nx;
for (px = cebis_item_first(&defproxy_by_name, conf.name_node, id, struct proxy); px; px = nx) {
nx = cebis_item_next(&defproxy_by_name, conf.name_node, id, px);
BUG_ON(!px->conf.refcount);
if (!--px->conf.refcount)
defaults_px_destroy(px);
}
}
MINOR: proxy: Be able to reference the defaults section used by a proxy A proxy may now references the defaults section it is used. To do so, a pointer on the default proxy was added in the proxy structure. And a refcount must be used to track proxies using a default proxy. A default proxy is destroyed iff its refcount is equal to zero and when it drops to zero. All this stuff must be performed during init/deinit staged for now. All unreferenced default proxies are removed after the configuration parsing. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 03:50:53 -04:00
/* Add a reference on the default proxy <defpx> for the proxy <px> Nothing is
* done if <px> already references <defpx>. Otherwise, the default proxy
MEDIUM: proxy: implement dynamic backend creation Implement the required operations for "add backend" handler. This requires a new proxy allocation, settings copy from the specified default instance and proxy config finalization. All handlers registered via REGISTER_POST_PROXY_CHECK() are also called on the newly created instance. If no error were encountered, the newly created proxy is finally attached in the proxies list.
2025-12-18 03:51:27 -05:00
* refcount is incremented by one.
*
* This operation is not thread safe. It must only be performed during init
* stage or under thread isolation.
MINOR: proxy: Be able to reference the defaults section used by a proxy A proxy may now references the defaults section it is used. To do so, a pointer on the default proxy was added in the proxy structure. And a refcount must be used to track proxies using a default proxy. A default proxy is destroyed iff its refcount is equal to zero and when it drops to zero. All this stuff must be performed during init/deinit staged for now. All unreferenced default proxies are removed after the configuration parsing. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 03:50:53 -04:00
*/
MINOR: proxy: refactor proxy inheritance of a defaults section If a proxy is referencing a defaults instance, some checks must be performed to ensure that inheritance will be compatible. Refcount of the defaults instance may also be incremented if some settings cannot be copied. This operation is performed when parsing a new proxy of defaults section which references a defaults, either implicitely or explicitely. This patch extracts this code into a dedicated function named proxy_ref_defaults(). This in turn may call defaults_px_ref() (previously called proxy_ref_defaults()) to increment its refcount. The objective of this patch is to be able to reuse defaults inheritance validation for dynamic backends created at runtime, outside of the parsing code.
2025-12-22 05:59:33 -05:00
static inline void defaults_px_ref(struct proxy *defpx, struct proxy *px)
MINOR: proxy: Be able to reference the defaults section used by a proxy A proxy may now references the defaults section it is used. To do so, a pointer on the default proxy was added in the proxy structure. And a refcount must be used to track proxies using a default proxy. A default proxy is destroyed iff its refcount is equal to zero and when it drops to zero. All this stuff must be performed during init/deinit staged for now. All unreferenced default proxies are removed after the configuration parsing. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 03:50:53 -04:00
{
if (px->defpx == defpx)
return;
MINOR: proxy: refactor proxy inheritance of a defaults section If a proxy is referencing a defaults instance, some checks must be performed to ensure that inheritance will be compatible. Refcount of the defaults instance may also be incremented if some settings cannot be copied. This operation is performed when parsing a new proxy of defaults section which references a defaults, either implicitely or explicitely. This patch extracts this code into a dedicated function named proxy_ref_defaults(). This in turn may call defaults_px_ref() (previously called proxy_ref_defaults()) to increment its refcount. The objective of this patch is to be able to reuse defaults inheritance validation for dynamic backends created at runtime, outside of the parsing code.
2025-12-22 05:59:33 -05:00
/* <px> is already referencing another defaults. */
BUG_ON(px->defpx);
MINOR: proxy: Be able to reference the defaults section used by a proxy A proxy may now references the defaults section it is used. To do so, a pointer on the default proxy was added in the proxy structure. And a refcount must be used to track proxies using a default proxy. A default proxy is destroyed iff its refcount is equal to zero and when it drops to zero. All this stuff must be performed during init/deinit staged for now. All unreferenced default proxies are removed after the configuration parsing. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 03:50:53 -04:00
px->defpx = defpx;
defpx->conf.refcount++;
}
MINOR: proxy: refactor proxy inheritance of a defaults section If a proxy is referencing a defaults instance, some checks must be performed to ensure that inheritance will be compatible. Refcount of the defaults instance may also be incremented if some settings cannot be copied. This operation is performed when parsing a new proxy of defaults section which references a defaults, either implicitely or explicitely. This patch extracts this code into a dedicated function named proxy_ref_defaults(). This in turn may call defaults_px_ref() (previously called proxy_ref_defaults()) to increment its refcount. The objective of this patch is to be able to reuse defaults inheritance validation for dynamic backends created at runtime, outside of the parsing code.
2025-12-22 05:59:33 -05:00
/* Check that <px> can inherits from <defpx> default proxy. If some settings
* cannot be copied, refcount of the defaults instance is incremented.
* Inheritance may be impossible due to incompatibility issues. In this case,
* <errmsg> will be allocated to point to a textual description of the error.
*
* Returns ERR_NONE on success and a combination of ERR_CODE on failure
*/
int proxy_ref_defaults(struct proxy *px, struct proxy *defpx, char **errmsg)
{
char defcap = defpx->cap & PR_CAP_LISTEN;
int err_code = ERR_NONE;
if ((px->cap & PR_CAP_BE) && (defpx->nb_req_cap || defpx->nb_rsp_cap)) {
memprintf(errmsg, "backend or defaults sections cannot inherit from a defaults section defining"
" captures (defaults section at %s:%d)",
defpx->conf.file, defpx->conf.line);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
/* If the current default proxy defines TCP/HTTP rules, the
* current proxy will keep a reference on it. But some sanity
* checks are performed first:
*
* - It cannot be used to init a defaults section
* - It cannot be used to init a listen section
* - It cannot be used to init backend and frontend sections at
* same time. It can be used to init several sections of the
* same type only.
* - It cannot define L4/L5 TCP rules if it is used to init
* backend sections.
* - It cannot define 'tcp-response content' rules if it
* is used to init frontend sections.
*
* If no error is found, refcount of the default proxy is incremented.
*/
if ((!LIST_ISEMPTY(&defpx->http_req_rules) ||
!LIST_ISEMPTY(&defpx->http_res_rules) ||
!LIST_ISEMPTY(&defpx->http_after_res_rules) ||
!LIST_ISEMPTY(&defpx->tcp_req.l4_rules) ||
!LIST_ISEMPTY(&defpx->tcp_req.l5_rules) ||
!LIST_ISEMPTY(&defpx->tcp_req.inspect_rules) ||
!LIST_ISEMPTY(&defpx->tcp_rep.inspect_rules))) {
/* Note: Add tcpcheck_rules too if unresolve args become allowed in defaults section */
if (px->cap & PR_CAP_DEF) {
memprintf(errmsg, "a defaults section cannot inherit from a defaults section defining TCP/HTTP rules (defaults section at %s:%d)",
defpx->conf.file, defpx->conf.line);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
else if ((px->cap & PR_CAP_LISTEN) == PR_CAP_LISTEN) {
memprintf(errmsg, "a listen section cannot inherit from a defaults section defining TCP/HTTP rules");
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
else if ((defcap == PR_CAP_BE || defcap == PR_CAP_FE) && (px->cap & PR_CAP_LISTEN) != defcap) {
memprintf(errmsg, "frontends and backends cannot inherit from the same defaults section"
" if it defines TCP/HTTP rules (defaults section at %s:%d)",
defpx->conf.file, defpx->conf.line);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
else if (!(px->cap & PR_CAP_FE) && (!LIST_ISEMPTY(&defpx->tcp_req.l4_rules) ||
!LIST_ISEMPTY(&defpx->tcp_req.l5_rules))) {
memprintf(errmsg, "a backend section cannot inherit from a defaults section defining"
" 'tcp-request connection' or 'tcp-request session' rules (defaults section at %s:%d)",
defpx->conf.file, defpx->conf.line);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
else if (!(px->cap & PR_CAP_BE) && !LIST_ISEMPTY(&defpx->tcp_rep.inspect_rules)) {
memprintf(errmsg, "a frontend section cannot inherit from a defaults section defining"
" 'tcp-response content' rules (defaults section at %s:%d)",
defpx->conf.file, defpx->conf.line);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
defpx->cap = (defpx->cap & ~PR_CAP_LISTEN) | (px->cap & PR_CAP_LISTEN);
defaults_px_ref(defpx, px);
}
if ((defpx->tcpcheck_rules.flags & TCPCHK_RULES_PROTO_CHK) &&
(px->cap & PR_CAP_LISTEN) == PR_CAP_BE) {
/* If the current default proxy defines tcpcheck rules, the
* current proxy will keep a reference on it. but only if the
* current proxy has the backend capability.
*/
defaults_px_ref(defpx, px);
}
out:
return err_code;
}
MINOR: proxy: Be able to reference the defaults section used by a proxy A proxy may now references the defaults section it is used. To do so, a pointer on the default proxy was added in the proxy structure. And a refcount must be used to track proxies using a default proxy. A default proxy is destroyed iff its refcount is equal to zero and when it drops to zero. All this stuff must be performed during init/deinit staged for now. All unreferenced default proxies are removed after the configuration parsing. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 03:50:53 -04:00
/* proxy <px> removes its reference on its default proxy. The default proxy
* refcount is decremented by one. If it was the last reference, the
* corresponding default proxy is destroyed. For now this operation is not
* thread safe and is performed during deinit staged only.
*/
void proxy_unref_defaults(struct proxy *px)
{
if (px->defpx == NULL)
return;
if (!--px->defpx->conf.refcount)
MINOR: proxy: refactor defaults proxies API This patch renames functions which deal with defaults section. A common "defaults_px_" prefix is defined. This serves as a marker to identify functions which can only be used with proxies defaults capability. New BUG_ON() are enforced to ensure this is valid. Also, older proxy_unref_or_destroy_defaults() is renamed defaults_px_detach().
2026-01-22 05:16:14 -05:00
defaults_px_destroy(px->defpx);
MINOR: proxy: Be able to reference the defaults section used by a proxy A proxy may now references the defaults section it is used. To do so, a pointer on the default proxy was added in the proxy structure. And a refcount must be used to track proxies using a default proxy. A default proxy is destroyed iff its refcount is equal to zero and when it drops to zero. All this stuff must be performed during init/deinit staged for now. All unreferenced default proxies are removed after the configuration parsing. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 03:50:53 -04:00
px->defpx = NULL;
}
MINOR: proxy: add setup_new_proxy() function Split alloc_new_proxy() in two functions: the preparing part is now handled by setup_new_proxy() which can be called individually, while alloc_new_proxy() takes care of allocating a new proxy struct and then calling setup_new_proxy() with the freshly allocated proxy.
2025-04-09 15:05:35 -04:00
/* prepares a new proxy <name> of type <cap> from the provided <px>
* pointer.
* <px> is assumed to be freshly allocated
CLEANUP: assorted typo fixes in the code, commits and doc Corrected various spelling and phrasing errors to improve clarity and consistency.
2025-07-09 15:05:55 -04:00
* <name> may be NULL: proxy id assignment will be skipped.
MINOR: proxy: add setup_new_proxy() function Split alloc_new_proxy() in two functions: the preparing part is now handled by setup_new_proxy() which can be called individually, while alloc_new_proxy() takes care of allocating a new proxy struct and then calling setup_new_proxy() with the freshly allocated proxy.
2025-04-09 15:05:35 -04:00
*
* Returns a 1 on success or 0 on failure (in which case errmsg must be checked
* then freed).
*/
int setup_new_proxy(struct proxy *px, const char *name, unsigned int cap, char **errmsg)
{
init_new_proxy(px);
if (name) {
px->id = strdup(name);
if (!px->id) {
MAJOR: counters: add shared counters base infrastructure Shareable counters are not tagged as shared counters and are dynamically allocated in separate memory area as a prerequisite for being stored in shared memory area. For now, GUID and threads groups are not taken into account, this is only a first step. also we ensure all counters are now manipulated using atomic operations, namely, "last_change" counter is now read from and written to using atomic ops. Despite the numerous changes caused by the counters being moved away from counters struct, no change of behavior should be expected.
2025-04-08 12:16:38 -04:00
memprintf(errmsg, "out of memory");
goto fail;
MINOR: proxy: add setup_new_proxy() function Split alloc_new_proxy() in two functions: the preparing part is now handled by setup_new_proxy() which can be called individually, while alloc_new_proxy() takes care of allocating a new proxy struct and then calling setup_new_proxy() with the freshly allocated proxy.
2025-04-09 15:05:35 -04:00
}
}
px->cap = cap;
MEDIUM: proxy: add and use a separate last_change variable for internal use Same motivation as previous commit, proxy last_change is "abused" because it is used for 2 different purposes, one for stats, and the other one for process-local internal use. Let's add a separate proxy-only last_change variable for internal use, and leave the last_change shared (and thread-grouped) counter for statistics.
2025-06-30 09:45:44 -04:00
px->last_change = ns_to_sec(now_ns);
MINOR: proxy: add setup_new_proxy() function Split alloc_new_proxy() in two functions: the preparing part is now handled by setup_new_proxy() which can be called individually, while alloc_new_proxy() takes care of allocating a new proxy struct and then calling setup_new_proxy() with the freshly allocated proxy.
2025-04-09 15:05:35 -04:00
MEDIUM: cfgparse: do not store unnamed defaults in name tree Defaults section are indexed by their name in defproxy_by_name tree. For named sections, there is no duplicate : if two instances have the same name, the older one is removed from the tree. However, this was not the case for unnamed defaults which are all stored inconditionnally in defproxy_by_name. This commit introduces a new approach for unnamed defaults. Now, these instances are never inserted in the defproxy_by_name tree. Indeed, this is not needed as no tree lookup is performed with empty names. This may optimize slightly config parsing with a huge number of named and unnamed defaults sections, as the first ones won't fill up the tree needlessly. However, defproxy_by_name tree is also used to purge unreferenced defaults instances, both on postparsing and deinit. Thus, a new approach is needed for unnamed sections cleanup. Now, each time a new defaults is parsed, if the previous instance is unnamed, it is freed unless if referenced by a proxy. When config parsing is ended, a similar operation is performed to ensure the last unnamed defaults section won't stay in memory. To implement this, last_defproxy static variable is now set to global. Unnamed sections which cannot be removed due to proxies referencing proxies will still be removed when such proxies are freed themselves, at runtime or on deinit.
2026-01-21 04:22:23 -05:00
/* Internal proxies or with empty name are not stored in the named tree. */
if (name && name[0] != '\0' && !(cap & PR_CAP_INT))
MINOR: proxy: add setup_new_proxy() function Split alloc_new_proxy() in two functions: the preparing part is now handled by setup_new_proxy() which can be called individually, while alloc_new_proxy() takes care of allocating a new proxy struct and then calling setup_new_proxy() with the freshly allocated proxy.
2025-04-09 15:05:35 -04:00
proxy_store_name(px);
MINOR: proxy: add a true list containing all proxies We have global proxies_list pointer which is announced as the list of "all existing proxies", but in fact it only represents regular proxies declared on the config file through "listen, frontend or backend" keywords It is ambiguous, and we currently don't have a straightforwrd method to iterate over all proxies (either public or internal ones) within haproxy Instead we still have to manually iterate over multiple lists (main proxies, log-forward proxies, peer proxies..) which is error-prone. In this patch we add a struct list member (8 bytes) inside struct proxy in order to store every proxy (except default ones) within a global "proxies" list which is actually representative for all proxies existing under haproxy process, like we already have for servers.
2025-05-09 10:02:09 -04:00
if (!(cap & PR_CAP_DEF))
LIST_APPEND(&proxies, &px->global_list);
MINOR: proxy: add setup_new_proxy() function Split alloc_new_proxy() in two functions: the preparing part is now handled by setup_new_proxy() which can be called individually, while alloc_new_proxy() takes care of allocating a new proxy struct and then calling setup_new_proxy() with the freshly allocated proxy.
2025-04-09 15:05:35 -04:00
return 1;
MAJOR: counters: add shared counters base infrastructure Shareable counters are not tagged as shared counters and are dynamically allocated in separate memory area as a prerequisite for being stored in shared memory area. For now, GUID and threads groups are not taken into account, this is only a first step. also we ensure all counters are now manipulated using atomic operations, namely, "last_change" counter is now read from and written to using atomic ops. Despite the numerous changes caused by the counters being moved away from counters struct, no change of behavior should be expected.
2025-04-08 12:16:38 -04:00
fail:
if (name)
memprintf(errmsg, "proxy '%s': %s", name, *errmsg);
MEDIUM: server: introduce srv_alloc()/srv_free() to alloc/free a server It happens that we free servers at various places in the code, both on error paths and at runtime thanks to the "server delete" feature. In order to switch to an aligned struct, we'll need to change the calloc() and free() calls. Let's first spot them and switch them to srv_alloc() and srv_free() instead of using calloc() and either free() or ha_free(). An easy trap to fall into is that some of them are default-server entries. The new srv_free() function also resets the pointer like ha_free() does. This was done by running the following coccinelle script all over the code: @@ struct server *srv; @@ ( - free(srv) + srv_free(&srv) | - ha_free(&srv) + srv_free(&srv) ) @@ struct server *srv; expression e1; expression e2; @@ ( - srv = malloc(e1) + srv = srv_alloc() | - srv = calloc(e1, e2) + srv = srv_alloc() ) This is marked medium because despite spotting all call places, we can never rule out the possibility that some out-of-tree patches would allocate their own servers and continue to use the old API... at their own risk.
2025-08-13 05:52:59 -04:00
srv_free(&px->defsrv);
MAJOR: counters: add shared counters base infrastructure Shareable counters are not tagged as shared counters and are dynamically allocated in separate memory area as a prerequisite for being stored in shared memory area. For now, GUID and threads groups are not taken into account, this is only a first step. also we ensure all counters are now manipulated using atomic operations, namely, "last_change" counter is now read from and written to using atomic ops. Despite the numerous changes caused by the counters being moved away from counters struct, no change of behavior should be expected.
2025-04-08 12:16:38 -04:00
ha_free(&px->id);
MEDIUM: stats: avoid 1 indirection by storing the shared stats directly in counters struct Between 3.2 and 3.3-dev we noticed a noticeable performance regression due to stats handling. After bisecting, Willy found out that recent work to split stats computing accross multiple thread groups (stats sharding) was responsible for that performance regression. We're looking at roughly 20% performance loss. More precisely, it is the added indirections, multiplied by the number of statistics that are updated for each request, which in the end causes a significant amount of time being spent resolving pointers. We noticed that the fe_counters_shared and be_counters_shared structures which are currently allocated in dedicated memory since a0dcab5c ("MAJOR: counters: add shared counters base infrastructure") are no longer huge since 16eb0fab31 ("MAJOR: counters: dispatch counters over thread groups") because they now essentially hold flags plus the per-thread group id pointer mapping, not the counters themselves. As such we decided to try merging fe_counters_shared and be_counters_shared in their parent structures. The cost is slight memory overhead for the parent structure, but it allows to get rid of one pointer indirection. This patch alone yields visible performance gains and almost restores 3.2 stats performance. counters_fe_shared_get() was renamed to counters_fe_shared_prepare() and now returns either failure or success instead of a pointer because we don't need to retrieve a shared pointer anymore, the function takes care of initializing existing pointer.
2025-07-22 11:15:02 -04:00
counters_fe_shared_drop(&px->fe_counters.shared);
counters_be_shared_drop(&px->be_counters.shared);
MAJOR: counters: add shared counters base infrastructure Shareable counters are not tagged as shared counters and are dynamically allocated in separate memory area as a prerequisite for being stored in shared memory area. For now, GUID and threads groups are not taken into account, this is only a first step. also we ensure all counters are now manipulated using atomic operations, namely, "last_change" counter is now read from and written to using atomic ops. Despite the numerous changes caused by the counters being moved away from counters struct, no change of behavior should be expected.
2025-04-08 12:16:38 -04:00
return 0;
MINOR: proxy: add setup_new_proxy() function Split alloc_new_proxy() in two functions: the preparing part is now handled by setup_new_proxy() which can be called individually, while alloc_new_proxy() takes care of allocating a new proxy struct and then calling setup_new_proxy() with the freshly allocated proxy.
2025-04-09 15:05:35 -04:00
}
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
/* Allocates a new proxy <name> of type <cap>.
* Returns the proxy instance on success. On error, NULL is returned.
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
*/
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
struct proxy *alloc_new_proxy(const char *name, unsigned int cap, char **errmsg)
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
{
struct proxy *curproxy;
BUG/MEDIUM: proxy: use aligned allocations for struct proxy Commit fd012b6c5 ("OPTIM: proxy: move atomically access fields out of the read-only ones") caused the proxy struct to be 64-byte aligned, which allows the compiler to use optimizations such as AVX512 to zero certain fields. However the struct was allocated using calloc() so it was not necessarily aligned, causing segv on startup on compatible machines. Let's just use ha_aligned_zalloc_typed() to allocate the struct. No backport is needed.
2025-11-07 16:05:21 -05:00
if ((curproxy = ha_aligned_zalloc_typed(1, typeof(*curproxy))) == NULL) {
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
memprintf(errmsg, "proxy '%s': out of memory", name);
goto fail;
}
MINOR: proxy: add setup_new_proxy() function Split alloc_new_proxy() in two functions: the preparing part is now handled by setup_new_proxy() which can be called individually, while alloc_new_proxy() takes care of allocating a new proxy struct and then calling setup_new_proxy() with the freshly allocated proxy.
2025-04-09 15:05:35 -04:00
if (!setup_new_proxy(curproxy, name, cap, errmsg))
goto fail;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
done:
return curproxy;
fail:
/* Note: in case of fatal error here, we WILL make valgrind unhappy,
* but its not worth trying to unroll everything here just before
* quitting.
*/
MEDIUM: proxy: take the defsrv out of the struct proxy The server struct has gone huge over time (~3.8kB), and having a copy of it in the defsrv section of the struct proxy costs a lot of RAM, that is not needed anymore at run time. This patch replaces this struct with a dynamically allocated one. The field is allocated and initialized during alloc_new_proxy() and is freed when the proxy is destroyed for now. But the goal will be to support freeing it after parsing the section.
2025-07-10 10:16:24 -04:00
if (curproxy)
MEDIUM: server: introduce srv_alloc()/srv_free() to alloc/free a server It happens that we free servers at various places in the code, both on error paths and at runtime thanks to the "server delete" feature. In order to switch to an aligned struct, we'll need to change the calloc() and free() calls. Let's first spot them and switch them to srv_alloc() and srv_free() instead of using calloc() and either free() or ha_free(). An easy trap to fall into is that some of them are default-server entries. The new srv_free() function also resets the pointer like ha_free() does. This was done by running the following coccinelle script all over the code: @@ struct server *srv; @@ ( - free(srv) + srv_free(&srv) | - ha_free(&srv) + srv_free(&srv) ) @@ struct server *srv; expression e1; expression e2; @@ ( - srv = malloc(e1) + srv = srv_alloc() | - srv = calloc(e1, e2) + srv = srv_alloc() ) This is marked medium because despite spotting all call places, we can never rule out the possibility that some out-of-tree patches would allocate their own servers and continue to use the old API... at their own risk.
2025-08-13 05:52:59 -04:00
srv_free(&curproxy->defsrv);
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
free(curproxy);
return NULL;
}
MEDIUM: counters: manage shared counters using dedicated helpers proxies, listeners and server shared counters are now managed via helpers added in one of the previous commits. When guid is not set (ie: when not yet assigned), shared counters pointer is allocated using calloc() (local memory) and a flag is set on the shared counters struct to know how to manipulate (and free it). Else if guid is set, then it means that the counters may be shared so while for now we don't actually use a shared memory location the API is ready for that. The way it works, for proxies and servers (for which guid is not known during creation), we first call counters_{fe,be}_shared_get with guid not set, which results in local pointer being retrieved (as if we just manually called calloc() to retrieve a pointer). Later (during postparsing) if guid is set we try to upgrade the pointer from local to shared. Lastly, since the memory location for some objects (proxies and servers counters) may change from creation to postparsing, let's update counters->last_change member directly under counters_{fe,be}_shared_get() so we don't miss it. No change of behavior is expected, this is only preparation work.
2025-05-07 17:42:04 -04:00
/* post-check for proxies */
static int proxy_postcheck(struct proxy *px)
{
MINOR: proxy: handle shared listener counters preparation from proxy_postcheck() We used to allocate and prepare listener counters from check_config_validity() all at once. But it isn't correct, since at that time listeners's guid are not inserted yet, thus counters_fe_shared_prepare() cannot work correctly, and so does shm_stats_file_preload() which is meant to be called even earlier. Thus in this commit (and to prepare for upcoming shm shared counters preloading patches), we handle the shared listener counters prep in proxy_postcheck(), which means that between the allocation and the prep there is the proper window for listener's guid insertion and shm counters preloading. No change of behavior expected when shm shared counters are not actually used.
2025-08-08 08:56:18 -04:00
struct listener *listener;
MINOR: counters: retrieve detailed errmsg upon failure with counters_{fe,be}_shared_prepare() counters_{fe,be}_shared_prepare now take an extra <errmsg> parameter that contains additional hints about the error in case of failure. It must be freed accordingly since it is allocated using memprintf
2025-08-27 08:51:48 -04:00
char *errmsg = NULL;
MEDIUM: counters: manage shared counters using dedicated helpers proxies, listeners and server shared counters are now managed via helpers added in one of the previous commits. When guid is not set (ie: when not yet assigned), shared counters pointer is allocated using calloc() (local memory) and a flag is set on the shared counters struct to know how to manipulate (and free it). Else if guid is set, then it means that the counters may be shared so while for now we don't actually use a shared memory location the API is ready for that. The way it works, for proxies and servers (for which guid is not known during creation), we first call counters_{fe,be}_shared_get with guid not set, which results in local pointer being retrieved (as if we just manually called calloc() to retrieve a pointer). Later (during postparsing) if guid is set we try to upgrade the pointer from local to shared. Lastly, since the memory location for some objects (proxies and servers counters) may change from creation to postparsing, let's update counters->last_change member directly under counters_{fe,be}_shared_get() so we don't miss it. No change of behavior is expected, this is only preparation work.
2025-05-07 17:42:04 -04:00
int err_code = ERR_NONE;
/* allocate private memory for shared counters: used as a fallback
* or when sharing is disabled. If sharing is enabled pointers will
* be updated to point to the proper shared memory location during
* proxy postparsing, see proxy_postparse()
*/
if (px->cap & PR_CAP_FE) {
MINOR: counters: retrieve detailed errmsg upon failure with counters_{fe,be}_shared_prepare() counters_{fe,be}_shared_prepare now take an extra <errmsg> parameter that contains additional hints about the error in case of failure. It must be freed accordingly since it is allocated using memprintf
2025-08-27 08:51:48 -04:00
if (!counters_fe_shared_prepare(&px->fe_counters.shared, &px->guid, &errmsg)) {
ha_alert("out of memory while setting up shared counters for %s %s : %s\n",
proxy_type_str(px), px->id, errmsg);
ha_free(&errmsg);
MEDIUM: counters: manage shared counters using dedicated helpers proxies, listeners and server shared counters are now managed via helpers added in one of the previous commits. When guid is not set (ie: when not yet assigned), shared counters pointer is allocated using calloc() (local memory) and a flag is set on the shared counters struct to know how to manipulate (and free it). Else if guid is set, then it means that the counters may be shared so while for now we don't actually use a shared memory location the API is ready for that. The way it works, for proxies and servers (for which guid is not known during creation), we first call counters_{fe,be}_shared_get with guid not set, which results in local pointer being retrieved (as if we just manually called calloc() to retrieve a pointer). Later (during postparsing) if guid is set we try to upgrade the pointer from local to shared. Lastly, since the memory location for some objects (proxies and servers counters) may change from creation to postparsing, let's update counters->last_change member directly under counters_{fe,be}_shared_get() so we don't miss it. No change of behavior is expected, this is only preparation work.
2025-05-07 17:42:04 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
if (px->cap & (PR_CAP_FE|PR_CAP_BE)) {
/* by default stream->be points to stream->fe, thus proxy
* be_counters may be used even if the proxy lacks the backend
* capability
*/
MINOR: counters: retrieve detailed errmsg upon failure with counters_{fe,be}_shared_prepare() counters_{fe,be}_shared_prepare now take an extra <errmsg> parameter that contains additional hints about the error in case of failure. It must be freed accordingly since it is allocated using memprintf
2025-08-27 08:51:48 -04:00
if (!counters_be_shared_prepare(&px->be_counters.shared, &px->guid, &errmsg)) {
ha_alert("out of memory while setting up shared counters for %s %s : %s\n",
proxy_type_str(px), px->id, errmsg);
ha_free(&errmsg);
MEDIUM: counters: manage shared counters using dedicated helpers proxies, listeners and server shared counters are now managed via helpers added in one of the previous commits. When guid is not set (ie: when not yet assigned), shared counters pointer is allocated using calloc() (local memory) and a flag is set on the shared counters struct to know how to manipulate (and free it). Else if guid is set, then it means that the counters may be shared so while for now we don't actually use a shared memory location the API is ready for that. The way it works, for proxies and servers (for which guid is not known during creation), we first call counters_{fe,be}_shared_get with guid not set, which results in local pointer being retrieved (as if we just manually called calloc() to retrieve a pointer). Later (during postparsing) if guid is set we try to upgrade the pointer from local to shared. Lastly, since the memory location for some objects (proxies and servers counters) may change from creation to postparsing, let's update counters->last_change member directly under counters_{fe,be}_shared_get() so we don't miss it. No change of behavior is expected, this is only preparation work.
2025-05-07 17:42:04 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
MINOR: proxy: handle shared listener counters preparation from proxy_postcheck() We used to allocate and prepare listener counters from check_config_validity() all at once. But it isn't correct, since at that time listeners's guid are not inserted yet, thus counters_fe_shared_prepare() cannot work correctly, and so does shm_stats_file_preload() which is meant to be called even earlier. Thus in this commit (and to prepare for upcoming shm shared counters preloading patches), we handle the shared listener counters prep in proxy_postcheck(), which means that between the allocation and the prep there is the proper window for listener's guid insertion and shm counters preloading. No change of behavior expected when shm shared counters are not actually used.
2025-08-08 08:56:18 -04:00
list_for_each_entry(listener, &px->conf.listeners, by_fe) {
if (listener->counters) {
MINOR: counters: retrieve detailed errmsg upon failure with counters_{fe,be}_shared_prepare() counters_{fe,be}_shared_prepare now take an extra <errmsg> parameter that contains additional hints about the error in case of failure. It must be freed accordingly since it is allocated using memprintf
2025-08-27 08:51:48 -04:00
if (!counters_fe_shared_prepare(&listener->counters->shared, &listener->guid, &errmsg)) {
MINOR: proxy: handle shared listener counters preparation from proxy_postcheck() We used to allocate and prepare listener counters from check_config_validity() all at once. But it isn't correct, since at that time listeners's guid are not inserted yet, thus counters_fe_shared_prepare() cannot work correctly, and so does shm_stats_file_preload() which is meant to be called even earlier. Thus in this commit (and to prepare for upcoming shm shared counters preloading patches), we handle the shared listener counters prep in proxy_postcheck(), which means that between the allocation and the prep there is the proper window for listener's guid insertion and shm counters preloading. No change of behavior expected when shm shared counters are not actually used.
2025-08-08 08:56:18 -04:00
ha_free(&listener->counters);
MINOR: counters: retrieve detailed errmsg upon failure with counters_{fe,be}_shared_prepare() counters_{fe,be}_shared_prepare now take an extra <errmsg> parameter that contains additional hints about the error in case of failure. It must be freed accordingly since it is allocated using memprintf
2025-08-27 08:51:48 -04:00
ha_alert("out of memory while setting up shared listener counters for %s %s : %s\n",
proxy_type_str(px), px->id, errmsg);
ha_free(&errmsg);
MINOR: proxy: handle shared listener counters preparation from proxy_postcheck() We used to allocate and prepare listener counters from check_config_validity() all at once. But it isn't correct, since at that time listeners's guid are not inserted yet, thus counters_fe_shared_prepare() cannot work correctly, and so does shm_stats_file_preload() which is meant to be called even earlier. Thus in this commit (and to prepare for upcoming shm shared counters preloading patches), we handle the shared listener counters prep in proxy_postcheck(), which means that between the allocation and the prep there is the proper window for listener's guid insertion and shm counters preloading. No change of behavior expected when shm shared counters are not actually used.
2025-08-08 08:56:18 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
}
MEDIUM: counters: manage shared counters using dedicated helpers proxies, listeners and server shared counters are now managed via helpers added in one of the previous commits. When guid is not set (ie: when not yet assigned), shared counters pointer is allocated using calloc() (local memory) and a flag is set on the shared counters struct to know how to manipulate (and free it). Else if guid is set, then it means that the counters may be shared so while for now we don't actually use a shared memory location the API is ready for that. The way it works, for proxies and servers (for which guid is not known during creation), we first call counters_{fe,be}_shared_get with guid not set, which results in local pointer being retrieved (as if we just manually called calloc() to retrieve a pointer). Later (during postparsing) if guid is set we try to upgrade the pointer from local to shared. Lastly, since the memory location for some objects (proxies and servers counters) may change from creation to postparsing, let's update counters->last_change member directly under counters_{fe,be}_shared_get() so we don't miss it. No change of behavior is expected, this is only preparation work.
2025-05-07 17:42:04 -04:00
out:
return err_code;
}
REGISTER_POST_PROXY_CHECK(proxy_postcheck);
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
/* Copy the proxy settings from <defproxy> to <curproxy>.
* Returns 0 on success.
* Returns 1 on error. <errmsg> will be allocated with an error description.
*/
static int proxy_defproxy_cpy(struct proxy *curproxy, const struct proxy *defproxy,
char **errmsg)
{
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
struct logger *tmplogger;
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
char *tmpmsg = NULL;
MEDIUM: proxy: only take defaults when a default proxy is passed. The proxy initialization code relies on three phases, allocation, pre-initialization, and assignments from defaults. This last part is entirely taken from the defaults proxy when arguments are set. This sensibly complexifies the initialization code as it requires to always have a default proxy. This patch instead first applies the original default settings on a proxy, and then uses those from a default proxy only if one such is used. This will allow to initialize a proxy out of any default proxy while still using valid defaults. A careful inspection of the function showed that only 4 fields used to be set regardless of the default proxy, and those were moved to init_new_proxy() where they ought to have been in the first place.
2021-02-12 03:15:16 -05:00
/* set default values from the specified default proxy */
MEDIUM: proxy: no longer allocate the default-server entry by default The default-server entry used to always be allocated. Now we'll postpone its allocation for the first time we need it, i.e. during a "default-server" directive, or when inheriting a defaults section which has one. The memory savings are significant, on a large configuration with 100k backends and no default-server directive, the memory usage dropped from 800MB RSS to 420MB (380 MB saved). It should be possible to also address configs using default-server by releasing this entry when leaving the proxy section, which is not done yet.
2025-07-11 02:40:17 -04:00
if (defproxy->defsrv) {
if (!curproxy->defsrv) {
/* there's a default-server in the defaults proxy but
* none allocated yet in the current proxy so we have
* to allocate and pre-initialize it right now.
