upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-11 23:03:06 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 13
haproxy/src/cfgparse.c

8773 lines
284 KiB
C
Raw Normal View History

[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* Configuration parser
*
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
* Copyright 2000-2011 Willy Tarreau <w@1wt.eu>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
*/
BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported When an unknown encryption algorithm is used in userlists or the password is not pasted correctly in the configuration, http authentication silently fails. An initial check is now performed during the configuration parsing, in order to verify that the encrypted password is supported. An unsupported password will fail with a fatal error. This patch should be backported to 1.4 and 1.5.
2014-08-29 14:20:02 -04:00
#ifdef CONFIG_HAP_CRYPT
/* This is to have crypt() defined on Linux */
#define _GNU_SOURCE
#ifdef NEED_CRYPT_H
/* some platforms such as Solaris need this */
#include <crypt.h>
#endif
#endif /* CONFIG_HAP_CRYPT */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <netdb.h>
#include <ctype.h>
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
#include <pwd.h>
#include <grp.h>
[BUILD] cfgparse requires errno.h on OpenBSD.
2007-03-25 18:18:40 -04:00
#include <errno.h>
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#include <common/cfgparse.h>
REORG: buffers: split buffers into chunk,buffer,channel Many parts of the channel definition still make use of the "buffer" word.
2012-08-24 13:22:53 -04:00
#include <common/chunk.h>
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#include <common/config.h>
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
#include <common/errors.h>
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 11:53:05 -04:00
#include <common/memory.h>
#include <common/standard.h>
#include <common/time.h>
#include <common/uri_auth.h>
MAJOR: namespace: add Linux network namespace support This patch makes it possible to create binds and servers in separate namespaces. This can be used to proxy between multiple completely independent virtual networks (with possibly overlapping IP addresses) and a non-namespace-aware proxy implementation that supports the proxy protocol (v2). The setup is something like this: net1 on VLAN 1 (namespace 1) -\ net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0) net3 on VLAN 3 (namespace 3) -/ The proxy is configured to make server connections through haproxy and sending the expected source/target addresses to haproxy using the proxy protocol. The network namespace setup on the haproxy node is something like this: = 8< = $ cat setup.sh ip netns add 1 ip link add link eth1 type vlan id 1 ip link set eth1.1 netns 1 ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1 ip netns exec 1 ip link set eth1.$id up ... = 8< = = 8< = $ cat haproxy.cfg frontend clients bind 127.0.0.1:50022 namespace 1 transparent default_backend scb backend server mode tcp server server1 192.168.122.4:2222 namespace 2 send-proxy-v2 = 8< = A bind line creates the listener in the specified namespace, and connections originating from that listener also have their network namespace set to that of the listener. A server line either forces the connection to be made in a specified namespace or may use the namespace from the client-side connection if that was set. For more documentation please read the documentation included in the patch itself. Signed-off-by: KOVACS Tamas <ktamas@balabit.com> Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com> Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-17 09:11:45 -05:00
#include <common/namespace.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <types/capture.h>
MEDIUM: HTTP compression (zlib library support) This commit introduces HTTP compression using the zlib library. http_response_forward_body has been modified to call the compression functions. This feature includes 3 algorithms: identity, gzip and deflate: * identity: this is mostly for debugging, and it was useful for developping the compression feature. With Content-Length in input, it is making each chunk with the data available in the current buffer. With chunks in input, it is rechunking, the output chunks will be bigger or smaller depending of the size of the input chunk and the size of the buffer. Identity does not apply any change on data. * gzip: same as identity, but applying a gzip compression. The data are deflated using the Z_NO_FLUSH flag in zlib. When there is no more data in the input buffer, it flushes the data in the output buffer (Z_SYNC_FLUSH). At the end of data, when it receives the last chunk in input, or when there is no more data to read, it writes the end of data with Z_FINISH and the ending chunk. * deflate: same as gzip, but with deflate algorithm and zlib format. Note that this algorithm has ambiguous support on many browsers and no support at all from recent ones. It is strongly recommended not to use it for anything else than experimentation. You can't choose the compression ratio at the moment, it will be set to Z_BEST_SPEED (1), as tests have shown very little benefit in terms of compression ration when going above for HTML contents, at the cost of a massive CPU impact. Compression will be activated depending of the Accept-Encoding request header. With identity, it does not take care of that header. To build HAProxy with zlib support, use USE_ZLIB=1 in the make parameters. This work was initially started by David Du Colombier at Exceliance.
2012-10-23 04:25:10 -04:00
#include <types/compression.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <types/global.h>
MAJOR: connection: replace struct target with a pointer to an enum Instead of storing a couple of (int, ptr) in the struct connection and the struct session, we use a different method : we only store a pointer to an integer which is stored inside the target object and which contains a unique type identifier. That way, the pointer allows us to retrieve the object type (by dereferencing it) and the object's address (by computing the displacement in the target structure). The NULL pointer always corresponds to OBJ_TYPE_NONE. This reduces the size of the connection and session structs. It also simplifies target assignment and compare. In order to improve the generated code, we try to put the obj_type element at the beginning of all the structs (listener, server, proxy, si_applet), so that the original and target pointers are always equal. A lot of code was touched by massive replaces, but the changes are not that important.
2012-11-11 18:42:33 -05:00
#include <types/obj_type.h>
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
#include <types/peers.h>
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
#include <types/mailers.h>
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
#include <types/dns.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] add the 'acl' keyword to the config language The 'acl' keyword allows one to declare a new ACL. It is an important part of the ACL framework.
2007-05-06 18:53:22 -04:00
#include <proto/acl.h>
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
#include <proto/auth.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/backend.h>
REORG: buffers: split buffers into chunk,buffer,channel Many parts of the channel definition still make use of the "buffer" word.
2012-08-24 13:22:53 -04:00
#include <proto/channel.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/checks.h>
MEDIUM: HTTP compression (zlib library support) This commit introduces HTTP compression using the zlib library. http_response_forward_body has been modified to call the compression functions. This feature includes 3 algorithms: identity, gzip and deflate: * identity: this is mostly for debugging, and it was useful for developping the compression feature. With Content-Length in input, it is making each chunk with the data available in the current buffer. With chunks in input, it is rechunking, the output chunks will be bigger or smaller depending of the size of the input chunk and the size of the buffer. Identity does not apply any change on data. * gzip: same as identity, but applying a gzip compression. The data are deflated using the Z_NO_FLUSH flag in zlib. When there is no more data in the input buffer, it flushes the data in the output buffer (Z_SYNC_FLUSH). At the end of data, when it receives the last chunk in input, or when there is no more data to read, it writes the end of data with Z_FINISH and the ending chunk. * deflate: same as gzip, but with deflate algorithm and zlib format. Note that this algorithm has ambiguous support on many browsers and no support at all from recent ones. It is strongly recommended not to use it for anything else than experimentation. You can't choose the compression ratio at the moment, it will be set to Z_BEST_SPEED (1), as tests have shown very little benefit in terms of compression ration when going above for HTML contents, at the cost of a massive CPU impact. Compression will be activated depending of the Accept-Encoding request header. With identity, it does not take care of that header. To build HAProxy with zlib support, use USE_ZLIB=1 in the make parameters. This work was initially started by David Du Colombier at Exceliance.
2012-10-23 04:25:10 -04:00
#include <proto/compression.h>
[MEDIUM] introduce the "stats" keyword in global section Removed old unused MODE_LOG and MODE_STATS, and replaced the "stats" keyword in the global section. The new "stats" keyword in the global section is used to create a UNIX socket on which the statistics will be accessed. The client must issue a "show stat\n" command in order to get a CSV-formated output similar to the output on the HTTP socket in CSV mode.
2007-10-18 07:53:22 -04:00
#include <proto/dumpstats.h>
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 12:46:57 -04:00
#include <proto/frontend.h>
OPTIM/MINOR: move the hdr_idx pools out of the proxy struct It makes no sense to have one pointer to the hdr_idx pool in each proxy struct since these pools do not depend on the proxy. Let's have a common pool instead as it is already the case for other types.
2011-10-24 12:15:04 -04:00
#include <proto/hdr_idx.h>
[MEDIUM] backend: implement consistent hashing variation Consistent hashing provides some interesting advantages over common hashing. It avoids full redistribution in case of a server failure, or when expanding the farm. This has a cost however, the hashing is far from being perfect, as we associate a server to a request by searching the server with the closest key in a tree. Since servers appear multiple times based on their weights, it is recommended to use weights larger than approximately 10-20 in order to smoothen the distribution a bit. In some cases, playing with weights will be the only solution to make a server appear more often and increase chances of being picked, so stats are very important with consistent hashing. In order to indicate the type of hashing, use : hash-type map-based (default, old one) hash-type consistent (new one) Consistent hashing can make sense in a cache farm, in order not to redistribute everyone when a cache changes state. It could also probably be used for long sessions such as terminal sessions, though that has not be attempted yet. More details on this method of hashing here : http://www.spiteful.com/2008/03/17/programmers-toolbox-part-3-consistent-hashing/
2009-10-01 01:52:15 -04:00
#include <proto/lb_chash.h>
MEDIUM: backend: add the 'first' balancing algorithm The principle behind this load balancing algorithm was first imagined and modeled by Steen Larsen then iteratively refined through several work sessions until it would totally address its original goal. The purpose of this algorithm is to always use the smallest number of servers so that extra servers can be powered off during non-intensive hours. Additional tools may be used to do that work, possibly by locally monitoring the servers' activity. The first server with available connection slots receives the connection. The servers are choosen from the lowest numeric identifier to the highest (see server parameter "id"), which defaults to the server's position in the farm. Once a server reaches its maxconn value, the next server is used. It does not make sense to use this algorithm without setting maxconn. Note that it can however make sense to use minconn so that servers are not used at full load before starting new servers, and so that introduction of new servers requires a progressively increasing load (the number of servers would more or less follow the square root of the load until maxconn is reached). This algorithm ignores the server weight, and is more beneficial to long sessions such as RDP or IMAP than HTTP, though it can be useful there too.
2012-02-13 11:12:08 -05:00
#include <proto/lb_fas.h>
[CLEANUP] backend: move LB algos to individual files It was becoming painful to have all the LB algos in backend.c. Let's move them to their own files. A few hashing functions still need be broken in two parts, one for the contents and one for the map position.
2009-10-01 05:19:37 -04:00
#include <proto/lb_fwlc.h>
#include <proto/lb_fwrr.h>
#include <proto/lb_map.h>
REORG: split "protocols" files into protocol and listener It was becoming confusing to have protocols and listeners in the same files, split them.
2012-09-12 16:58:11 -04:00
#include <proto/listener.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/log.h>
REORG: split "protocols" files into protocol and listener It was becoming confusing to have protocols and listeners in the same files, split them.
2012-09-12 16:58:11 -04:00
#include <proto/protocol.h>
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-28 20:09:36 -04:00
#include <proto/proto_tcp.h>
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
#include <proto/proto_uxst.h>
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-28 20:09:36 -04:00
#include <proto/proto_http.h>
[MINOR] indicate the proxy type in the logs after a loss of servers When the last server goes down in a backend, indicate 'backend' or 'listener' in the log message depending on the type of the backend.
2006-12-31 11:46:05 -05:00
#include <proto/proxy.h>
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
#include <proto/peers.h>
REORG: rename "pattern" files They're now called "sample" everywhere to match their description.
2012-04-27 15:52:18 -04:00
#include <proto/sample.h>
REORG: session: move the session parts out of stream.c This concerns everythins related to accepting a new session and expiring the embryonic session. There's still a hard-coded call to stream_accept_session() which could be set somewhere in the frontend, but for now it's not a problem.
2015-04-04 12:50:31 -04:00
#include <proto/session.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/server.h>
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
#include <proto/stream.h>
REORG: sock_raw: rename the files raw_sock* The "raw_sock" prefix will be more convenient for naming functions as it will be prefixed with the data layer and suffixed with the data direction. So let's rename the files now to avoid any further confusion. The #include directive was also removed from a number of files which do not need it anymore.
2012-08-20 11:01:35 -04:00
#include <proto/raw_sock.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <proto/task.h>
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
#include <proto/stick_table.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: ssl: add support for SNI and wildcard certificates A side effect of this change is that the "ssl" keyword on "bind" lines is now just a boolean and that "crt" is needed to designate certificate files or directories. Note that much refcounting was needed to have the free() work correctly due to the number of cert aliases which can make a context be shared by multiple names.
2012-09-07 11:30:07 -04:00
#ifdef USE_OPENSSL
#include <types/ssl_sock.h>
#include <proto/ssl_sock.h>
#include <proto/shctx.h>
#endif /*USE_OPENSSL */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] implement 'option ssl-hello-chk' to use CLIENT HELLO health checks. This makes it possible to relay SSL connections in pure TCP instances while ensuring the remote end really receives our data eventhough intermediate agents (firewalls, proxies, ...) might acknowledge the connection.
2006-07-09 10:42:34 -04:00
/* This is the SSLv3 CLIENT HELLO packet used in conjunction with the
* ssl-hello-chk option to ensure that the remote server speaks SSL.