*/
MEDIUM: server: introduce srv_alloc()/srv_free() to alloc/free a server It happens that we free servers at various places in the code, both on error paths and at runtime thanks to the "server delete" feature. In order to switch to an aligned struct, we'll need to change the calloc() and free() calls. Let's first spot them and switch them to srv_alloc() and srv_free() instead of using calloc() and either free() or ha_free(). An easy trap to fall into is that some of them are default-server entries. The new srv_free() function also resets the pointer like ha_free() does. This was done by running the following coccinelle script all over the code: @@ struct server *srv; @@ ( - free(srv) + srv_free(&srv) | - ha_free(&srv) + srv_free(&srv) ) @@ struct server *srv; expression e1; expression e2; @@ ( - srv = malloc(e1) + srv = srv_alloc() | - srv = calloc(e1, e2) + srv = srv_alloc() ) This is marked medium because despite spotting all call places, we can never rule out the possibility that some out-of-tree patches would allocate their own servers and continue to use the old API... at their own risk.
2025-08-13 05:52:59 -04:00
curproxy->defsrv = srv_alloc();
MEDIUM: proxy: no longer allocate the default-server entry by default The default-server entry used to always be allocated. Now we'll postpone its allocation for the first time we need it, i.e. during a "default-server" directive, or when inheriting a defaults section which has one. The memory savings are significant, on a large configuration with 100k backends and no default-server directive, the memory usage dropped from 800MB RSS to 420MB (380 MB saved). It should be possible to also address configs using default-server by releasing this entry when leaving the proxy section, which is not done yet.
2025-07-11 02:40:17 -04:00
if (!curproxy->defsrv) {
memprintf(errmsg, "proxy '%s': out of memory allocating default-server", curproxy->id);
return 1;
}
curproxy->defsrv->id = "default-server";
srv_settings_init(curproxy->defsrv);
}
MINOR: proxy: add checks for defsrv's validity Now we only copy the default server's settings if such a default server exists, otherwise we only initialize it. At the moment it always exists. The change is mostly performed in srv_settings_cpy() since that's where each caller passes through, and there's no point duplicating that test everywhere.
2025-07-10 11:03:13 -04:00
srv_settings_cpy(curproxy->defsrv, defproxy->defsrv, 0);
MEDIUM: proxy: no longer allocate the default-server entry by default The default-server entry used to always be allocated. Now we'll postpone its allocation for the first time we need it, i.e. during a "default-server" directive, or when inheriting a defaults section which has one. The memory savings are significant, on a large configuration with 100k backends and no default-server directive, the memory usage dropped from 800MB RSS to 420MB (380 MB saved). It should be possible to also address configs using default-server by releasing this entry when leaving the proxy section, which is not done yet.
2025-07-11 02:40:17 -04:00
}
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
MINOR: proxy: Add PR_FL_READY flag on fully configured and usable proxies The PR_FL_READY flags must now be set on a proxy at the end of the configuration validity check to notify it is fully configured and may be safely used. For now there is no real usage of this flag. But it will be usefull for referenced default proxies to finish their configuration only once. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 04:10:09 -04:00
curproxy->flags = (defproxy->flags & PR_FL_DISABLED); /* Only inherit from disabled flag */
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
curproxy->options = defproxy->options;
curproxy->options2 = defproxy->options2;
curproxy->no_options = defproxy->no_options;
curproxy->no_options2 = defproxy->no_options2;
curproxy->retry_type = defproxy->retry_type;
MEDIUM: rules/acl: Parse TCP/HTTP rules and acls defined in defaults sections TCP and HTTP rules can now be defined in defaults sections, but only those with a name. Because these rules may use conditions based on ACLs, ACLs can also be defined in defaults sections. However there are some limitations: * A defaults section defining TCP/HTTP rules cannot be used by a defaults section * A defaults section defining TCP/HTTP rules cannot be used bu a listen section * A defaults sections defining TCP/HTTP rules cannot be used by frontends and backends at the same time * A defaults sections defining 'tcp-request connection' or 'tcp-request session' rules cannot be used by backends * A defaults sections defining 'tcp-response content' rules cannot be used by frontends The TCP request/response inspect-delay of a proxy is now inherited from the defaults section it uses. For now, these rules are only parsed. No evaluation is performed.
2021-10-13 09:40:15 -04:00
curproxy->tcp_req.inspect_delay = defproxy->tcp_req.inspect_delay;
curproxy->tcp_rep.inspect_delay = defproxy->tcp_rep.inspect_delay;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
MEDIUM: proxy/http_ext: implement dynamic http_ext proxy http-only options implemented in http_ext were statically stored within proxy struct. We're making some changes so that http_ext are now stored in a dynamically allocated structs. http_ext related structs are only allocated when needed to save some space whenever possible, and they are automatically freed upon proxy deletion. Related PX_O_HTTP{7239,XFF,XOT) option flags were removed because we're now considering an http_ext option as 'active' if it is allocated (ptr is not NULL) A few checks (and BUG_ON) were added to make these changes safe because it adds some (acceptable) complexity to the previous design. Also, proxy.http was renamed to proxy.http_ext to make things more explicit.
2023-01-09 05:09:03 -05:00
http_ext_clean(curproxy);
http_ext_dup(defproxy, curproxy);
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
MEDIUM: proxy: Store server_id_hdr_name as a `struct ist` The server_id_hdr_name is already processed as an ist in various locations lets also just store it as such. see 0643b0e7e ("MINOR: proxy: Make `header_unique_id` a `struct ist`") for a very similar past commit.
2022-03-04 18:52:43 -05:00
if (isttest(defproxy->server_id_hdr_name))
curproxy->server_id_hdr_name = istdup(defproxy->server_id_hdr_name);
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
/* initialize error relocations */
if (!proxy_dup_default_conf_errors(curproxy, defproxy, &tmpmsg)) {
memprintf(errmsg, "proxy '%s' : %s", curproxy->id, tmpmsg);
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
free(tmpmsg);
return 1;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
}
if (curproxy->cap & PR_CAP_FE) {
curproxy->maxconn = defproxy->maxconn;
curproxy->backlog = defproxy->backlog;
curproxy->fe_sps_lim = defproxy->fe_sps_lim;
curproxy->to_log = defproxy->to_log & ~LW_COOKIE & ~LW_REQHDR & ~ LW_RSPHDR;
curproxy->max_out_conns = defproxy->max_out_conns;
curproxy->clitcpka_cnt = defproxy->clitcpka_cnt;
curproxy->clitcpka_idle = defproxy->clitcpka_idle;
curproxy->clitcpka_intvl = defproxy->clitcpka_intvl;
MINOR: stconn: stream instantiation from proxy callback Add a pointer to function to proxies as ->stream_new_from_sc proxy struct member to instantiate stream from connection as this is done by all the muxes when they call sc_new_from_endp(). The default value for this pointer is obviously stream_new() which is exported by this patch.
2026-02-11 08:43:58 -05:00
curproxy->stream_new_from_sc = defproxy->stream_new_from_sc;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
}
if (curproxy->cap & PR_CAP_BE) {
curproxy->lbprm.algo = defproxy->lbprm.algo;
curproxy->lbprm.hash_balance_factor = defproxy->lbprm.hash_balance_factor;
curproxy->fullconn = defproxy->fullconn;
curproxy->conn_retries = defproxy->conn_retries;
curproxy->redispatch_after = defproxy->redispatch_after;
curproxy->max_ka_queue = defproxy->max_ka_queue;
curproxy->tcpcheck_rules.flags = (defproxy->tcpcheck_rules.flags & ~TCPCHK_RULES_UNUSED_RS);
curproxy->tcpcheck_rules.list = defproxy->tcpcheck_rules.list;
if (!LIST_ISEMPTY(&defproxy->tcpcheck_rules.preset_vars)) {
if (!dup_tcpcheck_vars(&curproxy->tcpcheck_rules.preset_vars,
&defproxy->tcpcheck_rules.preset_vars)) {
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
memprintf(errmsg, "proxy '%s': failed to duplicate tcpcheck preset-vars", curproxy->id);
return 1;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
}
}
curproxy->ck_opts = defproxy->ck_opts;
MINOR: proxy/http_ext: introduce proxy forwarded option Introducing http_ext class for http extension related work that doesn't fit into existing http classes. HTTP extension "forwarded", introduced with 7239 RFC is now supported by haproxy. The option supports various modes from simple to complex usages involving custom sample expressions. Examples : # Those servers want the ip address and protocol of the client request # Resulting header would look like this: # forwarded: proto=http;for=127.0.0.1 backend www_default mode http option forwarded #equivalent to: option forwarded proto for # Those servers want the requested host and hashed client ip address # as well as client source port (you should use seed for xxh32 if ensuring # ip privacy is a concern) # Resulting header would look like this: # forwarded: host="haproxy.org";for="_000000007F2F367E:60138" backend www_host mode http option forwarded host for-expr src,xxh32,hex for_port # Those servers want custom data in host, for and by parameters # Resulting header would look like this: # forwarded: host="host.com";by=_haproxy;for="[::1]:10" backend www_custom mode http option forwarded host-expr str(host.com) by-expr str(_haproxy) for for_port-expr int(10) # Those servers want random 'for' obfuscated identifiers for request # tracing purposes while protecting sensitive IP information # Resulting header would look like this: # forwarded: for=_000000002B1F4D63 backend www_for_hide mode http option forwarded for-expr rand,hex By default (no argument provided), forwarded option will try to mimic x-forward-for common setups (source client ip address + source protocol) The option is not available for frontends. no option forwarded is supported. More info about 7239 RFC here: https://www.rfc-editor.org/rfc/rfc7239.html More info about the feature in doc/configuration.txt This should address feature request GH #575 Depends on: - "MINOR: http_htx: add http_append_header() to append value to header" - "MINOR: sample: add ARGC_OPT" - "MINOR: proxy: introduce http only options"
2022-12-28 09:37:57 -05:00
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
if (defproxy->cookie_name)
curproxy->cookie_name = strdup(defproxy->cookie_name);
curproxy->cookie_len = defproxy->cookie_len;
if (defproxy->dyncookie_key)
curproxy->dyncookie_key = strdup(defproxy->dyncookie_key);
if (defproxy->cookie_domain)
curproxy->cookie_domain = strdup(defproxy->cookie_domain);
if (defproxy->cookie_maxidle)
curproxy->cookie_maxidle = defproxy->cookie_maxidle;
if (defproxy->cookie_maxlife)
curproxy->cookie_maxlife = defproxy->cookie_maxlife;
if (defproxy->rdp_cookie_name)
curproxy->rdp_cookie_name = strdup(defproxy->rdp_cookie_name);
curproxy->rdp_cookie_len = defproxy->rdp_cookie_len;
if (defproxy->cookie_attrs)
curproxy->cookie_attrs = strdup(defproxy->cookie_attrs);
if (defproxy->lbprm.arg_str)
curproxy->lbprm.arg_str = strdup(defproxy->lbprm.arg_str);
curproxy->lbprm.arg_len = defproxy->lbprm.arg_len;
curproxy->lbprm.arg_opt1 = defproxy->lbprm.arg_opt1;
curproxy->lbprm.arg_opt2 = defproxy->lbprm.arg_opt2;
curproxy->lbprm.arg_opt3 = defproxy->lbprm.arg_opt3;
if (defproxy->conn_src.iface_name)
curproxy->conn_src.iface_name = strdup(defproxy->conn_src.iface_name);
curproxy->conn_src.iface_len = defproxy->conn_src.iface_len;
curproxy->conn_src.opts = defproxy->conn_src.opts;
#if defined(CONFIG_HAP_TRANSPARENT)
curproxy->conn_src.tproxy_addr = defproxy->conn_src.tproxy_addr;
#endif
curproxy->load_server_state_from_file = defproxy->load_server_state_from_file;
curproxy->srvtcpka_cnt = defproxy->srvtcpka_cnt;
curproxy->srvtcpka_idle = defproxy->srvtcpka_idle;
curproxy->srvtcpka_intvl = defproxy->srvtcpka_intvl;
}
if (curproxy->cap & PR_CAP_FE) {
if (defproxy->capture_name)
curproxy->capture_name = strdup(defproxy->capture_name);
curproxy->capture_namelen = defproxy->capture_namelen;
curproxy->capture_len = defproxy->capture_len;
BUG/MEDIUM: rules: Be able to use captures defined in defaults section Since the 2.5, it is possible to define TCP/HTTP ruleset in defaults sections. However, rules defining a capture in defaults sections was not properly handled because they was not shared with the proxies inheriting from the defaults section. This led to crash when haproxy tried to store a new capture. So now, to fix the issue, when a new proxy is created, the list of captures points to the list of its defaults section. It may be NULL or not. All new caputres are prepended to this list. It is not a problem to share the same defaults section between several proxies, because it is not altered and we take care to not release it when corresponding proxies are freed but only when defaults proxies are freed. To do so, defaults proxies are now unreferenced at the end of free_proxy() function instead of the beginning. This patch should fix the issue #1674. It must be backported to 2.5.
2022-04-25 08:30:58 -04:00
curproxy->nb_req_cap = defproxy->nb_req_cap;
curproxy->req_cap = defproxy->req_cap;
curproxy->nb_rsp_cap = defproxy->nb_rsp_cap;
curproxy->rsp_cap = defproxy->rsp_cap;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
}
if (curproxy->cap & PR_CAP_FE) {
curproxy->timeout.client = defproxy->timeout.client;
MINOR: quic: Rename "handshake" timeout to "client-hs" Use a more specific name for this timeout to distinguish it from a possible future one on the server side. Also update the documentation.
2023-11-17 12:03:20 -05:00
curproxy->timeout.client_hs = defproxy->timeout.client_hs;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
curproxy->timeout.clientfin = defproxy->timeout.clientfin;
curproxy->timeout.tarpit = defproxy->timeout.tarpit;
curproxy->timeout.httpreq = defproxy->timeout.httpreq;
curproxy->timeout.httpka = defproxy->timeout.httpka;
MINOR: proxy: Store monitor_uri as a `struct ist` The monitor_uri is already processed as an ist in `http_wait_for_request`, lets also just store it as such. see 0643b0e7e ("MINOR: proxy: Make `header_unique_id` a `struct ist`") for a very similar past commit.
2022-03-04 18:52:40 -05:00
if (isttest(defproxy->monitor_uri))
curproxy->monitor_uri = istdup(defproxy->monitor_uri);
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
if (defproxy->defbe.name)
curproxy->defbe.name = strdup(defproxy->defbe.name);
MEDIUM: proxy/log: leverage lf_expr API for logformat preparsing Currently, the way proxy-oriented logformat directives are handled is way too complicated. Indeed, "log-format", "log-format-error", "log-format-sd" and "unique-id-format" all rely on preparsing hints stored inside proxy->conf member struct. Those preparsing hints include the original string that should be compiled once the proxy parameters are known plus the config file and line number where the string was found to generate precise error messages in case of failure during the compiling process that happens within check_config_validity(). Now that lf_expr API permits to compile a lf_expr struct that was previously prepared (with original string and config hints), let's leverage lf_expr_compile() from check_config_validity() and instead of relying on individual proxy->conf hints for each logformat expression, store string and config hints in the lf_expr struct directly and use lf_expr helpers funcs to handle them when relevant (ie: original logformat string freeing is now done at a central place inside lf_expr_deinit(), which allows for some simplifications) Doing so allows us to greatly simplify the preparsing logic for those 4 proxy directives, and to finally save some space in the proxy struct. Also, since httpclient proxy has its "logformat" automatically compiled in check_config_validity(), we now use the file hint from the logformat expression struct to set an explicit name that will be reported in case of error ("parsing [httpclient:0] : ...") and remove the extraneous check in httpclient_precheck() (logformat was parsed twice previously..)
2024-03-05 09:44:43 -05:00
lf_expr_dup(&defproxy->logformat, &curproxy->logformat);
lf_expr_dup(&defproxy->logformat_sd, &curproxy->logformat_sd);
lf_expr_dup(&defproxy->logformat_error, &curproxy->logformat_error);
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
}
if (curproxy->cap & PR_CAP_BE) {
curproxy->timeout.connect = defproxy->timeout.connect;
curproxy->timeout.server = defproxy->timeout.server;
curproxy->timeout.serverfin = defproxy->timeout.serverfin;
curproxy->timeout.check = defproxy->timeout.check;
curproxy->timeout.queue = defproxy->timeout.queue;
curproxy->timeout.tarpit = defproxy->timeout.tarpit;
curproxy->timeout.httpreq = defproxy->timeout.httpreq;
curproxy->timeout.httpka = defproxy->timeout.httpka;
curproxy->timeout.tunnel = defproxy->timeout.tunnel;
curproxy->conn_src.source_addr = defproxy->conn_src.source_addr;
}
curproxy->mode = defproxy->mode;
MEDIUM: uri_auth: implement clean uri_auth cleaning proxy auth_uri struct was manually cleaned up during deinit, but the logic behind was kind of akward because it was required to find out which ones were shared or not. Instead, let's switch to a proper refcount mechanism and free the auth_uri struct directly in proxy_free_common().
2024-11-13 13:54:32 -05:00
/* for stats */
stats_uri_auth_drop(curproxy->uri_auth);
stats_uri_auth_take(defproxy->uri_auth);
curproxy->uri_auth = defproxy->uri_auth;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
/* copy default loggers to curproxy */
list_for_each_entry(tmplogger, &defproxy->loggers, list) {
struct logger *node = dup_logger(tmplogger);
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
if (!node) {
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
memprintf(errmsg, "proxy '%s': out of memory", curproxy->id);
return 1;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
}
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
LIST_APPEND(&curproxy->loggers, &node->list);
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
}
MEDIUM: proxy/log: leverage lf_expr API for logformat preparsing Currently, the way proxy-oriented logformat directives are handled is way too complicated. Indeed, "log-format", "log-format-error", "log-format-sd" and "unique-id-format" all rely on preparsing hints stored inside proxy->conf member struct. Those preparsing hints include the original string that should be compiled once the proxy parameters are known plus the config file and line number where the string was found to generate precise error messages in case of failure during the compiling process that happens within check_config_validity(). Now that lf_expr API permits to compile a lf_expr struct that was previously prepared (with original string and config hints), let's leverage lf_expr_compile() from check_config_validity() and instead of relying on individual proxy->conf hints for each logformat expression, store string and config hints in the lf_expr struct directly and use lf_expr helpers funcs to handle them when relevant (ie: original logformat string freeing is now done at a central place inside lf_expr_deinit(), which allows for some simplifications) Doing so allows us to greatly simplify the preparsing logic for those 4 proxy directives, and to finally save some space in the proxy struct. Also, since httpclient proxy has its "logformat" automatically compiled in check_config_validity(), we now use the file hint from the logformat expression struct to set an explicit name that will be reported in case of error ("parsing [httpclient:0] : ...") and remove the extraneous check in httpclient_precheck() (logformat was parsed twice previously..)
2024-03-05 09:44:43 -05:00
lf_expr_dup(&defproxy->format_unique_id, &curproxy->format_unique_id);
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
chunk_dup(&curproxy->log_tag, &defproxy->log_tag);
/* copy default header unique id */
if (isttest(defproxy->header_unique_id)) {
const struct ist copy = istdup(defproxy->header_unique_id);
if (!isttest(copy)) {
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
memprintf(errmsg, "proxy '%s': out of memory for unique-id-header", curproxy->id);
return 1;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
}
curproxy->header_unique_id = copy;
}
/* default compression options */
if (defproxy->comp != NULL) {
curproxy->comp = calloc(1, sizeof(*curproxy->comp));
BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy A memory allocation failure happening in proxy_defproxy_cpy while copying the default compression options would have resulted in a crash. This function is called for every new proxy found while parsing the configuration. It was raised in GitHub issue #1233. It could be backported to all stable branches.
2021-05-12 12:07:27 -04:00
if (!curproxy->comp) {
memprintf(errmsg, "proxy '%s': out of memory for default compression options", curproxy->id);
return 1;
}
MINOR: compression: Store algo and type for both request and response Make provision for being able to store both compression algorithms and content-types to compress for both requests and responses. For now only the responses one are used.
2023-04-05 11:32:36 -04:00
curproxy->comp->algos_res = defproxy->comp->algos_res;
curproxy->comp->algo_req = defproxy->comp->algo_req;
curproxy->comp->types_res = defproxy->comp->types_res;
curproxy->comp->types_req = defproxy->comp->types_req;
MINOR: compression: Introduce minimum size This is the introduction of "minsize-req" and "minsize-res". These two options allow you to set the minimum payload size required for compression to be applied. This helps save CPU on both server and client sides when the payload does not need to be compressed.
2025-02-21 16:37:57 -05:00
curproxy->comp->minsize_res = defproxy->comp->minsize_res;
curproxy->comp->minsize_req = defproxy->comp->minsize_req;
BUG/MINOR: config: make compression work again in defaults section When commit ead43fe4f ("MEDIUM: compression: Make it so we can compress requests as well.") added the test for the direction flags to select the compression, it implicitly broke compression defined in defaults sections because the flags from the default proxy were not recopied, hence the compression was enabled but in no direction. No backport is needed, that's 2.8 only.
2023-05-10 10:39:00 -04:00
curproxy->comp->flags = defproxy->comp->flags;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
}
if (defproxy->check_path)
curproxy->check_path = strdup(defproxy->check_path);
if (defproxy->check_command)
curproxy->check_command = strdup(defproxy->check_command);
BUG/MINOR: proxy: fix email-alert leak on deinit() (2nd try) As shown in GH #2608 and ("BUG/MEDIUM: proxy: fix email-alert invalid free"), simply calling free_email_alert() from free_proxy() is not the right thing to do. In this patch, we reuse proxy->email_alert.set memory space to introduce proxy->email_alert.flags in order to support 2 flags: PR_EMAIL_ALERT_SET (to mimic proxy->email_alert.set) and PR_EMAIL_ALERT_RESOLVED (set once init_email_alert() was called on the proxy to resolve email_alert.mailer pointer). Thanks to PR_EMAIL_ALERT_RESOLVED flag, free_email_alert() may now properly handle the freeing of proxy email_alert settings: if the RESOLVED flag is set, then it means the .email_alert.mailers.name parsing hint was replaced by the actual mailers pointer, thus no free should be attempted. No backport needed: as described in ("BUG/MEDIUM: proxy: fix email-alert invalid free"), this historical leak is not sensitive as it cannot be triggered during runtime.. thus given that the fix is not backport- friendly, it's not worth the trouble.
2024-06-17 12:53:48 -04:00
BUG_ON(curproxy->email_alert.flags & PR_EMAIL_ALERT_RESOLVED);
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
if (defproxy->email_alert.mailers.name)
curproxy->email_alert.mailers.name = strdup(defproxy->email_alert.mailers.name);
if (defproxy->email_alert.from)
curproxy->email_alert.from = strdup(defproxy->email_alert.from);
if (defproxy->email_alert.to)
curproxy->email_alert.to = strdup(defproxy->email_alert.to);
if (defproxy->email_alert.myhostname)
curproxy->email_alert.myhostname = strdup(defproxy->email_alert.myhostname);
curproxy->email_alert.level = defproxy->email_alert.level;
BUG/MINOR: proxy: fix email-alert leak on deinit() (2nd try) As shown in GH #2608 and ("BUG/MEDIUM: proxy: fix email-alert invalid free"), simply calling free_email_alert() from free_proxy() is not the right thing to do. In this patch, we reuse proxy->email_alert.set memory space to introduce proxy->email_alert.flags in order to support 2 flags: PR_EMAIL_ALERT_SET (to mimic proxy->email_alert.set) and PR_EMAIL_ALERT_RESOLVED (set once init_email_alert() was called on the proxy to resolve email_alert.mailer pointer). Thanks to PR_EMAIL_ALERT_RESOLVED flag, free_email_alert() may now properly handle the freeing of proxy email_alert settings: if the RESOLVED flag is set, then it means the .email_alert.mailers.name parsing hint was replaced by the actual mailers pointer, thus no free should be attempted. No backport needed: as described in ("BUG/MEDIUM: proxy: fix email-alert invalid free"), this historical leak is not sensitive as it cannot be triggered during runtime.. thus given that the fix is not backport- friendly, it's not worth the trouble.
2024-06-17 12:53:48 -04:00
curproxy->email_alert.flags = defproxy->email_alert.flags;
MEDIUM: proxy: only take defaults when a default proxy is passed. The proxy initialization code relies on three phases, allocation, pre-initialization, and assignments from defaults. This last part is entirely taken from the defaults proxy when arguments are set. This sensibly complexifies the initialization code as it requires to always have a default proxy. This patch instead first applies the original default settings on a proxy, and then uses those from a default proxy only if one such is used. This will allow to initialize a proxy out of any default proxy while still using valid defaults. A careful inspection of the function showed that only 4 fields used to be set regardless of the default proxy, and those were moved to init_new_proxy() where they ought to have been in the first place.
2021-02-12 03:15:16 -05:00
MINOR: log: explicitly ignore "log-steps" on backends "log-steps" was already ignored if directly defined in a backend section, however, when defined in a defaults section it was inherited to all proxies no matter their capability (ie: including backends). As configurations often contain more backends than frontends, this would result in wasted memory given that the log-steps setting is only considered on frontends. Let's fix that by preventing the inheritance from defaults section to anything else than frontends. Also adjust the documentation to mention that the setting in not relevant for backends.
2025-07-22 04:14:47 -04:00
if (curproxy->cap & PR_CAP_FE) // don't inherit on backends
MEDIUM: log/proxy: store log-steps selection using a bitmask, not an eb tree An eb tree was used to anticipate for infinite amount of custom log steps configured at a proxy level. In turns out this makes no sense to configure that much logging steps for a proxy, and the cost of the eb tree is non negligible in terms of memory footprint, especially when used in a default section. Instead, let's use a simple bitmask, which allows up to 64 logging steps configured at proxy level. If we lack space some day (and need more than 64 logging steps to be configured), we could simply modify "struct log_steps" to spread the bitmask over multiple 64bits integers, minor some adjustments where the mask is set and checked.
2025-08-29 05:10:56 -04:00
curproxy->conf.log_steps = defproxy->conf.log_steps;
MINOR: proxy: add log_steps struct member add proxy->conf.log_steps eb32 root tree which will be used to store the log origin identifiers that should result in haproxy emitting a log as configured by the user using upcoming "log-steps" proxy keyword. It was chosen to use eb32 tree instead of simple bitfield because despite the slight overhead it is more future-proof given that we already implemented the prerequisites for seamless custom log origins registration that will also be usable from "log-steps" proxy keyword.
2024-08-20 12:29:06 -04:00
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
return 0;
}
/* Allocates a new proxy <name> of type <cap> found at position <file:linenum>,
* preset it from the defaults of <defproxy> and returns it. In case of error,
* an alert is printed and NULL is returned.
*/
struct proxy *parse_new_proxy(const char *name, unsigned int cap,
const char *file, int linenum,
const struct proxy *defproxy)
{
struct proxy *curproxy = NULL;
BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy() As reported by Coverity in issue #1568, a missing initialization of the error message pointer in parse_new_proxy() may result in displaying garbage or crashing in case of memory allocation error when trying to create a new proxy on startup. This should be backported to 2.4.
2022-02-24 10:37:19 -05:00
char *errmsg = NULL;
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
if (!(curproxy = alloc_new_proxy(name, cap, &errmsg))) {
ha_alert("parsing [%s:%d] : %s\n", file, linenum, errmsg);
free(errmsg);
return NULL;
}
if (defproxy) {
if (proxy_defproxy_cpy(curproxy, defproxy, &errmsg)) {
ha_alert("parsing [%s:%d] : %s\n", file, linenum, errmsg);
free(errmsg);
ha_free(&curproxy);
return NULL;
}
}
MINOR: proxy: use the global file names for conf->file Proxy file names are assigned a bit everywhere (resolvers, peers, cli, logs, proxy). All these elements were enumerated and now use copy_file_name(). The only ha_free() call was turned to drop_file_name(). As a bonus side effect, a 300k backend config saved 14 MB of RAM.
2024-09-19 09:35:11 -04:00
curproxy->conf.args.file = curproxy->conf.file = copy_file_name(file);
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
curproxy->conf.args.line = curproxy->conf.line = linenum;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
return curproxy;
}
MINOR: proxy/listener: support for additional PAUSED state This patch is a prerequisite for #1626. Adding PAUSED state to the list of available proxy states. The flag is set when the proxy is paused at runtime (pause_listener()). It is cleared when the proxy is resumed (resume_listener()). It should be backported to 2.6, 2.5 and 2.4
2022-09-09 09:51:37 -04:00
/* to be called under the proxy lock after pausing some listeners. This will
* automatically update the p->flags flag
*/
void proxy_cond_pause(struct proxy *p)
{
if (p->li_ready)
return;
p->flags |= PR_FL_PAUSED;
}
/* to be called under the proxy lock after resuming some listeners. This will
* automatically update the p->flags flag
*/
void proxy_cond_resume(struct proxy *p)
{
if (!p->li_ready)
return;
p->flags &= ~PR_FL_PAUSED;
}
MEDIUM: proxy: centralize proxy status update and reporting There are multiple ways a proxy may switch to the disabled state, but now it's essentially once it loses its last listener. Instead of keeping duplicate code around and reporting the state change before actually seeing it, we now report it at the moment it's performed (from the last listener leaving) which allows to remove the message from all other places.
2020-10-07 10:31:39 -04:00
/* to be called under the proxy lock after stopping some listeners. This will
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
* automatically update the p->flags flag after stopping the last one, and
MEDIUM: proxy: centralize proxy status update and reporting There are multiple ways a proxy may switch to the disabled state, but now it's essentially once it loses its last listener. Instead of keeping duplicate code around and reporting the state change before actually seeing it, we now report it at the moment it's performed (from the last listener leaving) which allows to remove the message from all other places.
2020-10-07 10:31:39 -04:00
* will emit a log indicating the proxy's condition. The function is idempotent
* so that it will not emit multiple logs; a proxy will be disabled only once.
*/
void proxy_cond_disable(struct proxy *p)
{
MINOR: proxy: collect per-capability stat in proxy_cond_disable() proxy_cond_disable() collects and prints cumulated connections for be and fe proxies no matter their type. With shared stats it may cause issues because depending on the proxy capabilities only fe or be counters may be allocated. In this patch we add some checks to ensure we only try to read from valid memory locations, else we rely on default values (0).
2025-05-12 11:12:49 -04:00
long long cum_conn = 0;
long long cum_sess = 0;
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (p->flags & (PR_FL_DISABLED|PR_FL_STOPPED))
MEDIUM: proxy: centralize proxy status update and reporting There are multiple ways a proxy may switch to the disabled state, but now it's essentially once it loses its last listener. Instead of keeping duplicate code around and reporting the state change before actually seeing it, we now report it at the moment it's performed (from the last listener leaving) which allows to remove the message from all other places.
2020-10-07 10:31:39 -04:00
return;
if (p->li_ready + p->li_paused > 0)
return;
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
p->flags |= PR_FL_STOPPED;
MEDIUM: proxy: centralize proxy status update and reporting There are multiple ways a proxy may switch to the disabled state, but now it's essentially once it loses its last listener. Instead of keeping duplicate code around and reporting the state change before actually seeing it, we now report it at the moment it's performed (from the last listener leaving) which allows to remove the message from all other places.
2020-10-07 10:31:39 -04:00
/* Note: syslog proxies use their own loggers so while it's somewhat OK
* to report them being stopped as a warning, we must not spam their log
* servers which are in fact production servers. For other types (CLI,
* peers, etc) we must not report them at all as they're not really on
* the data plane but on the control plane.
*/
BUG/MEDIUM: proxy: fix crash with stop_proxy() called during init Willy reported that the following config would segfault right after the "removing incomplete section 'peer' is emitted: peers peers bind :2300 server n10 127.0.0.1:2310 listen dummy bind localhost:9999 This is caused by the fact that stop_proxy(), which tries to read shared counters, is called during early init while shared counters are not yet initialized. To fix the crash, let's check if we're still during starting phase, in which case we assume the counters are not initialized and we assume 0 value instead. No backport needed unless 16eb0fab31 ("MAJOR: counters: dispatch counters over thread groups") is.
2025-09-08 05:01:02 -04:00
if (!(global.mode & MODE_STARTING)) {
if (p->cap & PR_CAP_FE)
cum_conn = COUNTERS_SHARED_TOTAL(p->fe_counters.shared.tg, cum_conn, HA_ATOMIC_LOAD);
if (p->cap & PR_CAP_BE)
cum_sess = COUNTERS_SHARED_TOTAL(p->be_counters.shared.tg, cum_sess, HA_ATOMIC_LOAD);
}
MINOR: proxy: collect per-capability stat in proxy_cond_disable() proxy_cond_disable() collects and prints cumulated connections for be and fe proxies no matter their type. With shared stats it may cause issues because depending on the proxy capabilities only fe or be counters may be allocated. In this patch we add some checks to ensure we only try to read from valid memory locations, else we rely on default values (0).
2025-05-12 11:12:49 -04:00
MEDIUM: proxy/spoe: Add a SPOP mode The SPOE was significantly lightened. It is now possible to refactor it to use a dedicated multiplexer. The first step is to add a SPOP mode for proxies. The corresponding multiplexer mode is also added. For now, there is no SPOP multiplexer, so it is only declarative. But at the end, the SPOP multiplexer will be automatically selected for servers inside a SPOP backend. The related issue is #2502.
2024-07-04 03:58:12 -04:00
if ((p->mode == PR_MODE_TCP || p->mode == PR_MODE_HTTP || p->mode == PR_MODE_SYSLOG || p->mode == PR_MODE_SPOP) && !(p->cap & PR_CAP_INT))
MEDIUM: proxy: centralize proxy status update and reporting There are multiple ways a proxy may switch to the disabled state, but now it's essentially once it loses its last listener. Instead of keeping duplicate code around and reporting the state change before actually seeing it, we now report it at the moment it's performed (from the last listener leaving) which allows to remove the message from all other places.
2020-10-07 10:31:39 -04:00
ha_warning("Proxy %s stopped (cumulated conns: FE: %lld, BE: %lld).\n",
MINOR: proxy: collect per-capability stat in proxy_cond_disable() proxy_cond_disable() collects and prints cumulated connections for be and fe proxies no matter their type. With shared stats it may cause issues because depending on the proxy capabilities only fe or be counters may be allocated. In this patch we add some checks to ensure we only try to read from valid memory locations, else we rely on default values (0).
2025-05-12 11:12:49 -04:00
p->id, cum_conn, cum_sess);
MEDIUM: proxy: centralize proxy status update and reporting There are multiple ways a proxy may switch to the disabled state, but now it's essentially once it loses its last listener. Instead of keeping duplicate code around and reporting the state change before actually seeing it, we now report it at the moment it's performed (from the last listener leaving) which allows to remove the message from all other places.
2020-10-07 10:31:39 -04:00
MEDIUM: proxy/spoe: Add a SPOP mode The SPOE was significantly lightened. It is now possible to refactor it to use a dedicated multiplexer. The first step is to add a SPOP mode for proxies. The corresponding multiplexer mode is also added. For now, there is no SPOP multiplexer, so it is only declarative. But at the end, the SPOP multiplexer will be automatically selected for servers inside a SPOP backend. The related issue is #2502.
2024-07-04 03:58:12 -04:00
if ((p->mode == PR_MODE_TCP || p->mode == PR_MODE_HTTP || p->mode == PR_MODE_SPOP) && !(p->cap & PR_CAP_INT))
MEDIUM: proxy: centralize proxy status update and reporting There are multiple ways a proxy may switch to the disabled state, but now it's essentially once it loses its last listener. Instead of keeping duplicate code around and reporting the state change before actually seeing it, we now report it at the moment it's performed (from the last listener leaving) which allows to remove the message from all other places.
2020-10-07 10:31:39 -04:00
send_log(p, LOG_WARNING, "Proxy %s stopped (cumulated conns: FE: %lld, BE: %lld).\n",
MINOR: proxy: collect per-capability stat in proxy_cond_disable() proxy_cond_disable() collects and prints cumulated connections for be and fe proxies no matter their type. With shared stats it may cause issues because depending on the proxy capabilities only fe or be counters may be allocated. In this patch we add some checks to ensure we only try to read from valid memory locations, else we rely on default values (0).