*
* Check RFC 2246 (TLSv1.0) sections A.3 and A.4 for details.
*/
const char sslv3_client_hello_pkt[] = {
"\x16" /* ContentType : 0x16 = Hanshake */
"\x03\x00" /* ProtocolVersion : 0x0300 = SSLv3 */
"\x00\x79" /* ContentLength : 0x79 bytes after this one */
"\x01" /* HanshakeType : 0x01 = CLIENT HELLO */
"\x00\x00\x75" /* HandshakeLength : 0x75 bytes after this one */
"\x03\x00" /* Hello Version : 0x0300 = v3 */
"\x00\x00\x00\x00" /* Unix GMT Time (s) : filled with <now> (@0x0B) */
"HAPROXYSSLCHK\nHAPROXYSSLCHK\n" /* Random : must be exactly 28 bytes */
"\x00" /* Session ID length : empty (no session ID) */
"\x00\x4E" /* Cipher Suite Length : 78 bytes after this one */
"\x00\x01" "\x00\x02" "\x00\x03" "\x00\x04" /* 39 most common ciphers : */
"\x00\x05" "\x00\x06" "\x00\x07" "\x00\x08" /* 0x01...0x1B, 0x2F...0x3A */
"\x00\x09" "\x00\x0A" "\x00\x0B" "\x00\x0C" /* This covers RSA/DH, */
"\x00\x0D" "\x00\x0E" "\x00\x0F" "\x00\x10" /* various bit lengths, */
"\x00\x11" "\x00\x12" "\x00\x13" "\x00\x14" /* SHA1/MD5, DES/3DES/AES... */
"\x00\x15" "\x00\x16" "\x00\x17" "\x00\x18"
"\x00\x19" "\x00\x1A" "\x00\x1B" "\x00\x2F"
"\x00\x30" "\x00\x31" "\x00\x32" "\x00\x33"
"\x00\x34" "\x00\x35" "\x00\x36" "\x00\x37"
"\x00\x38" "\x00\x39" "\x00\x3A"
"\x01" /* Compression Length : 0x01 = 1 byte for types */
"\x00" /* Compression Type : 0x00 = NULL compression */
};
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
/* various keyword modifiers */
enum kw_mod {
KWM_STD = 0, /* normal */
KWM_NO, /* "no" prefixed before the keyword */
KWM_DEF, /* "default" prefixed before the keyword */
};
MEDIUM: config: Dynamic sections. This patch permit to register new sections in the haproxy's configuration file. This run like all the "keyword" registration, it is used during the haproxy initialization, typically with the "__attribute__((constructor))" functions.
2014-03-18 08:54:18 -04:00
/* permit to store configuration section */
struct cfg_section {
struct list list;
char *section_name;
int (*section_parser)(const char *, int, char **, int);
};
/* Used to chain configuration sections definitions. This list
* stores struct cfg_section
*/
struct list sections = LIST_HEAD_INIT(sections);
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
/* some of the most common options which are also the easiest to handle */
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
struct cfg_opt {
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
const char *name;
unsigned int val;
unsigned int cap;
[MINOR] the options table now sets the prerequisite checks Some options will need some checks (or initializations) to be performed before starting everything. The cfg_opts table has been extended to allow storing of options-dependant checks.
2007-01-06 15:09:17 -05:00
unsigned int checks;
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
unsigned int mode;
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
};
/* proxy->options */
static const struct cfg_opt cfg_opts[] =
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
{
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
{ "abortonclose", PR_O_ABRT_CLOSE, PR_CAP_BE, 0, 0 },
{ "allbackups", PR_O_USE_ALL_BK, PR_CAP_BE, 0, 0 },
{ "checkcache", PR_O_CHK_CACHE, PR_CAP_BE, 0, PR_MODE_HTTP },
{ "clitcpka", PR_O_TCP_CLI_KA, PR_CAP_FE, 0, 0 },
{ "contstats", PR_O_CONTSTATS, PR_CAP_FE, 0, 0 },
{ "dontlognull", PR_O_NULLNOLOG, PR_CAP_FE, 0, 0 },
{ "http_proxy", PR_O_HTTP_PROXY, PR_CAP_FE | PR_CAP_BE, 0, PR_MODE_HTTP },
MEDIUM: http: add a new option http-buffer-request It is sometimes desirable to wait for the body of an HTTP request before taking a decision. This is what is being done by "balance url_param" for example. The first use case is to buffer requests from slow clients before connecting to the server. Another use case consists in taking the routing decision based on the request body's contents. This option placed in a frontend or backend forces the HTTP processing to wait until either the whole body is received, or the request buffer is full, or the first chunk is complete in case of chunked encoding. It can have undesired side effects with some applications abusing HTTP by expecting unbufferred transmissions between the frontend and the backend, so this should definitely not be used by default. Note that it would not work for the response because we don't reset the message state before starting to forward. For the response we need to 1) reset the message state to MSG_100_SENT or BODY , and 2) to reset body_len in case of chunked encoding to avoid counting it twice.
2015-05-01 16:42:08 -04:00
{ "http-buffer-request", PR_O_WREQ_BODY, PR_CAP_FE | PR_CAP_BE, 0, PR_MODE_HTTP },
MEDIUM: http: add option-ignore-probes to get rid of the floods of 408 Recently some browsers started to implement a "pre-connect" feature consisting in speculatively connecting to some recently visited web sites just in case the user would like to visit them. This results in many connections being established to web sites, which end up in 408 Request Timeout if the timeout strikes first, or 400 Bad Request when the browser decides to close them first. These ones pollute the log and feed the error counters. There was already "option dontlognull" but it's insufficient in this case. Instead, this option does the following things : - prevent any 400/408 message from being sent to the client if nothing was received over a connection before it was closed ; - prevent any log from being emitted in this situation ; - prevent any error counter from being incremented That way the empty connection is silently ignored. Note that it is better not to use this unless it is clear that it is needed, because it will hide real problems. The most common reason for not receiving a request and seeing a 408 is due to an MTU inconsistency between the client and an intermediary element such as a VPN, which blocks too large packets. These issues are generally seen with POST requests as well as GET with large cookies. The logs are often the only way to detect them. This patch should be backported to 1.5 since it avoids false alerts and makes it easier to monitor haproxy's status.
2015-05-01 09:37:53 -04:00
{ "http-ignore-probes", PR_O_IGNORE_PRB, PR_CAP_FE, 0, PR_MODE_HTTP },
MINOR: http: add option prefer-last-server When the load balancing algorithm in use is not deterministic, and a previous request was sent to a server to which haproxy still holds a connection, it is sometimes desirable that subsequent requests on a same session go to the same server as much as possible. Note that this is different from persistence, as we only indicate a preference which haproxy tries to apply without any form of warranty. The real use is for keep-alive connections sent to servers. When this option is used, haproxy will try to reuse the same connection that is attached to the server instead of rebalancing to another server, causing a close of the connection. This can make sense for static file servers. It does not make much sense to use this in combination with hashing algorithms.
2013-12-15 12:58:25 -05:00
{ "prefer-last-server", PR_O_PREF_LAST, PR_CAP_BE, 0, PR_MODE_HTTP },
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
{ "logasap", PR_O_LOGASAP, PR_CAP_FE, 0, 0 },
{ "nolinger", PR_O_TCP_NOLING, PR_CAP_FE | PR_CAP_BE, 0, 0 },
{ "persist", PR_O_PERSIST, PR_CAP_BE, 0, 0 },
{ "srvtcpka", PR_O_TCP_SRV_KA, PR_CAP_BE, 0, 0 },
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
#ifdef TPROXY
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
{ "transparent", PR_O_TRANSP, PR_CAP_BE, 0, 0 },
[MINOR] config: detect options not supported due to compilation options Some options depends on the target architecture or compilation options. When such an option is used on a compiled version that doesn't support it, it's probably better to identify it as an unsupported option due to compilation options instead of an unknown option. Edit: better check on the empty capability than on the option bits. -Willy
2010-11-01 14:26:00 -04:00
#else
{ "transparent", 0, 0, 0, 0 },
[MINOR] added the "tcpsplice" option it does nothing yet except set the minimal options.
2007-01-06 15:11:49 -05:00
#endif
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
{ NULL, 0, 0, 0, 0 }
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
};
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
/* proxy->options2 */
static const struct cfg_opt cfg_opts2[] =
{
#ifdef CONFIG_HAP_LINUX_SPLICE
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
{ "splice-request", PR_O2_SPLIC_REQ, PR_CAP_FE|PR_CAP_BE, 0, 0 },
{ "splice-response", PR_O2_SPLIC_RTR, PR_CAP_FE|PR_CAP_BE, 0, 0 },
{ "splice-auto", PR_O2_SPLIC_AUT, PR_CAP_FE|PR_CAP_BE, 0, 0 },
[MINOR] config: detect options not supported due to compilation options Some options depends on the target architecture or compilation options. When such an option is used on a compiled version that doesn't support it, it's probably better to identify it as an unsupported option due to compilation options instead of an unknown option. Edit: better check on the empty capability than on the option bits. -Willy
2010-11-01 14:26:00 -04:00
#else
{ "splice-request", 0, 0, 0, 0 },
{ "splice-response", 0, 0, 0, 0 },
{ "splice-auto", 0, 0, 0, 0 },
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
#endif
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
{ "accept-invalid-http-request", PR_O2_REQBUG_OK, PR_CAP_FE, 0, PR_MODE_HTTP },
{ "accept-invalid-http-response", PR_O2_RSPBUG_OK, PR_CAP_BE, 0, PR_MODE_HTTP },
{ "dontlog-normal", PR_O2_NOLOGNORM, PR_CAP_FE, 0, 0 },
{ "log-separate-errors", PR_O2_LOGERRORS, PR_CAP_FE, 0, 0 },
{ "log-health-checks", PR_O2_LOGHCHKS, PR_CAP_BE, 0, 0 },
{ "socket-stats", PR_O2_SOCKSTAT, PR_CAP_FE, 0, 0 },
{ "tcp-smart-accept", PR_O2_SMARTACC, PR_CAP_FE, 0, 0 },
{ "tcp-smart-connect", PR_O2_SMARTCON, PR_CAP_BE, 0, 0 },
{ "independant-streams", PR_O2_INDEPSTR, PR_CAP_FE|PR_CAP_BE, 0, 0 },
DOC: fix name for "option independant-streams" The correct spelling is "independent", not "independant". This patch fixes the doc and the configuration parser to accept the correct form. The config parser still allows the old naming for backwards compatibility.
2012-08-25 00:18:33 -04:00
{ "independent-streams", PR_O2_INDEPSTR, PR_CAP_FE|PR_CAP_BE, 0, 0 },
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
{ "http-use-proxy-header", PR_O2_USE_PXHDR, PR_CAP_FE, 0, PR_MODE_HTTP },
[MINOR] option http-pretend-keepalive is both for FEs and BEs The config parser only accepted it in frontends.
2010-04-27 16:19:14 -04:00
{ "http-pretend-keepalive", PR_O2_FAKE_KA, PR_CAP_FE|PR_CAP_BE, 0, PR_MODE_HTTP },
[MEDIUM] http: add support for "http-no-delay" There are some very rare server-to-server applications that abuse the HTTP protocol and expect the payload phase to be highly interactive, with many interleaved data chunks in both directions within a single request. This is absolutely not supported by the HTTP specification and will not work across most proxies or servers. When such applications attempt to do this through haproxy, it works but they will experience high delays due to the network optimizations which favor performance by instructing the system to wait for enough data to be available in order to only send full packets. Typical delays are around 200 ms per round trip. Note that this only happens with abnormal uses. Normal uses such as CONNECT requests nor WebSockets are not affected. When "option http-no-delay" is present in either the frontend or the backend used by a connection, all such optimizations will be disabled in order to make the exchanges as fast as possible. Of course this offers no guarantee on the functionality, as it may break at any other place. But if it works via HAProxy, it will work as fast as possible. This option should never be used by default, and should never be used at all unless such a buggy application is discovered. The impact of using this option is an increase of bandwidth usage and CPU usage, which may significantly lower performance in high latency environments. This change should be backported to 1.4 since the first report of such a misuse was in 1.4. Next patch will also be needed.
2011-05-30 12:10:30 -04:00
{ "http-no-delay", PR_O2_NODELAY, PR_CAP_FE|PR_CAP_BE, 0, PR_MODE_HTTP },
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
{ NULL, 0, 0, 0 }
};
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MINOR] report correct section type for unknown keywords. An unknown keyword was always reported in section "listen" for any section type (defaults, listen, frontend, backend, ...).
2008-01-22 10:44:08 -05:00
static char *cursection = NULL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
static struct proxy defproxy; /* fake proxy used to assign default values on all instances */
int cfg_maxpconn = DEFAULT_MAXCONN; /* # of simultaneous connections per proxy (-N) */
[CLEANUP] config: catch and report some possibly wrong rule ordering There are some configurations in which redirect rules are declared after use_backend rules. We can also find "block" rules after any of these ones. The processing sequence is : - block - redirect - use_backend So as of now we try to detect wrong ordering to warn the user about a possibly undesired behaviour.