2025-05-12 11:12:49 -04:00
p->id, cum_conn, cum_sess);
MEDIUM: proxy: centralize proxy status update and reporting There are multiple ways a proxy may switch to the disabled state, but now it's essentially once it loses its last listener. Instead of keeping duplicate code around and reporting the state change before actually seeing it, we now report it at the moment it's performed (from the last listener leaving) which allows to remove the message from all other places.
2020-10-07 10:31:39 -04:00
if (p->table && p->table->size && p->table->sync_task)
task_wakeup(p->table->sync_task, TASK_WOKEN_MSG);
if (p->task)
task_wakeup(p->task, TASK_WOKEN_MSG);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
* This is the proxy management task. It enables proxies when there are enough
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
* free streams, or stops them when the table is full. It is designed to be
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
* called as a task which is woken up upon stopping or when rate limiting must
* be enforced.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
MEDIUM: task: extend the state field to 32 bits It's been too short for quite a while now and is now full. It's still time to extend it to 32-bits since we have room for this without wasting any space, so we now gained 16 new bits for future flags. The values were not reassigned just in case there would be a few hidden u16 or short somewhere in which these flags are placed (as it used to be the case with stream->pending_events). The patch is tagged MEDIUM because this required to update the task's process() prototype to use an int instead of a short, that's quite a bunch of places.
2021-03-02 10:09:26 -05:00
struct task *manage_proxy(struct task *t, void *context, unsigned int state)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
MINOR: tasks: Change the task API so that the callback takes 3 arguments. In preparation for thread-specific runqueues, change the task API so that the callback takes 3 arguments, the task itself, the context, and the state, those were retrieved from the task before. This will allow these elements to change atomically in the scheduler while the application uses the copied value, and even to have NULL tasks later.
2018-05-25 08:04:04 -04:00
struct proxy *p = context;
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
int next = TICK_ETERNITY;
[OPTIM] rate-limit: cleaner behaviour on low rates and reduce consumption The rate-limit was applied to the smoothed value which does a special case for frequencies below 2 events per period. This caused irregular limitations when set to 1 session per second. The proper way to handle this is to compute the number of remaining events that can occur without reaching the limit. This is what has been added. It also has the benefit that the frequency calculation is now done once when entering event_accept(), before the accept() loop, and not once per accept() loop anymore, thus saving a few CPU cycles during very high loads. With this fix, rate limits of 1/s are perfectly respected.
2009-03-06 03:18:27 -05:00
unsigned int wait;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
/* We should periodically try to enable listeners waiting for a
* global resource here.
*/
MEDIUM: stick-tables: flush old entries upon soft-stop When a process with large stick tables is replaced by a new one and remains present until the last connection finishes, it keeps these data in memory for nothing since they will never be used anymore by incoming connections, except during syncing with the new process. This is especially problematic when dealing with long session protocols such as WebSocket as it becomes possible to stack many processes and eat a lot of memory. So the idea here is to know if a table still needs to be synced or not, and to purge all unused entries once the sync is complete. This means that after a few hundred milliseconds when everything has been synchronized with the new process, only a few entries will remain allocated (only the ones held by sessions during the restart) and all the remaining memory will be freed. Note that we carefully do that only after the grace period is expired so as not to impact a possible proxy that needs to accept a few more connections before leaving. Doing this required to add a sync counter to the stick tables, to know how many peer sync sessions are still in progress in order not to flush the entries until all synchronizations are completed.
2013-09-04 11:54:01 -04:00
/* If the proxy holds a stick table, we need to purge all unused
* entries. These are all the ones in the table with ref_cnt == 0
* and all the ones in the pool used to allocate new entries. Any
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
* entry attached to an existing stream waiting for a store will
MEDIUM: stick-tables: flush old entries upon soft-stop When a process with large stick tables is replaced by a new one and remains present until the last connection finishes, it keeps these data in memory for nothing since they will never be used anymore by incoming connections, except during syncing with the new process. This is especially problematic when dealing with long session protocols such as WebSocket as it becomes possible to stack many processes and eat a lot of memory. So the idea here is to know if a table still needs to be synced or not, and to purge all unused entries once the sync is complete. This means that after a few hundred milliseconds when everything has been synchronized with the new process, only a few entries will remain allocated (only the ones held by sessions during the restart) and all the remaining memory will be freed. Note that we carefully do that only after the grace period is expired so as not to impact a possible proxy that needs to accept a few more connections before leaving. Doing this required to add a sync counter to the stick tables, to know how many peer sync sessions are still in progress in order not to flush the entries until all synchronizations are completed.
2013-09-04 11:54:01 -04:00
* be in neither list. Any entry being dumped will have ref_cnt > 0.
* However we protect tables that are being synced to peers.
*/
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (unlikely(stopping && (p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && p->table && p->table->current)) {
BUG/MEDIUM: peers: re-work refcnt on table to protect against flush In proxy.c, when process is stopping we try to flush tables content using 'stktable_trash_oldest'. A check on a counter "table->syncing" was made to verify if there is no pending resync in progress. But using multiple threads this counter can be increased by an other thread only after some delay, so the content of some tables can be trashed earlier and won't be pushed to the new process (after reload, some tables appear reset and others don't). This patch re-names the counter "table->syncing" to "table->refcnt" and the counter is increased during configuration parsing (registering a table to a peer section) to protect tables during runtime and until resync of a new process has succeeded or failed. The inc/dec operations are now made using atomic operations because multiple peer sections could refer to the same table in futur. This fix addresses github #1216. This patch should be backported on all branches multi-thread support (v >= 1.8)
2021-04-23 06:21:26 -04:00
if (!p->table->refcnt) {
/* !table->refcnt means there
* is no more pending full resync
* to push to a new process and
* we are free to flush the table.
*/
BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop During soft-stop, manage_proxy() (p->task) will try to purge trashable (expired and not referenced) sticktable entries, effectively releasing the process memory to leave some space for new processes. This is done by calling stktable_trash_oldest(), immediately followed by a pool_gc() to give the memory back to the OS. As already mentioned in dfe7925 ("BUG/MEDIUM: stick-table: limit the time spent purging old entries"), calling stktable_trash_oldest() with a huge batch can result in the function spending too much time searching and purging entries, and ultimately triggering the watchdog. Lately, an internal issue was reported in which we could see that the watchdog is being triggered in stktable_trash_oldest() on soft-stop (thus initiated by manage_proxy()) According to the report, the crash seems to only occur since 5938021 ("BUG/MEDIUM: stick-table: do not leave entries in end of window during purge") This could be the result of stktable_trash_oldest() now working as expected, and thus spending a large amount of time purging entries when called with a large enough <to_batch>. Instead of adding new checks in stktable_trash_oldest(), here we chose to address the issue directly in manage_proxy(). Since the stktable_trash_oldest() function is called with <to_batch> == <p->table->current>, it's pretty obvious that it could cause some issues during soft-stop if a large table, assuming it is full prior to the soft-stop, suddenly sees most of its entries becoming trashable because of the soft-stop. Moreover, we should note that the call to stktable_trash_oldest() is immediately followed by a call to pool_gc(): We know for sure that pool_gc(), as it involves malloc_trim() on glibc, is rather expensive, and the more memory to reclaim, the longer the call. We need to ensure that both stktable_trash_oldest() + consequent pool_gc() call both theoretically fit in a single task execution window to avoid contention, and thus prevent the watchdog from being triggered. To do this, we now allocate a "budget" for each purging attempt. budget is maxed out to 32K, it means that each sticktable cleanup attempt will trash at most 32K entries. 32K value is quite arbitrary here, and might need to be adjusted or even deducted from other parameters if this fails to properly address the issue without introducing new side-effects. The goal is to find a good balance between the max duration of each cleanup batch and the frequency of (expensive) pool_gc() calls. If most of the budget is actually spent trashing entries, then the task will immediately be rescheduled to continue the purge. This way, the purge is effectively batched over multiple task runs. This may be slowly backported to all stable versions. [Please note that this commit depends on 6e1fe25 ("MINOR: proxy/pool: prevent unnecessary calls to pool_gc()")]
2023-03-29 10:18:50 -04:00
int cleaned_up;
/* We purposely enforce a budget limitation since we don't want
* to spend too much time purging old entries
*
* This is known to cause the watchdog to occasionnaly trigger if
* the table is huge and all entries become available for purge
* at the same time
*
* Moreover, we must also anticipate the pool_gc() call which
* will also be much slower if there is too much work at once
*/
MEDIUM: stick-tables: relax stktable_trash_oldest() to only purge what is needed stktable_trash_oldest() does insist a lot on purging what was requested, only limited by STKTABLE_MAX_UPDATES_AT_ONCE. This is called in two conditions, one to allocate a new stksess, and the other one to purge entries of a stopping process. The cost of iterating over all shards is huge, and a shard lock is taken each time before looking up entries. Moreover, multiple threads can end up doing the same and looking hard for many entries to purge when only one is needed. Furthermore, all threads start from the same shard, hence synchronize their locks. All of this costs a lot to other operations such as access from peers. This commit simplifies the approach by ignoring the budget, starting from a random shard number, and using a trylock so as to be able to give up early in case of contention. The approach chosen here consists in trying hard to flush at least one entry, but once at least one is evicted or at least one trylock failed, then a failure on the trylock will result in finishing. The function now returns a success as long as one entry was freed. With this, tests no longer show watchdog warnings during tests, though a few still remain when stopping the tests (which are not related to this function but to the contention from process_table_expire()). With this change, under high contention some entries' purge might be postponed and the table may occasionally contain slightly more entries than their size (though this already happens since stksess_new() first increments ->current before decrementing it). Measures were made on a 64-core system with 8 peers of 16 threads each, at CPU saturation (350k req/s each doing 10 track-sc) for 10M req, with 3 different approaches: - this one resulted in 1500 failures to find an entry (0.015% size overhead), with the lowest contention and the fairest peers distibution. - leaving only after a success resulted in 229 failures (0.0029% size overhead) but doubled the time spent in the function (on the write lock precisely). - leaving only when both a success and a failed lock were met resulted in 31 failures (0.00031% overhead) but the contention was high enough again so that peers were not all up to date. Considering that a saturated machine might exceed its entries by 0.015% is pretty minimal, the mechanism is kept. This should be backported to 3.2 after a bit more testing as it resolves some watchdog warnings and panics. It requires precedent commit "MINOR: stick-table: permit stksess_new() to temporarily allocate more entries" to over-allocate instead of failing in case of contention.
2025-09-09 05:56:11 -04:00
cleaned_up = stktable_trash_oldest(p->table);
BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop During soft-stop, manage_proxy() (p->task) will try to purge trashable (expired and not referenced) sticktable entries, effectively releasing the process memory to leave some space for new processes. This is done by calling stktable_trash_oldest(), immediately followed by a pool_gc() to give the memory back to the OS. As already mentioned in dfe7925 ("BUG/MEDIUM: stick-table: limit the time spent purging old entries"), calling stktable_trash_oldest() with a huge batch can result in the function spending too much time searching and purging entries, and ultimately triggering the watchdog. Lately, an internal issue was reported in which we could see that the watchdog is being triggered in stktable_trash_oldest() on soft-stop (thus initiated by manage_proxy()) According to the report, the crash seems to only occur since 5938021 ("BUG/MEDIUM: stick-table: do not leave entries in end of window during purge") This could be the result of stktable_trash_oldest() now working as expected, and thus spending a large amount of time purging entries when called with a large enough <to_batch>. Instead of adding new checks in stktable_trash_oldest(), here we chose to address the issue directly in manage_proxy(). Since the stktable_trash_oldest() function is called with <to_batch> == <p->table->current>, it's pretty obvious that it could cause some issues during soft-stop if a large table, assuming it is full prior to the soft-stop, suddenly sees most of its entries becoming trashable because of the soft-stop. Moreover, we should note that the call to stktable_trash_oldest() is immediately followed by a call to pool_gc(): We know for sure that pool_gc(), as it involves malloc_trim() on glibc, is rather expensive, and the more memory to reclaim, the longer the call. We need to ensure that both stktable_trash_oldest() + consequent pool_gc() call both theoretically fit in a single task execution window to avoid contention, and thus prevent the watchdog from being triggered. To do this, we now allocate a "budget" for each purging attempt. budget is maxed out to 32K, it means that each sticktable cleanup attempt will trash at most 32K entries. 32K value is quite arbitrary here, and might need to be adjusted or even deducted from other parameters if this fails to properly address the issue without introducing new side-effects. The goal is to find a good balance between the max duration of each cleanup batch and the frequency of (expensive) pool_gc() calls. If most of the budget is actually spent trashing entries, then the task will immediately be rescheduled to continue the purge. This way, the purge is effectively batched over multiple task runs. This may be slowly backported to all stable versions. [Please note that this commit depends on 6e1fe25 ("MINOR: proxy/pool: prevent unnecessary calls to pool_gc()")]
2023-03-29 10:18:50 -04:00
if (cleaned_up) {
/* immediately release freed memory since we are stopping */
MINOR: proxy/pool: prevent unnecessary calls to pool_gc() Under certain soft-stopping conditions (ie: sticktable attached to proxy and in-progress connections to the proxy that prevent haproxy from exiting), manage_proxy() (p->task) will wake up every second to perform a cleanup attempt on the proxy sticktable (to purge unused entries). However, as reported by TimWolla in GH #2091, it was found that a systematic call to pool_gc() could cause some CPU waste, mainly because malloc_trim() (which is rather expensive) is being called for each pool_gc() invocation. As a result, such soft-stopping process could be spending a significant amount of time in the malloc_trim->madvise() syscall for nothing. Example "strace -c -f -p `pidof haproxy`" output (taken from Tim's report): % time seconds usecs/call calls errors syscall ------ ----------- ----------- --------- --------- ---------------- 46.77 1.840549 3941 467 1 epoll_wait 43.82 1.724708 13 128509 sched_yield 8.82 0.346968 11 29696 madvise 0.58 0.023011 24 951 clock_gettime 0.01 0.000257 10 25 7 recvfrom 0.00 0.000033 11 3 sendto 0.00 0.000021 21 1 rt_sigreturn 0.00 0.000021 21 1 timer_settime ------ ----------- ----------- --------- --------- ---------------- 100.00 3.935568 24 159653 8 total To prevent this, we now only call pool_gc() when some memory is really expected to be reclaimed as a direct result of the previous stick table cleanup. This is pretty straightforward since stktable_trash_oldest() returns the number of trashed sticky sessions. This may be backported to every stable versions.
2023-03-28 09:14:48 -04:00
pool_gc(NULL);
MEDIUM: stick-tables: relax stktable_trash_oldest() to only purge what is needed stktable_trash_oldest() does insist a lot on purging what was requested, only limited by STKTABLE_MAX_UPDATES_AT_ONCE. This is called in two conditions, one to allocate a new stksess, and the other one to purge entries of a stopping process. The cost of iterating over all shards is huge, and a shard lock is taken each time before looking up entries. Moreover, multiple threads can end up doing the same and looking hard for many entries to purge when only one is needed. Furthermore, all threads start from the same shard, hence synchronize their locks. All of this costs a lot to other operations such as access from peers. This commit simplifies the approach by ignoring the budget, starting from a random shard number, and using a trylock so as to be able to give up early in case of contention. The approach chosen here consists in trying hard to flush at least one entry, but once at least one is evicted or at least one trylock failed, then a failure on the trylock will result in finishing. The function now returns a success as long as one entry was freed. With this, tests no longer show watchdog warnings during tests, though a few still remain when stopping the tests (which are not related to this function but to the contention from process_table_expire()). With this change, under high contention some entries' purge might be postponed and the table may occasionally contain slightly more entries than their size (though this already happens since stksess_new() first increments ->current before decrementing it). Measures were made on a 64-core system with 8 peers of 16 threads each, at CPU saturation (350k req/s each doing 10 track-sc) for 10M req, with 3 different approaches: - this one resulted in 1500 failures to find an entry (0.015% size overhead), with the lowest contention and the fairest peers distibution. - leaving only after a success resulted in 229 failures (0.0029% size overhead) but doubled the time spent in the function (on the write lock precisely). - leaving only when both a success and a failed lock were met resulted in 31 failures (0.00031% overhead) but the contention was high enough again so that peers were not all up to date. Considering that a saturated machine might exceed its entries by 0.015% is pretty minimal, the mechanism is kept. This should be backported to 3.2 after a bit more testing as it resolves some watchdog warnings and panics. It requires precedent commit "MINOR: stick-table: permit stksess_new() to temporarily allocate more entries" to over-allocate instead of failing in case of contention.
2025-09-09 05:56:11 -04:00
if (cleaned_up) {
/* it is very likely that there are still trashable
BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop During soft-stop, manage_proxy() (p->task) will try to purge trashable (expired and not referenced) sticktable entries, effectively releasing the process memory to leave some space for new processes. This is done by calling stktable_trash_oldest(), immediately followed by a pool_gc() to give the memory back to the OS. As already mentioned in dfe7925 ("BUG/MEDIUM: stick-table: limit the time spent purging old entries"), calling stktable_trash_oldest() with a huge batch can result in the function spending too much time searching and purging entries, and ultimately triggering the watchdog. Lately, an internal issue was reported in which we could see that the watchdog is being triggered in stktable_trash_oldest() on soft-stop (thus initiated by manage_proxy()) According to the report, the crash seems to only occur since 5938021 ("BUG/MEDIUM: stick-table: do not leave entries in end of window during purge") This could be the result of stktable_trash_oldest() now working as expected, and thus spending a large amount of time purging entries when called with a large enough <to_batch>. Instead of adding new checks in stktable_trash_oldest(), here we chose to address the issue directly in manage_proxy(). Since the stktable_trash_oldest() function is called with <to_batch> == <p->table->current>, it's pretty obvious that it could cause some issues during soft-stop if a large table, assuming it is full prior to the soft-stop, suddenly sees most of its entries becoming trashable because of the soft-stop. Moreover, we should note that the call to stktable_trash_oldest() is immediately followed by a call to pool_gc(): We know for sure that pool_gc(), as it involves malloc_trim() on glibc, is rather expensive, and the more memory to reclaim, the longer the call. We need to ensure that both stktable_trash_oldest() + consequent pool_gc() call both theoretically fit in a single task execution window to avoid contention, and thus prevent the watchdog from being triggered. To do this, we now allocate a "budget" for each purging attempt. budget is maxed out to 32K, it means that each sticktable cleanup attempt will trash at most 32K entries. 32K value is quite arbitrary here, and might need to be adjusted or even deducted from other parameters if this fails to properly address the issue without introducing new side-effects. The goal is to find a good balance between the max duration of each cleanup batch and the frequency of (expensive) pool_gc() calls. If most of the budget is actually spent trashing entries, then the task will immediately be rescheduled to continue the purge. This way, the purge is effectively batched over multiple task runs. This may be slowly backported to all stable versions. [Please note that this commit depends on 6e1fe25 ("MINOR: proxy/pool: prevent unnecessary calls to pool_gc()")]
2023-03-29 10:18:50 -04:00
* entries in the table, reschedule a new cleanup
* attempt ASAP
*/
t->expire = TICK_ETERNITY;
task_wakeup(t, TASK_WOKEN_RES);
return t;
}
}
MEDIUM: stick-tables: flush old entries upon soft-stop When a process with large stick tables is replaced by a new one and remains present until the last connection finishes, it keeps these data in memory for nothing since they will never be used anymore by incoming connections, except during syncing with the new process. This is especially problematic when dealing with long session protocols such as WebSocket as it becomes possible to stack many processes and eat a lot of memory. So the idea here is to know if a table still needs to be synced or not, and to purge all unused entries once the sync is complete. This means that after a few hundred milliseconds when everything has been synchronized with the new process, only a few entries will remain allocated (only the ones held by sessions during the restart) and all the remaining memory will be freed. Note that we carefully do that only after the grace period is expired so as not to impact a possible proxy that needs to accept a few more connections before leaving. Doing this required to add a sync counter to the stick tables, to know how many peer sync sessions are still in progress in order not to flush the entries until all synchronizations are completed.
2013-09-04 11:54:01 -04:00
}
MEDIUM: stick-table: Stop handling stick-tables as proxies. This patch adds the support for the "table" line parsing in "peers" sections to declare stick-table in such sections. This also prevents the user from having to declare dummy backends sections with a unique stick-table inside. Even if still supported, this usage will become deprecated. To do so, the ->table member of proxy struct which is a stktable struct is replaced by a pointer to a stktable struct allocated at parsing time in src/cfgparse-listen.c for the dummy stick-table backends and in src/cfgparse.c for "peers" sections. This has an impact on the code for stick-table sample converters and on the stickiness rules parsers which first store the name of the dummy before resolving the rules. This patch replaces proxy_tbl_by_name() calls by stktable_find_by_name() calls to lookup for stick-tables stored in "stktable_by_name" ebtree at parsing time. There is only one remaining place where proxy_tbl_by_name() is used: src/hlua.c. At several places in the code we relied on the fact that ->size member of stick-table was equal to zero to consider the stick-table was present by not configured, this do not make sense anymore as ->table member of struct proxyis fow now on a pointer. These tests are replaced by a test on ->table value itself. In "peers" section we do not have to temporary store the name of the section the stick-table are attached to because this name is obviously already known just after having entered this "peers" section. About the CLI stick-table I/O handler, the pointer to proxy struct is replaced by a pointer to a stktable struct.
2019-03-14 02:07:41 -04:00
if (p->table->current) {
BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop During soft-stop, manage_proxy() (p->task) will try to purge trashable (expired and not referenced) sticktable entries, effectively releasing the process memory to leave some space for new processes. This is done by calling stktable_trash_oldest(), immediately followed by a pool_gc() to give the memory back to the OS. As already mentioned in dfe7925 ("BUG/MEDIUM: stick-table: limit the time spent purging old entries"), calling stktable_trash_oldest() with a huge batch can result in the function spending too much time searching and purging entries, and ultimately triggering the watchdog. Lately, an internal issue was reported in which we could see that the watchdog is being triggered in stktable_trash_oldest() on soft-stop (thus initiated by manage_proxy()) According to the report, the crash seems to only occur since 5938021 ("BUG/MEDIUM: stick-table: do not leave entries in end of window during purge") This could be the result of stktable_trash_oldest() now working as expected, and thus spending a large amount of time purging entries when called with a large enough <to_batch>. Instead of adding new checks in stktable_trash_oldest(), here we chose to address the issue directly in manage_proxy(). Since the stktable_trash_oldest() function is called with <to_batch> == <p->table->current>, it's pretty obvious that it could cause some issues during soft-stop if a large table, assuming it is full prior to the soft-stop, suddenly sees most of its entries becoming trashable because of the soft-stop. Moreover, we should note that the call to stktable_trash_oldest() is immediately followed by a call to pool_gc(): We know for sure that pool_gc(), as it involves malloc_trim() on glibc, is rather expensive, and the more memory to reclaim, the longer the call. We need to ensure that both stktable_trash_oldest() + consequent pool_gc() call both theoretically fit in a single task execution window to avoid contention, and thus prevent the watchdog from being triggered. To do this, we now allocate a "budget" for each purging attempt. budget is maxed out to 32K, it means that each sticktable cleanup attempt will trash at most 32K entries. 32K value is quite arbitrary here, and might need to be adjusted or even deducted from other parameters if this fails to properly address the issue without introducing new side-effects. The goal is to find a good balance between the max duration of each cleanup batch and the frequency of (expensive) pool_gc() calls. If most of the budget is actually spent trashing entries, then the task will immediately be rescheduled to continue the purge. This way, the purge is effectively batched over multiple task runs. This may be slowly backported to all stable versions. [Please note that this commit depends on 6e1fe25 ("MINOR: proxy/pool: prevent unnecessary calls to pool_gc()")]
2023-03-29 10:18:50 -04:00
/* some entries still remain but are not yet available
* for cleanup, let's recheck in one second
*/
MEDIUM: stick-tables: flush old entries upon soft-stop When a process with large stick tables is replaced by a new one and remains present until the last connection finishes, it keeps these data in memory for nothing since they will never be used anymore by incoming connections, except during syncing with the new process. This is especially problematic when dealing with long session protocols such as WebSocket as it becomes possible to stack many processes and eat a lot of memory. So the idea here is to know if a table still needs to be synced or not, and to purge all unused entries once the sync is complete. This means that after a few hundred milliseconds when everything has been synchronized with the new process, only a few entries will remain allocated (only the ones held by sessions during the restart) and all the remaining memory will be freed. Note that we carefully do that only after the grace period is expired so as not to impact a possible proxy that needs to accept a few more connections before leaving. Doing this required to add a sync counter to the stick tables, to know how many peer sync sessions are still in progress in order not to flush the entries until all synchronizations are completed.
2013-09-04 11:54:01 -04:00
next = tick_first(next, tick_add(now_ms, 1000));
}
}
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
/* the rest below is just for frontends */
if (!(p->cap & PR_CAP_FE))
goto out;
[MEDIUM] listeners: don't change listeners states anymore in maintain_proxies Now maintain_proxies() only changes proxies states and does not affect their listeners anymore since they are autonomous. A proxy will switch between the PR_STIDLE and PR_STRUN states depending whether it's saturated or not. Next step will consist in renaming PR_STIDLE to PR_STFULL. This state is now only used to report the proxy state in the stats.
2011-07-25 01:37:28 -04:00
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
/* check the various reasons we may find to block the frontend */
MEDIUM: proxy: remove the unused PR_STFULL state Since v1.4 or so, it's almost not possible anymore to set this state. The only exception is by using the CLI to change a frontend's maxconn setting below its current usage. This case makes no sense, and for other cases it doesn't make sense either because "full" is a vague concept when only certain listeners are full and not all. Let's just remove this unused state and make it clear that it's not reported. The "ready" or "open" states will continue to be reported without being misleading as they will be opposed to "stop".
2020-09-24 01:35:46 -04:00
if (unlikely(p->feconn >= p->maxconn))
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
goto out;
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
if (p->fe_sps_lim &&
MEDIUM: stats: avoid 1 indirection by storing the shared stats directly in counters struct Between 3.2 and 3.3-dev we noticed a noticeable performance regression due to stats handling. After bisecting, Willy found out that recent work to split stats computing accross multiple thread groups (stats sharding) was responsible for that performance regression. We're looking at roughly 20% performance loss. More precisely, it is the added indirections, multiplied by the number of statistics that are updated for each request, which in the end causes a significant amount of time being spent resolving pointers. We noticed that the fe_counters_shared and be_counters_shared structures which are currently allocated in dedicated memory since a0dcab5c ("MAJOR: counters: add shared counters base infrastructure") are no longer huge since 16eb0fab31 ("MAJOR: counters: dispatch counters over thread groups") because they now essentially hold flags plus the per-thread group id pointer mapping, not the counters themselves. As such we decided to try merging fe_counters_shared and be_counters_shared in their parent structures. The cost is slight memory overhead for the parent structure, but it allows to get rid of one pointer indirection. This patch alone yields visible performance gains and almost restores 3.2 stats performance. counters_fe_shared_get() was renamed to counters_fe_shared_prepare() and now returns either failure or success instead of a pointer because we don't need to retrieve a shared pointer anymore, the function takes care of initializing existing pointer.
2025-07-22 11:15:02 -04:00
(wait = COUNTERS_SHARED_TOTAL_ARG2(p->fe_counters.shared.tg, sess_per_sec, next_event_delay, p->fe_sps_lim, 0))) {
MAJOR: counters: dispatch counters over thread groups Most fe and be counters are good candidates for being shared between processes. They are now grouped inside "shared" struct sub member under be_counters and fe_counters. Now they are properly identified, they would greatly benefit from being shared over thread groups to reduce the cost of atomic operations when updating them. For this, we take the current tgid into account so each thread group only updates its own counters. For this to work, it is mandatory that the "shared" member from {fe,be}_counters is initialized AFTER global.nbtgroups is known, because each shared counter causes the stat to be allocated lobal.nbtgroups times. When updating a counter without concurrency, the first counter from the array may be updated. To consult the shared counters (which requires aggregation of per-tgid individual counters), some helper functions were added to counter.h to ease code maintenance and avoid computing errors.
2025-05-15 13:55:11 -04:00
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
/* we're blocking because a limit was reached on the number of
* requests/s on the frontend. We want to re-check ASAP, which
* means in 1 ms before estimated expiration date, because the
* timer will have settled down.
*/
next = tick_first(next, tick_add(now_ms, wait));
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
/* The proxy is not limited so we can re-enable any waiting listener */
BUG/MEDIUM: cli: Deadlock when setting frontend maxconn The proxy lock state isn't passed down to relax_listener through dequeue_proxy_listeners, which causes a deadlock in relax_listener when it tries to get that lock. Backporting: Older versions didn't have relax_listener and directly called resume_listener in dequeue_proxy_listeners. lpx should just be passed directly to resume_listener then. The bug was introduced in commit 001328873c352e5e4b1df0dcc8facaf2fc1408aa [cf: This patch should fix the issue #2726. It must be backported as far as 2.4]
2024-09-25 05:37:25 -04:00
dequeue_proxy_listeners(p, 0);
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
out:
t->expire = next;
task_queue(t);
return t;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: proxy: add a global "grace" directive to postpone soft-stop In ticket #1348 some users expressed some concerns regarding the removal of the "grace" directive from the proxies. Their use case very closely mimmicks the original intent of the grace keyword, which is, let haproxy accept traffic for some time when stopping, while indicating an external LB that it's stopping. This is implemented here by starting a task whose expiration triggers the soft-stop for real. The global "stopping" variable is immediately set however. For example, this below will be sufficient to instantly notify an external check on port 9999 that the service is going down, while other services remain active for 10s: global grace 10s frontend ext-check bind :9999 monitor-uri /ext-check monitor fail if { stopping }
2021-09-07 04:49:45 -04:00
static int proxy_parse_grace(char **args, int section_type, struct proxy *curpx,
const struct proxy *defpx, const char *file, int line,
char **err)
{
const char *res;
if (!*args[1]) {
memprintf(err, "'%s' expects <time> as argument.\n", args[0]);
return -1;
}
res = parse_time_err(args[1], &global.grace_delay, TIME_UNIT_MS);
if (res == PARSE_TIME_OVER) {
memprintf(err, "timer overflow in argument '%s' to '%s' (maximum value is 2147483647 ms or ~24.8 days)",
args[1], args[0]);
return -1;
}
else if (res == PARSE_TIME_UNDER) {
memprintf(err, "timer underflow in argument '%s' to '%s' (minimum non-null value is 1 ms)",
args[1], args[0]);
return -1;
}
else if (res) {
memprintf(err, "unexpected character '%c' in argument to <%s>.\n", *res, args[0]);
return -1;
}
return 0;
}
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
static int proxy_parse_hard_stop_after(char **args, int section_type, struct proxy *curpx,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
char **err)
{
const char *res;
if (!*args[1]) {
memprintf(err, "'%s' expects <time> as argument.\n", args[0]);
return -1;
}
res = parse_time_err(args[1], &global.hard_stop_after, TIME_UNIT_MS);
MEDIUM: tools: improve time format error detection As reported in GH issue #109 and in discourse issue https://discourse.haproxy.org/t/haproxy-returns-408-or-504-error-when-timeout-client-value-is-every-25d the time parser doesn't error on overflows nor underflows. This is a recurring problem which additionally has the bad taste of taking a long time before hitting the user. This patch makes parse_time_err() return special error codes for overflows and underflows, and adds the control in the call places to report suitable errors depending on the requested unit. In practice, underflows are almost never returned as the parsing function takes care of rounding values up, so this might possibly happen on 64-bit overflows returning exactly zero after rounding though. It is not really possible to cut the patch into pieces as it changes the function's API, hence all callers. Tests were run on about every relevant part (cookie maxlife/maxidle, server inter, stats timeout, timeout*, cli's set timeout command, tcp-request/response inspect-delay).
2019-06-07 13:00:37 -04:00
if (res == PARSE_TIME_OVER) {
memprintf(err, "timer overflow in argument '%s' to '%s' (maximum value is 2147483647 ms or ~24.8 days)",
args[1], args[0]);
return -1;
}
else if (res == PARSE_TIME_UNDER) {
memprintf(err, "timer underflow in argument '%s' to '%s' (minimum non-null value is 1 ms)",
args[1], args[0]);
return -1;
}
else if (res) {
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
memprintf(err, "unexpected character '%c' in argument to <%s>.\n", *res, args[0]);
return -1;
}
return 0;
}
MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window The new 'close-spread-time' global option can be used to spread idle and active HTTP connction closing after a SIGUSR1 signal is received. This allows to limit bursts of reconnections when too many idle connections are closed at once. Indeed, without this new mechanism, in case of soft-stop, all the idle connections would be closed at once (after the grace period is over), and all active HTTP connections would be closed by appending a "Connection: close" header to the next response that goes over it (or via a GOAWAY frame in case of HTTP2). This patch adds the support of this new option for HTTP as well as HTTP2 connections. It works differently on active and idle connections. On active connections, instead of sending systematically the GOAWAY frame or adding the 'Connection: close' header like before once the soft-stop has started, a random based on the remainder of the close window is calculated, and depending on its result we could decide to keep the connection alive. The random will be recalculated for any subsequent request/response on this connection so the GOAWAY will still end up being sent, but we might wait a few more round trips. This will ensure that goaways are distributed along a longer time window than before. On idle connections, a random factor is used when determining the expire field of the connection's task, which should naturally spread connection closings on the time window (see h2c_update_timeout). This feature request was described in GitHub issue #1614. This patch should be backported to 2.5. It depends on "BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts" which refactorized the timeout management of HTTP2 connections.
2022-04-08 12:04:18 -04:00
static int proxy_parse_close_spread_time(char **args, int section_type, struct proxy *curpx,
const struct proxy *defpx, const char *file, int line,
char **err)
{
const char *res;
if (!*args[1]) {
memprintf(err, "'%s' expects <time> as argument.\n", args[0]);
return -1;
}
MINOR: connection: Add way to disable active connection closing during soft-stop If the "close-spread-time" option is set to "infinite", active connection closing during a soft-stop can be disabled. The 'connection: close' header or the GOAWAY frame will not be added anymore to the server's response and active connections will only be closed once the clients disconnect. Idle connections will not be closed all at once when the soft-stop starts anymore, and each idle connection will follow its own timeout based on the multiple timeouts set in the configuration (as is the case during regular execution). This feature request was described in GitHub issue #1614. This patch should be backported to 2.5. It depends on 'MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window'.
2022-04-26 09:17:18 -04:00
/* If close-spread-time is set to "infinite", disable the active connection
* closing during soft-stop.
*/
if (strcmp(args[1], "infinite") == 0) {
global.tune.options |= GTUNE_DISABLE_ACTIVE_CLOSE;
global.close_spread_time = TICK_ETERNITY;
return 0;
}
MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window The new 'close-spread-time' global option can be used to spread idle and active HTTP connction closing after a SIGUSR1 signal is received. This allows to limit bursts of reconnections when too many idle connections are closed at once. Indeed, without this new mechanism, in case of soft-stop, all the idle connections would be closed at once (after the grace period is over), and all active HTTP connections would be closed by appending a "Connection: close" header to the next response that goes over it (or via a GOAWAY frame in case of HTTP2). This patch adds the support of this new option for HTTP as well as HTTP2 connections. It works differently on active and idle connections. On active connections, instead of sending systematically the GOAWAY frame or adding the 'Connection: close' header like before once the soft-stop has started, a random based on the remainder of the close window is calculated, and depending on its result we could decide to keep the connection alive. The random will be recalculated for any subsequent request/response on this connection so the GOAWAY will still end up being sent, but we might wait a few more round trips. This will ensure that goaways are distributed along a longer time window than before. On idle connections, a random factor is used when determining the expire field of the connection's task, which should naturally spread connection closings on the time window (see h2c_update_timeout). This feature request was described in GitHub issue #1614. This patch should be backported to 2.5. It depends on "BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts" which refactorized the timeout management of HTTP2 connections.
2022-04-08 12:04:18 -04:00
res = parse_time_err(args[1], &global.close_spread_time, TIME_UNIT_MS);
if (res == PARSE_TIME_OVER) {
memprintf(err, "timer overflow in argument '%s' to '%s' (maximum value is 2147483647 ms or ~24.8 days)",
args[1], args[0]);
return -1;
}
else if (res == PARSE_TIME_UNDER) {
memprintf(err, "timer underflow in argument '%s' to '%s' (minimum non-null value is 1 ms)",
args[1], args[0]);
return -1;
}
else if (res) {
memprintf(err, "unexpected character '%c' in argument to <%s>.\n", *res, args[0]);
return -1;
}
MINOR: connection: Add way to disable active connection closing during soft-stop If the "close-spread-time" option is set to "infinite", active connection closing during a soft-stop can be disabled. The 'connection: close' header or the GOAWAY frame will not be added anymore to the server's response and active connections will only be closed once the clients disconnect. Idle connections will not be closed all at once when the soft-stop starts anymore, and each idle connection will follow its own timeout based on the multiple timeouts set in the configuration (as is the case during regular execution). This feature request was described in GitHub issue #1614. This patch should be backported to 2.5. It depends on 'MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window'.
2022-04-26 09:17:18 -04:00
global.tune.options &= ~GTUNE_DISABLE_ACTIVE_CLOSE;
MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window The new 'close-spread-time' global option can be used to spread idle and active HTTP connction closing after a SIGUSR1 signal is received. This allows to limit bursts of reconnections when too many idle connections are closed at once. Indeed, without this new mechanism, in case of soft-stop, all the idle connections would be closed at once (after the grace period is over), and all active HTTP connections would be closed by appending a "Connection: close" header to the next response that goes over it (or via a GOAWAY frame in case of HTTP2). This patch adds the support of this new option for HTTP as well as HTTP2 connections. It works differently on active and idle connections. On active connections, instead of sending systematically the GOAWAY frame or adding the 'Connection: close' header like before once the soft-stop has started, a random based on the remainder of the close window is calculated, and depending on its result we could decide to keep the connection alive. The random will be recalculated for any subsequent request/response on this connection so the GOAWAY will still end up being sent, but we might wait a few more round trips. This will ensure that goaways are distributed along a longer time window than before. On idle connections, a random factor is used when determining the expire field of the connection's task, which should naturally spread connection closings on the time window (see h2c_update_timeout). This feature request was described in GitHub issue #1614. This patch should be backported to 2.5. It depends on "BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts" which refactorized the timeout management of HTTP2 connections.
2022-04-08 12:04:18 -04:00
return 0;
}
MEDIUM: task: extend the state field to 32 bits It's been too short for quite a while now and is now full. It's still time to extend it to 32-bits since we have room for this without wasting any space, so we now gained 16 new bits for future flags. The values were not reassigned just in case there would be a few hidden u16 or short somewhere in which these flags are placed (as it used to be the case with stream->pending_events). The patch is tagged MEDIUM because this required to update the task's process() prototype to use an int instead of a short, that's quite a bunch of places.
2021-03-02 10:09:26 -05:00
struct task *hard_stop(struct task *t, void *context, unsigned int state)
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
{
struct proxy *p;
struct stream *s;
BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal The hard-stop event didn't wake threads up. In the past it wasn't an issue as the poll timeout was limited to 1 second, but since commit 4f59d3861 ("MINOR: time: increase the minimum wakeup interval to 60s") it has become a problem because old processes can remain live for up to one minute after the hard-stop-after delay. Let's just wake them up. This may be backported to older releases, though before 2.4 the extra delay was only one second.
2021-02-24 05:13:59 -05:00
int thr;
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
if (killed) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Some tasks resisted to hard-stop, exiting now.\n");
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
send_log(NULL, LOG_WARNING, "Some tasks resisted to hard-stop, exiting now.\n");
BUG/MINOR: deinit/threads: make hard-stop-after perform a clean exit As reported in GH issue #99, when hard-stop-after triggers and threads are in use, the chance that any thread releases the resources in use by the other ones is non-null. Thus no thread should be allowed to deinit() nor exit by itself. Here we take a different approach. We simply use a 3rd possible value for the "killed" variable so that all threads know they must break out of the run-poll-loop and immediately stop. This patch was tested by commenting the stream_shutdown() calls in hard_stop() to increase the chances to see a stream use released resources. With this fix applied, it never crashes anymore. This fix should be backported to 1.9 and 1.8.
2019-06-02 05:11:29 -04:00
killed = 2;
BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal The hard-stop event didn't wake threads up. In the past it wasn't an issue as the poll timeout was limited to 1 second, but since commit 4f59d3861 ("MINOR: time: increase the minimum wakeup interval to 60s") it has become a problem because old processes can remain live for up to one minute after the hard-stop-after delay. Let's just wake them up. This may be backported to older releases, though before 2.4 the extra delay was only one second.
2021-02-24 05:13:59 -05:00
for (thr = 0; thr < global.nbthread; thr++)
BUG/MINOR: thread: always reload threads_enabled in loops A few loops waiting for threads to synchronize such as thread_isolate() rightfully filter the thread masks via the threads_enabled field that contains the list of enabled threads. However, it doesn't use an atomic load on it. Before 2.7, the equivalent variables were marked as volatile and were always reloaded. In 2.7 they're fields in ha_tgroup_ctx[], and the risk that the compiler keeps them in a register inside a loop is not null at all. In practice when ha_thread_relax() calls sched_yield() or an x86 PAUSE instruction, it could be verified that the variable is always reloaded. If these are avoided (e.g. architecture providing neither solution), it's visible in asm code that the variables are not reloaded. In this case, if a thread exists just between the moment the two values are read, the loop could spin forever. This patch adds the required _HA_ATOMIC_LOAD() on the relevant threads_enabled fields. It must be backported to 2.7.
2023-01-19 13:14:18 -05:00
if (_HA_ATOMIC_LOAD(&ha_thread_info[thr].tg->threads_enabled) & ha_thread_info[thr].ltid_bit)
BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal The hard-stop event didn't wake threads up. In the past it wasn't an issue as the poll timeout was limited to 1 second, but since commit 4f59d3861 ("MINOR: time: increase the minimum wakeup interval to 60s") it has become a problem because old processes can remain live for up to one minute after the hard-stop-after delay. Let's just wake them up. This may be backported to older releases, though before 2.4 the extra delay was only one second.
2021-02-24 05:13:59 -05:00
wake_thread(thr);
BUG/MINOR: deinit/threads: make hard-stop-after perform a clean exit As reported in GH issue #99, when hard-stop-after triggers and threads are in use, the chance that any thread releases the resources in use by the other ones is non-null. Thus no thread should be allowed to deinit() nor exit by itself. Here we take a different approach. We simply use a 3rd possible value for the "killed" variable so that all threads know they must break out of the run-poll-loop and immediately stop. This patch was tested by commenting the stream_shutdown() calls in hard_stop() to increase the chances to see a stream use released resources. With this fix applied, it never crashes anymore. This fix should be backported to 1.9 and 1.8.
2019-06-02 05:11:29 -04:00
t->expire = TICK_ETERNITY;
return t;
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
}
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("soft-stop running for too long, performing a hard-stop.\n");
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
send_log(NULL, LOG_WARNING, "soft-stop running for too long, performing a hard-stop.\n");
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
p = proxies_list;
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
while (p) {
if ((p->cap & PR_CAP_FE) && (p->feconn > 0)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Proxy %s hard-stopped (%d remaining conns will be closed).\n",
p->id, p->feconn);
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
send_log(p, LOG_WARNING, "Proxy %s hard-stopped (%d remaining conns will be closed).\n",
p->id, p->feconn);
}
p = p->next;
}
BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop When setting hard-stop-after, hard_stop() is called at the end to kill last pending streams. Unfortunately there's no locking there while walking over the streams list nor when shutting them down, so it's very likely that some old processes have been crashing or gone wild due to this. Let's use a thread_isolate() call for this as we don't have much other choice (and it happens once in the process' life, that's OK). This must be backported to 1.8.
2021-02-24 05:08:56 -05:00
thread_isolate();
MINOR: streams: use one list per stream instead of a global one The global streams list is exclusively used for "show sess", to look up a stream to shut down, and for the hard-stop. Having all of them in a single list is extremely expensive in terms of locking when using threads, with performance losses as high as 7% having been observed just due to this. This patch makes the list per-thread, since there's no need to have a global one in this situation. All call places just iterate over all threads. The most "invasive" changes was in "show sess" where the end of list needs to go back to the beginning of next thread's list until the last thread is seen. For now the lock was maintained to keep the code auditable but a next commit should get rid of it. The observed performance gain here with only 4 threads is already 7% (350krps -> 374krps).
2021-02-24 04:37:01 -05:00
for (thr = 0; thr < global.nbthread; thr++) {
REORG: thread/sched: move the last dynamic thread_info to thread_ctx The last 3 fields were 3 list heads that are per-thread, and which are: - the pool's LRU head - the buffer_wq - the streams list head Moving them into thread_ctx completes the removal of dynamic elements from the struct thread_info. Now all these dynamic elements are packed together at a single place for a thread.
2021-09-30 13:02:18 -04:00
list_for_each_entry(s, &ha_thread_ctx[thr].streams, list) {
MINOR: streams: use one list per stream instead of a global one The global streams list is exclusively used for "show sess", to look up a stream to shut down, and for the hard-stop. Having all of them in a single list is extremely expensive in terms of locking when using threads, with performance losses as high as 7% having been observed just due to this. This patch makes the list per-thread, since there's no need to have a global one in this situation. All call places just iterate over all threads. The most "invasive" changes was in "show sess" where the end of list needs to go back to the beginning of next thread's list until the last thread is seen. For now the lock was maintained to keep the code auditable but a next commit should get rid of it. The observed performance gain here with only 4 threads is already 7% (350krps -> 374krps).
2021-02-24 04:37:01 -05:00
stream_shutdown(s, SF_ERR_KILLED);
}
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
}
MINOR: streams: use one list per stream instead of a global one The global streams list is exclusively used for "show sess", to look up a stream to shut down, and for the hard-stop. Having all of them in a single list is extremely expensive in terms of locking when using threads, with performance losses as high as 7% having been observed just due to this. This patch makes the list per-thread, since there's no need to have a global one in this situation. All call places just iterate over all threads. The most "invasive" changes was in "show sess" where the end of list needs to go back to the beginning of next thread's list until the last thread is seen. For now the lock was maintained to keep the code auditable but a next commit should get rid of it. The observed performance gain here with only 4 threads is already 7% (350krps -> 374krps).
2021-02-24 04:37:01 -05:00
BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop When setting hard-stop-after, hard_stop() is called at the end to kill last pending streams. Unfortunately there's no locking there while walking over the streams list nor when shutting them down, so it's very likely that some old processes have been crashing or gone wild due to this. Let's use a thread_isolate() call for this as we don't have much other choice (and it happens once in the process' life, that's OK). This must be backported to 1.8.
2021-02-24 05:08:56 -05:00
thread_release();
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
killed = 1;
t->expire = tick_add(now_ms, MS_TO_TICKS(1000));
return t;
}
MINOR: proxy: add a global "grace" directive to postpone soft-stop In ticket #1348 some users expressed some concerns regarding the removal of the "grace" directive from the proxies. Their use case very closely mimmicks the original intent of the grace keyword, which is, let haproxy accept traffic for some time when stopping, while indicating an external LB that it's stopping. This is implemented here by starting a task whose expiration triggers the soft-stop for real. The global "stopping" variable is immediately set however. For example, this below will be sufficient to instantly notify an external check on port 9999 that the service is going down, while other services remain active for 10s: global grace 10s frontend ext-check bind :9999 monitor-uri /ext-check monitor fail if { stopping }
2021-09-07 04:49:45 -04:00
/* perform the soft-stop right now (i.e. unbind listeners) */
static void do_soft_stop_now()
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
BUG/MEDIUM: proxy: properly stop backends on soft-stop On soft-stop, we must properlu stop backends and not only proxies with at least a listener. This is mandatory in order to stop the health checks. A previous fix was provided to do so (ba29687bc1 "BUG/MEDIUM: proxy: properly stop backends"). However, only stop_proxy() function was fixed. When HAproxy is stopped, this function is no longer used. So the same kind of fix must be done on do_soft_stop_now(). This patch partially fixes the issue #1874. It must be backported as far as 2.4.
2023-03-14 09:33:11 -04:00
struct proxy *p;
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
struct task *task;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: config: disable busy polling on old processes in the context of seamless reload and busy polling, older processes will create unecessary cpu conflicts; we can assume there is no need for busy polling for old processes which are waiting to be terminated. This patch is not a bug fix itself but might be a good stability improvment when you are un the context of frequent seamless reloads with a high "hard-stop-after" value; for that reasons I think this patch should be backported in all 2.x versions. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-12-28 09:36:02 -05:00
/* disable busy polling to avoid cpu eating for the new process */
global.tune.options &= ~GTUNE_BUSY_POLLING;
MINOR: proxy: add a global "grace" directive to postpone soft-stop In ticket #1348 some users expressed some concerns regarding the removal of the "grace" directive from the proxies. Their use case very closely mimmicks the original intent of the grace keyword, which is, let haproxy accept traffic for some time when stopping, while indicating an external LB that it's stopping. This is implemented here by starting a task whose expiration triggers the soft-stop for real. The global "stopping" variable is immediately set however. For example, this below will be sufficient to instantly notify an external check on port 9999 that the service is going down, while other services remain active for 10s: global grace 10s frontend ext-check bind :9999 monitor-uri /ext-check monitor fail if { stopping }
2021-09-07 04:49:45 -04:00
MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window The new 'close-spread-time' global option can be used to spread idle and active HTTP connction closing after a SIGUSR1 signal is received. This allows to limit bursts of reconnections when too many idle connections are closed at once. Indeed, without this new mechanism, in case of soft-stop, all the idle connections would be closed at once (after the grace period is over), and all active HTTP connections would be closed by appending a "Connection: close" header to the next response that goes over it (or via a GOAWAY frame in case of HTTP2). This patch adds the support of this new option for HTTP as well as HTTP2 connections. It works differently on active and idle connections. On active connections, instead of sending systematically the GOAWAY frame or adding the 'Connection: close' header like before once the soft-stop has started, a random based on the remainder of the close window is calculated, and depending on its result we could decide to keep the connection alive. The random will be recalculated for any subsequent request/response on this connection so the GOAWAY will still end up being sent, but we might wait a few more round trips. This will ensure that goaways are distributed along a longer time window than before. On idle connections, a random factor is used when determining the expire field of the connection's task, which should naturally spread connection closings on the time window (see h2c_update_timeout). This feature request was described in GitHub issue #1614. This patch should be backported to 2.5. It depends on "BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts" which refactorized the timeout management of HTTP2 connections.
2022-04-08 12:04:18 -04:00
if (tick_isset(global.close_spread_time)) {
global.close_spread_end = tick_add(now_ms, global.close_spread_time);
}
MINOR: proxy: add a global "grace" directive to postpone soft-stop In ticket #1348 some users expressed some concerns regarding the removal of the "grace" directive from the proxies. Their use case very closely mimmicks the original intent of the grace keyword, which is, let haproxy accept traffic for some time when stopping, while indicating an external LB that it's stopping. This is implemented here by starting a task whose expiration triggers the soft-stop for real. The global "stopping" variable is immediately set however. For example, this below will be sufficient to instantly notify an external check on port 9999 that the service is going down, while other services remain active for 10s: global grace 10s frontend ext-check bind :9999 monitor-uri /ext-check monitor fail if { stopping }
2021-09-07 04:49:45 -04:00
/* schedule a hard-stop after a delay if needed */
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
if (tick_isset(global.hard_stop_after)) {
MINOR: task: provide 3 task_new_* wrappers to simplify the API We'll need to improve the API to pass other arguments in the future, so let's start to adapt better to the current use cases. task_new() is used: - 18 times as task_new(tid_bit) - 18 times as task_new(MAX_THREADS_MASK) - 2 times with a single bit (in a loop) - 1 in the debug code that uses a mask This patch provides 3 new functions to achieve this: - task_new_here() to create a task on the calling thread - task_new_anywhere() to create a task to be run anywhere - task_new_on() to create a task to run on a specific thread The change is trivial and will allow us to later concentrate the required adaptations to these 3 functions only. It's still possible to call task_new() if needed but a comment was added to encourage the use of the new ones instead. The debug code was not changed and still uses it.
2021-10-01 12:23:30 -04:00
task = task_new_anywhere();
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
if (task) {
task->process = hard_stop;
task_schedule(task, tick_add(now_ms, global.hard_stop_after));
}
else {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("out of memory trying to allocate the hard-stop task.\n");
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
}
}
MEDIUM: proxy: make soft_stop() stop most listeners using protocol_stop_now() One difficulty in soft-stopping is to make sure not to forget unlisted listeners. By first doing a pass using protocol_stop_now() we catch the vast majority of them. The few remaining ones are the ones belonging to a proxy having a grace period. For these ones, the proxy will arm its stop_time timer and emit a log message. Since neither UDP listeners nor peers use the grace period, we can already get rid of the special cases there since we know they will have been stopped by the protocols.
2020-10-07 10:52:43 -04:00
MEDIUM: proto: stop protocols under thread isolation during soft stop protocol_stop_now() is called from do_soft_stop_now() running on any thread that received the signal. The problem is that it will call some listener handlers to close the FD, resulting in an fd_delete() being called from the wrong group. That's not clean and we cannot even rely on the thread mask to show up. One interesting long-term approach could be to have kill queues for FDs, and maybe we'll need them in the long run. However that doesn't work well for listeners in this situation. Let's simply isolate ourselves during this instant. We know we'll be alone dealing with the close and that the FD will be instantly deleted since not in use by any other thread. It's not the cleanest solution but it should last long enough without causing trouble.
2022-07-15 13:15:02 -04:00
/* we isolate so that we have a chance of stopping listeners in other groups */
thread_isolate();
MEDIUM: proxy: remove the deprecated "grace" keyword Commit ab0a5192a ("MEDIUM: config: mark "grace" as deprecated") marked the "grace" keyword as deprecated in 2.3, tentative removal for 2.4 with a hard deadline in 2.5, so let's remove it and return an error now. This old and outdated feature was incompatible with soft-stop, reload and socket transfers, and keeping it forced ugly hacks in the lower layers of the protocol stack.
2021-06-11 10:27:10 -04:00
/* stop all stoppable listeners */
MEDIUM: proxy: make soft_stop() stop most listeners using protocol_stop_now() One difficulty in soft-stopping is to make sure not to forget unlisted listeners. By first doing a pass using protocol_stop_now() we catch the vast majority of them. The few remaining ones are the ones belonging to a proxy having a grace period. For these ones, the proxy will arm its stop_time timer and emit a log message. Since neither UDP listeners nor peers use the grace period, we can already get rid of the special cases there since we know they will have been stopped by the protocols.
2020-10-07 10:52:43 -04:00
protocol_stop_now();
MEDIUM: proto: stop protocols under thread isolation during soft stop protocol_stop_now() is called from do_soft_stop_now() running on any thread that received the signal. The problem is that it will call some listener handlers to close the FD, resulting in an fd_delete() being called from the wrong group. That's not clean and we cannot even rely on the thread mask to show up. One interesting long-term approach could be to have kill queues for FDs, and maybe we'll need them in the long run. However that doesn't work well for listeners in this situation. Let's simply isolate ourselves during this instant. We know we'll be alone dealing with the close and that the FD will be instantly deleted since not in use by any other thread. It's not the cleanest solution but it should last long enough without causing trouble.
2022-07-15 13:15:02 -04:00
thread_release();
BUG/MEDIUM: proxy: properly stop backends on soft-stop On soft-stop, we must properlu stop backends and not only proxies with at least a listener. This is mandatory in order to stop the health checks. A previous fix was provided to do so (ba29687bc1 "BUG/MEDIUM: proxy: properly stop backends"). However, only stop_proxy() function was fixed. When HAproxy is stopped, this function is no longer used. So the same kind of fix must be done on do_soft_stop_now(). This patch partially fixes the issue #1874. It must be backported as far as 2.4.
2023-03-14 09:33:11 -04:00
/* Loop on proxies to stop backends */
p = proxies_list;
while (p) {
HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock);
proxy_cond_disable(p);
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &p->lock);
p = p->next;
}
[MEDIUM] signals: support redistribution of signal zero when stopping Signal zero is never delivered by the system. However having a signal to which functions and tasks can subscribe to be notified of a stopping event is useful. So this patch does two things : 1) allow signal zero to be delivered from any function of signal handler 2) make soft_stop() deliver this signal so that tasks can be notified of a stopping condition.
2010-08-27 12:26:11 -04:00
/* signal zero is used to broadcast the "stopping" event */
signal_handler(0);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: proxy: add a global "grace" directive to postpone soft-stop In ticket #1348 some users expressed some concerns regarding the removal of the "grace" directive from the proxies. Their use case very closely mimmicks the original intent of the grace keyword, which is, let haproxy accept traffic for some time when stopping, while indicating an external LB that it's stopping. This is implemented here by starting a task whose expiration triggers the soft-stop for real. The global "stopping" variable is immediately set however. For example, this below will be sufficient to instantly notify an external check on port 9999 that the service is going down, while other services remain active for 10s: global grace 10s frontend ext-check bind :9999 monitor-uri /ext-check monitor fail if { stopping }
2021-09-07 04:49:45 -04:00
/* triggered by a soft-stop delayed with `grace` */
static struct task *grace_expired(struct task *t, void *context, unsigned int state)
{
ha_notice("Grace period expired, proceeding with soft-stop now.\n");
send_log(NULL, LOG_NOTICE, "Grace period expired, proceeding with soft-stop now.\n");
do_soft_stop_now();
task_destroy(t);
return NULL;
}
/*
* this function disables health-check servers so that the process will quickly be ignored
* by load balancers.
*/
void soft_stop(void)
{
struct task *task;
stopping = 1;
if (tick_isset(global.grace_delay)) {
MINOR: task: provide 3 task_new_* wrappers to simplify the API We'll need to improve the API to pass other arguments in the future, so let's start to adapt better to the current use cases. task_new() is used: - 18 times as task_new(tid_bit) - 18 times as task_new(MAX_THREADS_MASK) - 2 times with a single bit (in a loop) - 1 in the debug code that uses a mask This patch provides 3 new functions to achieve this: - task_new_here() to create a task on the calling thread - task_new_anywhere() to create a task to be run anywhere - task_new_on() to create a task to run on a specific thread The change is trivial and will allow us to later concentrate the required adaptations to these 3 functions only. It's still possible to call task_new() if needed but a comment was added to encourage the use of the new ones instead. The debug code was not changed and still uses it.
2021-10-01 12:23:30 -04:00
task = task_new_anywhere();
MINOR: proxy: add a global "grace" directive to postpone soft-stop In ticket #1348 some users expressed some concerns regarding the removal of the "grace" directive from the proxies. Their use case very closely mimmicks the original intent of the grace keyword, which is, let haproxy accept traffic for some time when stopping, while indicating an external LB that it's stopping. This is implemented here by starting a task whose expiration triggers the soft-stop for real. The global "stopping" variable is immediately set however. For example, this below will be sufficient to instantly notify an external check on port 9999 that the service is going down, while other services remain active for 10s: global grace 10s frontend ext-check bind :9999 monitor-uri /ext-check monitor fail if { stopping }
2021-09-07 04:49:45 -04:00
if (task) {
ha_notice("Scheduling a soft-stop in %u ms.\n", global.grace_delay);
send_log(NULL, LOG_WARNING, "Scheduling a soft-stop in %u ms.\n", global.grace_delay);
task->process = grace_expired;
task_schedule(task, tick_add(now_ms, global.grace_delay));
return;
}
else {
ha_alert("out of memory trying to allocate the stop-stop task, stopping now.\n");
}
}
/* no grace (or failure to enforce it): stop now */
do_soft_stop_now();
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c Managing listeners state is difficult because they have their own state and can at the same time have theirs dictated by their proxy. The pause is not done properly, as the proxy code is fiddling with sockets. By introducing new functions such as pause_listener()/resume_listener(), we make it a bit more obvious how/when they're supposed to be used. The listen_proxies() function was also renamed to resume_proxies() since it's only used for pause/resume. This patch is the first in a series aiming at getting rid of the maintain_proxies mess. In the end, proxies should not call enable_listener()/disable_listener() anymore.
2011-07-24 12:28:10 -04:00
/* Temporarily disables listening on all of the proxy's listeners. Upon
MEDIUM: proxy: remove the PR_STERROR state This state is only set when a pause() fails but isn't even set when a resume() fails. And we cannot recover from this state. Instead, let's just count remaining ready listeners to decide to emit an error or not. It's more accurate and will better support new attempts if needed.
2020-09-24 01:44:34 -04:00
* success, the proxy enters the PR_PAUSED state. The function returns 0
[CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs It avoids duplicated code in the caller.
2011-09-07 13:14:57 -04:00
* if it fails, or non-zero on success.
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
* The function takes the proxy's lock so it's safe to
* call from multiple places.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
[CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs It avoids duplicated code in the caller.
2011-09-07 13:14:57 -04:00
int pause_proxy(struct proxy *p)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
struct listener *l;
[CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs It avoids duplicated code in the caller.
2011-09-07 13:14:57 -04:00
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock);
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (!(p->cap & PR_CAP_FE) || (p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) || !p->li_ready)
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
goto end;
[CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs It avoids duplicated code in the caller.
2011-09-07 13:14:57 -04:00
MEDIUM: proxy: remove the PR_STERROR state This state is only set when a pause() fails but isn't even set when a resume() fails. And we cannot recover from this state. Instead, let's just count remaining ready listeners to decide to emit an error or not. It's more accurate and will better support new attempts if needed.
2020-09-24 01:44:34 -04:00
list_for_each_entry(l, &p->conf.listeners, by_fe)
MINOR: listener: pause_listener() becomes suspend_listener() We are simply renaming pause_listener() to suspend_listener() to prevent confusion around listener pausing. A suspended listener can be in two differents valid states: - LI_PAUSED: the listener is effectively paused, it will unpause on resume_listener() - LI_ASSIGNED (not bound): the listener does not support the LI_PAUSED state, so it was unbound to satisfy the suspend request, it will correcly re-bind on resume_listener() Besides that, we add the LI_F_SUSPENDED flag to mark suspended listeners in suspend_listener() and unmark them in resume_listener(). We're also adding li_suspend proxy variable to track the number of currently suspended listeners: That is, the number of listeners that were suspended through suspend_listener() and that are either in LI_PAUSED or LI_ASSIGNED state. Counter is increased on successful suspend in suspend_listener() and it is decreased on successful resume in resume_listener() -- Backport notes: -> 2.4 only, as "MINOR: proxy/listener: support for additional PAUSED state" was not backported: Replace this: | /* PROXY_LOCK is require | proxy_cond_resume(px); By this: | ha_warning("Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); | send_log(px, LOG_WARNING, "Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); -> 2.6 and 2.7 only, as "MINOR: listener: make sure we don't pause/resume" was custom patched: Replace this: |@@ -253,6 +253,7 @@ struct listener { | | /* listener flags (16 bits) */ | #define LI_F_FINALIZED 0x0001 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+#define LI_F_SUSPENDED 0x0002 /* listener has been suspended using suspend_listener(), it is either is LI_PAUSED or LI_ASSIGNED state */ | | /* Descriptor for a "bind" keyword. The ->parse() function returns 0 in case of | * success, or a combination of ERR_* flags if an error is encountered. The By this: |@@ -222,6 +222,7 @@ struct li_per_thread { | | #define LI_F_QUIC_LISTENER 0x00000001 /* listener uses proto quic */ | #define LI_F_FINALIZED 0x00000002 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+#define LI_F_SUSPENDED 0x00000004 /* listener has been suspended using suspend_listener(), it is either is LI_PAUSED or LI_ASSIGNED state */ | | /* The listener will be directly referenced by the fdtab[] which holds its | * socket. The listener provides the protocol-specific accept() function to
2023-02-13 11:45:08 -05:00
suspend_listener(l, 1, 0);
[CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs It avoids duplicated code in the caller.
2011-09-07 13:14:57 -04:00
MEDIUM: proxy: remove the PR_STERROR state This state is only set when a pause() fails but isn't even set when a resume() fails. And we cannot recover from this state. Instead, let's just count remaining ready listeners to decide to emit an error or not. It's more accurate and will better support new attempts if needed.
2020-09-24 01:44:34 -04:00
if (p->li_ready) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("%s %s failed to enter pause mode.\n", proxy_cap_str(p->cap), p->id);
[CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs It avoids duplicated code in the caller.
2011-09-07 13:14:57 -04:00
send_log(p, LOG_WARNING, "%s %s failed to enter pause mode.\n", proxy_cap_str(p->cap), p->id);
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &p->lock);
[CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs It avoids duplicated code in the caller.
2011-09-07 13:14:57 -04:00
return 0;
}
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
end:
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &p->lock);
[CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs It avoids duplicated code in the caller.
2011-09-07 13:14:57 -04:00
return 1;
[BUG] ensure that listeners from disabled proxies are correctly unbound. There is a problem when an instance is marked "disabled". Its ports are still bound but will not be unbound upon termination. This causes processes to accumulate during soft restarts, and might even cause failures to restart new ones due to the inability to bind to the same port. The ideal solution would be to bind all ports at the end of the configuration parsing. An acceptable workaround is to unbind all listeners of disabled proxies. This is what the current patch does. (cherry picked from commit a944218e9c1d5ff1aca34609146389dc680335b7) (cherry picked from commit 8cfebbb82b87345bade831920177077e7d25840a)
2008-10-12 06:07:48 -04:00
}
/*
* This function completely stops a proxy and releases its listeners. It has
* to be called when going down in order to release the ports so that another
* process may bind to them. It must also be called on disabled proxies at the
MEDIUM: listeners: support unstoppable listener An unstoppable listener is a listener which won't be stop during a soft stop. The unstoppable_jobs variable is incremented and the listener won't prevent the process to leave properly. It is not a good idea to use this feature (the LI_O_NOSTOP flag) with a listener that need to be bind again on another process during a soft reload.
2018-11-16 10:57:21 -05:00
* end of start-up. If all listeners are closed, the proxy is set to the
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
* PR_STOPPED state.
* The function takes the proxy's lock so it's safe to
BUG/MINOR: proxy: always lock stop_proxy() There is one unprotected call to stop_proxy() from the manage_proxy() task, so there is a single caller by definition, but there is also another such call from the CLI's "shutdown frontend" parser. This one does it under the proxy's lock but the first one doesn't use it. Thus it is theorically possible to corrupt the list of listeners in a proxy by issuing "shutdown frontend" and SIGUSR1 exactly at the same time. While it sounds particularly contrived or stupid, it could possibly happen with automated tools that would send actions via various channels. This could cause the process to loop forever or to crash and thus stop faster than expected. This might be backported as far as 1.8.
2019-07-24 11:42:44 -04:00
* call from multiple places.
[BUG] ensure that listeners from disabled proxies are correctly unbound. There is a problem when an instance is marked "disabled". Its ports are still bound but will not be unbound upon termination. This causes processes to accumulate during soft restarts, and might even cause failures to restart new ones due to the inability to bind to the same port. The ideal solution would be to bind all ports at the end of the configuration parsing. An acceptable workaround is to unbind all listeners of disabled proxies. This is what the current patch does. (cherry picked from commit a944218e9c1d5ff1aca34609146389dc680335b7) (cherry picked from commit 8cfebbb82b87345bade831920177077e7d25840a)
2008-10-12 06:07:48 -04:00
*/
void stop_proxy(struct proxy *p)
{
struct listener *l;
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock);
BUG/MINOR: proxy: always lock stop_proxy() There is one unprotected call to stop_proxy() from the manage_proxy() task, so there is a single caller by definition, but there is also another such call from the CLI's "shutdown frontend" parser. This one does it under the proxy's lock but the first one doesn't use it. Thus it is theorically possible to corrupt the list of listeners in a proxy by issuing "shutdown frontend" and SIGUSR1 exactly at the same time. While it sounds particularly contrived or stupid, it could possibly happen with automated tools that would send actions via various channels. This could cause the process to loop forever or to crash and thus stop faster than expected. This might be backported as far as 1.8.
2019-07-24 11:42:44 -04:00
MEDIUM: proxy: make stop_proxy() now use stop_listener() The function will stop the listeners using this method, which in turn will ping back once it finishes disabling the proxy.
2020-10-07 10:20:34 -04:00
list_for_each_entry(l, &p->conf.listeners, by_fe)
MINOR: listener/api: add lli hint to listener functions Add listener lock hint (AKA lli) to (stop/resume/pause)_listener() functions. All these functions implicitely take the listener lock when they are called: It could be useful to be able to call them while already holding the lock, so we're adding lli hint to make them take the lock only when it is missing. This should only be backported if explicitly required by another commit -- -> 2.4 and 2.5 common backport notes: These 2 commits need to be backported first: - 187396e34 "CLEANUP: listener: function comment typo in stop_listener()" - a57786e87 "BUG/MINOR: listener: null pointer dereference suspected by coverity" -> 2.4 special backport notes: In addition to the previously mentionned dependencies, the patch needs to be slightly adapted to match the corresponding contextual lines: Replace this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if (l->state <= LI_PAUSED) | goto end; By this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if ((global.mode & (MODE_DAEMON | MODE_MWORKER)) && | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) Replace this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); | } By this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) | if (!listener->bind_conf->frontend->grace) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); Replace this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!(p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && !p->li_ready) { | /* might be just a backend */ By this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!p->disabled && !p->li_ready) { | /* might be just a backend */
2023-02-06 11:06:03 -05:00
stop_listener(l, 1, 0, 0);
BUG/MINOR: proxy: always lock stop_proxy() There is one unprotected call to stop_proxy() from the manage_proxy() task, so there is a single caller by definition, but there is also another such call from the CLI's "shutdown frontend" parser. This one does it under the proxy's lock but the first one doesn't use it. Thus it is theorically possible to corrupt the list of listeners in a proxy by issuing "shutdown frontend" and SIGUSR1 exactly at the same time. While it sounds particularly contrived or stupid, it could possibly happen with automated tools that would send actions via various channels. This could cause the process to loop forever or to crash and thus stop faster than expected. This might be backported as far as 1.8.
2019-07-24 11:42:44 -04:00
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (!(p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && !p->li_ready) {
BUG/MEDIUM: proxy: properly stop backends The proxy stopping mechanism was changed with commit 322b9b94e ("MEDIUM: proxy: make stop_proxy() now use stop_listener()") so that it's now entirely driven by the listeners. One thing was forgotten though, which is that pure backends will not stop anymore since they don't have any listener, and that it's necessary to stop them in order to stop the health checks. No backport is needed.
2020-10-16 09:10:11 -04:00
/* might be just a backend */
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
p->flags |= PR_FL_STOPPED;
BUG/MEDIUM: proxy: properly stop backends The proxy stopping mechanism was changed with commit 322b9b94e ("MEDIUM: proxy: make stop_proxy() now use stop_listener()") so that it's now entirely driven by the listeners. One thing was forgotten though, which is that pure backends will not stop anymore since they don't have any listener, and that it's necessary to stop them in order to stop the health checks. No backport is needed.
2020-10-16 09:10:11 -04:00
}
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &p->lock);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[BUG] peers: ensure the peers are resumed if they were paused Upon an incoming soft restart request, we first pause all frontends and peers. If the caller changes its mind and asks us to resume (eg: failed binding), we must resume all the frontends and peers. Unfortunately the peers were not resumed. The code was arranged to avoid code duplication (which used to hide the issue till now).
2011-09-07 15:33:14 -04:00
/* This function resumes listening on the specified proxy. It scans all of its
* listeners and tries to enable them all. If any of them fails, the proxy is
* put back to the paused state. It returns 1 upon success, or zero if an error
* is encountered.
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
* The function takes the proxy's lock so it's safe to
* call from multiple places.