2009-03-15 10:23:16 -04:00
int cfg_maxconn = 0; /* # of simultaneous connections, (-n) */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
/* List head of all known configuration keywords */
static struct cfg_kw_list cfg_keywords = {
.list = LIST_HEAD_INIT(cfg_keywords.list)
};
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* converts <str> to a list of listeners which are dynamically allocated.
* The format is "{addr|'*'}:port[-end][,{addr|'*'}:port[-end]]*", where :
* - <addr> can be empty or "*" to indicate INADDR_ANY ;
* - <port> is a numerical port from 1 to 65535 ;
* - <end> indicates to use the range from <port> to <end> instead (inclusive).
* This can be repeated as many times as necessary, separated by a coma.
MINOR: config: make str2listener() use memprintf() to report errors. This will make it possible to use the function for other listening sockets.
2012-09-20 14:01:39 -04:00
* Function returns 1 for success or 0 if error. In case of errors, if <err> is
* not NULL, it must be a valid pointer to either NULL or a freeable area that
* will be replaced with an error message.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
MINOR: config: make str2listener() use memprintf() to report errors. This will make it possible to use the function for other listening sockets.
2012-09-20 14:01:39 -04:00
int str2listener(char *str, struct proxy *curproxy, struct bind_conf *bind_conf, const char *file, int line, char **err)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
struct listener *l;
[MINOR] cfgparse: better report wrong listening addresses and make use of str2sa_range It's always been a mess to debug wrong listening addresses because the parsing function does not indicate the file and line number. Now it does. Since the code was almost a duplicate of str2sa_range, it now makes use of it and has been sensibly reduced.
2011-03-04 09:43:13 -05:00
char *next, *dupstr;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
int port, end;
next = dupstr = strdup(str);
[MEDIUM] Collect & provide separate statistics for sockets, v2 This patch allows to collect & provide separate statistics for each socket. It can be very useful if you would like to distinguish between traffic generate by local and remote users or between different types of remote clients (peerings, domestic, foreign). Currently no "Session rate" is supported, but adding it should be possible if we found it useful.
2009-10-04 09:43:17 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
while (next && *next) {
MEDIUM: config: use a single str2sa_range() call to parse bind addresses str2listener() now doesn't check the address syntax, it only relies on str2sa_range() to retrieve the address and family.
2013-03-06 09:45:03 -05:00
struct sockaddr_storage ss, *ss2;
MAJOR: listener: support inheriting a listening fd from the parent Using the address syntax "fd@<num>", a listener may inherit a file descriptor that the caller process has already bound and passed as this number. The fd's socket family is detected using getsockname(), and the usual initialization is performed through the existing code for that family, but the socket creation is skipped. Whether the parent has performed the listen() call or not is not important as this is detected. For UNIX sockets, we immediately clear the path after preparing a socket so that we never remove it in case an abort would happen due to a late error during startup.
2013-03-10 18:51:38 -04:00
int fd = -1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
str = next;
/* 1) look for the end of the first address */
[BUG] Fix listen & more of 2 couples <ip>:<port> Fix "listen www-mutualise 80.248.x.y1:80,80.248.x.y2:80,80.248.x.y3:80": [ALERT] 309/161509 (15450) : Invalid server address: '80.248.x.y1:80,80.248.x.y2' [ALERT] 309/161509 (15450) : Error reading configuration file : /etc/haproxy/haproxy.cfg Bug reported by Laurent Dolosor.
2009-01-27 10:57:08 -05:00
if ((next = strchr(str, ',')) != NULL) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*next++ = 0;
}
MEDIUM: config: use a single str2sa_range() call to parse bind addresses str2listener() now doesn't check the address syntax, it only relies on str2sa_range() to retrieve the address and family.
2013-03-06 09:45:03 -05:00
ss2 = str2sa_range(str, &port, &end, err,
curproxy == global.stats_fe ? NULL : global.unix_bind.prefix);
if (!ss2)
goto fail;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: config: use a single str2sa_range() call to parse bind addresses str2listener() now doesn't check the address syntax, it only relies on str2sa_range() to retrieve the address and family.
2013-03-06 09:45:03 -05:00
if (ss2->ss_family == AF_INET || ss2->ss_family == AF_INET6) {
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
if (!port && !end) {
MINOR: config: make str2listener() use memprintf() to report errors. This will make it possible to use the function for other listening sockets.
2012-09-20 14:01:39 -04:00
memprintf(err, "missing port number: '%s'\n", str);
[MINOR] cfgparse: better report wrong listening addresses and make use of str2sa_range It's always been a mess to debug wrong listening addresses because the parsing function does not indicate the file and line number. Now it does. Since the code was almost a duplicate of str2sa_range, it now makes use of it and has been sensibly reduced.
2011-03-04 09:43:13 -05:00
goto fail;
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
}
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
if (!port || !end) {
memprintf(err, "port offsets are not allowed in 'bind': '%s'\n", str);
goto fail;
}
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
if (port < 1 || port > 65535) {
MINOR: config: make str2listener() use memprintf() to report errors. This will make it possible to use the function for other listening sockets.
2012-09-20 14:01:39 -04:00
memprintf(err, "invalid port '%d' specified for address '%s'.\n", port, str);
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
goto fail;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
if (end < 1 || end > 65535) {
MINOR: config: make str2listener() use memprintf() to report errors. This will make it possible to use the function for other listening sockets.
2012-09-20 14:01:39 -04:00
memprintf(err, "invalid port '%d' specified for address '%s'.\n", end, str);
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
goto fail;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MAJOR: listener: support inheriting a listening fd from the parent Using the address syntax "fd@<num>", a listener may inherit a file descriptor that the caller process has already bound and passed as this number. The fd's socket family is detected using getsockname(), and the usual initialization is performed through the existing code for that family, but the socket creation is skipped. Whether the parent has performed the listen() call or not is not important as this is detected. For UNIX sockets, we immediately clear the path after preparing a socket so that we never remove it in case an abort would happen due to a late error during startup.
2013-03-10 18:51:38 -04:00
else if (ss2->ss_family == AF_UNSPEC) {
socklen_t addr_len;
/* We want to attach to an already bound fd whose number
* is in the addr part of ss2 when cast to sockaddr_in.
* Note that by definition there is a single listener.
* We still have to determine the address family to
* register the correct protocol.
*/
fd = ((struct sockaddr_in *)ss2)->sin_addr.s_addr;
addr_len = sizeof(*ss2);
if (getsockname(fd, (struct sockaddr *)ss2, &addr_len) == -1) {
memprintf(err, "cannot use file descriptor '%d' : %s.\n", fd, strerror(errno));
goto fail;
}
port = end = get_host_port(ss2);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: config: use a single str2sa_range() call to parse bind addresses str2listener() now doesn't check the address syntax, it only relies on str2sa_range() to retrieve the address and family.
2013-03-06 09:45:03 -05:00
/* OK the address looks correct */
ss = *ss2;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
for (; port <= end; port++) {
l = (struct listener *)calloc(1, sizeof(struct listener));
MAJOR: connection: replace struct target with a pointer to an enum Instead of storing a couple of (int, ptr) in the struct connection and the struct session, we use a different method : we only store a pointer to an integer which is stored inside the target object and which contains a unique type identifier. That way, the pointer allows us to retrieve the object type (by dereferencing it) and the object's address (by computing the displacement in the target structure). The NULL pointer always corresponds to OBJ_TYPE_NONE. This reduces the size of the connection and session structs. It also simplifies target assignment and compare. In order to improve the generated code, we try to put the obj_type element at the beginning of all the structs (listener, server, proxy, si_applet), so that the original and target pointers are always equal. A lot of code was touched by massive replaces, but the changes are not that important.
2012-11-11 18:42:33 -05:00
l->obj_type = OBJ_TYPE_LISTENER;
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
LIST_ADDQ(&curproxy->conf.listeners, &l->by_fe);
LIST_ADDQ(&bind_conf->listeners, &l->by_bind);
l->frontend = curproxy;
l->bind_conf = bind_conf;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MAJOR: listener: support inheriting a listening fd from the parent Using the address syntax "fd@<num>", a listener may inherit a file descriptor that the caller process has already bound and passed as this number. The fd's socket family is detected using getsockname(), and the usual initialization is performed through the existing code for that family, but the socket creation is skipped. Whether the parent has performed the listen() call or not is not important as this is detected. For UNIX sockets, we immediately clear the path after preparing a socket so that we never remove it in case an abort would happen due to a late error during startup.
2013-03-10 18:51:38 -04:00
l->fd = fd;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
l->addr = ss;
REORG: connection: rename the data layer the "transport layer" While working on the changes required to make the health checks use the new connections, it started to become obvious that some naming was not logical at all in the connections. Specifically, it is not logical to call the "data layer" the layer which is in charge for all the handshake and which does not yet provide a data layer once established until a session has allocated all the required buffers. In fact, it's more a transport layer, which makes much more sense. The transport layer offers a medium on which data can transit, and it offers the functions to move these data when the upper layer requests this. And it is the upper layer which iterates over the transport layer's functions to move data which should be called the data layer. The use case where it's obvious is with embryonic sessions : an incoming SSL connection is accepted. Only the connection is allocated, not the buffers nor stream interface, etc... The connection handles the SSL handshake by itself. Once this handshake is complete, we can't use the data functions because the buffers and stream interface are not there yet. Hence we have to first call a specific function to complete the session initialization, after which we'll be able to use the data functions. This clearly proves that SSL here is only a transport layer and that the stream interface constitutes the data layer. A similar change will be performed to rename app_cb => data, but the two could not be in the same commit for obvious reasons.
2012-10-02 18:19:48 -04:00
l->xprt = &raw_sock;
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-28 20:09:36 -04:00
l->state = LI_INIT;
[MINOR] cfgparse: better report wrong listening addresses and make use of str2sa_range It's always been a mess to debug wrong listening addresses because the parsing function does not indicate the file and line number. Now it does. Since the code was almost a duplicate of str2sa_range, it now makes use of it and has been sensibly reduced.
2011-03-04 09:43:13 -05:00
if (ss.ss_family == AF_INET) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
((struct sockaddr_in *)(&l->addr))->sin_port = htons(port);
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-28 20:09:36 -04:00
tcpv4_add_listener(l);
}
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
else if (ss.ss_family == AF_INET6) {
((struct sockaddr_in6 *)(&l->addr))->sin6_port = htons(port);
tcpv6_add_listener(l);
}
else {
uxst_add_listener(l);
}
[MEDIUM] Collect & provide separate statistics for sockets, v2 This patch allows to collect & provide separate statistics for each socket. It can be very useful if you would like to distinguish between traffic generate by local and remote users or between different types of remote clients (peerings, domestic, foreign). Currently no "Session rate" is supported, but adding it should be possible if we found it useful.
2009-10-04 09:43:17 -04:00
[MINOR] support a global jobs counter This counter is incremented for each incoming connection and each active listener, and is used to prevent haproxy from stopping upon SIGUSR1. It will thus be possible for some tasks in increment this counter in order to prevent haproxy from dying until they have completed their job.
2010-08-31 09:39:26 -04:00
jobs++;
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-28 20:09:36 -04:00
listeners++;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} /* end for(port) */
} /* end while(next) */
free(dupstr);
[MEDIUM] Collect & provide separate statistics for sockets, v2 This patch allows to collect & provide separate statistics for each socket. It can be very useful if you would like to distinguish between traffic generate by local and remote users or between different types of remote clients (peerings, domestic, foreign). Currently no "Session rate" is supported, but adding it should be possible if we found it useful.
2009-10-04 09:43:17 -04:00
return 1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
fail:
free(dupstr);
[MEDIUM] Collect & provide separate statistics for sockets, v2 This patch allows to collect & provide separate statistics for each socket. It can be very useful if you would like to distinguish between traffic generate by local and remote users or between different types of remote clients (peerings, domestic, foreign). Currently no "Session rate" is supported, but adding it should be possible if we found it useful.
2009-10-04 09:43:17 -04:00
return 0;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: cfgparse: check section maximum number of arguments This patch checks the number of arguments of the keywords: 'global', 'defaults', 'listen', 'backend', 'frontend', 'peers' and 'userlist' The 'global' section does not take any arguments. Proxy sections does not support bind address as argument anymore. Those sections supports only an <id> argument. The 'defaults' section didn't had any check on its arguments. It takes an optional <name> argument. 'peers' section takes a <peersect> argument. 'userlist' section takes a <listname> argument.
2015-04-28 10:55:23 -04:00
/*
* Report a fatal Alert when there is too much arguments
* The index is the current keyword in args
* Return 0 if the number of argument is correct, otherwise emit an alert and return 1
* Fill err_code with an ERR_ALERT and an ERR_FATAL
*/
int alertif_too_many_args_idx(int maxarg, int index, const char *file, int linenum, char **args, int *err_code)
{
char *kw = NULL;
int i;
if (!*args[index + maxarg + 1])
return 0;
memprintf(&kw, "%s", args[0]);
for (i = 1; i <= index; i++) {
memprintf(&kw, "%s %s", kw, args[i]);
}
Alert("parsing [%s:%d] : '%s' cannot handle unexpected argument '%s'.\n", file, linenum, kw, args[index + maxarg + 1]);
free(kw);
*err_code |= ERR_ALERT | ERR_FATAL;
return 1;
}
/*
* same as alertif_too_many_args_idx with a 0 index
*/
int alertif_too_many_args(int maxarg, const char *file, int linenum, char **args, int *err_code)
{
return alertif_too_many_args_idx(maxarg, 0, file, linenum, args, err_code);
}
MEDIUM: config: report it when tcp-request rules are misplaced A config where a tcp-request rule appears after an http-request rule might seem valid but it is not. So let's report a warning about this since this case is hard to detect by the naked eye.