[BUG] peers: ensure the peers are resumed if they were paused Upon an incoming soft restart request, we first pause all frontends and peers. If the caller changes its mind and asks us to resume (eg: failed binding), we must resume all the frontends and peers. Unfortunately the peers were not resumed. The code was arranged to avoid code duplication (which used to hide the issue till now).
2011-09-07 15:33:14 -04:00
*/
int resume_proxy(struct proxy *p)
{
struct listener *l;
int fail;
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock);
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if ((p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) || !p->li_paused)
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
goto end;
[BUG] peers: ensure the peers are resumed if they were paused Upon an incoming soft restart request, we first pause all frontends and peers. If the caller changes its mind and asks us to resume (eg: failed binding), we must resume all the frontends and peers. Unfortunately the peers were not resumed. The code was arranged to avoid code duplication (which used to hide the issue till now).
2011-09-07 15:33:14 -04:00
fail = 0;
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
list_for_each_entry(l, &p->conf.listeners, by_fe) {
MINOR: listener/api: add lli hint to listener functions Add listener lock hint (AKA lli) to (stop/resume/pause)_listener() functions. All these functions implicitely take the listener lock when they are called: It could be useful to be able to call them while already holding the lock, so we're adding lli hint to make them take the lock only when it is missing. This should only be backported if explicitly required by another commit -- -> 2.4 and 2.5 common backport notes: These 2 commits need to be backported first: - 187396e34 "CLEANUP: listener: function comment typo in stop_listener()" - a57786e87 "BUG/MINOR: listener: null pointer dereference suspected by coverity" -> 2.4 special backport notes: In addition to the previously mentionned dependencies, the patch needs to be slightly adapted to match the corresponding contextual lines: Replace this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if (l->state <= LI_PAUSED) | goto end; By this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if ((global.mode & (MODE_DAEMON | MODE_MWORKER)) && | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) Replace this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); | } By this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) | if (!listener->bind_conf->frontend->grace) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); Replace this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!(p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && !p->li_ready) { | /* might be just a backend */ By this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!p->disabled && !p->li_ready) { | /* might be just a backend */
2023-02-06 11:06:03 -05:00
if (!resume_listener(l, 1, 0)) {
[BUG] peers: ensure the peers are resumed if they were paused Upon an incoming soft restart request, we first pause all frontends and peers. If the caller changes its mind and asks us to resume (eg: failed binding), we must resume all the frontends and peers. Unfortunately the peers were not resumed. The code was arranged to avoid code duplication (which used to hide the issue till now).
2011-09-07 15:33:14 -04:00
int port;
REORG: listener: move the listening address to a struct receiver The address will be specific to the receiver so let's move it there.
2020-08-27 01:48:42 -04:00
port = get_host_port(&l->rx.addr);
[BUG] peers: ensure the peers are resumed if they were paused Upon an incoming soft restart request, we first pause all frontends and peers. If the caller changes its mind and asks us to resume (eg: failed binding), we must resume all the frontends and peers. Unfortunately the peers were not resumed. The code was arranged to avoid code duplication (which used to hide the issue till now).
2011-09-07 15:33:14 -04:00
if (port) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Port %d busy while trying to enable %s %s.\n",
port, proxy_cap_str(p->cap), p->id);
[BUG] peers: ensure the peers are resumed if they were paused Upon an incoming soft restart request, we first pause all frontends and peers. If the caller changes its mind and asks us to resume (eg: failed binding), we must resume all the frontends and peers. Unfortunately the peers were not resumed. The code was arranged to avoid code duplication (which used to hide the issue till now).
2011-09-07 15:33:14 -04:00
send_log(p, LOG_WARNING, "Port %d busy while trying to enable %s %s.\n",
port, proxy_cap_str(p->cap), p->id);
}
else {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Bind on socket %d busy while trying to enable %s %s.\n",
l->luid, proxy_cap_str(p->cap), p->id);
[BUG] peers: ensure the peers are resumed if they were paused Upon an incoming soft restart request, we first pause all frontends and peers. If the caller changes its mind and asks us to resume (eg: failed binding), we must resume all the frontends and peers. Unfortunately the peers were not resumed. The code was arranged to avoid code duplication (which used to hide the issue till now).
2011-09-07 15:33:14 -04:00
send_log(p, LOG_WARNING, "Bind on socket %d busy while trying to enable %s %s.\n",
l->luid, proxy_cap_str(p->cap), p->id);
}
/* Another port might have been enabled. Let's stop everything. */
fail = 1;
break;
}
}
if (fail) {
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &p->lock);
/* pause_proxy will take PROXY_LOCK */
[BUG] peers: ensure the peers are resumed if they were paused Upon an incoming soft restart request, we first pause all frontends and peers. If the caller changes its mind and asks us to resume (eg: failed binding), we must resume all the frontends and peers. Unfortunately the peers were not resumed. The code was arranged to avoid code duplication (which used to hide the issue till now).
2011-09-07 15:33:14 -04:00
pause_proxy(p);
return 0;
}
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
end:
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &p->lock);
[BUG] peers: ensure the peers are resumed if they were paused Upon an incoming soft restart request, we first pause all frontends and peers. If the caller changes its mind and asks us to resume (eg: failed binding), we must resume all the frontends and peers. Unfortunately the peers were not resumed. The code was arranged to avoid code duplication (which used to hide the issue till now).
2011-09-07 15:33:14 -04:00
return 1;
}
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
/* Set current stream's backend to <be>. Nothing is done if the
* stream already had a backend assigned, which is indicated by
REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* This is in order to keep things consistent.
2015-04-02 19:14:29 -04:00
* s->flags & SF_BE_ASSIGNED.
[MAJOR] http: complete splitting of the remaining stages The HTTP processing has been splitted into 7 steps, one of which is not anymore HTTP-specific (content-switching). That way, it becomes possible to use "use_backend" rules in TCP mode. A new "use_server" directive should follow soon.
2009-07-07 09:10:31 -04:00
* All flags, stats and counters which need be updated are updated.
[MINOR] prepare callers of session_set_backend to handle errors session_set_backend will soon have to allocate areas for HTTP headers. We must ensure that the callers can handle an allocation error.
2009-07-12 02:27:39 -04:00
* Returns 1 if done, 0 in case of internal error, eg: lack of resource.
[MAJOR] http: complete splitting of the remaining stages The HTTP processing has been splitted into 7 steps, one of which is not anymore HTTP-specific (content-switching). That way, it becomes possible to use "use_backend" rules in TCP mode. A new "use_server" directive should follow soon.
2009-07-07 09:10:31 -04:00
*/
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
int stream_set_backend(struct stream *s, struct proxy *be)
[MAJOR] http: complete splitting of the remaining stages The HTTP processing has been splitted into 7 steps, one of which is not anymore HTTP-specific (content-switching). That way, it becomes possible to use "use_backend" rules in TCP mode. A new "use_server" directive should follow soon.
2009-07-07 09:10:31 -04:00
{
MINOR: stream: Handle stream HTTP upgrade in a dedicated function The code responsible to perform an HTTP upgrade from a TCP stream is moved in a dedicated function, stream_set_http_mode(). The stream_set_backend() function is slightly updated, especially to correctly set the request analysers.
2021-03-15 05:42:02 -04:00
unsigned int req_ana;
REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* This is in order to keep things consistent.
2015-04-02 19:14:29 -04:00
if (s->flags & SF_BE_ASSIGNED)
[MINOR] prepare callers of session_set_backend to handle errors session_set_backend will soon have to allocate areas for HTTP headers. We must ensure that the callers can handle an allocation error.
2009-07-12 02:27:39 -04:00
return 1;
MINOR: filters: Call stream_set_backend callbacks before updating backend stats So if an internal error is returned, the number of cumulated connections on the backend is not incremented.
2016-06-21 05:54:52 -04:00
if (flt_set_stream_backend(s, be) < 0)
return 0;
[MAJOR] http: complete splitting of the remaining stages The HTTP processing has been splitted into 7 steps, one of which is not anymore HTTP-specific (content-switching). That way, it becomes possible to use "use_backend" rules in TCP mode. A new "use_server" directive should follow soon.
2009-07-07 09:10:31 -04:00
s->be = be;
MEDIUM: counters: Dynamically allocate per-thread group counters Instead of statically allocating the per-thread group counters, based on the max number of thread groups available, allocate them dynamically, based on the number of thread groups actually used. That way we can increase the maximum number of thread groups without using an unreasonable amount of memory.
2026-01-11 22:25:34 -05:00
if (be->be_counters.shared.tg)
s->be_tgcounters = be->be_counters.shared.tg[tgid - 1];
else
s->be_tgcounters = NULL;
MEDIUM: threads/proxy: Add a lock per proxy and atomically update proxy vars Now, each proxy contains a lock that must be used when necessary to protect it. Moreover, all proxy's counters are now updated using atomic operations.
2017-06-02 09:33:24 -04:00
HA_ATOMIC_UPDATE_MAX(&be->be_counters.conn_max,
CLEANUP: atomic: add an explicit _FETCH variant for add/sub/and/or Currently our atomic ops return a value but it's never known whether the fetch is done before or after the operation, which causes some confusion each time the value is desired. Let's create an explicit variant of these operations suffixed with _FETCH to explicitly mention that the fetch occurs after the operation, and make use of it at the few call places.
2021-04-06 05:44:07 -04:00
HA_ATOMIC_ADD_FETCH(&be->beconn, 1));
[MAJOR] http: complete splitting of the remaining stages The HTTP processing has been splitted into 7 steps, one of which is not anymore HTTP-specific (content-switching). That way, it becomes possible to use "use_backend" rules in TCP mode. A new "use_server" directive should follow soon.
2009-07-07 09:10:31 -04:00
proxy_inc_be_ctr(be);
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
/* assign new parameters to the stream from the new backend */
CLEANUP: stconn: tree-wide rename stream connector flags CS_FL_* to SC_FL_* This follows the natural naming. There are roughly 100 changes, all totally trivial.
2022-05-17 13:44:42 -04:00
s->scb->flags &= ~SC_FL_INDEP_STR;
[MEDIUM] new option "independant-streams" to stop updating read timeout on writes By default, when data is sent over a socket, both the write timeout and the read timeout for that socket are refreshed, because we consider that there is activity on that socket, and we have no other means of guessing if we should receive data or not. While this default behaviour is desirable for almost all applications, there exists a situation where it is desirable to disable it, and only refresh the read timeout if there are incoming data. This happens on sessions with large timeouts and low amounts of exchanged data such as telnet session. If the server suddenly disappears, the output data accumulates in the system's socket buffers, both timeouts are correctly refreshed, and there is no way to know the server does not receive them, so we don't timeout. However, when the underlying protocol always echoes sent data, it would be enough by itself to detect the issue using the read timeout. Note that this problem does not happen with more verbose protocols because data won't accumulate long in the socket buffers. When this option is set on the frontend, it will disable read timeout updates on data sent to the client. There probably is little use of this case. When the option is set on the backend, it will disable read timeout updates on data sent to the server. Doing so will typically break large HTTP posts from slow lines, so use it with caution.
2009-10-03 16:01:18 -04:00
if (be->options2 & PR_O2_INDEPSTR)
CLEANUP: stconn: tree-wide rename stream connector flags CS_FL_* to SC_FL_* This follows the natural naming. There are roughly 100 changes, all totally trivial.
2022-05-17 13:44:42 -04:00
s->scb->flags |= SC_FL_INDEP_STR;
[MEDIUM] new option "independant-streams" to stop updating read timeout on writes By default, when data is sent over a socket, both the write timeout and the read timeout for that socket are refreshed, because we consider that there is activity on that socket, and we have no other means of guessing if we should receive data or not. While this default behaviour is desirable for almost all applications, there exists a situation where it is desirable to disable it, and only refresh the read timeout if there are incoming data. This happens on sessions with large timeouts and low amounts of exchanged data such as telnet session. If the server suddenly disappears, the output data accumulates in the system's socket buffers, both timeouts are correctly refreshed, and there is no way to know the server does not receive them, so we don't timeout. However, when the underlying protocol always echoes sent data, it would be enough by itself to detect the issue using the read timeout. Note that this problem does not happen with more verbose protocols because data won't accumulate long in the socket buffers. When this option is set on the frontend, it will disable read timeout updates on data sent to the client. There probably is little use of this case. When the option is set on the backend, it will disable read timeout updates on data sent to the server. Doing so will typically break large HTTP posts from slow lines, so use it with caution.
2009-10-03 16:01:18 -04:00
MEDIUM: http: add a new option http-buffer-request It is sometimes desirable to wait for the body of an HTTP request before taking a decision. This is what is being done by "balance url_param" for example. The first use case is to buffer requests from slow clients before connecting to the server. Another use case consists in taking the routing decision based on the request body's contents. This option placed in a frontend or backend forces the HTTP processing to wait until either the whole body is received, or the request buffer is full, or the first chunk is complete in case of chunked encoding. It can have undesired side effects with some applications abusing HTTP by expecting unbufferred transmissions between the frontend and the backend, so this should definitely not be used by default. Note that it would not work for the response because we don't reset the message state before starting to forward. For the response we need to 1) reset the message state to MSG_100_SENT or BODY , and 2) to reset body_len in case of chunked encoding to avoid counting it twice.
2015-05-01 16:42:08 -04:00
/* We want to enable the backend-specific analysers except those which
* were already run as part of the frontend/listener. Note that it would
* be more reliable to store the list of analysers that have been run,
* but what we do here is OK for now.
*/
MINOR: stream: Handle stream HTTP upgrade in a dedicated function The code responsible to perform an HTTP upgrade from a TCP stream is moved in a dedicated function, stream_set_http_mode(). The stream_set_backend() function is slightly updated, especially to correctly set the request analysers.
2021-03-15 05:42:02 -04:00
req_ana = be->be_req_ana;
if (!(strm_fe(s)->options & PR_O_WREQ_BODY) && be->options & PR_O_WREQ_BODY) {
/* The backend request to parse a request body while it was not
* performed on the frontend, so add the corresponding analyser
*/
req_ana |= AN_REQ_HTTP_BODY;
}
if (IS_HTX_STRM(s) && strm_fe(s)->mode != PR_MODE_HTTP) {
/* The stream was already upgraded to HTTP, so remove analysers
* set during the upgrade
*/
req_ana &= ~(AN_REQ_WAIT_HTTP|AN_REQ_HTTP_PROCESS_FE);
}
MEDIUM: listener: move the analysers mask to the bind_conf When bind_conf were created, some elements such as the analysers mask ought to have moved there but that wasn't the case. Now that it's getting clearer that bind_conf provides all binding parameters and the listener is essentially a listener on an address, it's starting to get really confusing to keep such parameters in the listener, so let's move the mask to the bind_conf. We also take this opportunity for pre-setting the mask to the frontend's upon initalization. Now several loops have one less argument to take care of.
2023-01-12 12:39:42 -05:00
s->req.analysers |= req_ana & ~(strm_li(s) ? strm_li(s)->bind_conf->analysers : 0);
[MEDIUM] allow a TCP frontend to switch to an HTTP backend This patch allows a TCP frontend to switch to an HTTP backend. During the switch, missing structures are automatically allocated. The HTTP parser is enabled so that the backend first waits for a full HTTP request.
2009-07-12 03:47:04 -04:00
MINOR: stream: Handle stream HTTP upgrade in a dedicated function The code responsible to perform an HTTP upgrade from a TCP stream is moved in a dedicated function, stream_set_http_mode(). The stream_set_backend() function is slightly updated, especially to correctly set the request analysers.
2021-03-15 05:42:02 -04:00
if (!IS_HTX_STRM(s) && be->mode == PR_MODE_HTTP) {
MAJOR: proxy/htx: Handle mux upgrades from TCP to HTTP in HTX mode It is now possible to upgrade TCP streams to HTX when an HTTP backend is set for a TCP frontend (both with the HTX enabled). So concretely, in such case, an upgrade is performed from the mux pt to the mux h1. The current CS and the channel's buffer are used to initialize the mux h1.
2019-04-08 04:53:51 -04:00
/* If we chain a TCP frontend to an HTX backend, we must upgrade
* the client mux */
MEDIUM: Add tcp-request switch-mode action to perform HTTP upgrade It is now possible to perform HTTP upgrades on a TCP stream from the frontend side. To do so, a tcp-request content rule must be defined with the switch-mode action, specifying the mode (for now, only http is supported) and optionnaly the proto (h1 or h2). This way it could be possible to set HTTP directives on a TCP frontend which will only be evaluated if an upgrade is performed. This new way to perform HTTP upgrades should replace progressively the old way, consisting to route the request to an HTTP backend. And it should be also a good start to remove all HTTP processing from tcp-request content rules. This action is terminal, it stops the ruleset evaluation. It is only available on proxy with the frontend capability. The configuration manual has been updated accordingly.
2021-03-15 07:03:44 -04:00
if (!stream_set_http_mode(s, NULL))
MINOR: stream: Handle stream HTTP upgrade in a dedicated function The code responsible to perform an HTTP upgrade from a TCP stream is moved in a dedicated function, stream_set_http_mode(). The stream_set_backend() function is slightly updated, especially to correctly set the request analysers.
2021-03-15 05:42:02 -04:00
return 0;
}
else if (IS_HTX_STRM(s) && be->mode != PR_MODE_HTTP) {
/* If a TCP backend is assgiend to an HTX stream, return an
* error. It may happens for a new stream on a previously
* upgraded connections. */
if (!(s->flags & SF_ERR_MASK))
s->flags |= SF_ERR_INTERNAL;
return 0;
}
else {
/* If the target backend requires HTTP processing, we have to allocate
* the HTTP transaction if we did not have one.
*/
if (unlikely(!s->txn && be->http_needed && !http_create_txn(s)))
BUG/MEDIUM: stream: Be sure to never assign a TCP backend to an HTX stream With a TCP frontend, it is possible to upgrade a connection to HTTP when the backend is in HTTP mode. Concretly the upgrade install a new mux. So, once it is done, the downgrade to TCP is no longer possible. So we must take care to never assign a TCP backend to a stream on this connection. Otherwise, HAProxy crashes because raw data from the server are handled as structured data on the client side. This patch fixes the issue #420. It must be backported to all versions supporting the HTX.
2019-12-20 09:59:20 -05:00
return 0;
MAJOR: http: move http_txn out of struct stream Now this one is dynamically allocated. It means that 280 bytes of memory are saved per TCP stream, but more importantly that it will become possible to remove the l7 pointer from fetches and converters since it will be deduced from the stream and will support being null. A lot of care was taken because it's easy to forget a test somewhere, and the previous code used to always trust s->txn for being valid, but all places seem to have been visited. All HTTP fetch functions check the txn first so we shouldn't have any issue there even when called from TCP. When branching from a TCP frontend to an HTTP backend, the txn is properly allocated at the same time as the hdr_idx.
2015-04-03 17:46:31 -04:00
}
s->flags |= SF_BE_ASSIGNED;
[MEDIUM] http: add support for "http-no-delay" There are some very rare server-to-server applications that abuse the HTTP protocol and expect the payload phase to be highly interactive, with many interleaved data chunks in both directions within a single request. This is absolutely not supported by the HTTP specification and will not work across most proxies or servers. When such applications attempt to do this through haproxy, it works but they will experience high delays due to the network optimizations which favor performance by instructing the system to wait for enough data to be available in order to only send full packets. Typical delays are around 200 ms per round trip. Note that this only happens with abnormal uses. Normal uses such as CONNECT requests nor WebSockets are not affected. When "option http-no-delay" is present in either the frontend or the backend used by a connection, all such optimizations will be disabled in order to make the exchanges as fast as possible. Of course this offers no guarantee on the functionality, as it may break at any other place. But if it works via HAProxy, it will work as fast as possible. This option should never be used by default, and should never be used at all unless such a buggy application is discovered. The impact of using this option is an increase of bandwidth usage and CPU usage, which may significantly lower performance in high latency environments. This change should be backported to 1.4 since the first report of such a misuse was in 1.4. Next patch will also be needed.
2011-05-30 12:10:30 -04:00
if (be->options2 & PR_O2_NODELAY) {
MINOR: stconn/channel: Move CF_NEVER_WAIT into the SC and rename it The channel flag CF_NEVER_WAIT is renamed to SC_FL_SND_NEVERWAIT and moved into the stream-connector.
2023-03-17 10:38:18 -04:00
s->scf->flags |= SC_FL_SND_NEVERWAIT;
s->scb->flags |= SC_FL_SND_NEVERWAIT;
[MEDIUM] http: add support for "http-no-delay" There are some very rare server-to-server applications that abuse the HTTP protocol and expect the payload phase to be highly interactive, with many interleaved data chunks in both directions within a single request. This is absolutely not supported by the HTTP specification and will not work across most proxies or servers. When such applications attempt to do this through haproxy, it works but they will experience high delays due to the network optimizations which favor performance by instructing the system to wait for enough data to be available in order to only send full packets. Typical delays are around 200 ms per round trip. Note that this only happens with abnormal uses. Normal uses such as CONNECT requests nor WebSockets are not affected. When "option http-no-delay" is present in either the frontend or the backend used by a connection, all such optimizations will be disabled in order to make the exchanges as fast as possible. Of course this offers no guarantee on the functionality, as it may break at any other place. But if it works via HAProxy, it will work as fast as possible. This option should never be used by default, and should never be used at all unless such a buggy application is discovered. The impact of using this option is an increase of bandwidth usage and CPU usage, which may significantly lower performance in high latency environments. This change should be backported to 1.4 since the first report of such a misuse was in 1.4. Next patch will also be needed.
2011-05-30 12:10:30 -04:00
}
[MINOR] prepare callers of session_set_backend to handle errors session_set_backend will soon have to allocate areas for HTTP headers. We must ensure that the callers can handle an allocation error.
2009-07-12 02:27:39 -04:00
return 1;
[MAJOR] http: complete splitting of the remaining stages The HTTP processing has been splitted into 7 steps, one of which is not anymore HTTP-specific (content-switching). That way, it becomes possible to use "use_backend" rules in TCP mode. A new "use_server" directive should follow soon.
2009-07-07 09:10:31 -04:00
}
MINOR: proxy: add a new generic proxy_capture_error() This function now captures an error regardless of its side and protocol. The caller must pass a number of elements and may pass a protocol-specific structure and a callback to display it. Later this function may deal with more advanced allocation techniques to avoid allocating as many buffers as proxies.
2018-09-07 11:43:26 -04:00
/* Capture a bad request or response and archive it in the proxy's structure.
* It is relatively protocol-agnostic so it requires that a number of elements
* are passed :
* - <proxy> is the proxy where the error was detected and where the snapshot
* needs to be stored
CLEANUP: fix typos in the proxy subsystem Fix typos in the code comments of the proxy subsystem.
2018-11-15 14:46:55 -05:00
* - <is_back> indicates that the error happened when receiving the response
MINOR: proxy: add a new generic proxy_capture_error() This function now captures an error regardless of its side and protocol. The caller must pass a number of elements and may pass a protocol-specific structure and a callback to display it. Later this function may deal with more advanced allocation techniques to avoid allocating as many buffers as proxies.
2018-09-07 11:43:26 -04:00
* - <other_end> is a pointer to the proxy on the other side when known
* - <target> is the target of the connection, usually a server or a proxy
* - <sess> is the session which experienced the error
* - <ctx> may be NULL or should contain any info relevant to the protocol
* - <buf> is the buffer containing the offending data
* - <buf_ofs> is the position of this buffer's input data in the input
* stream, starting at zero. It may be passed as zero if unknown.
* - <buf_out> is the portion of <buf->data> which was already forwarded and
* which precedes the buffer's input. The buffer's input starts at
* buf->head + buf_out.
* - <err_pos> is the pointer to the faulty byte in the buffer's input.
* - <show> is the callback to use to display <ctx>. It may be NULL.
*/
void proxy_capture_error(struct proxy *proxy, int is_back,
struct proxy *other_end, enum obj_type *target,
const struct session *sess,
const struct buffer *buf, long buf_ofs,
unsigned int buf_out, unsigned int err_pos,
const union error_snapshot_ctx *ctx,
void (*show)(struct buffer *, const struct error_snapshot *))
{
struct error_snapshot *es;
unsigned int buf_len;
int len1, len2;
MEDIUM: snapshots: dynamically allocate the snapshots Now upon error we dynamically allocate the snapshot instead of overwriting it. This way there is no more memory wasted in the proxy to hold the two error snapshot descriptors. Also an appreciable side effect of this is that the proxy's lock is only taken during the pointer swap, no more while copying the buffer's contents. This saves 480 bytes of memory per proxy.
2018-09-07 13:02:32 -04:00
unsigned int ev_id;
CLEANUP: atomic: add a fetch-and-xxx variant for common operations The fetch_and_xxx variant is often missing for add/sub/and/or. In fact it was only provided for ADD under the name XADD which corresponds to the x86 instruction name. But for destructive operations like AND and OR it's missing even more as it's not possible to know the value before modifying it. This patch explicitly adds HA_ATOMIC_FETCH_{OR,AND,ADD,SUB} which cover these standard operations, and renames XADD to FETCH_ADD (there were only 6 call places). In the future, backport of fixes involving such operations could simply remap FETCH_ADD(x) to XADD(x), FETCH_SUB(x) to XADD(-x), and for the OR/AND if needed, these could possibly be done using BTS/BTR. It's worth noting that xchg could have been renamed to fetch_and_store() but xchg already has well understood semantics and it wasn't needed to go further.
2021-04-06 05:57:41 -04:00
ev_id = HA_ATOMIC_FETCH_ADD(&error_snapshot_id, 1);
MEDIUM: snapshots: dynamically allocate the snapshots Now upon error we dynamically allocate the snapshot instead of overwriting it. This way there is no more memory wasted in the proxy to hold the two error snapshot descriptors. Also an appreciable side effect of this is that the proxy's lock is only taken during the pointer swap, no more while copying the buffer's contents. This saves 480 bytes of memory per proxy.
2018-09-07 13:02:32 -04:00
MEDIUM: snapshot: merge the captured data after the descriptor Instead of having a separate area for the captured data, we now have a contigous block made of the descriptor and the data. At the moment, since the area is dynamically allocated, we can adjust its size to what is needed, but the idea is to quickly switch to a pool and an LRU list.
2018-09-07 14:07:17 -04:00
buf_len = b_data(buf) - buf_out;
es = malloc(sizeof(*es) + buf_len);
MEDIUM: snapshots: dynamically allocate the snapshots Now upon error we dynamically allocate the snapshot instead of overwriting it. This way there is no more memory wasted in the proxy to hold the two error snapshot descriptors. Also an appreciable side effect of this is that the proxy's lock is only taken during the pointer swap, no more while copying the buffer's contents. This saves 480 bytes of memory per proxy.
2018-09-07 13:02:32 -04:00
if (!es)
return;
MINOR: tree-wide: Use the buffer size instead of global setting when possible At many places, we rely on global.tune.bufsize value instead of using the buffer size. For now, it is not a problem. But if we want to be able to deal with buffers of different sizes, it is good to reduce as far as possible dependencies on the global value. most of time, we can use b_size() or c_size() functions. The main change is performed on the error snapshot where the buffer size was added into the error_snapshot structure.
2026-01-28 04:54:41 -05:00
es->buf_size = buf->size;
MEDIUM: snapshot: merge the captured data after the descriptor Instead of having a separate area for the captured data, we now have a contigous block made of the descriptor and the data. At the moment, since the area is dynamically allocated, we can adjust its size to what is needed, but the idea is to quickly switch to a pool and an LRU list.
2018-09-07 14:07:17 -04:00
es->buf_len = buf_len;
es->ev_id = ev_id;
MINOR: proxy: add a new generic proxy_capture_error() This function now captures an error regardless of its side and protocol. The caller must pass a number of elements and may pass a protocol-specific structure and a callback to display it. Later this function may deal with more advanced allocation techniques to avoid allocating as many buffers as proxies.
2018-09-07 11:43:26 -04:00
BUG/MINOR: proxy: Fix input data copy when an error is captured In proxy_capture_error(), input data are copied in the error snapshot. The copy must take care of the data wrapping. But the length of the first block is wrong. It should be the amount of contiguous input data that can be copied starting from the input's beginning. But the mininum between the input length and the buffer size minus the input length is used instead. So it is a problem if input data are wrapping or if more than the half of the buffer is used by input data. This patch must be backported as far as 1.9.
2020-01-06 05:37:00 -05:00
len1 = b_size(buf) - b_peek_ofs(buf, buf_out);
MINOR: proxy: add a new generic proxy_capture_error() This function now captures an error regardless of its side and protocol. The caller must pass a number of elements and may pass a protocol-specific structure and a callback to display it. Later this function may deal with more advanced allocation techniques to avoid allocating as many buffers as proxies.
2018-09-07 11:43:26 -04:00
if (len1 > buf_len)
len1 = buf_len;
MEDIUM: snapshot: merge the captured data after the descriptor Instead of having a separate area for the captured data, we now have a contigous block made of the descriptor and the data. At the moment, since the area is dynamically allocated, we can adjust its size to what is needed, but the idea is to quickly switch to a pool and an LRU list.
2018-09-07 14:07:17 -04:00
if (len1) {
MINOR: proxy: add a new generic proxy_capture_error() This function now captures an error regardless of its side and protocol. The caller must pass a number of elements and may pass a protocol-specific structure and a callback to display it. Later this function may deal with more advanced allocation techniques to avoid allocating as many buffers as proxies.
2018-09-07 11:43:26 -04:00
memcpy(es->buf, b_peek(buf, buf_out), len1);
MEDIUM: snapshot: merge the captured data after the descriptor Instead of having a separate area for the captured data, we now have a contigous block made of the descriptor and the data. At the moment, since the area is dynamically allocated, we can adjust its size to what is needed, but the idea is to quickly switch to a pool and an LRU list.
2018-09-07 14:07:17 -04:00
len2 = buf_len - len1;
MINOR: proxy: add a new generic proxy_capture_error() This function now captures an error regardless of its side and protocol. The caller must pass a number of elements and may pass a protocol-specific structure and a callback to display it. Later this function may deal with more advanced allocation techniques to avoid allocating as many buffers as proxies.
2018-09-07 11:43:26 -04:00
if (len2)
memcpy(es->buf + len1, b_orig(buf), len2);
}
es->buf_err = err_pos;
es->when = date; // user-visible date
es->srv = objt_server(target);
es->oe = other_end;
BUG/MEDIUM: connections: Don't assume the connection has a valid session. Don't assume the connection always has a valid session in "owner". Instead, attempt to retrieve the session from the stream, and modify the error snapshot code to not assume we always have a session, or the proxy for the other end.
2020-03-12 10:30:17 -04:00
if (sess && objt_conn(sess->origin) && conn_get_src(__objt_conn(sess->origin)))
MINOR: proxy: switch to conn->src in error snapshots The source address was taken unchecked from a client connection. In practice we know it's set but better strengthen this now.
2019-07-17 09:20:02 -04:00
es->src = *__objt_conn(sess->origin)->src;
MINOR: proxy: add a new generic proxy_capture_error() This function now captures an error regardless of its side and protocol. The caller must pass a number of elements and may pass a protocol-specific structure and a callback to display it. Later this function may deal with more advanced allocation techniques to avoid allocating as many buffers as proxies.
2018-09-07 11:43:26 -04:00
else
memset(&es->src, 0, sizeof(es->src));
es->buf_wrap = b_wrap(buf) - b_peek(buf, buf_out);
es->buf_out = buf_out;
es->buf_ofs = buf_ofs;
/* be sure to indicate the offset of the first IN byte */
if (es->buf_ofs >= es->buf_len)
es->buf_ofs -= es->buf_len;
else
es->buf_ofs = 0;
/* protocol-specific part now */
if (ctx)
es->ctx = *ctx;
else
memset(&es->ctx, 0, sizeof(es->ctx));
es->show = show;
MEDIUM: snapshots: dynamically allocate the snapshots Now upon error we dynamically allocate the snapshot instead of overwriting it. This way there is no more memory wasted in the proxy to hold the two error snapshot descriptors. Also an appreciable side effect of this is that the proxy's lock is only taken during the pointer swap, no more while copying the buffer's contents. This saves 480 bytes of memory per proxy.
2018-09-07 13:02:32 -04:00
/* note: we still lock since we have to be certain that nobody is
* dumping the output while we free.
*/
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &proxy->lock);
MEDIUM: snapshots: dynamically allocate the snapshots Now upon error we dynamically allocate the snapshot instead of overwriting it. This way there is no more memory wasted in the proxy to hold the two error snapshot descriptors. Also an appreciable side effect of this is that the proxy's lock is only taken during the pointer swap, no more while copying the buffer's contents. This saves 480 bytes of memory per proxy.
2018-09-07 13:02:32 -04:00
if (is_back) {
es = HA_ATOMIC_XCHG(&proxy->invalid_rep, es);
} else {
es = HA_ATOMIC_XCHG(&proxy->invalid_req, es);
}
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &proxy->lock);
BUG/MEDIUM: captures: free() an error capture out of the proxy lock Ed Hein reported in github issue #1856 some occasional watchdog panics in 2.4.18 showing extreme contention on the proxy's lock while the libc was in malloc()/free(). One cause of this problem is that we call free() under the proxy's lock in proxy_capture_error(), which makes no sense since if we can free the object under the lock after it's been detached, we can also free it after releasing the lock (since it's not referenced anymore). This should be backported to all relevant versions, likely all supported ones.
2022-09-17 05:07:19 -04:00
ha_free(&es);
MINOR: proxy: add a new generic proxy_capture_error() This function now captures an error regardless of its side and protocol. The caller must pass a number of elements and may pass a protocol-specific structure and a callback to display it. Later this function may deal with more advanced allocation techniques to avoid allocating as many buffers as proxies.
2018-09-07 11:43:26 -04:00
}
MEDIUM: config: don't enforce a low frontend maxconn value anymore Historically the default frontend's maxconn used to be quite low (2000), which was sufficient two decades ago but often proved to be a problem when users had purposely set the global maxconn value but forgot to set the frontend's. There is no point in keeping this arbitrary limit for frontends : when the global maxconn is lower, it's already too high and when the global maxconn is much higher, it becomes a limiting factor which causes trouble in production. This commit allows the value to be set to zero, which becomes the new default value, to mean it's not directly limited, or in fact it's set to the global maxconn. Since this operation used to be performed before computing a possibly automatic global maxconn based on memory limits, the calculation of the maxconn value and its propagation to the backends' fullconn has now moved to a dedicated function, proxy_adjust_all_maxconn(), which is called once the global maxconn is stabilized. This comes with two benefits : 1) a configuration missing "maxconn" in the defaults section will not limit itself to a magically hardcoded value but will scale up to the global maxconn ; 2) when the global maxconn is not set and memory limits are used instead, the frontends' maxconn automatically adapts, and the backends' fullconn as well.
2019-02-27 11:25:52 -05:00
/* Configure all proxies which lack a maxconn setting to use the global one by
* default. This avoids the common mistake consisting in setting maxconn only
* in the global section and discovering the hard way that it doesn't propagate
* through the frontends. These values are also propagated through the various
CLEANUP: assorted typo fixes in the code and comments This is 10th iteration of typo fixes
2020-06-21 12:42:57 -04:00
* targeted backends, whose fullconn is finally calculated if not yet set.
MEDIUM: config: don't enforce a low frontend maxconn value anymore Historically the default frontend's maxconn used to be quite low (2000), which was sufficient two decades ago but often proved to be a problem when users had purposely set the global maxconn value but forgot to set the frontend's. There is no point in keeping this arbitrary limit for frontends : when the global maxconn is lower, it's already too high and when the global maxconn is much higher, it becomes a limiting factor which causes trouble in production. This commit allows the value to be set to zero, which becomes the new default value, to mean it's not directly limited, or in fact it's set to the global maxconn. Since this operation used to be performed before computing a possibly automatic global maxconn based on memory limits, the calculation of the maxconn value and its propagation to the backends' fullconn has now moved to a dedicated function, proxy_adjust_all_maxconn(), which is called once the global maxconn is stabilized. This comes with two benefits : 1) a configuration missing "maxconn" in the defaults section will not limit itself to a magically hardcoded value but will scale up to the global maxconn ; 2) when the global maxconn is not set and memory limits are used instead, the frontends' maxconn automatically adapts, and the backends' fullconn as well.