2014-09-16 09:39:51 -04:00
/* Report a warning if a rule is placed after a 'tcp-request content' rule.
* Return 1 if the warning has been emitted, otherwise 0.
*/
int warnif_rule_after_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg)
{
if (!LIST_ISEMPTY(&proxy->tcp_req.inspect_rules)) {
Warning("parsing [%s:%d] : a '%s' rule placed after a 'tcp-request content' rule will still be processed before.\n",
file, line, arg);
return 1;
}
return 0;
}
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
/* Report a warning if a rule is placed after a 'block' rule.
* Return 1 if the warning has been emitted, otherwise 0.
*/
[CLEANUP] config: specify correct const char types to warnif_* functions Also factor out a few declarations of acl_cond everywhere.
2010-01-28 13:01:34 -05:00
int warnif_rule_after_block(struct proxy *proxy, const char *file, int line, const char *arg)
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
{
CLEANUP: proxy: rename "block_cond" to "block_rules" Next patch will make them real rules, not only conditions. This separate patch makes the next one more readable.
2014-04-28 16:05:31 -04:00
if (!LIST_ISEMPTY(&proxy->block_rules)) {
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
Warning("parsing [%s:%d] : a '%s' rule placed after a 'block' rule will still be processed before.\n",
file, line, arg);
return 1;
}
return 0;
}
MEDIUM: config: report misplaced http-request rules Recently, the http-request ruleset started to be used a lot and some bug reports were caused by misplaced http-request rules because there was no warning if they're after a redirect or use_backend rule. Let's fix this now. http-request rules are just after the block rules.
2014-04-22 19:32:02 -04:00
/* Report a warning if a rule is placed after an 'http_request' rule.
* Return 1 if the warning has been emitted, otherwise 0.
*/
int warnif_rule_after_http_req(struct proxy *proxy, const char *file, int line, const char *arg)
{
if (!LIST_ISEMPTY(&proxy->http_req_rules)) {
Warning("parsing [%s:%d] : a '%s' rule placed after an 'http-request' rule will still be processed before.\n",
file, line, arg);
return 1;
}
return 0;
}
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
/* Report a warning if a rule is placed after a reqrewrite rule.
* Return 1 if the warning has been emitted, otherwise 0.
*/
[CLEANUP] config: specify correct const char types to warnif_* functions Also factor out a few declarations of acl_cond everywhere.
2010-01-28 13:01:34 -05:00
int warnif_rule_after_reqxxx(struct proxy *proxy, const char *file, int line, const char *arg)
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
{
if (proxy->req_exp) {
Warning("parsing [%s:%d] : a '%s' rule placed after a 'reqxxx' rule will still be processed before.\n",
file, line, arg);
return 1;
}
return 0;
}
/* Report a warning if a rule is placed after a reqadd rule.
* Return 1 if the warning has been emitted, otherwise 0.
*/
[CLEANUP] config: specify correct const char types to warnif_* functions Also factor out a few declarations of acl_cond everywhere.
2010-01-28 13:01:34 -05:00
int warnif_rule_after_reqadd(struct proxy *proxy, const char *file, int line, const char *arg)
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
{
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
if (!LIST_ISEMPTY(&proxy->req_add)) {
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
Warning("parsing [%s:%d] : a '%s' rule placed after a 'reqadd' rule will still be processed before.\n",
file, line, arg);
return 1;
}
return 0;
}
/* Report a warning if a rule is placed after a redirect rule.
* Return 1 if the warning has been emitted, otherwise 0.
*/
[CLEANUP] config: specify correct const char types to warnif_* functions Also factor out a few declarations of acl_cond everywhere.
2010-01-28 13:01:34 -05:00
int warnif_rule_after_redirect(struct proxy *proxy, const char *file, int line, const char *arg)
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
{
if (!LIST_ISEMPTY(&proxy->redirect_rules)) {
Warning("parsing [%s:%d] : a '%s' rule placed after a 'redirect' rule will still be processed before.\n",
file, line, arg);
return 1;
}
return 0;
}
/* Report a warning if a rule is placed after a 'use_backend' rule.
* Return 1 if the warning has been emitted, otherwise 0.
*/
[CLEANUP] config: specify correct const char types to warnif_* functions Also factor out a few declarations of acl_cond everywhere.
2010-01-28 13:01:34 -05:00
int warnif_rule_after_use_backend(struct proxy *proxy, const char *file, int line, const char *arg)
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
{
if (!LIST_ISEMPTY(&proxy->switching_rules)) {
Warning("parsing [%s:%d] : a '%s' rule placed after a 'use_backend' rule will still be processed before.\n",
file, line, arg);
return 1;
}
return 0;
}
MEDIUM: config: report misplaced use-server rules Till now there was no check against misplaced use-server rules, and no warning was emitted, adding to the confusion. They're processed just after the use_backend rules, or more exactly at the same level but for the backend.
2014-04-22 19:39:04 -04:00
/* Report a warning if a rule is placed after a 'use-server' rule.
* Return 1 if the warning has been emitted, otherwise 0.
*/
int warnif_rule_after_use_server(struct proxy *proxy, const char *file, int line, const char *arg)
{
if (!LIST_ISEMPTY(&proxy->server_rules)) {
Warning("parsing [%s:%d] : a '%s' rule placed after a 'use-server' rule will still be processed before.\n",
file, line, arg);
return 1;
}
return 0;
}
MEDIUM: config: report it when tcp-request rules are misplaced A config where a tcp-request rule appears after an http-request rule might seem valid but it is not. So let's report a warning about this since this case is hard to detect by the naked eye.
2014-09-16 09:39:51 -04:00
/* report a warning if a "tcp request connection" rule is dangerously placed */
int warnif_misplaced_tcp_conn(struct proxy *proxy, const char *file, int line, const char *arg)
{
return warnif_rule_after_tcp_cont(proxy, file, line, arg) ||
warnif_rule_after_block(proxy, file, line, arg) ||
warnif_rule_after_http_req(proxy, file, line, arg) ||
warnif_rule_after_reqxxx(proxy, file, line, arg) ||
warnif_rule_after_reqadd(proxy, file, line, arg) ||
warnif_rule_after_redirect(proxy, file, line, arg) ||
warnif_rule_after_use_backend(proxy, file, line, arg) ||
warnif_rule_after_use_server(proxy, file, line, arg);
}
/* report a warning if a "tcp request content" rule is dangerously placed */
int warnif_misplaced_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg)
{
return warnif_rule_after_block(proxy, file, line, arg) ||
warnif_rule_after_http_req(proxy, file, line, arg) ||
warnif_rule_after_reqxxx(proxy, file, line, arg) ||
warnif_rule_after_reqadd(proxy, file, line, arg) ||
warnif_rule_after_redirect(proxy, file, line, arg) ||
warnif_rule_after_use_backend(proxy, file, line, arg) ||
warnif_rule_after_use_server(proxy, file, line, arg);
}
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
/* report a warning if a block rule is dangerously placed */
[CLEANUP] config: specify correct const char types to warnif_* functions Also factor out a few declarations of acl_cond everywhere.
2010-01-28 13:01:34 -05:00
int warnif_misplaced_block(struct proxy *proxy, const char *file, int line, const char *arg)
MEDIUM: config: report misplaced http-request rules Recently, the http-request ruleset started to be used a lot and some bug reports were caused by misplaced http-request rules because there was no warning if they're after a redirect or use_backend rule. Let's fix this now. http-request rules are just after the block rules.
2014-04-22 19:32:02 -04:00
{
return warnif_rule_after_http_req(proxy, file, line, arg) ||
warnif_rule_after_reqxxx(proxy, file, line, arg) ||
warnif_rule_after_reqadd(proxy, file, line, arg) ||
warnif_rule_after_redirect(proxy, file, line, arg) ||
MEDIUM: config: report misplaced use-server rules Till now there was no check against misplaced use-server rules, and no warning was emitted, adding to the confusion. They're processed just after the use_backend rules, or more exactly at the same level but for the backend.
2014-04-22 19:39:04 -04:00
warnif_rule_after_use_backend(proxy, file, line, arg) ||
warnif_rule_after_use_server(proxy, file, line, arg);
MEDIUM: config: report misplaced http-request rules Recently, the http-request ruleset started to be used a lot and some bug reports were caused by misplaced http-request rules because there was no warning if they're after a redirect or use_backend rule. Let's fix this now. http-request rules are just after the block rules.
2014-04-22 19:32:02 -04:00
}
/* report a warning if an http-request rule is dangerously placed */
int warnif_misplaced_http_req(struct proxy *proxy, const char *file, int line, const char *arg)
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
{
return warnif_rule_after_reqxxx(proxy, file, line, arg) ||
warnif_rule_after_reqadd(proxy, file, line, arg) ||
warnif_rule_after_redirect(proxy, file, line, arg) ||
MEDIUM: config: report misplaced use-server rules Till now there was no check against misplaced use-server rules, and no warning was emitted, adding to the confusion. They're processed just after the use_backend rules, or more exactly at the same level but for the backend.
2014-04-22 19:39:04 -04:00
warnif_rule_after_use_backend(proxy, file, line, arg) ||
warnif_rule_after_use_server(proxy, file, line, arg);
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
}
/* report a warning if a reqxxx rule is dangerously placed */
[CLEANUP] config: specify correct const char types to warnif_* functions Also factor out a few declarations of acl_cond everywhere.
2010-01-28 13:01:34 -05:00
int warnif_misplaced_reqxxx(struct proxy *proxy, const char *file, int line, const char *arg)
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
{
return warnif_rule_after_reqadd(proxy, file, line, arg) ||
warnif_rule_after_redirect(proxy, file, line, arg) ||
MEDIUM: config: report misplaced use-server rules Till now there was no check against misplaced use-server rules, and no warning was emitted, adding to the confusion. They're processed just after the use_backend rules, or more exactly at the same level but for the backend.
2014-04-22 19:39:04 -04:00
warnif_rule_after_use_backend(proxy, file, line, arg) ||
warnif_rule_after_use_server(proxy, file, line, arg);
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
}
/* report a warning if a reqadd rule is dangerously placed */
[CLEANUP] config: specify correct const char types to warnif_* functions Also factor out a few declarations of acl_cond everywhere.
2010-01-28 13:01:34 -05:00
int warnif_misplaced_reqadd(struct proxy *proxy, const char *file, int line, const char *arg)
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
{
return warnif_rule_after_redirect(proxy, file, line, arg) ||
MEDIUM: config: report misplaced use-server rules Till now there was no check against misplaced use-server rules, and no warning was emitted, adding to the confusion. They're processed just after the use_backend rules, or more exactly at the same level but for the backend.
2014-04-22 19:39:04 -04:00
warnif_rule_after_use_backend(proxy, file, line, arg) ||
warnif_rule_after_use_server(proxy, file, line, arg);
}
/* report a warning if a redirect rule is dangerously placed */
int warnif_misplaced_redirect(struct proxy *proxy, const char *file, int line, const char *arg)
{
return warnif_rule_after_use_backend(proxy, file, line, arg) ||
warnif_rule_after_use_server(proxy, file, line, arg);
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
}
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
/* Report it if a request ACL condition uses some keywords that are incompatible
* with the place where the ACL is used. It returns either 0 or ERR_WARN so that
* its result can be or'ed with err_code. Note that <cond> may be NULL and then
* will be ignored.
[CLEANUP] config: use warnif_cond_requires_resp() to check for bad ACLs Factor out some repetitive copy-pasted code to check for request ACLs validity.
2010-01-28 11:59:39 -05:00
*/
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
static int warnif_cond_conflicts(const struct acl_cond *cond, unsigned int where, const char *file, int line)
[CLEANUP] config: use warnif_cond_requires_resp() to check for bad ACLs Factor out some repetitive copy-pasted code to check for request ACLs validity.
2010-01-28 11:59:39 -05:00
{
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
const struct acl *acl;
MEDIUM: acl: have a pointer to the keyword name in acl_expr The acl_expr struct used to hold a pointer to the ACL keyword. But since we now have all the relevant pointers, we don't need that anymore, we just need the pointer to the keyword as a string in order to return warnings and error messages. So let's change this in order to remove the dependency on the acl_keyword struct from acl_expr. During this change, acl_cond_kw_conflicts() used to return a pointer to an ACL keyword but had to be changed to return a const char* for the same reason.
2013-03-31 16:59:32 -04:00
const char *kw;
[CLEANUP] config: use warnif_cond_requires_resp() to check for bad ACLs Factor out some repetitive copy-pasted code to check for request ACLs validity.
2010-01-28 11:59:39 -05:00
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
if (!cond)
[CLEANUP] config: use warnif_cond_requires_resp() to check for bad ACLs Factor out some repetitive copy-pasted code to check for request ACLs validity.
2010-01-28 11:59:39 -05:00
return 0;
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
acl = acl_cond_conflicts(cond, where);
if (acl) {
if (acl->name && *acl->name)
Warning("parsing [%s:%d] : acl '%s' will never match because it only involves keywords that are incompatible with '%s'\n",
file, line, acl->name, sample_ckp_names(where));
else
Warning("parsing [%s:%d] : anonymous acl will never match because it uses keyword '%s' which is incompatible with '%s'\n",
MEDIUM: acl: have a pointer to the keyword name in acl_expr The acl_expr struct used to hold a pointer to the ACL keyword. But since we now have all the relevant pointers, we don't need that anymore, we just need the pointer to the keyword as a string in order to return warnings and error messages. So let's change this in order to remove the dependency on the acl_keyword struct from acl_expr. During this change, acl_cond_kw_conflicts() used to return a pointer to an ACL keyword but had to be changed to return a const char* for the same reason.
2013-03-31 16:59:32 -04:00
file, line, LIST_ELEM(acl->expr.n, struct acl_expr *, list)->kw, sample_ckp_names(where));
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
return ERR_WARN;
}
if (!acl_cond_kw_conflicts(cond, where, &acl, &kw))
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
return 0;
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
if (acl->name && *acl->name)
Warning("parsing [%s:%d] : acl '%s' involves keywords '%s' which is incompatible with '%s'\n",
MEDIUM: acl: have a pointer to the keyword name in acl_expr The acl_expr struct used to hold a pointer to the ACL keyword. But since we now have all the relevant pointers, we don't need that anymore, we just need the pointer to the keyword as a string in order to return warnings and error messages. So let's change this in order to remove the dependency on the acl_keyword struct from acl_expr. During this change, acl_cond_kw_conflicts() used to return a pointer to an ACL keyword but had to be changed to return a const char* for the same reason.
2013-03-31 16:59:32 -04:00
file, line, acl->name, kw, sample_ckp_names(where));
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
else
Warning("parsing [%s:%d] : anonymous acl involves keyword '%s' which is incompatible with '%s'\n",
MEDIUM: acl: have a pointer to the keyword name in acl_expr The acl_expr struct used to hold a pointer to the ACL keyword. But since we now have all the relevant pointers, we don't need that anymore, we just need the pointer to the keyword as a string in order to return warnings and error messages. So let's change this in order to remove the dependency on the acl_keyword struct from acl_expr. During this change, acl_cond_kw_conflicts() used to return a pointer to an ACL keyword but had to be changed to return a const char* for the same reason.
2013-03-31 16:59:32 -04:00
file, line, kw, sample_ckp_names(where));
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
return ERR_WARN;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
* parse a line in a <global> section. Returns the error code, 0 if OK, or
* any combination of :
* - ERR_ABORT: must abort ASAP
* - ERR_FATAL: we can continue parsing but not start the service
* - ERR_WARN: a warning has been emitted
* - ERR_ALERT: an alert has been emitted
* Only the two first ones can stop processing, the two others are just
* indicators.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
int err_code = 0;
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
char *errmsg = NULL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (!strcmp(args[0], "global")) { /* new section */
/* no option, nothing special to do */
MEDIUM: cfgparse: check section maximum number of arguments This patch checks the number of arguments of the keywords: 'global', 'defaults', 'listen', 'backend', 'frontend', 'peers' and 'userlist' The 'global' section does not take any arguments. Proxy sections does not support bind address as argument anymore. Those sections supports only an <id> argument. The 'defaults' section didn't had any check on its arguments. It takes an optional <name> argument. 'peers' section takes a <peersect> argument. 'userlist' section takes a <listname> argument.
2015-04-28 10:55:23 -04:00
alertif_too_many_args(0, file, linenum, args, &err_code);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: ssl: add 'crt-base' and 'ca-base' global statements. 'crt-base' sets root directory used for relative certificates paths. 'ca-base' sets root directory used for relative CAs and CRLs paths.
2012-10-02 12:42:10 -04:00
else if (!strcmp(args[0], "ca-base")) {
#ifdef USE_OPENSSL
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if(alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: ssl: add 'crt-base' and 'ca-base' global statements. 'crt-base' sets root directory used for relative certificates paths. 'ca-base' sets root directory used for relative CAs and CRLs paths.
2012-10-02 12:42:10 -04:00
if (global.ca_base != NULL) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a directory path as an argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.ca_base = strdup(args[1]);
#else
Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
#endif
}
else if (!strcmp(args[0], "crt-base")) {
#ifdef USE_OPENSSL
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: ssl: add 'crt-base' and 'ca-base' global statements. 'crt-base' sets root directory used for relative certificates paths. 'ca-base' sets root directory used for relative CAs and CRLs paths.
2012-10-02 12:42:10 -04:00
if (global.crt_base != NULL) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a directory path as an argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.crt_base = strdup(args[1]);
#else
Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
#endif
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "daemon")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.mode |= MODE_DAEMON;
}
else if (!strcmp(args[0], "debug")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.mode |= MODE_DEBUG;
}
else if (!strcmp(args[0], "noepoll")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options &= ~GTUNE_USE_EPOLL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MAJOR] introduced speculative I/O with epoll() The principle behind speculative I/O is to speculatively try to perform I/O before registering the events in the system. This considerably reduces the number of calls to epoll_ctl() and sometimes even epoll_wait(), and manages to increase overall performance by about 10%. The new poller has been called "sepoll". It is used by default on Linux when it works. A corresponding option "nosepoll" and the command line argument "-ds" allow to disable it.
2007-04-15 18:53:59 -04:00
else if (!strcmp(args[0], "nokqueue")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options &= ~GTUNE_USE_KQUEUE;
[MAJOR] introduced speculative I/O with epoll() The principle behind speculative I/O is to speculatively try to perform I/O before registering the events in the system. This considerably reduces the number of calls to epoll_ctl() and sometimes even epoll_wait(), and manages to increase overall performance by about 10%. The new poller has been called "sepoll". It is used by default on Linux when it works. A corresponding option "nosepoll" and the command line argument "-ds" allow to disable it.
2007-04-15 18:53:59 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "nopoll")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[MEDIUM] move global tuning options to the global structure The global tuning options right now only concern the polling mechanisms, and they are not in the global struct itself. It's not very practical to add other options so let's move them to the global struct and remove types/polling.h which was not used for anything else.
2009-01-25 09:42:27 -05:00
global.tune.options &= ~GTUNE_USE_POLL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
else if (!strcmp(args[0], "nosplice")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[MEDIUM] splice: add the global "nosplice" option Setting "nosplice" in the global section will disable the use of TCP splicing (both tcpsplice and linux 2.6 splice). The same will be achieved using the "-dS" parameter on the command line.
2009-01-25 10:03:28 -05:00
global.tune.options &= ~GTUNE_USE_SPLICE;
}
BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO When compiled with USE_GETADDRINFO, make sure we use getaddrinfo(3) to perform name lookups. On default dual-stack setups this will change the behavior of using IPv6 first. Global configuration option 'nogetaddrinfo' can be used to revert to deprecated gethostbyname(3).
2014-04-14 09:56:58 -04:00
else if (!strcmp(args[0], "nogetaddrinfo")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
BUG/MINOR: Fix name lookup ordering when compiled with USE_GETADDRINFO When compiled with USE_GETADDRINFO, make sure we use getaddrinfo(3) to perform name lookups. On default dual-stack setups this will change the behavior of using IPv6 first. Global configuration option 'nogetaddrinfo' can be used to revert to deprecated gethostbyname(3).
2014-04-14 09:56:58 -04:00
global.tune.options &= ~GTUNE_USE_GAI;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "quiet")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
global.mode |= MODE_QUIET;
}
[MEDIUM] limit the number of events returned by *poll* By default, epoll/kqueue used to return as many events as possible. This could sometimes cause huge latencies (latencies of up to 400 ms have been observed with many thousands of fds at once). Limiting the number of events returned also reduces the latency by avoiding too many blind processing. The value is set to 200 by default and can be changed in the global section using the tune.maxpollevents parameter.
2007-06-03 11:16:49 -04:00
else if (!strcmp(args[0], "tune.maxpollevents")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] limit the number of events returned by *poll* By default, epoll/kqueue used to return as many events as possible. This could sometimes cause huge latencies (latencies of up to 400 ms have been observed with many thousands of fds at once). Limiting the number of events returned also reduces the latency by avoiding too many blind processing. The value is set to 200 by default and can be changed in the global section using the tune.maxpollevents parameter.
2007-06-03 11:16:49 -04:00
if (global.tune.maxpollevents != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[MEDIUM] limit the number of events returned by *poll* By default, epoll/kqueue used to return as many events as possible. This could sometimes cause huge latencies (latencies of up to 400 ms have been observed with many thousands of fds at once). Limiting the number of events returned also reduces the latency by avoiding too many blind processing. The value is set to 200 by default and can be changed in the global section using the tune.maxpollevents parameter.
2007-06-03 11:16:49 -04:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] limit the number of events returned by *poll* By default, epoll/kqueue used to return as many events as possible. This could sometimes cause huge latencies (latencies of up to 400 ms have been observed with many thousands of fds at once). Limiting the number of events returned also reduces the latency by avoiding too many blind processing. The value is set to 200 by default and can be changed in the global section using the tune.maxpollevents parameter.
2007-06-03 11:16:49 -04:00
}
global.tune.maxpollevents = atol(args[1]);
}
[OPTIM] introduce global parameter "tune.maxaccept" This new parameter makes it possible to override the default number of consecutive incoming connections which can be accepted on a socket. By default it is not limited on single process mode, and limited to 8 in multi-process mode.
2008-01-06 05:22:57 -05:00
else if (!strcmp(args[0], "tune.maxaccept")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[OPTIM] introduce global parameter "tune.maxaccept" This new parameter makes it possible to override the default number of consecutive incoming connections which can be accepted on a socket. By default it is not limited on single process mode, and limited to 8 in multi-process mode.
2008-01-06 05:22:57 -05:00
if (global.tune.maxaccept != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[OPTIM] introduce global parameter "tune.maxaccept" This new parameter makes it possible to override the default number of consecutive incoming connections which can be accepted on a socket. By default it is not limited on single process mode, and limited to 8 in multi-process mode.
2008-01-06 05:22:57 -05:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[OPTIM] introduce global parameter "tune.maxaccept" This new parameter makes it possible to override the default number of consecutive incoming connections which can be accepted on a socket. By default it is not limited on single process mode, and limited to 8 in multi-process mode.
2008-01-06 05:22:57 -05:00
}
global.tune.maxaccept = atol(args[1]);
}
[MINOR] global: add "tune.chksize" to change the default check buffer size HTTP content-based health checks will be involved in searching text in pages. Some pages may not fit in the default buffer (16kB) and sometimes it might be desired to have larger buffers in order to find patterns. Running checks on smaller URIs is always preferred of course. (cherry picked from commit 043f44aeb835f3d0b57626c4276581a73600b6b1)
2010-10-04 14:39:20 -04:00
else if (!strcmp(args[0], "tune.chksize")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] global: add "tune.chksize" to change the default check buffer size HTTP content-based health checks will be involved in searching text in pages. Some pages may not fit in the default buffer (16kB) and sometimes it might be desired to have larger buffers in order to find patterns. Running checks on smaller URIs is always preferred of course. (cherry picked from commit 043f44aeb835f3d0b57626c4276581a73600b6b1)
2010-10-04 14:39:20 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.chksize = atol(args[1]);
}
MINOR: ssl add global setting tune.sslcachesize to set SSL session cache size. This new global setting allows the user to change the SSL cache size in number of sessions. It defaults to 20000.
2012-09-03 06:10:29 -04:00
#ifdef USE_OPENSSL
MINOR: ssl: add global statement tune.ssl.force-private-cache. Boolean: used to force a private ssl session cache for each process in case of nbproc > 1.
2014-05-09 07:52:00 -04:00
else if (!strcmp(args[0], "tune.ssl.force-private-cache")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
MINOR: ssl: add global statement tune.ssl.force-private-cache. Boolean: used to force a private ssl session cache for each process in case of nbproc > 1.
2014-05-09 07:52:00 -04:00
global.tune.sslprivatecache = 1;
}
MINOR: ssl: rename and document the tune.ssl.cachesize option Its was initially called "tune.sslcachesize" but not documented, let's rename it and document it.
2012-11-16 10:32:15 -05:00
else if (!strcmp(args[0], "tune.ssl.cachesize")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: ssl add global setting tune.sslcachesize to set SSL session cache size. This new global setting allows the user to change the SSL cache size in number of sessions. It defaults to 20000.
2012-09-03 06:10:29 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.sslcachesize = atol(args[1]);
}
MINOR: ssl: Add tune.ssl.lifetime statement in global. Sets the ssl session <lifetime> in seconds. Openssl default is 300 seconds.