2019-02-27 11:25:52 -05:00
*/
void proxy_adjust_all_maxconn()
{
struct proxy *curproxy;
struct switching_rule *swrule1, *swrule2;
for (curproxy = proxies_list; curproxy; curproxy = curproxy->next) {
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (curproxy->flags & (PR_FL_DISABLED|PR_FL_STOPPED))
MEDIUM: config: don't enforce a low frontend maxconn value anymore Historically the default frontend's maxconn used to be quite low (2000), which was sufficient two decades ago but often proved to be a problem when users had purposely set the global maxconn value but forgot to set the frontend's. There is no point in keeping this arbitrary limit for frontends : when the global maxconn is lower, it's already too high and when the global maxconn is much higher, it becomes a limiting factor which causes trouble in production. This commit allows the value to be set to zero, which becomes the new default value, to mean it's not directly limited, or in fact it's set to the global maxconn. Since this operation used to be performed before computing a possibly automatic global maxconn based on memory limits, the calculation of the maxconn value and its propagation to the backends' fullconn has now moved to a dedicated function, proxy_adjust_all_maxconn(), which is called once the global maxconn is stabilized. This comes with two benefits : 1) a configuration missing "maxconn" in the defaults section will not limit itself to a magically hardcoded value but will scale up to the global maxconn ; 2) when the global maxconn is not set and memory limits are used instead, the frontends' maxconn automatically adapts, and the backends' fullconn as well.
2019-02-27 11:25:52 -05:00
continue;
if (!(curproxy->cap & PR_CAP_FE))
continue;
if (!curproxy->maxconn)
curproxy->maxconn = global.maxconn;
/* update the target backend's fullconn count : default_backend */
if (curproxy->defbe.be)
curproxy->defbe.be->tot_fe_maxconn += curproxy->maxconn;
else if ((curproxy->cap & PR_CAP_LISTEN) == PR_CAP_LISTEN)
curproxy->tot_fe_maxconn += curproxy->maxconn;
list_for_each_entry(swrule1, &curproxy->switching_rules, list) {
/* For each target of switching rules, we update their
* tot_fe_maxconn, except if a previous rule points to
* the same backend or to the default backend.
*/
if (swrule1->be.backend != curproxy->defbe.be) {
BUG/MAJOR: config: Wrong maxconn adjustment. Before c8d5b95 the "maxconn" of the backend of dynamic "use_backend" rules was not modified (this does not make sense and this is correct). When implementing proxy_adjust_all_maxconn(), c8d5b95 commit missed this case. With this patch we adjust the "maxconn" of the backend of such rules only if they are not dynamic. Without this patch reg-tests/http-rules/h00003.vtc could make haproxy crash.
2019-03-07 09:02:52 -05:00
/* note: swrule1->be.backend isn't a backend if the rule
* is dynamic, it's an expression instead, so it must not
* be dereferenced as a backend before being certain it is.
*/
MEDIUM: config: don't enforce a low frontend maxconn value anymore Historically the default frontend's maxconn used to be quite low (2000), which was sufficient two decades ago but often proved to be a problem when users had purposely set the global maxconn value but forgot to set the frontend's. There is no point in keeping this arbitrary limit for frontends : when the global maxconn is lower, it's already too high and when the global maxconn is much higher, it becomes a limiting factor which causes trouble in production. This commit allows the value to be set to zero, which becomes the new default value, to mean it's not directly limited, or in fact it's set to the global maxconn. Since this operation used to be performed before computing a possibly automatic global maxconn based on memory limits, the calculation of the maxconn value and its propagation to the backends' fullconn has now moved to a dedicated function, proxy_adjust_all_maxconn(), which is called once the global maxconn is stabilized. This comes with two benefits : 1) a configuration missing "maxconn" in the defaults section will not limit itself to a magically hardcoded value but will scale up to the global maxconn ; 2) when the global maxconn is not set and memory limits are used instead, the frontends' maxconn automatically adapts, and the backends' fullconn as well.
2019-02-27 11:25:52 -05:00
list_for_each_entry(swrule2, &curproxy->switching_rules, list) {
if (swrule2 == swrule1) {
BUG/MAJOR: config: Wrong maxconn adjustment. Before c8d5b95 the "maxconn" of the backend of dynamic "use_backend" rules was not modified (this does not make sense and this is correct). When implementing proxy_adjust_all_maxconn(), c8d5b95 commit missed this case. With this patch we adjust the "maxconn" of the backend of such rules only if they are not dynamic. Without this patch reg-tests/http-rules/h00003.vtc could make haproxy crash.
2019-03-07 09:02:52 -05:00
if (!swrule1->dynamic)
swrule1->be.backend->tot_fe_maxconn += curproxy->maxconn;
MEDIUM: config: don't enforce a low frontend maxconn value anymore Historically the default frontend's maxconn used to be quite low (2000), which was sufficient two decades ago but often proved to be a problem when users had purposely set the global maxconn value but forgot to set the frontend's. There is no point in keeping this arbitrary limit for frontends : when the global maxconn is lower, it's already too high and when the global maxconn is much higher, it becomes a limiting factor which causes trouble in production. This commit allows the value to be set to zero, which becomes the new default value, to mean it's not directly limited, or in fact it's set to the global maxconn. Since this operation used to be performed before computing a possibly automatic global maxconn based on memory limits, the calculation of the maxconn value and its propagation to the backends' fullconn has now moved to a dedicated function, proxy_adjust_all_maxconn(), which is called once the global maxconn is stabilized. This comes with two benefits : 1) a configuration missing "maxconn" in the defaults section will not limit itself to a magically hardcoded value but will scale up to the global maxconn ; 2) when the global maxconn is not set and memory limits are used instead, the frontends' maxconn automatically adapts, and the backends' fullconn as well.
2019-02-27 11:25:52 -05:00
break;
}
else if (!swrule2->dynamic && swrule2->be.backend == swrule1->be.backend) {
/* there are multiple refs of this backend */
break;
}
}
}
}
}
/* automatically compute fullconn if not set. We must not do it in the
* loop above because cross-references are not yet fully resolved.
*/
for (curproxy = proxies_list; curproxy; curproxy = curproxy->next) {
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (curproxy->flags & (PR_FL_DISABLED|PR_FL_STOPPED))
MEDIUM: config: don't enforce a low frontend maxconn value anymore Historically the default frontend's maxconn used to be quite low (2000), which was sufficient two decades ago but often proved to be a problem when users had purposely set the global maxconn value but forgot to set the frontend's. There is no point in keeping this arbitrary limit for frontends : when the global maxconn is lower, it's already too high and when the global maxconn is much higher, it becomes a limiting factor which causes trouble in production. This commit allows the value to be set to zero, which becomes the new default value, to mean it's not directly limited, or in fact it's set to the global maxconn. Since this operation used to be performed before computing a possibly automatic global maxconn based on memory limits, the calculation of the maxconn value and its propagation to the backends' fullconn has now moved to a dedicated function, proxy_adjust_all_maxconn(), which is called once the global maxconn is stabilized. This comes with two benefits : 1) a configuration missing "maxconn" in the defaults section will not limit itself to a magically hardcoded value but will scale up to the global maxconn ; 2) when the global maxconn is not set and memory limits are used instead, the frontends' maxconn automatically adapts, and the backends' fullconn as well.
2019-02-27 11:25:52 -05:00
continue;
/* If <fullconn> is not set, let's set it to 10% of the sum of
* the possible incoming frontend's maxconns.
*/
if (!curproxy->fullconn && (curproxy->cap & PR_CAP_BE)) {
/* we have the sum of the maxconns in <total>. We only
* keep 10% of that sum to set the default fullconn, with
* a hard minimum of 1 (to avoid a divide by zero).
*/
curproxy->fullconn = (curproxy->tot_fe_maxconn + 9) / 10;
if (!curproxy->fullconn)
curproxy->fullconn = 1;
}
}
}
MEDIUM: proxy: register a post-section cleanup function For listen/frontend/backend, we now want to be able to clean up the default-server directive that's no longer used past the end of the section. For this we register a post-section function and perform the cleanup there.
2025-07-11 02:58:48 -04:00
/* releases what's no longer needed after a proxy section covering <curproxy>.
* Returns an error code made of ERR_*, or 0 on success.
*/
static int post_section_px_cleanup()
{
BUG/MINOR: proxy: avoid NULL-deref in post_section_px_cleanup() post_section_px_cleanup(), which was implemented in abcc73830 ("MEDIUM: proxy: register a post-section cleanup function"), is called for the current section no matter if the parsing was aborted due to a fatal error. In this case, the curproxy pointer may point to NULL, yet post_section_px_cleanup() assumes curproxy pointer is always valid, which could lead to NULL-deref. For instance, the config below will cause SEGFAULT: listen toto titi To fix the issue, let's simply consider that the curproxy pointer may be NULL in post_section_px_cleanup(), in which case we skip the cleanup for the curproxy since there is nothing we can do. No backport needed
2025-08-07 07:04:26 -04:00
if (!curproxy)
return 0; // nothing to do
MEDIUM: proxy: register a post-section cleanup function For listen/frontend/backend, we now want to be able to clean up the default-server directive that's no longer used past the end of the section. For this we register a post-section function and perform the cleanup there.
2025-07-11 02:58:48 -04:00
if ((curproxy->cap & PR_CAP_LISTEN) && !(curproxy->cap & PR_CAP_DEF)) {
/* This is a regular proxy (not defaults). It doesn't need
* to keep a default-server section if it still had one. We
* want to keep it for defaults however, obviously.
*/
if (curproxy->defsrv) {
ha_free((char **)&curproxy->defsrv->conf.file);
MEDIUM: server: introduce srv_alloc()/srv_free() to alloc/free a server It happens that we free servers at various places in the code, both on error paths and at runtime thanks to the "server delete" feature. In order to switch to an aligned struct, we'll need to change the calloc() and free() calls. Let's first spot them and switch them to srv_alloc() and srv_free() instead of using calloc() and either free() or ha_free(). An easy trap to fall into is that some of them are default-server entries. The new srv_free() function also resets the pointer like ha_free() does. This was done by running the following coccinelle script all over the code: @@ struct server *srv; @@ ( - free(srv) + srv_free(&srv) | - ha_free(&srv) + srv_free(&srv) ) @@ struct server *srv; expression e1; expression e2; @@ ( - srv = malloc(e1) + srv = srv_alloc() | - srv = calloc(e1, e2) + srv = srv_alloc() ) This is marked medium because despite spotting all call places, we can never rule out the possibility that some out-of-tree patches would allocate their own servers and continue to use the old API... at their own risk.
2025-08-13 05:52:59 -04:00
srv_free(&curproxy->defsrv);
MEDIUM: proxy: register a post-section cleanup function For listen/frontend/backend, we now want to be able to clean up the default-server directive that's no longer used past the end of the section. For this we register a post-section function and perform the cleanup there.
2025-07-11 02:58:48 -04:00
}
}
return 0;
}
REGISTER_CONFIG_POST_SECTION("frontend", post_section_px_cleanup);
REGISTER_CONFIG_POST_SECTION("backend", post_section_px_cleanup);
REGISTER_CONFIG_POST_SECTION("listen", post_section_px_cleanup);
REGISTER_CONFIG_POST_SECTION("defaults", post_section_px_cleanup);
MINOR: proxy: add a new generic proxy_capture_error() This function now captures an error regardless of its side and protocol. The caller must pass a number of elements and may pass a protocol-specific structure and a callback to display it. Later this function may deal with more advanced allocation techniques to avoid allocating as many buffers as proxies.
2018-09-07 11:43:26 -04:00
/* Config keywords below */
BUG/MEDIUM: prevent gcc from moving empty keywords lists into BSS Benoit Dolez reported a failure to start haproxy 1.5-dev19. The process would immediately report an internal error with missing fetches from some crap instead of ACL names. The cause is that some versions of gcc seem to trim static structs containing a variable array when moving them to BSS, and only keep the fixed size, which is just a list head for all ACL and sample fetch keywords. This was confirmed at least with gcc 3.4.6. And we can't move these structs to const because they contain a list element which is needed to link all of them together during the parsing. The bug indeed appeared with 1.5-dev19 because it's the first one to have some empty ACL keyword lists. One solution is to impose -fno-zero-initialized-in-bss to everyone but this is not really nice. Another solution consists in ensuring the struct is never empty so that it does not move there. The easy solution consists in having a non-null list head since it's not yet initialized. A new "ILH" list head type was thus created for this purpose : create an Initialized List Head so that gcc cannot move the struct to BSS. This fixes the issue for this version of gcc and does not create any burden for the declarations.
2013-06-21 17:16:39 -04:00
static struct cfg_kw_list cfg_kws = {ILH, {
MINOR: proxy: add a global "grace" directive to postpone soft-stop In ticket #1348 some users expressed some concerns regarding the removal of the "grace" directive from the proxies. Their use case very closely mimmicks the original intent of the grace keyword, which is, let haproxy accept traffic for some time when stopping, while indicating an external LB that it's stopping. This is implemented here by starting a task whose expiration triggers the soft-stop for real. The global "stopping" variable is immediately set however. For example, this below will be sufficient to instantly notify an external check on port 9999 that the service is going down, while other services remain active for 10s: global grace 10s frontend ext-check bind :9999 monitor-uri /ext-check monitor fail if { stopping }
2021-09-07 04:49:45 -04:00
{ CFG_GLOBAL, "grace", proxy_parse_grace },
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
{ CFG_GLOBAL, "hard-stop-after", proxy_parse_hard_stop_after },
MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window The new 'close-spread-time' global option can be used to spread idle and active HTTP connction closing after a SIGUSR1 signal is received. This allows to limit bursts of reconnections when too many idle connections are closed at once. Indeed, without this new mechanism, in case of soft-stop, all the idle connections would be closed at once (after the grace period is over), and all active HTTP connections would be closed by appending a "Connection: close" header to the next response that goes over it (or via a GOAWAY frame in case of HTTP2). This patch adds the support of this new option for HTTP as well as HTTP2 connections. It works differently on active and idle connections. On active connections, instead of sending systematically the GOAWAY frame or adding the 'Connection: close' header like before once the soft-stop has started, a random based on the remainder of the close window is calculated, and depending on its result we could decide to keep the connection alive. The random will be recalculated for any subsequent request/response on this connection so the GOAWAY will still end up being sent, but we might wait a few more round trips. This will ensure that goaways are distributed along a longer time window than before. On idle connections, a random factor is used when determining the expire field of the connection's task, which should naturally spread connection closings on the time window (see h2c_update_timeout). This feature request was described in GitHub issue #1614. This patch should be backported to 2.5. It depends on "BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts" which refactorized the timeout management of HTTP2 connections.
2022-04-08 12:04:18 -04:00
{ CFG_GLOBAL, "close-spread-time", proxy_parse_close_spread_time },
[MEDIUM] modularize the "timeout" keyword configuration parser The "timeout" keyword already relied on an external parser, let's make use of the new keyword registration mechanism.
2008-07-09 14:34:27 -04:00
{ CFG_LISTEN, "timeout", proxy_parse_timeout },
MEDIUM: Make '(cli|con|srv)timeout' directive fatal They were deprecated with HAProxy 1.5. Time to remove them.
2019-05-14 14:57:59 -04:00
{ CFG_LISTEN, "clitimeout", proxy_parse_timeout }, /* This keyword actually fails to parse, this line remains for better error messages. */
{ CFG_LISTEN, "contimeout", proxy_parse_timeout }, /* This keyword actually fails to parse, this line remains for better error messages. */
{ CFG_LISTEN, "srvtimeout", proxy_parse_timeout }, /* This keyword actually fails to parse, this line remains for better error messages. */
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
{ CFG_LISTEN, "rate-limit", proxy_parse_rate_limit },
MINOR: http: implement the max-keep-alive-queue setting Finn Arne Gangstad suggested that we should have the ability to break keep-alive when the target server has reached its maxconn and that a number of connections are present in the queue. After some discussion around his proposed patch, the following solution was suggested : have a per-proxy setting to fix a limit to the number of queued connections on a server after which we break keep-alive. This ensures that even in high latency networks where keep-alive is beneficial, we try to find a different server. This patch is partially based on his original proposal and implements this configurable threshold.
2014-04-25 07:58:37 -04:00
{ CFG_LISTEN, "max-keep-alive-queue", proxy_parse_max_ka_queue },
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
{ CFG_LISTEN, "declare", proxy_parse_declare },
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
{ CFG_LISTEN, "retry-on", proxy_parse_retry_on },
MEDIUM: lb-chash: add directive hash-preserve-affinity When using hash-based load balancing, requests are always assigned to the server corresponding to the hash bucket for the balancing key, without taking maxconn or maxqueue into account, unlike in other load balancing methods like 'first'. This adds a new backend directive that can be used to take maxconn and possibly maxqueue in that context. This can be used when hashing is desired to achieve cache locality, but sending requests to a different server is preferable to queuing for a long time or failing requests when the initial server is saturated. By default, affinity is preserved as was the case previously. When 'hash-preserve-affinity' is set to 'maxqueue', servers are considered successively in the order of the hash ring until a server that does not have a full queue is found. When 'maxconn' is set on a server, queueing cannot be disabled, as 'maxqueue=0' means unlimited. To support picking a different server when a server is at 'maxconn' irrespective of the queue, 'hash-preserve-affinity' can be set to 'maxconn'.
2025-03-21 06:27:21 -04:00
{ CFG_LISTEN, "hash-preserve-affinity", proxy_parse_hash_preserve_affinity },
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#ifdef TCP_KEEPCNT
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
{ CFG_LISTEN, "clitcpka-cnt", proxy_parse_tcpka_cnt },
{ CFG_LISTEN, "srvtcpka-cnt", proxy_parse_tcpka_cnt },
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#endif
#ifdef TCP_KEEPIDLE
{ CFG_LISTEN, "clitcpka-idle", proxy_parse_tcpka_idle },
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
{ CFG_LISTEN, "srvtcpka-idle", proxy_parse_tcpka_idle },
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#endif
#ifdef TCP_KEEPINTVL
{ CFG_LISTEN, "clitcpka-intvl", proxy_parse_tcpka_intvl },
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
{ CFG_LISTEN, "srvtcpka-intvl", proxy_parse_tcpka_intvl },
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#endif
MEDIUM: proxy: force traffic on unpublished/disabled backends A recent patch has introduced a new state for proxies : unpublished backends. Such backends won't be eligilible for traffic, thus use_backend/default_backend rules which target them won't match and content switching rules processing will continue. This patch defines a new frontend keywords 'force-be-switch'. This keyword allows to ignore unpublished or disabled state. Thus, use_backend/default_backend will match even if the target backend is unpublished or disabled. This is useful to be able to test a backend instance before exposing it outside. This new keyword is converted into a persist rule of new type PERSIST_TYPE_BE_SWITCH, stored in persist_rules list proxy member. This is the only persist rule applicable to frontend side. Prior to this commit, pure frontend proxies persist_rules list were always empty. This new features requires adjustment in process_switching_rules(). Now, when a use_backend/default_backend rule matches with an non eligible backend, frontend persist_rules are inspected to detect if a force-be-switch is present so that the backend may be selected.
2026-01-07 08:15:14 -05:00
{ CFG_LISTEN, "force-be-switch", proxy_parse_force_be_switch },
MINOR: proxy: implement GUID support Implement proxy identiciation through GUID. As such, a guid_node member is inserted into proxy structure. A proxy keyword "guid" is defined to allow user to fix its value.
2024-03-26 10:26:43 -04:00
{ CFG_LISTEN, "guid", proxy_parse_guid },
[MEDIUM] modularize the "timeout" keyword configuration parser The "timeout" keyword already relied on an external parser, let's make use of the new keyword registration mechanism.
2008-07-09 14:34:27 -04:00
{ 0, NULL, NULL },
}};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 13:14:37 -05:00
INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
MINOR: proxy: create new function cli_find_frontend() to find a frontend Several CLI commands require a frontend, so let's have a function to look this one up and prepare the appropriate error message and the appctx's state in case of failure.
2016-11-24 06:02:29 -05:00
/* Expects to find a frontend named <arg> and returns it, otherwise displays various
* adequate error messages and returns NULL. This function is designed to be used by
* functions requiring a frontend on the CLI.
*/
struct proxy *cli_find_frontend(struct appctx *appctx, const char *arg)
{
struct proxy *px;
if (!*arg) {
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
cli_err(appctx, "A frontend name is expected.\n");
MINOR: proxy: create new function cli_find_frontend() to find a frontend Several CLI commands require a frontend, so let's have a function to look this one up and prepare the appropriate error message and the appctx's state in case of failure.
2016-11-24 06:02:29 -05:00
return NULL;
}
px = proxy_fe_by_name(arg);
if (!px) {
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
cli_err(appctx, "No such frontend.\n");
MINOR: proxy: create new function cli_find_frontend() to find a frontend Several CLI commands require a frontend, so let's have a function to look this one up and prepare the appropriate error message and the appctx's state in case of failure.
2016-11-24 06:02:29 -05:00
return NULL;
}
return px;
}
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
/* Expects to find a backend named <arg> and returns it, otherwise displays various
* adequate error messages and returns NULL. This function is designed to be used by
* functions requiring a frontend on the CLI.
*/
struct proxy *cli_find_backend(struct appctx *appctx, const char *arg)
{
struct proxy *px;
if (!*arg) {
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
cli_err(appctx, "A backend name is expected.\n");
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
return NULL;
}
px = proxy_be_by_name(arg);
if (!px) {
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
cli_err(appctx, "No such backend.\n");
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
return NULL;
}
return px;
}
MINOR: cli/proxy: add a new "show servers conn" command This command reuses the existing "show servers state" to also dump the state of active and idle connections. The main use is to serve as a debugging tool to troubleshot connection reuse issues.
2020-07-01 01:00:59 -04:00
/* parse a "show servers [state|conn]" CLI line, returns 0 if it wants to start
* the dump or 1 if it stops immediately. If an argument is specified, it will
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
* reserve a show_srv_ctx context and set the proxy pointer into ->px, its ID
* into ->only_pxid, and ->show_conn to 0 for "state", or 1 for "conn".
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
*/
MEDIUM: cli: Add payload support In order to use arbitrary data in the CLI (multiple lines or group of words that must be considered as a whole, for example), it is now possible to add a payload to the commands. To do so, the first line needs to end with a special pattern: <<\n. Everything that follows will be left untouched by the CLI parser and will be passed to the commands parsers. Per-command support will need to be added to take advantage of this feature. Signed-off-by: Aurlien Nephtali <aurelien.nephtali@corp.ovh.com>
2018-04-18 07:26:46 -04:00
static int cli_parse_show_servers(char **args, char *payload, struct appctx *appctx, void *private)
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
{
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
struct show_srv_ctx *ctx = applet_reserve_svcctx(appctx, sizeof(*ctx));
MINOR: appctx/cli: remove the "server_state" entry from the appctx union This one now migrates to the general purpose cli.p0 for the proxy pointer, cli.p1 for the server pointer, and cli.i0 for the proxy's instance if only one has to be dumped.
2016-12-16 12:23:39 -05:00
struct proxy *px;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
ctx->show_conn = *args[2] == 'c'; // "conn" vs "state"
MINOR: cli/proxy: add a new "show servers conn" command This command reuses the existing "show servers state" to also dump the state of active and idle connections. The main use is to serve as a debugging tool to troubleshot connection reuse issues.
2020-07-01 01:00:59 -04:00
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
/* check if a backend name has been provided */
if (*args[3]) {
/* read server state from local file */
MINOR: appctx/cli: remove the "server_state" entry from the appctx union This one now migrates to the general purpose cli.p0 for the proxy pointer, cli.p1 for the server pointer, and cli.i0 for the proxy's instance if only one has to be dumped.
2016-12-16 12:23:39 -05:00
px = proxy_be_by_name(args[3]);
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
if (!px)
return cli_err(appctx, "Can't find backend.\n");
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
ctx->px = px;
ctx->only_pxid = px->uuid;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
}
return 0;
}
MEDIUM: server: support {check,agent}_addr, agent_port in server state logical followup from cli commands addition, so that the state server file stays compatible with the changes made at runtime; use previously added helper to load server attributes. also alloc a specific chunk to avoid mixing with other called functions using it Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-02-11 16:51:26 -05:00
/* helper to dump server addr */
static void dump_server_addr(const struct sockaddr_storage *addr, char *addr_str)
{
addr_str[0] = '\0';
switch (addr->ss_family) {
case AF_INET:
case AF_INET6:
addr_to_str(addr, addr_str, INET6_ADDRSTRLEN + 1);
break;
default:
memcpy(addr_str, "-\0", 2);
break;
}
}
BUG/MINOR: proxy: fix dump_server_state()'s misuse of the trash dump_server_state() claims to dump into a buffer but instead it writes into a buffer then dumps the trash into the channel, so it only supports being called with buf=&trash and doesn't need this buffer. There doesn't seem to be any current impact of this mistake since the function is called from one location only. A backport may be performed if it helps fixing other bugs but it will not fix an existing bug by itself.
2020-07-01 01:02:42 -04:00
/* dumps server state information for all the servers found in backend cli.p0.
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
* These information are all the parameters which may change during HAProxy runtime.
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
* By default, we only export to the last known server state file format. These
* information can be used at next startup to recover same level of server
* state. It takes its context from show_srv_ctx, with the proxy pointer from
* ->px, the proxy's id ->only_pxid, the server's pointer from ->sv, and the
* choice of what to dump from ->show_conn.
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
*/
MEDIUM: cli/applet: Stop to test opposite SC in I/O handler of CLI commands The main CLI I/O handle is responsible to interrupt the processing on shutdown/abort. It is not the responsibility of the I/O handler of CLI commands to take care of it.
2024-02-06 08:54:54 -05:00
static int dump_servers_state(struct appctx *appctx)
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
{
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
struct show_srv_ctx *ctx = appctx->svcctx;
struct proxy *px = ctx->px;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
struct server *srv;
char srv_addr[INET6_ADDRSTRLEN + 1];
MEDIUM: server: support {check,agent}_addr, agent_port in server state logical followup from cli commands addition, so that the state server file stays compatible with the changes made at runtime; use previously added helper to load server attributes. also alloc a specific chunk to avoid mixing with other called functions using it Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-02-11 16:51:26 -05:00
char srv_agent_addr[INET6_ADDRSTRLEN + 1];
char srv_check_addr[INET6_ADDRSTRLEN + 1];
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
time_t srv_time_since_last_change;
int bk_f_forced_id, srv_f_forced_id;
BUG/MEDIUM: dns/server: fix incomatibility between SRV resolution and server state file Server state file has no indication that a server is currently managed by a DNS SRV resolution. And thus, both feature (DNS SRV resolution and server state), when used together, does not provide the expected behavior: a smooth experience... This patch introduce the "SRV record name" in the server state file and loads and applies it if found and wherever required. This patch applies to haproxy-dev branch only. For backport, a specific patch is provided for 1.8.
2018-07-02 11:00:54 -04:00
char *srvrecord;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
if (!ctx->sv)
ctx->sv = px->srv;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
for (; ctx->sv != NULL; ctx->sv = srv->next) {
srv = ctx->sv;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
MEDIUM: server: support {check,agent}_addr, agent_port in server state logical followup from cli commands addition, so that the state server file stays compatible with the changes made at runtime; use previously added helper to load server attributes. also alloc a specific chunk to avoid mixing with other called functions using it Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-02-11 16:51:26 -05:00
dump_server_addr(&srv->addr, srv_addr);
dump_server_addr(&srv->check.addr, srv_check_addr);
dump_server_addr(&srv->agent.addr, srv_agent_addr);
MEDIUM: server: add and use a separate last_change variable for internal use last_change server metric is used for 2 separate purposes. First it is used to report last server state change date for stats and other related metrics. But it is also used internally, including in sensitive paths, such as lb related stuff to take decision or perform computations (ie: in srv_dynamic_maxconn()). Due to last_change counter now being split over thread groups since 16eb0fa ("MAJOR: counters: dispatch counters over thread groups"), reading the aggregated value has a cost, and we cannot afford to consult last_change value from srv_dynamic_maxconn() anymore. Moreover, since the value is used to take decision for the current process we don't wan't the variable to be updated by another process in our back. To prevent performance regression and sharing issues, let's instead add a separate srv->last_change value, which is not updated atomically (given how rare the updates are), and only serves for places where the use of the aggregated last_change counter/stats (split over thread groups) is too costly.
2025-06-30 04:57:29 -04:00
srv_time_since_last_change = ns_to_sec(now_ns) - srv->last_change;
MINOR: appctx/cli: remove the "server_state" entry from the appctx union This one now migrates to the general purpose cli.p0 for the proxy pointer, cli.p1 for the server pointer, and cli.i0 for the proxy's instance if only one has to be dumped.
2016-12-16 12:23:39 -05:00
bk_f_forced_id = px->options & PR_O_FORCED_ID ? 1 : 0;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
srv_f_forced_id = srv->flags & SRV_F_FORCED_ID ? 1 : 0;
BUG/MEDIUM: dns/server: fix incomatibility between SRV resolution and server state file Server state file has no indication that a server is currently managed by a DNS SRV resolution. And thus, both feature (DNS SRV resolution and server state), when used together, does not provide the expected behavior: a smooth experience... This patch introduce the "SRV record name" in the server state file and loads and applies it if found and wherever required. This patch applies to haproxy-dev branch only. For backport, a specific patch is provided for 1.8.
2018-07-02 11:00:54 -04:00
srvrecord = NULL;
if (srv->srvrq && srv->srvrq->name)
srvrecord = srv->srvrq->name;
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
if (ctx->show_conn == 0) {
MINOR: cli/proxy: add a new "show servers conn" command This command reuses the existing "show servers state" to also dump the state of active and idle connections. The main use is to serve as a debugging tool to troubleshot connection reuse issues.
2020-07-01 01:00:59 -04:00
/* show servers state */
chunk_printf(&trash,
"%d %s "
"%d %s %s "
"%d %d %d %d %ld "
"%d %d %d %d %d "
MEDIUM: cli/ssl: configure ssl on server at runtime in the context of a progressive backend migration, we want to be able to activate SSL on outgoing connections to the server at runtime without reloading. This patch adds a `set server ssl` command; in order to allow that: - add `srv_use_ssl` to `show servers state` command for compatibility, also update associated parsing - when using default-server ssl setting, and `no-ssl` on server line, init SSL ctx without activating it - when triggering ssl API, de/activate SSL connections as requested - clean ongoing connections as it is done for addr/port changes, without checking prior server state example config: backend be_foo default-server ssl server srv0 127.0.0.1:6011 weight 1 no-ssl show servers state: 5 be_foo 1 srv0 127.0.0.1 2 0 1 1 15 1 0 4 0 0 0 0 - 6011 - -1 where srv0 can switch to ssl later during the runtime: set server be_foo/srv0 ssl on 5 be_foo 1 srv0 127.0.0.1 2 0 1 1 15 1 0 4 0 0 0 0 - 6011 - 1 Also update existing tests and create a new one. Signed-off-by: William Dauchy <wdauchy@gmail.com>
2020-11-14 13:25:33 -05:00
"%d %d %s %u "
MEDIUM: server: support {check,agent}_addr, agent_port in server state logical followup from cli commands addition, so that the state server file stays compatible with the changes made at runtime; use previously added helper to load server attributes. also alloc a specific chunk to avoid mixing with other called functions using it Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-02-11 16:51:26 -05:00
"%s %d %d "
"%s %s %d"
MINOR: cli/proxy: add a new "show servers conn" command This command reuses the existing "show servers state" to also dump the state of active and idle connections. The main use is to serve as a debugging tool to troubleshot connection reuse issues.
2020-07-01 01:00:59 -04:00
"\n",
MINOR: cli: anonymize 'show servers state' and 'show servers conn' Modify proxy.c in order to anonymize the following confidential data on commands 'show servers state' and 'show servers conn': - proxy name - server name - server address
2022-09-14 11:48:55 -04:00
px->uuid, HA_ANON_CLI(px->id),
MINOR: cli: use hash_ipanon to anonymized address Replace HA_ANON_CLI by hash_ipanon to anonynmized address like anonymizing address in the configuration file. No backport needed, except if anonymization mechanism is backported.
2022-09-29 04:27:33 -04:00
srv->puid, HA_ANON_CLI(srv->id),
MINOR: cli/applet: Move appctx fields only used by the CLI in a private context There are several fields in the appctx structure only used by the CLI. To make things cleaner, all these fields are now placed in a dedicated context inside the appctx structure. The final goal is to move it in the service context and add an API for cli commands to get a command coontext inside the cli context.
2025-04-24 05:17:07 -04:00
hash_ipanon(appctx->cli_ctx.anon_key, srv_addr, 0),
MINOR: cli: anonymize 'show servers state' and 'show servers conn' Modify proxy.c in order to anonymize the following confidential data on commands 'show servers state' and 'show servers conn': - proxy name - server name - server address
2022-09-14 11:48:55 -04:00
srv->cur_state, srv->cur_admin, srv->uweight, srv->iweight,
(long int)srv_time_since_last_change,
srv->check.status, srv->check.result, srv->check.health,
BUG/MINOR: server: make sure "show servers state" hides private bits In the past we've seen "show servers state" dump some internal bits for the check states, that were causing regtests to fail. The relevant bits have been added to the doc to fix the public API and make sure they do not change by accident, but the output doesn't take care of masking the undesired ones, causing regtests (and possibly user programs) to fail when new bits are added. Let's add the mask for the only documented ones (0x0F for check and 0x1F for agent respectively). This could be backported wherever the server state is present, though there's a tiny risk that some undocumented bits might have already leaked to some user scripts, so it might be wise to wait a bit before doing that or even not to backport too far.
2022-10-12 15:40:31 -04:00
srv->check.state & 0x0F, srv->agent.state & 0x1F,
MINOR: cli: Add an anonymization on a missed element in 'show server state' Add HA_ANON_CLI to the srv->hostname when using 'show servers state'. It can contain sensitive information like 'www....com' No backport needed, except if anonymization mechanism is backported.
2022-09-29 04:28:44 -04:00
bk_f_forced_id, srv_f_forced_id,
srv->hostname ? HA_ANON_CLI(srv->hostname) : "-", srv->svc_port,
MEDIUM: server: support {check,agent}_addr, agent_port in server state logical followup from cli commands addition, so that the state server file stays compatible with the changes made at runtime; use previously added helper to load server attributes. also alloc a specific chunk to avoid mixing with other called functions using it Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-02-11 16:51:26 -05:00
srvrecord ? srvrecord : "-", srv->use_ssl, srv->check.port,
srv_check_addr, srv_agent_addr, srv->agent.port);
MINOR: cli/proxy: add a new "show servers conn" command This command reuses the existing "show servers state" to also dump the state of active and idle connections. The main use is to serve as a debugging tool to troubleshot connection reuse issues.
2020-07-01 01:00:59 -04:00
} else {
/* show servers conn */
int thr;
chunk_printf(&trash,
MINOR: proxy: extend "show servers conn" output CLI command "show servers conn" is used as a debugging tool to monitor the number of connections per server. This patch extends its output by adding the content of two server counters. <served> is the first added column. It represents the number of active streams on a server. <curr_sess_idle_conns> is the second added column. This is a recently added value which account private idle connections referencing a server.
2025-08-19 09:23:21 -04:00
"%s/%s %d/%d %s %u - %u %u %u %u %u %u %u %u %d %u",
MINOR: cli: anonymize 'show servers state' and 'show servers conn' Modify proxy.c in order to anonymize the following confidential data on commands 'show servers state' and 'show servers conn': - proxy name - server name - server address
2022-09-14 11:48:55 -04:00
HA_ANON_CLI(px->id), HA_ANON_CLI(srv->id),
MINOR: cli/applet: Move appctx fields only used by the CLI in a private context There are several fields in the appctx structure only used by the CLI. To make things cleaner, all these fields are now placed in a dedicated context inside the appctx structure. The final goal is to move it in the service context and add an API for cli commands to get a command coontext inside the cli context.