2012-11-16 09:11:00 -05:00
else if (!strcmp(args[0], "tune.ssl.lifetime")) {
unsigned int ssllifetime;
const char *res;
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: ssl: Add tune.ssl.lifetime statement in global. Sets the ssl session <lifetime> in seconds. Openssl default is 300 seconds.
2012-11-16 09:11:00 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects ssl sessions <lifetime> in seconds as argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
res = parse_time_err(args[1], &ssllifetime, TIME_UNIT_S);
if (res) {
Alert("parsing [%s:%d]: unexpected character '%c' in argument to <%s>.\n",
file, linenum, *res, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.ssllifetime = ssllifetime;
}
MINOR: ssl: add a global tunable for the max SSL/TLS record size Add new tunable "tune.ssl.maxrecord". Over SSL/TLS, the client can decipher the data only once it has received a full record. With large records, it means that clients might have to download up to 16kB of data before starting to process them. Limiting the record size can improve page load times on browsers located over high latency or low bandwidth networks. It is suggested to find optimal values which fit into 1 or 2 TCP segments (generally 1448 bytes over Ethernet with TCP timestamps enabled, or 1460 when timestamps are disabled), keeping in mind that SSL/TLS add some overhead. Typical values of 1419 and 2859 gave good results during tests. Use "strace -e trace=write" to find the best value. This trick was first suggested by Mike Belshe : http://www.belshe.com/2010/12/17/performance-and-the-tls-record-size/ Then requested again by Ilya Grigorik who provides some hints here : http://ofps.oreilly.com/titles/9781449344764/_transport_layer_security_tls.html#ch04_00000101
2013-02-21 01:46:09 -05:00
else if (!strcmp(args[0], "tune.ssl.maxrecord")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: ssl: add a global tunable for the max SSL/TLS record size Add new tunable "tune.ssl.maxrecord". Over SSL/TLS, the client can decipher the data only once it has received a full record. With large records, it means that clients might have to download up to 16kB of data before starting to process them. Limiting the record size can improve page load times on browsers located over high latency or low bandwidth networks. It is suggested to find optimal values which fit into 1 or 2 TCP segments (generally 1448 bytes over Ethernet with TCP timestamps enabled, or 1460 when timestamps are disabled), keeping in mind that SSL/TLS add some overhead. Typical values of 1419 and 2859 gave good results during tests. Use "strace -e trace=write" to find the best value. This trick was first suggested by Mike Belshe : http://www.belshe.com/2010/12/17/performance-and-the-tls-record-size/ Then requested again by Ilya Grigorik who provides some hints here : http://ofps.oreilly.com/titles/9781449344764/_transport_layer_security_tls.html#ch04_00000101
2013-02-21 01:46:09 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.ssl_max_record = atol(args[1]);
}
MEDIUM: ssl: add the possibility to use a global DH parameters file This patch adds the ssl-dh-param-file global setting. It sets the default DH parameters that will be used during the SSL/TLS handshake when ephemeral Diffie-Hellman (DHE) key exchange is used, for all "bind" lines which do not explicitely define theirs.
2015-05-29 09:53:22 -04:00
#ifndef OPENSSL_NO_DH
MEDIUM: ssl: Add the option to use standardized DH parameters >= 1024 bits When no static DH parameters are specified, this patch makes haproxy use standardized (rfc 2409 / rfc 3526) DH parameters with prime lenghts of 1024, 2048, 4096 or 8192 bits for DHE key exchange. The size of the temporary/ephemeral DH key is computed as the minimum of the RSA/DSA server key size and the value of a new option named tune.ssl.default-dh-param.
2014-06-12 08:58:40 -04:00
else if (!strcmp(args[0], "tune.ssl.default-dh-param")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MEDIUM: ssl: Add the option to use standardized DH parameters >= 1024 bits When no static DH parameters are specified, this patch makes haproxy use standardized (rfc 2409 / rfc 3526) DH parameters with prime lenghts of 1024, 2048, 4096 or 8192 bits for DHE key exchange. The size of the temporary/ephemeral DH key is computed as the minimum of the RSA/DSA server key size and the value of a new option named tune.ssl.default-dh-param.
2014-06-12 08:58:40 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.ssl_default_dh_param = atol(args[1]);
if (global.tune.ssl_default_dh_param < 1024) {
Alert("parsing [%s:%d] : '%s' expects a value >= 1024.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
MEDIUM: ssl: add the possibility to use a global DH parameters file This patch adds the ssl-dh-param-file global setting. It sets the default DH parameters that will be used during the SSL/TLS handshake when ephemeral Diffie-Hellman (DHE) key exchange is used, for all "bind" lines which do not explicitely define theirs.
2015-05-29 09:53:22 -04:00
#endif
MEDIUM: ssl: Add options to forge SSL certificates With this patch, it is possible to configure HAProxy to forge the SSL certificate sent to a client using the SNI servername. We do it in the SNI callback. To enable this feature, you must pass following BIND options: * ca-sign-file <FILE> : This is the PEM file containing the CA certitifacte and the CA private key to create and sign server's certificates. * (optionally) ca-sign-pass <PASS>: This is the CA private key passphrase, if any. * generate-certificates: Enable the dynamic generation of certificates for a listener. Because generating certificates is expensive, there is a LRU cache to store them. Its size can be customized by setting the global parameter 'tune.ssl.ssl-ctx-cache-size'.
2015-06-09 11:29:50 -04:00
else if (!strcmp(args[0], "tune.ssl.ssl-ctx-cache-size")) {
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.ssl_ctx_cache = atoi(args[1]);
if (global.tune.ssl_ctx_cache < 0) {
Alert("parsing [%s:%d] : '%s' expects a positive numeric value\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
MINOR: ssl add global setting tune.sslcachesize to set SSL session cache size. This new global setting allows the user to change the SSL cache size in number of sessions. It defaults to 20000.
2012-09-03 06:10:29 -04:00
#endif
MINOR: config: implement global setting tune.buffers.limit This setting is used to limit memory usage without causing the alloc failures caused by "-m". Unexpectedly, tests have shown a performance boost of up to about 18% on HTTP traffic when limiting the number of buffers to about 10% of the amount of concurrent connections. tune.buffers.limit <number> Sets a hard limit on the number of buffers which may be allocated per process. The default value is zero which means unlimited. The minimum non-zero value will always be greater than "tune.buffers.reserve" and should ideally always be about twice as large. Forcing this value can be particularly useful to limit the amount of memory a process may take, while retaining a sane behaviour. When this limit is reached, sessions which need a buffer wait for another one to be released by another session. Since buffers are dynamically allocated and released, the waiting time is very short and not perceptible provided that limits remain reasonable. In fact sometimes reducing the limit may even increase performance by increasing the CPU cache's efficiency. Tests have shown good results on average HTTP traffic with a limit to 1/10 of the expected global maxconn setting, which also significantly reduces memory usage. The memory savings come from the fact that a number of connections will not allocate 2*tune.bufsize. It is best not to touch this value unless advised to do so by an haproxy core developer.
2014-12-23 16:52:37 -05:00
else if (!strcmp(args[0], "tune.buffers.limit")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: config: implement global setting tune.buffers.limit This setting is used to limit memory usage without causing the alloc failures caused by "-m". Unexpectedly, tests have shown a performance boost of up to about 18% on HTTP traffic when limiting the number of buffers to about 10% of the amount of concurrent connections. tune.buffers.limit <number> Sets a hard limit on the number of buffers which may be allocated per process. The default value is zero which means unlimited. The minimum non-zero value will always be greater than "tune.buffers.reserve" and should ideally always be about twice as large. Forcing this value can be particularly useful to limit the amount of memory a process may take, while retaining a sane behaviour. When this limit is reached, sessions which need a buffer wait for another one to be released by another session. Since buffers are dynamically allocated and released, the waiting time is very short and not perceptible provided that limits remain reasonable. In fact sometimes reducing the limit may even increase performance by increasing the CPU cache's efficiency. Tests have shown good results on average HTTP traffic with a limit to 1/10 of the expected global maxconn setting, which also significantly reduces memory usage. The memory savings come from the fact that a number of connections will not allocate 2*tune.bufsize. It is best not to touch this value unless advised to do so by an haproxy core developer.
2014-12-23 16:52:37 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.buf_limit = atol(args[1]);
if (global.tune.buf_limit) {
if (global.tune.buf_limit < 3)
global.tune.buf_limit = 3;
if (global.tune.buf_limit <= global.tune.reserved_bufs)
global.tune.buf_limit = global.tune.reserved_bufs + 1;
}
}
MINOR: config: implement global setting tune.buffers.reserve Used in conjunction with the dynamic buffer allocator. tune.buffers.reserve <number> Sets the number of buffers which are pre-allocated and reserved for use only during memory shortage conditions resulting in failed memory allocations. The minimum value is 2 and is also the default. There is no reason a user would want to change this value, it's mostly aimed at haproxy core developers.
2014-12-23 16:40:40 -05:00
else if (!strcmp(args[0], "tune.buffers.reserve")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: config: implement global setting tune.buffers.reserve Used in conjunction with the dynamic buffer allocator. tune.buffers.reserve <number> Sets the number of buffers which are pre-allocated and reserved for use only during memory shortage conditions resulting in failed memory allocations. The minimum value is 2 and is also the default. There is no reason a user would want to change this value, it's mostly aimed at haproxy core developers.
2014-12-23 16:40:40 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.reserved_bufs = atol(args[1]);
if (global.tune.reserved_bufs < 2)
global.tune.reserved_bufs = 2;
MINOR: config: implement global setting tune.buffers.limit This setting is used to limit memory usage without causing the alloc failures caused by "-m". Unexpectedly, tests have shown a performance boost of up to about 18% on HTTP traffic when limiting the number of buffers to about 10% of the amount of concurrent connections. tune.buffers.limit <number> Sets a hard limit on the number of buffers which may be allocated per process. The default value is zero which means unlimited. The minimum non-zero value will always be greater than "tune.buffers.reserve" and should ideally always be about twice as large. Forcing this value can be particularly useful to limit the amount of memory a process may take, while retaining a sane behaviour. When this limit is reached, sessions which need a buffer wait for another one to be released by another session. Since buffers are dynamically allocated and released, the waiting time is very short and not perceptible provided that limits remain reasonable. In fact sometimes reducing the limit may even increase performance by increasing the CPU cache's efficiency. Tests have shown good results on average HTTP traffic with a limit to 1/10 of the expected global maxconn setting, which also significantly reduces memory usage. The memory savings come from the fact that a number of connections will not allocate 2*tune.bufsize. It is best not to touch this value unless advised to do so by an haproxy core developer.
2014-12-23 16:52:37 -05:00
if (global.tune.buf_limit && global.tune.buf_limit <= global.tune.reserved_bufs)
global.tune.buf_limit = global.tune.reserved_bufs + 1;
MINOR: config: implement global setting tune.buffers.reserve Used in conjunction with the dynamic buffer allocator. tune.buffers.reserve <number> Sets the number of buffers which are pre-allocated and reserved for use only during memory shortage conditions resulting in failed memory allocations. The minimum value is 2 and is also the default. There is no reason a user would want to change this value, it's mostly aimed at haproxy core developers.
2014-12-23 16:40:40 -05:00
}
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
else if (!strcmp(args[0], "tune.bufsize")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.bufsize = atol(args[1]);
if (global.tune.maxrewrite >= global.tune.bufsize / 2)
global.tune.maxrewrite = global.tune.bufsize / 2;
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
chunk_init(&trash, realloc(trash.str, global.tune.bufsize), global.tune.bufsize);
MINOR: chunks: allocate the trash chunks before parsing the config get_trash_chunk() is convenient also while parsing the config, better allocate them early just like the global trash.
2013-12-13 08:41:10 -05:00
alloc_trash_buffers(global.tune.bufsize);
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
}
else if (!strcmp(args[0], "tune.maxrewrite")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.maxrewrite = atol(args[1]);
if (global.tune.maxrewrite >= global.tune.bufsize / 2)
global.tune.maxrewrite = global.tune.bufsize / 2;
}
MINOR: config: make the stream interface idle timer user-configurable The new tune.idletimer value allows one to set a different value for idle stream detection. The default value remains set to one second. It is possible to disable it using zero, and to change the default value at build time using DEFAULT_IDLE_TIMER.
2014-02-12 10:35:14 -05:00
else if (!strcmp(args[0], "tune.idletimer")) {
unsigned int idle;
const char *res;
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: config: make the stream interface idle timer user-configurable The new tune.idletimer value allows one to set a different value for idle stream detection. The default value remains set to one second. It is possible to disable it using zero, and to change the default value at build time using DEFAULT_IDLE_TIMER.
2014-02-12 10:35:14 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a timer value between 0 and 65535 ms.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
res = parse_time_err(args[1], &idle, TIME_UNIT_MS);
if (res) {
Alert("parsing [%s:%d]: unexpected character '%c' in argument to <%s>.\n",
file, linenum, *res, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (idle > 65535) {
Alert("parsing [%s:%d] : '%s' expects a timer value between 0 and 65535 ms.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.idle_timer = idle;
}
[MINOR] add the ability to force kernel socket buffer size. Sometimes we need to be able to change the default kernel socket buffer size (recv and send). Four new global settings have been added for this : - tune.rcvbuf.client - tune.rcvbuf.server - tune.sndbuf.client - tune.sndbuf.server Those can be used to reduce kernel memory footprint with large numbers of concurrent connections, and to reduce risks of write timeouts with very slow clients due to excessive kernel buffering.
2010-01-21 11:43:04 -05:00
else if (!strcmp(args[0], "tune.rcvbuf.client")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] add the ability to force kernel socket buffer size. Sometimes we need to be able to change the default kernel socket buffer size (recv and send). Four new global settings have been added for this : - tune.rcvbuf.client - tune.rcvbuf.server - tune.sndbuf.client - tune.sndbuf.server Those can be used to reduce kernel memory footprint with large numbers of concurrent connections, and to reduce risks of write timeouts with very slow clients due to excessive kernel buffering.
2010-01-21 11:43:04 -05:00
if (global.tune.client_rcvbuf != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.client_rcvbuf = atol(args[1]);
}
else if (!strcmp(args[0], "tune.rcvbuf.server")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] add the ability to force kernel socket buffer size. Sometimes we need to be able to change the default kernel socket buffer size (recv and send). Four new global settings have been added for this : - tune.rcvbuf.client - tune.rcvbuf.server - tune.sndbuf.client - tune.sndbuf.server Those can be used to reduce kernel memory footprint with large numbers of concurrent connections, and to reduce risks of write timeouts with very slow clients due to excessive kernel buffering.
2010-01-21 11:43:04 -05:00
if (global.tune.server_rcvbuf != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.server_rcvbuf = atol(args[1]);
}
else if (!strcmp(args[0], "tune.sndbuf.client")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] add the ability to force kernel socket buffer size. Sometimes we need to be able to change the default kernel socket buffer size (recv and send). Four new global settings have been added for this : - tune.rcvbuf.client - tune.rcvbuf.server - tune.sndbuf.client - tune.sndbuf.server Those can be used to reduce kernel memory footprint with large numbers of concurrent connections, and to reduce risks of write timeouts with very slow clients due to excessive kernel buffering.
2010-01-21 11:43:04 -05:00
if (global.tune.client_sndbuf != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.client_sndbuf = atol(args[1]);
}
else if (!strcmp(args[0], "tune.sndbuf.server")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] add the ability to force kernel socket buffer size. Sometimes we need to be able to change the default kernel socket buffer size (recv and send). Four new global settings have been added for this : - tune.rcvbuf.client - tune.rcvbuf.server - tune.sndbuf.client - tune.sndbuf.server Those can be used to reduce kernel memory footprint with large numbers of concurrent connections, and to reduce risks of write timeouts with very slow clients due to excessive kernel buffering.
2010-01-21 11:43:04 -05:00
if (global.tune.server_sndbuf != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.server_sndbuf = atol(args[1]);
}
OPTIM/MINOR: make it possible to change pipe size (tune.pipesize) By default, pipes are the default size for the system. But sometimes when using TCP splicing, it can improve performance to increase pipe sizes, especially if it is suspected that pipes are not filled and that many calls to splice() are performed. This has an impact on the kernel's memory footprint, so this must not be changed if impacts are not understood.
2011-10-23 15:14:29 -04:00
else if (!strcmp(args[0], "tune.pipesize")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
OPTIM/MINOR: make it possible to change pipe size (tune.pipesize) By default, pipes are the default size for the system. But sometimes when using TCP splicing, it can improve performance to increase pipe sizes, especially if it is suspected that pipes are not filled and that many calls to splice() are performed. This has an impact on the kernel's memory footprint, so this must not be changed if impacts are not understood.
2011-10-23 15:14:29 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.pipesize = atol(args[1]);
}
MINOR: http: allow the cookie capture size to be changed Some users need more than 64 characters to log large cookies. The limit was set to 63 characters (and not 64 as previously documented). Now it is possible to change this using the global "tune.http.cookielen" setting if required.
2012-11-21 18:17:38 -05:00
else if (!strcmp(args[0], "tune.http.cookielen")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: http: allow the cookie capture size to be changed Some users need more than 64 characters to log large cookies. The limit was set to 63 characters (and not 64 as previously documented). Now it is possible to change this using the global "tune.http.cookielen" setting if required.
2012-11-21 18:17:38 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.cookie_len = atol(args[1]) + 1;
}
MEDIUM: tune.http.maxhdr makes it possible to configure the maximum number of HTTP headers For a long time, the max number of headers was taken as a part of the buffer size. Since the header size can be configured at runtime, it does not make much sense anymore. Nothing was making it necessary to have a static value, so let's turn this into a tunable with a default value of 101 which equals what was previously used.
2011-10-24 13:14:41 -04:00
else if (!strcmp(args[0], "tune.http.maxhdr")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MEDIUM: tune.http.maxhdr makes it possible to configure the maximum number of HTTP headers For a long time, the max number of headers was taken as a part of the buffer size. Since the header size can be configured at runtime, it does not make much sense anymore. Nothing was making it necessary to have a static value, so let's turn this into a tunable with a default value of 101 which equals what was previously used.
2011-10-24 13:14:41 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.tune.max_http_hdr = atol(args[1]);
}
MINOR: compression: memlevel and windowsize The window size and the memlevel of the zlib are now configurable using global options tune.zlib.memlevel and tune.zlib.windowsize. It affects the memory consumption of the zlib.
2012-11-07 10:54:34 -05:00
else if (!strcmp(args[0], "tune.zlib.memlevel")) {
#ifdef USE_ZLIB
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: compression: memlevel and windowsize The window size and the memlevel of the zlib are now configurable using global options tune.zlib.memlevel and tune.zlib.windowsize. It affects the memory consumption of the zlib.
2012-11-07 10:54:34 -05:00
if (*args[1]) {
global.tune.zlibmemlevel = atoi(args[1]);
if (global.tune.zlibmemlevel < 1 || global.tune.zlibmemlevel > 9) {
Alert("parsing [%s:%d] : '%s' expects a numeric value between 1 and 9\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
} else {
Alert("parsing [%s:%d] : '%s' expects a numeric value between 1 and 9\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
#else
Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
#endif
}
else if (!strcmp(args[0], "tune.zlib.windowsize")) {
#ifdef USE_ZLIB
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: compression: memlevel and windowsize The window size and the memlevel of the zlib are now configurable using global options tune.zlib.memlevel and tune.zlib.windowsize. It affects the memory consumption of the zlib.
2012-11-07 10:54:34 -05:00
if (*args[1]) {
global.tune.zlibwindowsize = atoi(args[1]);
if (global.tune.zlibwindowsize < 8 || global.tune.zlibwindowsize > 15) {
Alert("parsing [%s:%d] : '%s' expects a numeric value between 8 and 15\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
} else {
Alert("parsing [%s:%d] : '%s' expects a numeric value between 8 and 15\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
#else
Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
#endif
}
MINOR: compression: tune.comp.maxlevel This option allows you to set the maximum compression level usable by the compression algorithm. It affects CPU usage.
2012-11-09 06:33:10 -05:00
else if (!strcmp(args[0], "tune.comp.maxlevel")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: compression: tune.comp.maxlevel This option allows you to set the maximum compression level usable by the compression algorithm. It affects CPU usage.
2012-11-09 06:33:10 -05:00
if (*args[1]) {
global.tune.comp_maxlevel = atoi(args[1]);
if (global.tune.comp_maxlevel < 1 || global.tune.comp_maxlevel > 9) {
Alert("parsing [%s:%d] : '%s' expects a numeric value between 1 and 9\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
} else {
Alert("parsing [%s:%d] : '%s' expects a numeric value between 1 and 9\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
MAJOR: pattern: add LRU-based cache on pattern matching The principle of this cache is to have a global cache for all pattern matching operations which rely on lists (reg, sub, dir, dom, ...). The input data, the expression and a random seed are used as a hashing key. The cached entries contains a pointer to the expression and a revision number for that expression so that we don't accidently used obsolete data after a pattern update or a very unlikely hash collision. Regarding the risk of collisions, 10k entries at 10k req/s mean 1% risk of a collision after 60 years, that's already much less than the memory's reliability in most machines and more durable than most admin's life expectancy. A collision will result in a valid result to be returned for a different entry from the same list. If this is not acceptable, the cache can be disabled using tune.pattern.cache-size. A test on a file containing 10k small regex showed that the regex matching was limited to 6k/s instead of 70k with regular strings. When enabling the LRU cache, the performance was back to 70k/s.
2015-04-29 10:24:50 -04:00
else if (!strcmp(args[0], "tune.pattern.cache-size")) {
if (*args[1]) {
global.tune.pattern_cache = atoi(args[1]);
if (global.tune.pattern_cache < 0) {
Alert("parsing [%s:%d] : '%s' expects a positive numeric value\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
} else {
Alert("parsing [%s:%d] : '%s' expects a positive numeric value\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "uid")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (global.uid != 0) {
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
Alert("parsing [%s:%d] : user/uid already specified. Continuing.\n", file, linenum);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
global.uid = atol(args[1]);
}
else if (!strcmp(args[0], "gid")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (global.gid != 0) {
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
Alert("parsing [%s:%d] : group/gid already specified. Continuing.\n", file, linenum);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
global.gid = atol(args[1]);
}
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
else if (!strcmp(args[0], "external-check")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
global.external_check = 1;
}
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
/* user/group name handling */
else if (!strcmp(args[0], "user")) {
struct passwd *ha_user;
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
if (global.uid != 0) {
Alert("parsing [%s:%d] : user/uid already specified. Continuing.\n", file, linenum);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
}
errno = 0;
ha_user = getpwnam(args[1]);
if (ha_user != NULL) {
global.uid = (int)ha_user->pw_uid;
}
else {
Alert("parsing [%s:%d] : cannot find user id for '%s' (%d:%s)\n", file, linenum, args[1], errno, strerror(errno));
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
}
}
else if (!strcmp(args[0], "group")) {
struct group *ha_group;
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
if (global.gid != 0) {
[MINOR] fix several printf formats and missing arguments Last patch revealed a number of mistakes in printf-like calls, mostly int/long mismatches, and a few missing arguments.
2009-04-03 08:49:12 -04:00
Alert("parsing [%s:%d] : gid/group was already specified. Continuing.\n", file, linenum);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
}
errno = 0;
ha_group = getgrnam(args[1]);
if (ha_group != NULL) {
global.gid = (int)ha_group->gr_gid;
}
else {
Alert("parsing [%s:%d] : cannot find group id for '%s' (%d:%s)\n", file, linenum, args[1], errno, strerror(errno));
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] add user/groupname support Patch from Marcus Rueckert for 1.2.17 : "I added the attached patch to haproxy. I don't have a static uid/gid for haproxy so i need to specify the username/groupname to run it as non root user."
2007-03-25 09:39:23 -04:00
}
}
/* end of user/group name handling*/
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "nbproc")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
global.nbproc = atol(args[1]);
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
if (global.nbproc < 1 || global.nbproc > LONGBITS) {
Alert("parsing [%s:%d] : '%s' must be between 1 and %d (was %d).\n",
file, linenum, args[0], LONGBITS, global.nbproc);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "maxconn")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (global.maxconn != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
global.maxconn = atol(args[1]);
#ifdef SYSTEM_MAXCONN
if (global.maxconn > DEFAULT_MAXCONN && cfg_maxconn <= DEFAULT_MAXCONN) {
Alert("parsing [%s:%d] : maxconn value %d too high for this system.\nLimiting to %d. Please use '-n' to force the value.\n", file, linenum, global.maxconn, DEFAULT_MAXCONN);
global.maxconn = DEFAULT_MAXCONN;
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
#endif /* SYSTEM_MAXCONN */
MEDIUM: config: implement maxsslconn in the global section SSL connections take a huge amount of memory, and unfortunately openssl does not check malloc() returns and easily segfaults when too many connections are used. The only solution against this is to provide a global maxsslconn setting to reject SSL connections above the limit in order to avoid reaching unsafe limits.
2012-09-06 05:58:37 -04:00
}
else if (!strcmp(args[0], "maxsslconn")) {
#ifdef USE_OPENSSL
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MEDIUM: config: implement maxsslconn in the global section SSL connections take a huge amount of memory, and unfortunately openssl does not check malloc() returns and easily segfaults when too many connections are used. The only solution against this is to provide a global maxsslconn setting to reject SSL connections above the limit in order to avoid reaching unsafe limits.
2012-09-06 05:58:37 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.maxsslconn = atol(args[1]);
#else
BUG/MINOR: conf: Fix 'maxsslconn' statement error if built without OPENSSL.
2012-10-02 12:45:42 -04:00
Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
MINOR: config: add global directives to set default SSL ciphers The ability to globally override the default client and server cipher suites has been requested multiple times since the introduction of SSL. This commit adds two new keywords to the global section for this : - ssl-default-bind-ciphers - ssl-default-server-ciphers It is still possible to preset them at build time by setting the macros LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS.
2014-02-13 05:36:41 -05:00
#endif
}
else if (!strcmp(args[0], "ssl-default-bind-ciphers")) {
#ifdef USE_OPENSSL
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: config: add global directives to set default SSL ciphers The ability to globally override the default client and server cipher suites has been requested multiple times since the introduction of SSL. This commit adds two new keywords to the global section for this : - ssl-default-bind-ciphers - ssl-default-server-ciphers It is still possible to preset them at build time by setting the macros LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS.