2025-04-24 05:17:07 -04:00
px->uuid, srv->puid, hash_ipanon(appctx->cli_ctx.anon_key, srv_addr, 0),
MINOR: cli: anonymize 'show servers state' and 'show servers conn' Modify proxy.c in order to anonymize the following confidential data on commands 'show servers state' and 'show servers conn': - proxy name - server name - server address
2022-09-14 11:48:55 -04:00
srv->svc_port, srv->pool_purge_delay,
MINOR: proxy: extend "show servers conn" output CLI command "show servers conn" is used as a debugging tool to monitor the number of connections per server. This patch extends its output by adding the content of two server counters. <served> is the first added column. It represents the number of active streams on a server. <curr_sess_idle_conns> is the second added column. This is a recently added value which account private idle connections referencing a server.
2025-08-19 09:23:21 -04:00
srv->served,
MINOR: cli/proxy: add a new "show servers conn" command This command reuses the existing "show servers state" to also dump the state of active and idle connections. The main use is to serve as a debugging tool to troubleshot connection reuse issues.
2020-07-01 01:00:59 -04:00
srv->curr_used_conns, srv->max_used_conns, srv->est_need_conns,
MINOR: proxy: extend "show servers conn" output CLI command "show servers conn" is used as a debugging tool to monitor the number of connections per server. This patch extends its output by adding the content of two server counters. <served> is the first added column. It represents the number of active streams on a server. <curr_sess_idle_conns> is the second added column. This is a recently added value which account private idle connections referencing a server.
2025-08-19 09:23:21 -04:00
srv->curr_sess_idle_conns,
MINOR: cli/proxy: add a new "show servers conn" command This command reuses the existing "show servers state" to also dump the state of active and idle connections. The main use is to serve as a debugging tool to troubleshot connection reuse issues.
2020-07-01 01:00:59 -04:00
srv->curr_idle_nb, srv->curr_safe_nb, (int)srv->max_idle_conns, srv->curr_idle_conns);
BUG/MEDIUM: cli/proxy: don't try to dump idle connection state if there's none Commit 69f591e3b ("MINOR: cli/proxy: add a new "show servers conn" command") added the ability to dump the idle connections state for a server, but we must not do this if idle connections were not allocated, which happens if the server is configured with pool-max-conn 0. This is 2.2, no backport is needed.
2020-07-02 09:19:57 -04:00
for (thr = 0; thr < global.nbthread && srv->curr_idle_thr; thr++)
MINOR: cli/proxy: add a new "show servers conn" command This command reuses the existing "show servers state" to also dump the state of active and idle connections. The main use is to serve as a debugging tool to troubleshot connection reuse issues.
2020-07-01 01:00:59 -04:00
chunk_appendf(&trash, " %u", srv->curr_idle_thr[thr]);
chunk_appendf(&trash, "\n");
}
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
if (applet_putchk(appctx, &trash) == -1) {
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
return 0;
}
}
return 1;
}
/* Parses backend list or simply use backend name provided by the user to return
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
* states of servers to stdout. It takes its context from show_srv_ctx and dumps
* proxy ->px and stops if ->only_pxid is non-null.
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
*/
static int cli_io_handler_servers_state(struct appctx *appctx)
{
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
struct show_srv_ctx *ctx = appctx->svcctx;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
struct proxy *curproxy;
CLEANUP: proxy/cli: get rid of appctx->st2 in "show servers" Now that we have the show_srv_ctx, let's store a state in it. We only need two states here, header and list.
2022-05-05 13:26:18 -04:00
if (ctx->state == SHOW_SRV_HEAD) {
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
if (ctx->show_conn == 0)
MINOR: cli/proxy: add a new "show servers conn" command This command reuses the existing "show servers state" to also dump the state of active and idle connections. The main use is to serve as a debugging tool to troubleshot connection reuse issues.
2020-07-01 01:00:59 -04:00
chunk_printf(&trash, "%d\n# %s\n", SRV_STATE_FILE_VERSION, SRV_STATE_FILE_FIELD_NAMES);
else
chunk_printf(&trash,
MINOR: proxy: extend "show servers conn" output CLI command "show servers conn" is used as a debugging tool to monitor the number of connections per server. This patch extends its output by adding the content of two server counters. <served> is the first added column. It represents the number of active streams on a server. <curr_sess_idle_conns> is the second added column. This is a recently added value which account private idle connections referencing a server.
2025-08-19 09:23:21 -04:00
"# bkname/svname bkid/svid addr port - purge_delay served used_cur used_max need_est idle_sess unsafe_nb safe_nb idle_lim idle_cur idle_per_thr[%d]\n",
MINOR: cli/proxy: add a new "show servers conn" command This command reuses the existing "show servers state" to also dump the state of active and idle connections. The main use is to serve as a debugging tool to troubleshot connection reuse issues.
2020-07-01 01:00:59 -04:00
global.nbthread);
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
if (applet_putchk(appctx, &trash) == -1)
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
return 0;
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
CLEANUP: proxy/cli: get rid of appctx->st2 in "show servers" Now that we have the show_srv_ctx, let's store a state in it. We only need two states here, header and list.
2022-05-05 13:26:18 -04:00
ctx->state = SHOW_SRV_LIST;
if (!ctx->px)
ctx->px = proxies_list;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
}
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
for (; ctx->px != NULL; ctx->px = curproxy->next) {
curproxy = ctx->px;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
/* servers are only in backends */
BUG/MINOR: proxy: don't dump servers of internal proxies Patch 211c967 ("MINOR: httpclient: add the server to the proxy") broke the reg-tests that do a "show servers state". Indeed the servers of the proxies flagged with PR_CAP_INT are dumped in the output of this CLI command. This patch fixes the issue par ignoring the PR_CA_INT proxies in the dump.
2021-08-25 12:15:31 -04:00
if ((curproxy->cap & PR_CAP_BE) && !(curproxy->cap & PR_CAP_INT)) {
MEDIUM: cli/applet: Stop to test opposite SC in I/O handler of CLI commands The main CLI I/O handle is responsible to interrupt the processing on shutdown/abort. It is not the responsibility of the I/O handler of CLI commands to take care of it.
2024-02-06 08:54:54 -05:00
if (!dump_servers_state(appctx))
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
return 0;
}
/* only the selected proxy is dumped */
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
if (ctx->only_pxid)
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
break;
}
return 1;
}
MINOR: appctx/cli: remove the "be" entry from the appctx union This one now migrates to the general purpose cli.p0. The parsing function was removed since it was only used to set the pointer to NULL.
2016-12-16 12:01:15 -05:00
/* Parses backend list and simply report backend names. It keeps the proxy
CLEANUP: proxy/cli: make "show backend" only use the generic context Let's use appctx->svcctx instead of abusing cli.p0 to store the current proxy being dumped.
2022-05-05 11:05:38 -04:00
* pointer in svcctx since there's nothing else to store there.
MINOR: appctx/cli: remove the "be" entry from the appctx union This one now migrates to the general purpose cli.p0. The parsing function was removed since it was only used to set the pointer to NULL.
2016-12-16 12:01:15 -05:00
*/
REORG: cli: move 'show backend' to proxy.c Move 'show backend' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-22 06:34:16 -05:00
static int cli_io_handler_show_backend(struct appctx *appctx)
{
struct proxy *curproxy;
chunk_reset(&trash);
CLEANUP: proxy/cli: make "show backend" only use the generic context Let's use appctx->svcctx instead of abusing cli.p0 to store the current proxy being dumped.
2022-05-05 11:05:38 -04:00
if (!appctx->svcctx) {
REORG: cli: move 'show backend' to proxy.c Move 'show backend' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-22 06:34:16 -05:00
chunk_printf(&trash, "# name\n");
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
if (applet_putchk(appctx, &trash) == -1)
REORG: cli: move 'show backend' to proxy.c Move 'show backend' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-22 06:34:16 -05:00
return 0;
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
CLEANUP: proxy/cli: make "show backend" only use the generic context Let's use appctx->svcctx instead of abusing cli.p0 to store the current proxy being dumped.
2022-05-05 11:05:38 -04:00
appctx->svcctx = proxies_list;
REORG: cli: move 'show backend' to proxy.c Move 'show backend' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-22 06:34:16 -05:00
}
CLEANUP: proxy/cli: make "show backend" only use the generic context Let's use appctx->svcctx instead of abusing cli.p0 to store the current proxy being dumped.
2022-05-05 11:05:38 -04:00
for (; appctx->svcctx != NULL; appctx->svcctx = curproxy->next) {
curproxy = appctx->svcctx;
REORG: cli: move 'show backend' to proxy.c Move 'show backend' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-22 06:34:16 -05:00
BUG/MINOR: proxy/cli: don't enumerate internal proxies on "show backend" Commit e7f74623e ("MINOR: stats: don't output internal proxies (PR_CAP_INT)") in 2.5 ensured we don't dump internal proxies on the stats page, but the same is needed for "show backend", as since the addition of the HTTP client it now appears there: $ socat /tmp/sock1 - <<< "show backend" # name <HTTPCLIENT> This needs to be backported to 2.5.
2022-05-05 11:10:03 -04:00
/* looking for non-internal backends only */
if ((curproxy->cap & (PR_CAP_BE|PR_CAP_INT)) != PR_CAP_BE)
REORG: cli: move 'show backend' to proxy.c Move 'show backend' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-22 06:34:16 -05:00
continue;
chunk_appendf(&trash, "%s\n", curproxy->id);
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
if (applet_putchk(appctx, &trash) == -1)
REORG: cli: move 'show backend' to proxy.c Move 'show backend' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-22 06:34:16 -05:00
return 0;
}
return 1;
}
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
/* Parses the "enable dynamic-cookies backend" directive, it always returns 1.
*
* Grabs the proxy lock and each server's lock.
*/
MEDIUM: cli: Add payload support In order to use arbitrary data in the CLI (multiple lines or group of words that must be considered as a whole, for example), it is now possible to add a payload to the commands. To do so, the first line needs to end with a special pattern: <<\n. Everything that follows will be left untouched by the CLI parser and will be passed to the commands parsers. Per-command support will need to be added to take advantage of this feature. Signed-off-by: Aurlien Nephtali <aurelien.nephtali@corp.ovh.com>
2018-04-18 07:26:46 -04:00
static int cli_parse_enable_dyncookie_backend(char **args, char *payload, struct appctx *appctx, void *private)
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
{
struct proxy *px;
struct server *s;
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
px = cli_find_backend(appctx, args[3]);
if (!px)
return 1;
MINOR: proxy: dynamic-cookie CLIs require TCP or HTTP mode Prevent the use of "dynamic-cookie" related CLI commands if the backend is not in TCP or HTTP mode.
2023-09-20 04:54:06 -04:00
if (px->mode != PR_MODE_TCP && px->mode != PR_MODE_HTTP)
return cli_err(appctx, "Not available.\n");
BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue() A problem involving server slowstart was reported by @max2k1 in issue #197. The problem is that pendconn_grab_from_px() takes the proxy lock while already under the server's lock while process_srv_queue() first takes the proxy's lock then the server's lock. While the latter seems more natural, it is fundamentally incompatible with mayn other operations performed on servers, namely state change propagation, where the proxy is only known after the server and cannot be locked around the servers. Howwever reversing the lock in process_srv_queue() is trivial and only the few functions related to dynamic cookies need to be adjusted for this so that the proxy's lock is taken for each server operation. This is possible because the proxy's server list is built once at boot time and remains stable. So this is what this patch does. The comments in the proxy and server structs were updated to mention this rule that the server's lock may not be taken under the proxy's lock but may enclose it. Another approach could consist in using a second lock for the proxy's queue which would be different from the regular proxy's lock, but given that the operations above are rare and operate on small servers list, there is no reason for overdesigning a solution. This fix was successfully tested with 10000 servers in a backend where adjusting the dyncookies in loops over the CLI didn't have a measurable impact on the traffic. The only workaround without the fix is to disable any occurrence of "slowstart" on server lines, or to disable threads using "nbthread 1". This must be backported as far as 1.8.
2019-07-30 05:59:34 -04:00
/* Note: this lock is to make sure this doesn't change while another
* thread is in srv_set_dyncookie().
*/
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock);
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
px->ck_opts |= PR_CK_DYNAMIC;
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &px->lock);
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
for (s = px->srv; s != NULL; s = s->next) {
HA_SPIN_LOCK(SERVER_LOCK, &s->lock);
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
srv_set_dyncookie(s);
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
HA_SPIN_UNLOCK(SERVER_LOCK, &s->lock);
}
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
return 1;
}
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
/* Parses the "disable dynamic-cookies backend" directive, it always returns 1.
*
* Grabs the proxy lock and each server's lock.
*/
MEDIUM: cli: Add payload support In order to use arbitrary data in the CLI (multiple lines or group of words that must be considered as a whole, for example), it is now possible to add a payload to the commands. To do so, the first line needs to end with a special pattern: <<\n. Everything that follows will be left untouched by the CLI parser and will be passed to the commands parsers. Per-command support will need to be added to take advantage of this feature. Signed-off-by: Aurlien Nephtali <aurelien.nephtali@corp.ovh.com>
2018-04-18 07:26:46 -04:00
static int cli_parse_disable_dyncookie_backend(char **args, char *payload, struct appctx *appctx, void *private)
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
{
struct proxy *px;
struct server *s;
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
px = cli_find_backend(appctx, args[3]);
if (!px)
return 1;
MINOR: proxy: dynamic-cookie CLIs require TCP or HTTP mode Prevent the use of "dynamic-cookie" related CLI commands if the backend is not in TCP or HTTP mode.
2023-09-20 04:54:06 -04:00
if (px->mode != PR_MODE_TCP && px->mode != PR_MODE_HTTP)
return cli_err(appctx, "Not available.\n");
BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue() A problem involving server slowstart was reported by @max2k1 in issue #197. The problem is that pendconn_grab_from_px() takes the proxy lock while already under the server's lock while process_srv_queue() first takes the proxy's lock then the server's lock. While the latter seems more natural, it is fundamentally incompatible with mayn other operations performed on servers, namely state change propagation, where the proxy is only known after the server and cannot be locked around the servers. Howwever reversing the lock in process_srv_queue() is trivial and only the few functions related to dynamic cookies need to be adjusted for this so that the proxy's lock is taken for each server operation. This is possible because the proxy's server list is built once at boot time and remains stable. So this is what this patch does. The comments in the proxy and server structs were updated to mention this rule that the server's lock may not be taken under the proxy's lock but may enclose it. Another approach could consist in using a second lock for the proxy's queue which would be different from the regular proxy's lock, but given that the operations above are rare and operate on small servers list, there is no reason for overdesigning a solution. This fix was successfully tested with 10000 servers in a backend where adjusting the dyncookies in loops over the CLI didn't have a measurable impact on the traffic. The only workaround without the fix is to disable any occurrence of "slowstart" on server lines, or to disable threads using "nbthread 1". This must be backported as far as 1.8.
2019-07-30 05:59:34 -04:00
/* Note: this lock is to make sure this doesn't change while another
* thread is in srv_set_dyncookie().
*/
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock);
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
px->ck_opts &= ~PR_CK_DYNAMIC;
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &px->lock);
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
for (s = px->srv; s != NULL; s = s->next) {
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
HA_SPIN_LOCK(SERVER_LOCK, &s->lock);
CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) This makes the code more readable and less prone to copy-paste errors. In addition, it allows to place some __builtin_constant_p() predicates to trigger a link-time error in case the compiler knows that the freed area is constant. It will also produce compile-time error if trying to free something that is not a regular pointer (e.g. a function). The DEBUG_MEM_STATS macro now also defines an instance for ha_free() so that all these calls can be checked. 178 occurrences were converted. The vast majority of them were handled by the following Coccinelle script, some slightly refined to better deal with "&*x" or with long lines: @ rule @ expression E; @@ - free(E); - E = NULL; + ha_free(&E); It was verified that the resulting code is the same, more or less a handful of cases where the compiler optimized slightly differently the temporary variable that holds the copy of the pointer. A non-negligible amount of {free(str);str=NULL;str_len=0;} are still present in the config part (mostly header names in proxies). These ones should also be cleaned for the same reasons, and probably be turned into ist strings.
2021-02-20 04:46:51 -05:00
if (!(s->flags & SRV_F_COOKIESET))
ha_free(&s->cookie);
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
HA_SPIN_UNLOCK(SERVER_LOCK, &s->lock);
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
}
return 1;
}
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
/* Parses the "set dynamic-cookie-key backend" directive, it always returns 1.
*
* Grabs the proxy lock and each server's lock.
*/
MEDIUM: cli: Add payload support In order to use arbitrary data in the CLI (multiple lines or group of words that must be considered as a whole, for example), it is now possible to add a payload to the commands. To do so, the first line needs to end with a special pattern: <<\n. Everything that follows will be left untouched by the CLI parser and will be passed to the commands parsers. Per-command support will need to be added to take advantage of this feature. Signed-off-by: Aurlien Nephtali <aurelien.nephtali@corp.ovh.com>
2018-04-18 07:26:46 -04:00
static int cli_parse_set_dyncookie_key_backend(char **args, char *payload, struct appctx *appctx, void *private)
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
{
struct proxy *px;
struct server *s;
char *newkey;
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
px = cli_find_backend(appctx, args[3]);
if (!px)
return 1;
MINOR: proxy: dynamic-cookie CLIs require TCP or HTTP mode Prevent the use of "dynamic-cookie" related CLI commands if the backend is not in TCP or HTTP mode.
2023-09-20 04:54:06 -04:00
if (px->mode != PR_MODE_TCP && px->mode != PR_MODE_HTTP)
return cli_err(appctx, "Not available.\n");
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
if (!*args[4])
return cli_err(appctx, "String value expected.\n");
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
newkey = strdup(args[4]);
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
if (!newkey)
return cli_err(appctx, "Failed to allocate memory.\n");
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue() A problem involving server slowstart was reported by @max2k1 in issue #197. The problem is that pendconn_grab_from_px() takes the proxy lock while already under the server's lock while process_srv_queue() first takes the proxy's lock then the server's lock. While the latter seems more natural, it is fundamentally incompatible with mayn other operations performed on servers, namely state change propagation, where the proxy is only known after the server and cannot be locked around the servers. Howwever reversing the lock in process_srv_queue() is trivial and only the few functions related to dynamic cookies need to be adjusted for this so that the proxy's lock is taken for each server operation. This is possible because the proxy's server list is built once at boot time and remains stable. So this is what this patch does. The comments in the proxy and server structs were updated to mention this rule that the server's lock may not be taken under the proxy's lock but may enclose it. Another approach could consist in using a second lock for the proxy's queue which would be different from the regular proxy's lock, but given that the operations above are rare and operate on small servers list, there is no reason for overdesigning a solution. This fix was successfully tested with 10000 servers in a backend where adjusting the dyncookies in loops over the CLI didn't have a measurable impact on the traffic. The only workaround without the fix is to disable any occurrence of "slowstart" on server lines, or to disable threads using "nbthread 1". This must be backported as far as 1.8.
2019-07-30 05:59:34 -04:00
/* Note: this lock is to make sure this doesn't change while another
* thread is in srv_set_dyncookie().
*/
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock);
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
free(px->dyncookie_key);
px->dyncookie_key = newkey;
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &px->lock);
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
for (s = px->srv; s != NULL; s = s->next) {
HA_SPIN_LOCK(SERVER_LOCK, &s->lock);
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
srv_set_dyncookie(s);
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
HA_SPIN_UNLOCK(SERVER_LOCK, &s->lock);
}
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
return 1;
}
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
/* Parses the "set maxconn frontend" directive, it always returns 1.
*
* Grabs the proxy lock.
*/
MEDIUM: cli: Add payload support In order to use arbitrary data in the CLI (multiple lines or group of words that must be considered as a whole, for example), it is now possible to add a payload to the commands. To do so, the first line needs to end with a special pattern: <<\n. Everything that follows will be left untouched by the CLI parser and will be passed to the commands parsers. Per-command support will need to be added to take advantage of this feature. Signed-off-by: Aurlien Nephtali <aurelien.nephtali@corp.ovh.com>
2018-04-18 07:26:46 -04:00
static int cli_parse_set_maxconn_frontend(char **args, char *payload, struct appctx *appctx, void *private)
REORG: cli: move "set maxconn frontend" to proxy.c And get rid of the last specific "set maxconn" case.
2016-11-23 10:22:04 -05:00
{
struct proxy *px;
struct listener *l;
int v;
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
px = cli_find_frontend(appctx, args[3]);
if (!px)
return 1;
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
if (!*args[4])
return cli_err(appctx, "Integer value expected.\n");
REORG: cli: move "set maxconn frontend" to proxy.c And get rid of the last specific "set maxconn" case.
2016-11-23 10:22:04 -05:00
v = atoi(args[4]);
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
if (v < 0)
return cli_err(appctx, "Value out of range.\n");
REORG: cli: move "set maxconn frontend" to proxy.c And get rid of the last specific "set maxconn" case.
2016-11-23 10:22:04 -05:00
/* OK, the value is fine, so we assign it to the proxy and to all of
* its listeners. The blocked ones will be dequeued.
*/
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock);
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
REORG: cli: move "set maxconn frontend" to proxy.c And get rid of the last specific "set maxconn" case.
2016-11-23 10:22:04 -05:00
px->maxconn = v;
list_for_each_entry(l, &px->conf.listeners, by_fe) {
if (l->state == LI_FULL)
MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping This is an alternative fix that tries to address the same issue as d1ebee177 ("BUG/MINOR: listener: close tiny race between resume_listener() and stopping") while allowing resume_listener() to be more versatile. Indeed, because of the previous fix, resume_listener() is not able to rebind stopped listeners, and this breaks the original behavior that is documented in the function description: "If the listener was only in the assigned state, it's totally rebound. This can happen if a pause() has completely stopped it. If the resume fails, 0 is returned and an error might be displayed." With relax_listener(), we now make sure to check l->state under the listener lock so we don't call resume_listener() when the conditions are not met. As such, concurrently stopped listeners may not be rebound using relax_listener(). Note: the documented race can't happen since 1b927eb3c ("MEDIUM: proto: stop protocols under thread isolation during soft stop"), but older versions are concerned as 1b927eb3c was not marked for backports. Moreover, the patch also prevents the race between protocol_pause_all() and resuming from LIMITED or FULL states. This commit depends on: - "MINOR: listener: add relax_listener() function" This should be backported with d1ebee177 up to 2.4 (d1ebee177 is marked to be backported for all stable versions but the current patch does not apply for versions < 2.4)
2023-02-06 11:19:58 -05:00
relax_listener(l, 1, 0);
REORG: cli: move "set maxconn frontend" to proxy.c And get rid of the last specific "set maxconn" case.
2016-11-23 10:22:04 -05:00
}
MINOR: listener: split dequeue_all_listener() in two We use it half times for the global_listener_queue and half times for a proxy's queue and this requires the callers to take care of these. Let's split it in two versions, the current one working only on the global queue and another one dedicated to proxies for the per-proxy queues. This cleans up quite a bit of code.
2019-12-10 08:10:52 -05:00
if (px->maxconn > px->feconn)
BUG/MEDIUM: cli: Deadlock when setting frontend maxconn The proxy lock state isn't passed down to relax_listener through dequeue_proxy_listeners, which causes a deadlock in relax_listener when it tries to get that lock. Backporting: Older versions didn't have relax_listener and directly called resume_listener in dequeue_proxy_listeners. lpx should just be passed directly to resume_listener then. The bug was introduced in commit 001328873c352e5e4b1df0dcc8facaf2fc1408aa [cf: This patch should fix the issue #2726. It must be backported as far as 2.4]
2024-09-25 05:37:25 -04:00
dequeue_proxy_listeners(px, 1);
REORG: cli: move "set maxconn frontend" to proxy.c And get rid of the last specific "set maxconn" case.
2016-11-23 10:22:04 -05:00
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &px->lock);
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
REORG: cli: move "set maxconn frontend" to proxy.c And get rid of the last specific "set maxconn" case.
2016-11-23 10:22:04 -05:00
return 1;
}
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
/* Parses the "shutdown frontend" directive, it always returns 1.
*
* Grabs the proxy lock.
*/
MEDIUM: cli: Add payload support In order to use arbitrary data in the CLI (multiple lines or group of words that must be considered as a whole, for example), it is now possible to add a payload to the commands. To do so, the first line needs to end with a special pattern: <<\n. Everything that follows will be left untouched by the CLI parser and will be passed to the commands parsers. Per-command support will need to be added to take advantage of this feature. Signed-off-by: Aurlien Nephtali <aurelien.nephtali@corp.ovh.com>
2018-04-18 07:26:46 -04:00
static int cli_parse_shutdown_frontend(char **args, char *payload, struct appctx *appctx, void *private)
REORG: cli: move "shutdown frontend" to proxy.c Now we don't have any "shutdown" commands left in cli.c.
2016-11-24 05:13:06 -05:00
{
struct proxy *px;
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
px = cli_find_frontend(appctx, args[2]);
if (!px)
return 1;
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (px->flags & (PR_FL_DISABLED|PR_FL_STOPPED))
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
return cli_msg(appctx, LOG_NOTICE, "Frontend was already shut down.\n");
REORG: cli: move "shutdown frontend" to proxy.c Now we don't have any "shutdown" commands left in cli.c.
2016-11-24 05:13:06 -05:00
stop_proxy(px);
return 1;
}
MINOR: proxy: define "add backend" handler Define a basic CLI handler for "add backend". For now, this handler only performs a parsing of the name argument and return an error if a duplicate already exists. It runs under thread isolation, to guarantee thread safety during the proxy creation. This feature is considered in development. CLI command requires to set experimental-mode.
2025-12-17 04:57:40 -05:00
/* Parses a "add backend" CLI command to allocate a new backend instance,
* derived from a default proxy instance. This operation is performed under
* thread isolation.
*
* Always returns 1.
*/
static int cli_parse_add_backend(char **args, char *payload, struct appctx *appctx, void *private)
{
MEDIUM: proxy: implement dynamic backend creation Implement the required operations for "add backend" handler. This requires a new proxy allocation, settings copy from the specified default instance and proxy config finalization. All handlers registered via REGISTER_POST_PROXY_CHECK() are also called on the newly created instance. If no error were encountered, the newly created proxy is finally attached in the proxies list.
2025-12-18 03:51:27 -05:00
struct proxy *px, *defpx, *next;
struct post_proxy_check_fct *ppcf;
MINOR: proxy: parse guid on dynamic backend creation Defines an extra optional GUID argument for "add backend" command. This can be useful as it is not possible to define it via a default proxy instance.
2026-01-13 10:13:27 -05:00
const char *be_name, *def_name, *guid = NULL, *err;
MINOR: proxy: define "add backend" handler Define a basic CLI handler for "add backend". For now, this handler only performs a parsing of the name argument and return an error if a duplicate already exists. It runs under thread isolation, to guarantee thread safety during the proxy creation. This feature is considered in development. CLI command requires to set experimental-mode.
2025-12-17 04:57:40 -05:00
char *msg = NULL;
MINOR: proxy: parse mode on dynamic backend creation Add an optional "mode" argument to "add backend" CLI command. This argument allows to specify if the backend is in TCP or HTTP mode. By default, it is mandatory, unless the inherited default proxy already explicitely specifies the mode. To differentiate if TCP mode is implicit or explicit, a new proxy flag PR_FL_DEF_EXPLICIT_MODE is defined. It is set for every defaults instances which explicitely defined their mode.
2026-01-12 09:25:52 -05:00
enum pr_mode mode = 0;
MEDIUM: proxy: implement dynamic backend creation Implement the required operations for "add backend" handler. This requires a new proxy allocation, settings copy from the specified default instance and proxy config finalization. All handlers registered via REGISTER_POST_PROXY_CHECK() are also called on the newly created instance. If no error were encountered, the newly created proxy is finally attached in the proxies list.
2025-12-18 03:51:27 -05:00
int err_code = ERR_NONE;
MINOR: proxy: define "add backend" handler Define a basic CLI handler for "add backend". For now, this handler only performs a parsing of the name argument and return an error if a duplicate already exists. It runs under thread isolation, to guarantee thread safety during the proxy creation. This feature is considered in development. CLI command requires to set experimental-mode.
2025-12-17 04:57:40 -05:00
usermsgs_clr("CLI");
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
++args;
be_name = args[1];
if (!*be_name) {
cli_err(appctx, "Require backend name.\n");
return 1;
}
if ((err = invalid_char(be_name))) {
cli_dynerr(appctx, memprintf(&msg, "Invalid character '%c' in backend name.\n", *err));
return 1;
}
++args;
def_name = args[2];
if (!*args[1] || !*def_name || strcmp(args[1], "from") != 0) {
cli_err(appctx, "Usage: add backend <name> from <defproxy>.\n");
return 1;
}
MINOR: proxy: parse mode on dynamic backend creation Add an optional "mode" argument to "add backend" CLI command. This argument allows to specify if the backend is in TCP or HTTP mode. By default, it is mandatory, unless the inherited default proxy already explicitely specifies the mode. To differentiate if TCP mode is implicit or explicit, a new proxy flag PR_FL_DEF_EXPLICIT_MODE is defined. It is set for every defaults instances which explicitely defined their mode.
2026-01-12 09:25:52 -05:00
/* Parse optional arguments */
args += 2;
while (*args[1]) {
/* "mode" */
if (*args[2] && !mode && strcmp(args[1], "mode") == 0) {
mode = str_to_proxy_mode(args[2]);
if (mode == PR_MODES) {
cli_err(appctx, "Unknown proxy mode.\n");
return 1;
}
if (mode != PR_MODE_TCP && mode != PR_MODE_HTTP) {
cli_err(appctx, "Dynamic backends are compatible with only TCP or HTTP mode.\n");
return 1;
}
}
MINOR: proxy: parse guid on dynamic backend creation Defines an extra optional GUID argument for "add backend" command. This can be useful as it is not possible to define it via a default proxy instance.
2026-01-13 10:13:27 -05:00
/* guid */
else if (*args[2] && !guid && strcmp(args[1], "guid") == 0) {
guid = args[2];
}
MINOR: proxy: parse mode on dynamic backend creation Add an optional "mode" argument to "add backend" CLI command. This argument allows to specify if the backend is in TCP or HTTP mode. By default, it is mandatory, unless the inherited default proxy already explicitely specifies the mode. To differentiate if TCP mode is implicit or explicit, a new proxy flag PR_FL_DEF_EXPLICIT_MODE is defined. It is set for every defaults instances which explicitely defined their mode.
2026-01-12 09:25:52 -05:00
/* unknown, malformed or duplicate argument */
else {
MINOR: proxy: parse guid on dynamic backend creation Defines an extra optional GUID argument for "add backend" command. This can be useful as it is not possible to define it via a default proxy instance.
2026-01-13 10:13:27 -05:00
cli_err(appctx, "Usage: add backend <name> from <defproxy> [mode <px_mode>] [guid <val>].\n");
MINOR: proxy: parse mode on dynamic backend creation Add an optional "mode" argument to "add backend" CLI command. This argument allows to specify if the backend is in TCP or HTTP mode. By default, it is mandatory, unless the inherited default proxy already explicitely specifies the mode. To differentiate if TCP mode is implicit or explicit, a new proxy flag PR_FL_DEF_EXPLICIT_MODE is defined. It is set for every defaults instances which explicitely defined their mode.
2026-01-12 09:25:52 -05:00
return 1;
}
args += 2;
}
MINOR: proxy: define "add backend" handler Define a basic CLI handler for "add backend". For now, this handler only performs a parsing of the name argument and return an error if a duplicate already exists. It runs under thread isolation, to guarantee thread safety during the proxy creation. This feature is considered in development. CLI command requires to set experimental-mode.
2025-12-17 04:57:40 -05:00
defpx = proxy_find_by_name(def_name, PR_CAP_DEF, 0);
if (!defpx) {
cli_dynerr(appctx, memprintf(&msg, "Cannot find default proxy '%s'.\n", def_name));
return 1;
}
MINOR: proxy: parse mode on dynamic backend creation Add an optional "mode" argument to "add backend" CLI command. This argument allows to specify if the backend is in TCP or HTTP mode. By default, it is mandatory, unless the inherited default proxy already explicitely specifies the mode. To differentiate if TCP mode is implicit or explicit, a new proxy flag PR_FL_DEF_EXPLICIT_MODE is defined. It is set for every defaults instances which explicitely defined their mode.
2026-01-12 09:25:52 -05:00
if (!(defpx->flags & PR_FL_DEF_EXPLICIT_MODE) && !mode) {
cli_dynerr(appctx, memprintf(&msg, "Mode is required as '%s' default proxy does not explicitely defines it.\n", def_name));
return 1;
}
MINOR: proxy: check default proxy compatibility on "add backend" This commits completes "add backend" handler with some checks performed on the specified default proxy instance. These are additional checks outside of the already existing inheritance rules, specific to dynamic backends. For now, a default proxy is considered not compatible if it is not in mode TCP/HTTP. Also, a default proxy is rejected if it references HTTP errors. This limitation may be lifted in the future, when HTTP errors are partiallay reworked.
2026-02-06 07:51:02 -05:00
if (defpx->mode != PR_MODE_TCP && defpx->mode != PR_MODE_HTTP) {
cli_dynerr(appctx, memprintf(&msg, "Dynamic backends only support TCP or HTTP mode, whereas default proxy '%s' uses 'mode %s'.\n",
def_name, proxy_mode_str(defpx->mode)));
return 1;
}
if (!LIST_ISEMPTY(&defpx->conf.errors)) {
cli_dynerr(appctx, memprintf(&msg, "Dynamic backends cannot inherit from default proxy '%s' because it references HTTP errors.\n", def_name));
return 1;
}
MINOR: proxy: define "add backend" handler Define a basic CLI handler for "add backend". For now, this handler only performs a parsing of the name argument and return an error if a duplicate already exists. It runs under thread isolation, to guarantee thread safety during the proxy creation. This feature is considered in development. CLI command requires to set experimental-mode.
2025-12-17 04:57:40 -05:00
thread_isolate();
if ((px = proxy_find_by_name(be_name, PR_CAP_NONE, 0)) ||
(px = proxy_find_by_name(be_name, PR_CAP_DEF, 0))) {
memprintf(&msg,
"name is already used by other proxy '%s %s'",
proxy_cap_str(px->cap), be_name);
px = NULL;
goto err;
}
MEDIUM: proxy: implement dynamic backend creation Implement the required operations for "add backend" handler. This requires a new proxy allocation, settings copy from the specified default instance and proxy config finalization. All handlers registered via REGISTER_POST_PROXY_CHECK() are also called on the newly created instance. If no error were encountered, the newly created proxy is finally attached in the proxies list.
2025-12-18 03:51:27 -05:00
px = alloc_new_proxy(be_name, PR_CAP_BE, &msg);
if (!px)
goto err;
if (guid && guid_insert(&px->obj_type, guid, &msg)) {
memprintf(&msg, "GUID insertion : %s", msg);
goto err;
}
if (proxy_defproxy_cpy(px, defpx, &msg))
goto err;
/* Override default-proxy mode if defined. */
if (mode)
px->mode = mode;
if (proxy_ref_defaults(px, defpx, &msg))
goto err;
proxy_init_per_thr(px);
if (proxy_finalize(px, &err_code))
goto err;
list_for_each_entry(ppcf, &post_proxy_check_list, list) {
err_code |= ppcf->fct(px);
if (err_code & (ERR_ABORT|ERR_FATAL))
goto err;
}
px->flags |= PR_FL_BE_UNPUBLISHED;
if (!stats_allocate_proxy_counters_internal(&px->extra_counters_be,
COUNTERS_BE,
MEDIUM: counters: add a dedicated storage for extra_counters in various structs Servers, proxies, listeners and resolvers all use extra_counters. We'll need to move the storage to per-tgroup for those where it matters. Now we're relying on an external storage, and the data member of the struct was replaced with a pointer to that pointer to data called datap. When the counters are registered, these datap are set to point to relevant locations. In the case of proxies and servers, it points to the first tgrp's storage. For listeners and resolvers, it points to a local storage. The rationale here is that listeners are limited to a single group anyway, and that resolvers have a low enough load so that we do not care about contention there. Nothing should change for the user at this point.
2026-02-24 14:08:49 -05:00
STATS_PX_CAP_BE,
MINOR: counters: store a tgroup step for extra_counters to access multiple tgroups We'll need to permit any user to update its own tgroup's extra counters instead of the global ones. For this we now store the per-tgroup step between two consecutive data storages, for when they're stored in a tgroup array. When shared (e.g. resolvers or listeners), we just store zero to indicate that it doesn't scale with tgroups. For now only the registration was handled, it's not used yet.
2026-02-25 03:53:13 -05:00
&px->per_tgrp->extra_counters_be_storage,
&px->per_tgrp[1].extra_counters_be_storage -
&px->per_tgrp[0].extra_counters_be_storage)) {
MEDIUM: proxy: implement dynamic backend creation Implement the required operations for "add backend" handler. This requires a new proxy allocation, settings copy from the specified default instance and proxy config finalization. All handlers registered via REGISTER_POST_PROXY_CHECK() are also called on the newly created instance. If no error were encountered, the newly created proxy is finally attached in the proxies list.
2025-12-18 03:51:27 -05:00
memprintf(&msg, "failed to allocate extra counters");
goto err;
}
MINOR: proxy: assign dynamic proxy ID Implement proxy ID generation for dynamic backends. This is performed through the already function existing proxy_get_next_id(). As an optimization, lookup will performed starting from a global variable <dynpx_next_id>. It is initialized to the greatest ID assigned after parsing, and updated each time a backend instance is created. When backend deletion will be implemented, it could be lowered to the newly available slot.
2025-12-23 10:15:47 -05:00
/* Assign automatically proxy ID. */
px->uuid = proxy_get_next_id(dynpx_next_id);
if (!px->uuid) {
memprintf(&msg, "no spare proxy ID available");
goto err;
}
dynpx_next_id = px->uuid;
MEDIUM: proxy: implement dynamic backend creation Implement the required operations for "add backend" handler. This requires a new proxy allocation, settings copy from the specified default instance and proxy config finalization. All handlers registered via REGISTER_POST_PROXY_CHECK() are also called on the newly created instance. If no error were encountered, the newly created proxy is finally attached in the proxies list.
2025-12-18 03:51:27 -05:00
if (!proxies_list) {
BUG/MINOR: proxy: fix null dereference in "add backend" handler When a backend is created at runtime, the new proxy instance is inserted at the end of proxies_list. This operation is buggy if this list is empty : the code causes a null dereference which will lead to a crash. This causes the following compilation error : CC src/proxy.o src/proxy.c: In function 'cli_parse_add_backend': src/proxy.c:4933:36: warning: null pointer dereference [-Wnull-dereference] 4933 | proxies_list->next = px; | ~~~~~~~~~~~~~~~~~~~^~~~ This patch fixes this issue. Note that in reality it cannot occur at this moment as proxies_list cannot be empty (haproxy requires at least one frontend to start, and the list also always contains internal proxies). No need to backport.
2026-02-06 15:28:42 -05:00
proxies_list = px;
MEDIUM: proxy: implement dynamic backend creation Implement the required operations for "add backend" handler. This requires a new proxy allocation, settings copy from the specified default instance and proxy config finalization. All handlers registered via REGISTER_POST_PROXY_CHECK() are also called on the newly created instance. If no error were encountered, the newly created proxy is finally attached in the proxies list.
2025-12-18 03:51:27 -05:00
}
else {
for (next = proxies_list; next->next; next = next->next)
;
next->next = px;
}
px->next = NULL;
MINOR: proxy: define "add backend" handler Define a basic CLI handler for "add backend". For now, this handler only performs a parsing of the name argument and return an error if a duplicate already exists. It runs under thread isolation, to guarantee thread safety during the proxy creation. This feature is considered in development. CLI command requires to set experimental-mode.
2025-12-17 04:57:40 -05:00
thread_release();
MEDIUM: proxy: implement dynamic backend creation Implement the required operations for "add backend" handler. This requires a new proxy allocation, settings copy from the specified default instance and proxy config finalization. All handlers registered via REGISTER_POST_PROXY_CHECK() are also called on the newly created instance. If no error were encountered, the newly created proxy is finally attached in the proxies list.
2025-12-18 03:51:27 -05:00
if (unlikely(!be_supports_dynamic_srv(px, &msg)))
BUG/MINOR: proxy: fix clang build error on "add backend" handler This patch fixes the following compilation error : src/proxy.c:4954:12: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security] 4954 | ha_notice(msg); | ^~~ No need to backport.
2026-02-06 15:11:37 -05:00
memprintf(&msg, "New backend registered (no support for dynamic servers: %s)", msg);
MEDIUM: proxy: implement dynamic backend creation Implement the required operations for "add backend" handler. This requires a new proxy allocation, settings copy from the specified default instance and proxy config finalization. All handlers registered via REGISTER_POST_PROXY_CHECK() are also called on the newly created instance. If no error were encountered, the newly created proxy is finally attached in the proxies list.
2025-12-18 03:51:27 -05:00
else
BUG/MINOR: proxy: fix clang build error on "add backend" handler This patch fixes the following compilation error : src/proxy.c:4954:12: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security] 4954 | ha_notice(msg); | ^~~ No need to backport.
2026-02-06 15:11:37 -05:00
memprintf(&msg, "New backend registered");
ha_notice("%s.\n", msg);
MEDIUM: proxy: implement dynamic backend creation Implement the required operations for "add backend" handler. This requires a new proxy allocation, settings copy from the specified default instance and proxy config finalization. All handlers registered via REGISTER_POST_PROXY_CHECK() are also called on the newly created instance. If no error were encountered, the newly created proxy is finally attached in the proxies list.
2025-12-18 03:51:27 -05:00
ha_free(&msg);
MINOR: proxy: define "add backend" handler Define a basic CLI handler for "add backend". For now, this handler only performs a parsing of the name argument and return an error if a duplicate already exists. It runs under thread isolation, to guarantee thread safety during the proxy creation. This feature is considered in development. CLI command requires to set experimental-mode.
2025-12-17 04:57:40 -05:00
cli_umsg(appctx, LOG_INFO);
MEDIUM: proxy: implement dynamic backend creation Implement the required operations for "add backend" handler. This requires a new proxy allocation, settings copy from the specified default instance and proxy config finalization. All handlers registered via REGISTER_POST_PROXY_CHECK() are also called on the newly created instance. If no error were encountered, the newly created proxy is finally attached in the proxies list.
2025-12-18 03:51:27 -05:00
MINOR: proxy: define "add backend" handler Define a basic CLI handler for "add backend". For now, this handler only performs a parsing of the name argument and return an error if a duplicate already exists. It runs under thread isolation, to guarantee thread safety during the proxy creation. This feature is considered in development. CLI command requires to set experimental-mode.
2025-12-17 04:57:40 -05:00
return 1;
err:
MEDIUM: proxy: implement dynamic backend creation Implement the required operations for "add backend" handler. This requires a new proxy allocation, settings copy from the specified default instance and proxy config finalization. All handlers registered via REGISTER_POST_PROXY_CHECK() are also called on the newly created instance. If no error were encountered, the newly created proxy is finally attached in the proxies list.
2025-12-18 03:51:27 -05:00
/* free_proxy() ensures any potential refcounting on defpx is decremented. */
free_proxy(px);
MINOR: proxy: define "add backend" handler Define a basic CLI handler for "add backend". For now, this handler only performs a parsing of the name argument and return an error if a duplicate already exists. It runs under thread isolation, to guarantee thread safety during the proxy creation. This feature is considered in development. CLI command requires to set experimental-mode.
2025-12-17 04:57:40 -05:00
thread_release();
MEDIUM: proxy: implement dynamic backend creation Implement the required operations for "add backend" handler. This requires a new proxy allocation, settings copy from the specified default instance and proxy config finalization. All handlers registered via REGISTER_POST_PROXY_CHECK() are also called on the newly created instance. If no error were encountered, the newly created proxy is finally attached in the proxies list.
2025-12-18 03:51:27 -05:00
if (msg) {
memprintf(&msg, "Error during backend creation : %s.\n", msg);
MINOR: proxy: define "add backend" handler Define a basic CLI handler for "add backend". For now, this handler only performs a parsing of the name argument and return an error if a duplicate already exists. It runs under thread isolation, to guarantee thread safety during the proxy creation. This feature is considered in development. CLI command requires to set experimental-mode.
2025-12-17 04:57:40 -05:00
cli_dynerr(appctx, msg);
MEDIUM: proxy: implement dynamic backend creation Implement the required operations for "add backend" handler. This requires a new proxy allocation, settings copy from the specified default instance and proxy config finalization. All handlers registered via REGISTER_POST_PROXY_CHECK() are also called on the newly created instance. If no error were encountered, the newly created proxy is finally attached in the proxies list.
2025-12-18 03:51:27 -05:00
}
else {
ha_alert("Error during backend creation.\n");
cli_umsgerr(appctx);
}
MINOR: proxy: define "add backend" handler Define a basic CLI handler for "add backend". For now, this handler only performs a parsing of the name argument and return an error if a duplicate already exists. It runs under thread isolation, to guarantee thread safety during the proxy creation. This feature is considered in development. CLI command requires to set experimental-mode.
2025-12-17 04:57:40 -05:00
return 1;
}
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
/* Parses the "disable frontend" directive, it always returns 1.
*
* Grabs the proxy lock.
*/
MEDIUM: cli: Add payload support In order to use arbitrary data in the CLI (multiple lines or group of words that must be considered as a whole, for example), it is now possible to add a payload to the commands. To do so, the first line needs to end with a special pattern: <<\n. Everything that follows will be left untouched by the CLI parser and will be passed to the commands parsers. Per-command support will need to be added to take advantage of this feature. Signed-off-by: Aurlien Nephtali <aurelien.nephtali@corp.ovh.com>
2018-04-18 07:26:46 -04:00
static int cli_parse_disable_frontend(char **args, char *payload, struct appctx *appctx, void *private)
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
{
struct proxy *px;
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
int ret;
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
px = cli_find_frontend(appctx, args[2]);
if (!px)
return 1;
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (px->flags & (PR_FL_DISABLED|PR_FL_STOPPED))
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
return cli_msg(appctx, LOG_NOTICE, "Frontend was previously shut down, cannot disable.\n");
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
MEDIUM: proxy: remove state PR_STPAUSED This state was used to mention that a proxy was in PAUSED state, as opposed to the READY state. This was causing some trouble because if a listener failed to resume (e.g. because its port was temporarily in use during the resume), it was not possible to retry the operation later. Now by checking the number of READY or PAUSED listeners instead, we can accurately know if something went bad and try to fix it again later. The case of the temporary port conflict during resume now works well: $ socat readline /tmp/sock1 prompt > disable frontend testme3 > disable frontend testme3 All sockets are already disabled. > enable frontend testme3 Failed to resume frontend, check logs for precise cause (port conflict?). > enable frontend testme3 > enable frontend testme3 All sockets are already enabled.
2020-09-24 02:04:27 -04:00
if (!px->li_ready)
return cli_msg(appctx, LOG_NOTICE, "All sockets are already disabled.\n");
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
/* pause_proxy will take PROXY_LOCK */
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
ret = pause_proxy(px);
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
if (!ret)
return cli_err(appctx, "Failed to pause frontend, check logs for precise cause.\n");
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
return 1;
}
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
/* Parses the "enable frontend" directive, it always returns 1.
*
* Grabs the proxy lock.
*/
MEDIUM: cli: Add payload support In order to use arbitrary data in the CLI (multiple lines or group of words that must be considered as a whole, for example), it is now possible to add a payload to the commands. To do so, the first line needs to end with a special pattern: <<\n. Everything that follows will be left untouched by the CLI parser and will be passed to the commands parsers. Per-command support will need to be added to take advantage of this feature. Signed-off-by: Aurlien Nephtali <aurelien.nephtali@corp.ovh.com>
2018-04-18 07:26:46 -04:00
static int cli_parse_enable_frontend(char **args, char *payload, struct appctx *appctx, void *private)
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
{
struct proxy *px;
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
int ret;
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
px = cli_find_frontend(appctx, args[2]);
if (!px)
return 1;
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (px->flags & (PR_FL_DISABLED|PR_FL_STOPPED))
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
return cli_err(appctx, "Frontend was previously shut down, cannot enable.\n");
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
MEDIUM: proxy: remove state PR_STPAUSED This state was used to mention that a proxy was in PAUSED state, as opposed to the READY state. This was causing some trouble because if a listener failed to resume (e.g. because its port was temporarily in use during the resume), it was not possible to retry the operation later. Now by checking the number of READY or PAUSED listeners instead, we can accurately know if something went bad and try to fix it again later. The case of the temporary port conflict during resume now works well: $ socat readline /tmp/sock1 prompt > disable frontend testme3 > disable frontend testme3 All sockets are already disabled. > enable frontend testme3 Failed to resume frontend, check logs for precise cause (port conflict?). > enable frontend testme3 > enable frontend testme3 All sockets are already enabled.
2020-09-24 02:04:27 -04:00
if (px->li_ready == px->li_all)
return cli_msg(appctx, LOG_NOTICE, "All sockets are already enabled.\n");
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
/* resume_proxy will take PROXY_LOCK */
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
ret = resume_proxy(px);
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
if (!ret)
return cli_err(appctx, "Failed to resume frontend, check logs for precise cause (port conflict?).\n");
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
return 1;
}
MEDIUM: proxy: implement publish/unpublish backend CLI Define a new set of CLI commands publish/unpublish backend <be>. The objective is to be able to change the status of a backend to unpublished. Such a backend is considered ineligible to traffic : this allows to skip use_backend rules which target it. Note that contrary to disabled/stopped proxies, an unpublished backend still has server checks running on it. Internally, a new proxy flags PR_FL_BE_UNPUBLISHED is defined. CLI commands handler "publish backend" and "unpublish backend" are executed under thread isolation. This guarantees that the flag can safely be set or remove in the CLI handlers, and read during content-switching processing.
2026-01-06 05:04:18 -05:00
static int cli_parse_publish_backend(char **args, char *payload, struct appctx *appctx, void *private)
{
struct proxy *px;
usermsgs_clr("CLI");
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
px = cli_find_backend(appctx, args[2]);
if (!px)
return cli_err(appctx, "No such backend.\n");
if (px->flags & PR_FL_DISABLED)
return cli_err(appctx, "No effect on a disabled backend.\n");
thread_isolate();
px->flags &= ~PR_FL_BE_UNPUBLISHED;
thread_release();
ha_notice("Backend published.\n");
return cli_umsg(appctx, LOG_INFO);
}
static int cli_parse_unpublish_backend(char **args, char *payload, struct appctx *appctx, void *private)
{
struct proxy *px;
usermsgs_clr("CLI");
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
px = cli_find_backend(appctx, args[2]);
if (!px)
return cli_err(appctx, "No such backend.\n");
if (px->flags & PR_FL_DISABLED)
return cli_err(appctx, "No effect on a disabled backend.\n");
thread_isolate();
px->flags |= PR_FL_BE_UNPUBLISHED;
thread_release();
ha_notice("Backend unpublished.\n");
return cli_umsg(appctx, LOG_INFO);
}
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
/* appctx context used during "show errors" */
struct show_errors_ctx {
struct proxy *px; /* current proxy being dumped, NULL = not started yet. */
unsigned int flag; /* bit0: buffer being dumped, 0 = req, 1 = resp ; bit1=skip req ; bit2=skip resp. */
unsigned int ev_id; /* event ID of error being dumped */
int iid; /* if >= 0, ID of the proxy to filter on */
int ptr; /* <0: headers, >=0 : text pointer to restart from */
int bol; /* pointer to beginning of current line */
};
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
/* "show errors" handler for the CLI. Returns 0 if wants to continue, 1 to stop
* now.
*/
static int cli_parse_show_errors(char **args, char *payload, struct appctx *appctx, void *private)
{
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
struct show_errors_ctx *ctx = applet_reserve_svcctx(appctx, sizeof(*ctx));
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
if (!cli_has_level(appctx, ACCESS_LVL_OPER))
return 1;
if (*args[2]) {
struct proxy *px;
px = proxy_find_by_name(args[2], 0, 0);
if (px)
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->iid = px->uuid;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
else
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->iid = atoi(args[2]);
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
if (!ctx->iid)
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
return cli_err(appctx, "No such proxy.\n");
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
}
else
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->iid = -1; // dump all proxies
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->flag = 0;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
if (strcmp(args[3], "request") == 0)
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->flag |= 4; // ignore response
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
else if (strcmp(args[3], "response") == 0)
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->flag |= 2; // ignore request
ctx->px = NULL;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
return 0;
}
CLEANUP: conn_stream: tree-wide rename to stconn (stream connector) This renames the "struct conn_stream" to "struct stconn" and updates the descriptions in all comments (and the rare help descriptions) to "stream connector" or "connector". This touches a lot of files but the change is minimal. The local variables were not even renamed, so there's still a lot of "cs" everywhere.
2022-05-17 13:07:51 -04:00
/* This function dumps all captured errors onto the stream connector's
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
* read buffer. It returns 0 if the output buffer is full and it needs
* to be called again, otherwise non-zero.
*/
static int cli_io_handler_show_errors(struct appctx *appctx)
{
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
struct show_errors_ctx *ctx = appctx->svcctx;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
extern const char *monthname[12];
chunk_reset(&trash);
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
if (!ctx->px) {
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
/* the function had not been called yet, let's prepare the
* buffer for a response.
*/
struct tm tm;
get_localtime(date.tv_sec, &tm);
chunk_appendf(&trash, "Total events captured on [%02d/%s/%04d:%02d:%02d:%02d.%03d] : %u\n",
tm.tm_mday, monthname[tm.tm_mon], tm.tm_year+1900,
tm.tm_hour, tm.tm_min, tm.tm_sec, (int)(date.tv_usec/1000),
error_snapshot_id);
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
if (applet_putchk(appctx, &trash) == -1)
BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors The proxy's lock it held while filling the error but not while dumping it, so it's possible to dereference pointers being replaced, typically server pointers. The risk is very low and unlikely but not inexistent. Since "show errors" is rarely used in parallel, let's simply grab the proxy's lock while dumping. Ideally we should use an R/W lock here but it will not make any difference. This patch must be backported to 1.8, but the code is in proto_http.c there, though mostly similar.
2018-09-07 13:55:44 -04:00
goto cant_send;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->px = proxies_list;
ctx->bol = 0;
ctx->ptr = -1;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
}
/* we have two inner loops here, one for the proxy, the other one for
* the buffer.
*/
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
while (ctx->px) {
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
struct error_snapshot *es;
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
HA_RWLOCK_RDLOCK(PROXY_LOCK, &ctx->px->lock);
BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors The proxy's lock it held while filling the error but not while dumping it, so it's possible to dereference pointers being replaced, typically server pointers. The risk is very low and unlikely but not inexistent. Since "show errors" is rarely used in parallel, let's simply grab the proxy's lock while dumping. Ideally we should use an R/W lock here but it will not make any difference. This patch must be backported to 1.8, but the code is in proto_http.c there, though mostly similar.
2018-09-07 13:55:44 -04:00
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
if ((ctx->flag & 1) == 0) {
es = ctx->px->invalid_req;
if (ctx->flag & 2) // skip req
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
goto next;
}
else {
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
es = ctx->px->invalid_rep;
if (ctx->flag & 4) // skip resp
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
goto next;
}
MEDIUM: snapshots: dynamically allocate the snapshots Now upon error we dynamically allocate the snapshot instead of overwriting it. This way there is no more memory wasted in the proxy to hold the two error snapshot descriptors. Also an appreciable side effect of this is that the proxy's lock is only taken during the pointer swap, no more while copying the buffer's contents. This saves 480 bytes of memory per proxy.
2018-09-07 13:02:32 -04:00
if (!es)
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
goto next;
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
if (ctx->iid >= 0 &&
ctx->px->uuid != ctx->iid &&
(!es->oe || es->oe->uuid != ctx->iid))
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
goto next;
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
if (ctx->ptr < 0) {
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
/* just print headers now */
char pn[INET6_ADDRSTRLEN];
struct tm tm;
int port;
get_localtime(es->when.tv_sec, &tm);
chunk_appendf(&trash, " \n[%02d/%s/%04d:%02d:%02d:%02d.%03d]",
tm.tm_mday, monthname[tm.tm_mon], tm.tm_year+1900,
tm.tm_hour, tm.tm_min, tm.tm_sec, (int)(es->when.tv_usec/1000));
switch (addr_to_str(&es->src, pn, sizeof(pn))) {
case AF_INET:
case AF_INET6:
port = get_host_port(&es->src);
break;
default:
port = 0;
}
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
switch (ctx->flag & 1) {
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
case 0:
chunk_appendf(&trash,
" frontend %s (#%d): invalid request\n"
" backend %s (#%d)",
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->px->id, ctx->px->uuid,
BUG/MEDIUM: connections: Don't assume the connection has a valid session. Don't assume the connection always has a valid session in "owner". Instead, attempt to retrieve the session from the stream, and modify the error snapshot code to not assume we always have a session, or the proxy for the other end.
2020-03-12 10:30:17 -04:00
(es->oe && es->oe->cap & PR_CAP_BE) ? es->oe->id : "<NONE>",
(es->oe && es->oe->cap & PR_CAP_BE) ? es->oe->uuid : -1);
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
break;
case 1:
chunk_appendf(&trash,
" backend %s (#%d): invalid response\n"
" frontend %s (#%d)",
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->px->id, ctx->px->uuid,
BUG/MEDIUM: connections: Don't assume the connection has a valid session. Don't assume the connection always has a valid session in "owner". Instead, attempt to retrieve the session from the stream, and modify the error snapshot code to not assume we always have a session, or the proxy for the other end.
2020-03-12 10:30:17 -04:00
es->oe ? es->oe->id : "<NONE>" , es->oe ? es->oe->uuid : -1);
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
break;
}
chunk_appendf(&trash,
", server %s (#%d), event #%u, src %s:%d\n"
" buffer starts at %llu (including %u out), %u free,\n"
" len %u, wraps at %u, error at position %u\n",
es->srv ? es->srv->id : "<NONE>",
es->srv ? es->srv->puid : -1,
es->ev_id, pn, port,
es->buf_ofs, es->buf_out,
MINOR: tree-wide: Use the buffer size instead of global setting when possible At many places, we rely on global.tune.bufsize value instead of using the buffer size. For now, it is not a problem. But if we want to be able to deal with buffers of different sizes, it is good to reduce as far as possible dependencies on the global value. most of time, we can use b_size() or c_size() functions. The main change is performed on the error snapshot where the buffer size was added into the error_snapshot structure.
2026-01-28 04:54:41 -05:00
es->buf_size - es->buf_out - es->buf_len,
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
es->buf_len, es->buf_wrap, es->buf_err);
if (es->show)
es->show(&trash, es);
chunk_appendf(&trash, " \n");
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
if (applet_putchk(appctx, &trash) == -1)
BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors The proxy's lock it held while filling the error but not while dumping it, so it's possible to dereference pointers being replaced, typically server pointers. The risk is very low and unlikely but not inexistent. Since "show errors" is rarely used in parallel, let's simply grab the proxy's lock while dumping. Ideally we should use an R/W lock here but it will not make any difference. This patch must be backported to 1.8, but the code is in proto_http.c there, though mostly similar.
2018-09-07 13:55:44 -04:00
goto cant_send_unlock;
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->ptr = 0;
ctx->ev_id = es->ev_id;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
}
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
if (ctx->ev_id != es->ev_id) {
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
/* the snapshot changed while we were dumping it */
chunk_appendf(&trash,
" WARNING! update detected on this snapshot, dump interrupted. Please re-check!\n");
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
if (applet_putchk(appctx, &trash) == -1)
BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors The proxy's lock it held while filling the error but not while dumping it, so it's possible to dereference pointers being replaced, typically server pointers. The risk is very low and unlikely but not inexistent. Since "show errors" is rarely used in parallel, let's simply grab the proxy's lock while dumping. Ideally we should use an R/W lock here but it will not make any difference. This patch must be backported to 1.8, but the code is in proto_http.c there, though mostly similar.
2018-09-07 13:55:44 -04:00
goto cant_send_unlock;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
goto next;
}
/* OK, ptr >= 0, so we have to dump the current line */
MINOR: tree-wide: Use the buffer size instead of global setting when possible At many places, we rely on global.tune.bufsize value instead of using the buffer size. For now, it is not a problem. But if we want to be able to deal with buffers of different sizes, it is good to reduce as far as possible dependencies on the global value. most of time, we can use b_size() or c_size() functions. The main change is performed on the error snapshot where the buffer size was added into the error_snapshot structure.
2026-01-28 04:54:41 -05:00
while (ctx->ptr < es->buf_len && ctx->ptr < es->buf_size) {
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
int newptr;
int newline;
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
newline = ctx->bol;
MINOR: tree-wide: Use the buffer size instead of global setting when possible At many places, we rely on global.tune.bufsize value instead of using the buffer size. For now, it is not a problem. But if we want to be able to deal with buffers of different sizes, it is good to reduce as far as possible dependencies on the global value. most of time, we can use b_size() or c_size() functions. The main change is performed on the error snapshot where the buffer size was added into the error_snapshot structure.
2026-01-28 04:54:41 -05:00
newptr = dump_text_line(&trash, es->buf, es->buf_size, es->buf_len, &newline, ctx->ptr);
MEDIUM: tree-wide: Change sc API to specify required free space to progress sc_need_room() now takes the required free space to receive more data as parameter. All calls to this function are updated accordingly. For now, this value is set but not used. When we are waiting for a buffer, 0 is used. So we expect to be unblocked ASAP. However this must be reviewed because SC_FL_NEED_BUF is probably enough in this case and this flag is already set if the input buffer allocation fails.
2023-05-05 05:28:45 -04:00
if (newptr == ctx->ptr) {
MAJOR: cli: Update the CLI applet to handle its own buffers It is the third applet to be refactored to use its own buffers. In addition to the CLI applet, some I/O handlers of CLI commands were also updated, especially the stats ones. Some command I/O handlers were updated to use applet's buffers instead of channels ones.
2024-02-15 07:34:05 -05:00
applet_fl_set(appctx, APPCTX_FL_OUTBLK_FULL);
BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors The proxy's lock it held while filling the error but not while dumping it, so it's possible to dereference pointers being replaced, typically server pointers. The risk is very low and unlikely but not inexistent. Since "show errors" is rarely used in parallel, let's simply grab the proxy's lock while dumping. Ideally we should use an R/W lock here but it will not make any difference. This patch must be backported to 1.8, but the code is in proto_http.c there, though mostly similar.
2018-09-07 13:55:44 -04:00
goto cant_send_unlock;
MEDIUM: tree-wide: Change sc API to specify required free space to progress sc_need_room() now takes the required free space to receive more data as parameter. All calls to this function are updated accordingly. For now, this value is set but not used. When we are waiting for a buffer, 0 is used. So we expect to be unblocked ASAP. However this must be reviewed because SC_FL_NEED_BUF is probably enough in this case and this flag is already set if the input buffer allocation fails.
2023-05-05 05:28:45 -04:00
}
BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors The proxy's lock it held while filling the error but not while dumping it, so it's possible to dereference pointers being replaced, typically server pointers. The risk is very low and unlikely but not inexistent. Since "show errors" is rarely used in parallel, let's simply grab the proxy's lock while dumping. Ideally we should use an R/W lock here but it will not make any difference. This patch must be backported to 1.8, but the code is in proto_http.c there, though mostly similar.
2018-09-07 13:55:44 -04:00
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
if (applet_putchk(appctx, &trash) == -1)
BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors The proxy's lock it held while filling the error but not while dumping it, so it's possible to dereference pointers being replaced, typically server pointers. The risk is very low and unlikely but not inexistent. Since "show errors" is rarely used in parallel, let's simply grab the proxy's lock while dumping. Ideally we should use an R/W lock here but it will not make any difference. This patch must be backported to 1.8, but the code is in proto_http.c there, though mostly similar.
2018-09-07 13:55:44 -04:00
goto cant_send_unlock;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->ptr = newptr;
ctx->bol = newline;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
};
next:
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
HA_RWLOCK_RDUNLOCK(PROXY_LOCK, &ctx->px->lock);
ctx->bol = 0;
ctx->ptr = -1;
ctx->flag ^= 1;
if (!(ctx->flag & 1))
ctx->px = ctx->px->next;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
}
/* dump complete */
return 1;
BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors The proxy's lock it held while filling the error but not while dumping it, so it's possible to dereference pointers being replaced, typically server pointers. The risk is very low and unlikely but not inexistent. Since "show errors" is rarely used in parallel, let's simply grab the proxy's lock while dumping. Ideally we should use an R/W lock here but it will not make any difference. This patch must be backported to 1.8, but the code is in proto_http.c there, though mostly similar.
2018-09-07 13:55:44 -04:00
cant_send_unlock:
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
HA_RWLOCK_RDUNLOCK(PROXY_LOCK, &ctx->px->lock);
BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors The proxy's lock it held while filling the error but not while dumping it, so it's possible to dereference pointers being replaced, typically server pointers. The risk is very low and unlikely but not inexistent. Since "show errors" is rarely used in parallel, let's simply grab the proxy's lock while dumping. Ideally we should use an R/W lock here but it will not make any difference. This patch must be backported to 1.8, but the code is in proto_http.c there, though mostly similar.
2018-09-07 13:55:44 -04:00
cant_send:
return 0;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
}
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
/* register cli keywords */
static struct cli_kw_list cli_kws = {{ },{
MINOR: proxy: define "add backend" handler Define a basic CLI handler for "add backend". For now, this handler only performs a parsing of the name argument and return an error if a duplicate already exists. It runs under thread isolation, to guarantee thread safety during the proxy creation. This feature is considered in development. CLI command requires to set experimental-mode.
2025-12-17 04:57:40 -05:00
{ { "add", "backend", NULL }, "add backend <backend> : add a new backend", cli_parse_add_backend, NULL, NULL, NULL, ACCESS_EXPERIMENTAL },
CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages There were 102 CLI commands whose help were zig-zagging all along the dump making them unreadable. This patch realigns all these messages so that the command now uses up to 40 characters before the delimiting colon. About a third of the commands did not correctly list their arguments which were added after the first version, so they were all updated. Some abuses of the term "id" were fixed to use a more explanatory term. The "set ssl ocsp-response" command was not listed because it lacked a help message, this was fixed as well. The deprecated enable/disable commands for agent/health/server were prominently written as deprecated. Whenever possible, clearer explanations were provided.
2021-05-07 05:38:37 -04:00
{ { "disable", "frontend", NULL }, "disable frontend <frontend> : temporarily disable specific frontend", cli_parse_disable_frontend, NULL, NULL },
{ { "enable", "frontend", NULL }, "enable frontend <frontend> : re-enable specific frontend", cli_parse_enable_frontend, NULL, NULL },
MEDIUM: proxy: implement publish/unpublish backend CLI Define a new set of CLI commands publish/unpublish backend <be>. The objective is to be able to change the status of a backend to unpublished. Such a backend is considered ineligible to traffic : this allows to skip use_backend rules which target it. Note that contrary to disabled/stopped proxies, an unpublished backend still has server checks running on it. Internally, a new proxy flags PR_FL_BE_UNPUBLISHED is defined. CLI commands handler "publish backend" and "unpublish backend" are executed under thread isolation. This guarantees that the flag can safely be set or remove in the CLI handlers, and read during content-switching processing.
2026-01-06 05:04:18 -05:00
{ { "publish", "backend", NULL }, "publish backend <backend> : mark backend as ready for traffic", cli_parse_publish_backend, NULL, NULL },
CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages There were 102 CLI commands whose help were zig-zagging all along the dump making them unreadable. This patch realigns all these messages so that the command now uses up to 40 characters before the delimiting colon. About a third of the commands did not correctly list their arguments which were added after the first version, so they were all updated. Some abuses of the term "id" were fixed to use a more explanatory term. The "set ssl ocsp-response" command was not listed because it lacked a help message, this was fixed as well. The deprecated enable/disable commands for agent/health/server were prominently written as deprecated. Whenever possible, clearer explanations were provided.
2021-05-07 05:38:37 -04:00
{ { "set", "maxconn", "frontend", NULL }, "set maxconn frontend <frontend> <value> : change a frontend's maxconn setting", cli_parse_set_maxconn_frontend, NULL },
{ { "show","servers", "conn", NULL }, "show servers conn [<backend>] : dump server connections status (all or for a single backend)", cli_parse_show_servers, cli_io_handler_servers_state },
{ { "show","servers", "state", NULL }, "show servers state [<backend>] : dump volatile server information (all or for a single backend)", cli_parse_show_servers, cli_io_handler_servers_state },
{ { "show", "backend", NULL }, "show backend : list backends in the current running config", NULL, cli_io_handler_show_backend },
{ { "shutdown", "frontend", NULL }, "shutdown frontend <frontend> : stop a specific frontend", cli_parse_shutdown_frontend, NULL, NULL },
{ { "set", "dynamic-cookie-key", "backend", NULL }, "set dynamic-cookie-key backend <bk> <k> : change a backend secret key for dynamic cookies", cli_parse_set_dyncookie_key_backend, NULL },
MEDIUM: proxy: implement publish/unpublish backend CLI Define a new set of CLI commands publish/unpublish backend <be>. The objective is to be able to change the status of a backend to unpublished. Such a backend is considered ineligible to traffic : this allows to skip use_backend rules which target it. Note that contrary to disabled/stopped proxies, an unpublished backend still has server checks running on it. Internally, a new proxy flags PR_FL_BE_UNPUBLISHED is defined. CLI commands handler "publish backend" and "unpublish backend" are executed under thread isolation. This guarantees that the flag can safely be set or remove in the CLI handlers, and read during content-switching processing.
2026-01-06 05:04:18 -05:00
{ { "unpublish", "backend", NULL }, "unpublish backend <backend> : remove backend for traffic processing", cli_parse_unpublish_backend, NULL, NULL },
CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages There were 102 CLI commands whose help were zig-zagging all along the dump making them unreadable. This patch realigns all these messages so that the command now uses up to 40 characters before the delimiting colon. About a third of the commands did not correctly list their arguments which were added after the first version, so they were all updated. Some abuses of the term "id" were fixed to use a more explanatory term. The "set ssl ocsp-response" command was not listed because it lacked a help message, this was fixed as well. The deprecated enable/disable commands for agent/health/server were prominently written as deprecated. Whenever possible, clearer explanations were provided.
2021-05-07 05:38:37 -04:00
{ { "enable", "dynamic-cookie", "backend", NULL }, "enable dynamic-cookie backend <bk> : enable dynamic cookies on a specific backend", cli_parse_enable_dyncookie_backend, NULL },
{ { "disable", "dynamic-cookie", "backend", NULL }, "disable dynamic-cookie backend <bk> : disable dynamic cookies on a specific backend", cli_parse_disable_dyncookie_backend, NULL },
{ { "show", "errors", NULL }, "show errors [<px>] [request|response] : report last request and/or response errors for each proxy", cli_parse_show_errors, cli_io_handler_show_errors, NULL },
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
{{},}
}};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 13:14:37 -05:00
INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* Local variables:
* c-indent-level: 8
* c-basic-offset: 8
* End:
*/
Reference in a new issue Copy permalink