2014-02-13 05:36:41 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a cipher suite as an argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(global.listen_default_ciphers);
global.listen_default_ciphers = strdup(args[1]);
#else
Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
#endif
}
else if (!strcmp(args[0], "ssl-default-server-ciphers")) {
#ifdef USE_OPENSSL
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: config: add global directives to set default SSL ciphers The ability to globally override the default client and server cipher suites has been requested multiple times since the introduction of SSL. This commit adds two new keywords to the global section for this : - ssl-default-bind-ciphers - ssl-default-server-ciphers It is still possible to preset them at build time by setting the macros LISTEN_DEFAULT_CIPHERS and CONNECT_DEFAULT_CIPHERS.
2014-02-13 05:36:41 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a cipher suite as an argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(global.connect_default_ciphers);
global.connect_default_ciphers = strdup(args[1]);
#else
Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
MEDIUM: config: implement maxsslconn in the global section SSL connections take a huge amount of memory, and unfortunately openssl does not check malloc() returns and easily segfaults when too many connections are used. The only solution against this is to provide a global maxsslconn setting to reject SSL connections above the limit in order to avoid reaching unsafe limits.
2012-09-06 05:58:37 -04:00
#endif
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: ssl: add the possibility to use a global DH parameters file This patch adds the ssl-dh-param-file global setting. It sets the default DH parameters that will be used during the SSL/TLS handshake when ephemeral Diffie-Hellman (DHE) key exchange is used, for all "bind" lines which do not explicitely define theirs.
2015-05-29 09:53:22 -04:00
#ifdef USE_OPENSSL
#ifndef OPENSSL_NO_DH
else if (!strcmp(args[0], "ssl-dh-param-file")) {
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a file path as an argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (ssl_sock_load_global_dh_param_from_file(args[1])) {
Alert("parsing [%s:%d] : '%s': unable to load DH parameters from file <%s>.\n", file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
#endif
#endif
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.
2014-01-29 06:24:34 -05:00
else if (!strcmp(args[0], "ssl-server-verify")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.
2014-01-29 06:24:34 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (strcmp(args[1],"none") == 0)
global.ssl_server_verify = SSL_SERVER_VERIFY_NONE;
else if (strcmp(args[1],"required") == 0)
global.ssl_server_verify = SSL_SERVER_VERIFY_REQUIRED;
else {
Alert("parsing [%s:%d] : '%s' expects 'none' or 'required' as argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
[MEDIUM] add support for global.maxconnrate to limit the per-process conn rate. This one enforces a per-process connection rate limit, regardless of what may be set per frontend. It can be a way to limit the CPU usage of a process being severely attacked. The side effect is that the global process connection rate is now measured for each incoming connection, so it will be possible to report it.
2011-09-07 09:17:21 -04:00
else if (!strcmp(args[0], "maxconnrate")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] add support for global.maxconnrate to limit the per-process conn rate. This one enforces a per-process connection rate limit, regardless of what may be set per frontend. It can be a way to limit the CPU usage of a process being severely attacked. The side effect is that the global process connection rate is now measured for each incoming connection, so it will be possible to report it.
2011-09-07 09:17:21 -04:00
if (global.cps_lim != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.cps_lim = atol(args[1]);
}
MEDIUM: listener: add support for limiting the session rate in addition to the connection rate It's sometimes useful to be able to limit the connection rate on a machine running many haproxy instances (eg: per customer) but it removes the ability for that machine to defend itself against a DoS. Thus, better also provide a limit on the session rate, which does not include the connections rejected by "tcp-request connection" rules. This permits to have much higher limits on the connection rate without having to raise the session rate limit to insane values. The limit can be changed on the CLI using "set rate-limit sessions global", or in the global section using "maxsessrate".
2013-10-07 12:51:07 -04:00
else if (!strcmp(args[0], "maxsessrate")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MEDIUM: listener: add support for limiting the session rate in addition to the connection rate It's sometimes useful to be able to limit the connection rate on a machine running many haproxy instances (eg: per customer) but it removes the ability for that machine to defend itself against a DoS. Thus, better also provide a limit on the session rate, which does not include the connections rejected by "tcp-request connection" rules. This permits to have much higher limits on the connection rate without having to raise the session rate limit to insane values. The limit can be changed on the CLI using "set rate-limit sessions global", or in the global section using "maxsessrate".
2013-10-07 12:51:07 -04:00
if (global.sps_lim != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.sps_lim = atol(args[1]);
}
MEDIUM: listener: apply a limit on the session rate submitted to SSL Just like the previous commit, we sometimes want to limit the rate of incoming SSL connections. While it can be done for a frontend, it was not possible for a whole process, which makes sense when multiple processes are running on a system to server multiple customers. The new global "maxsslrate" setting is usable to fix a limit on the session rate going to the SSL frontends. The limits applies before the SSL handshake and not after, so that it saves the SSL stack from expensive key computations that would finally be aborted before being accounted for. The same setting may be changed at run time on the CLI using "set rate-limit ssl-session global".
2013-10-07 14:01:52 -04:00
else if (!strcmp(args[0], "maxsslrate")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MEDIUM: listener: apply a limit on the session rate submitted to SSL Just like the previous commit, we sometimes want to limit the rate of incoming SSL connections. While it can be done for a frontend, it was not possible for a whole process, which makes sense when multiple processes are running on a system to server multiple customers. The new global "maxsslrate" setting is usable to fix a limit on the session rate going to the SSL frontends. The limits applies before the SSL handshake and not after, so that it saves the SSL stack from expensive key computations that would finally be aborted before being accounted for. The same setting may be changed at run time on the CLI using "set rate-limit ssl-session global".
2013-10-07 14:01:52 -04:00
if (global.ssl_lim != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.ssl_lim = atol(args[1]);
}
MINOR: compression: maximum compression rate limit This patch adds input and output rate calcutation on the HTTP compresion feature. Compression can be limited with a maximum rate value in kilobytes per second. The rate is set with the global 'maxcomprate' option. You can change this value dynamicaly with 'set rate-limit http-compression global' on the UNIX socket.
2012-11-09 11:05:39 -05:00
else if (!strcmp(args[0], "maxcomprate")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: compression: maximum compression rate limit This patch adds input and output rate calcutation on the HTTP compresion feature. Compression can be limited with a maximum rate value in kilobytes per second. The rate is set with the global 'maxcomprate' option. You can change this value dynamicaly with 'set rate-limit http-compression global' on the UNIX socket.
2012-11-09 11:05:39 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument in kb/s.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.comp_rate_lim = atoi(args[1]) * 1024;
}
[MINOR] global.maxpipes: add the ability to reserve file descriptors for pipes This will be needed to use linux's splice() syscall.
2009-01-18 14:39:42 -05:00
else if (!strcmp(args[0], "maxpipes")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] global.maxpipes: add the ability to reserve file descriptors for pipes This will be needed to use linux's splice() syscall.
2009-01-18 14:39:42 -05:00
if (global.maxpipes != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[MINOR] global.maxpipes: add the ability to reserve file descriptors for pipes This will be needed to use linux's splice() syscall.
2009-01-18 14:39:42 -05:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] global.maxpipes: add the ability to reserve file descriptors for pipes This will be needed to use linux's splice() syscall.
2009-01-18 14:39:42 -05:00
}
global.maxpipes = atol(args[1]);
}
MEDIUM: compression: limit RAM usage With the global maxzlibmem option, you are able ton control the maximum amount of RAM usable for HTTP compression. A test is done before each zlib allocation, if the there isn't available memory, the test fail and so the zlib initialization, so data won't be compressed.
2012-11-07 10:12:57 -05:00
else if (!strcmp(args[0], "maxzlibmem")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MEDIUM: compression: limit RAM usage With the global maxzlibmem option, you are able ton control the maximum amount of RAM usable for HTTP compression. A test is done before each zlib allocation, if the there isn't available memory, the test fail and so the zlib initialization, so data won't be compressed.
2012-11-07 10:12:57 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: compression: report zlib memory usage Show the memory usage and the max memory available for zlib. The value stored is now the memory used instead of the remaining available memory.
2012-11-20 05:25:20 -05:00
global.maxzlibmem = atol(args[1]) * 1024L * 1024L;
MEDIUM: compression: limit RAM usage With the global maxzlibmem option, you are able ton control the maximum amount of RAM usable for HTTP compression. A test is done before each zlib allocation, if the there isn't available memory, the test fail and so the zlib initialization, so data won't be compressed.
2012-11-07 10:12:57 -05:00
}
MINOR: compression: CPU usage limit New option 'maxcompcpuusage' in global section. Sets the maximum CPU usage HAProxy can reach before stopping the compression for new requests or decreasing the compression level of current requests. It works like 'maxcomprate' but with the Idle.
2012-11-20 11:01:01 -05:00
else if (!strcmp(args[0], "maxcompcpuusage")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: compression: CPU usage limit New option 'maxcompcpuusage' in global section. Sets the maximum CPU usage HAProxy can reach before stopping the compression for new requests or decreasing the compression level of current requests. It works like 'maxcomprate' but with the Idle.
2012-11-20 11:01:01 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument between 0 and 100.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
compress_min_idle = 100 - atoi(args[1]);
CLEANUP: config: maxcompcpuusage is never negative No need to check for a negative value in the "maxcompcpuusage" argument, it's an unsigned int. Reported-by: Dinko Korunic <dkorunic@reflected.net>
2013-01-24 10:25:38 -05:00
if (compress_min_idle > 100) {
MINOR: compression: CPU usage limit New option 'maxcompcpuusage' in global section. Sets the maximum CPU usage HAProxy can reach before stopping the compression for new requests or decreasing the compression level of current requests. It works like 'maxcomprate' but with the Idle.
2012-11-20 11:01:01 -05:00
Alert("parsing [%s:%d] : '%s' expects an integer argument between 0 and 100.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
}
MINOR: compression: CPU usage limit New option 'maxcompcpuusage' in global section. Sets the maximum CPU usage HAProxy can reach before stopping the compression for new requests or decreasing the compression level of current requests. It works like 'maxcomprate' but with the Idle.
2012-11-20 11:01:01 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "ulimit-n")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (global.rlimit_nofile != 0) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
global.rlimit_nofile = atol(args[1]);
}
else if (!strcmp(args[0], "chroot")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (global.chroot != NULL) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a directory as an argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
global.chroot = strdup(args[1]);
}
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
else if (!strcmp(args[0], "description")) {
int i, len=0;
char *d;
if (!*args[1]) {
Alert("parsing [%s:%d]: '%s' expects a string argument.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
BUILD/MEDIUM: cfgparse: get rid of sprintf() A few occurrences of sprintf() were causing harmless warnings on OpenBSD : src/cfgparse.o(.text+0x259e): In function `cfg_parse_global': src/cfgparse.c:1044: warning: sprintf() is often misused, please use snprintf() These ones were easy to get rid of, so better do it.
2014-04-14 09:00:39 -04:00
for (i = 1; *args[i]; i++)
len += strlen(args[i]) + 1;
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
if (global.desc)
free(global.desc);
global.desc = d = (char *)calloc(1, len);
BUILD/MEDIUM: cfgparse: get rid of sprintf() A few occurrences of sprintf() were causing harmless warnings on OpenBSD : src/cfgparse.o(.text+0x259e): In function `cfg_parse_global': src/cfgparse.c:1044: warning: sprintf() is often misused, please use snprintf() These ones were easy to get rid of, so better do it.
2014-04-14 09:00:39 -04:00
d += snprintf(d, global.desc + len - d, "%s", args[1]);
for (i = 2; *args[i]; i++)
d += snprintf(d, global.desc + len - d, " %s", args[i]);
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
}
else if (!strcmp(args[0], "node")) {
int i;
char c;
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
for (i=0; args[1][i]; i++) {
c = args[1][i];
[BUILD] fix some build warnings on Solaris with is* macros isalnum, isdigit and friends are really annoying because they take an int in which we should pass an unsigned char, while strings everywhere use chars. Solaris uses macros relying on an array for those functions, which easily triggers some warnings showing where we have mistakenly passed a char instead of an unsigned char or an int. Those warnings may indicate real bugs on some platforms depending on the implementation.
2010-03-02 18:16:00 -05:00
if (!isupper((unsigned char)c) && !islower((unsigned char)c) &&
!isdigit((unsigned char)c) && c != '_' && c != '-' && c != '.')
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
break;
}
if (!i || args[1][i]) {
Alert("parsing [%s:%d]: '%s' requires valid node name - non-empty string"
" with digits(0-9), letters(A-Z, a-z), dot(.), hyphen(-) or underscode(_).\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (global.node)
free(global.node);
global.node = strdup(args[1]);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "pidfile")) {
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (global.pidfile != NULL) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a file name as an argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
global.pidfile = strdup(args[1]);
}
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
else if (!strcmp(args[0], "unix-bind")) {
int cur_arg = 1;
while (*(args[cur_arg])) {
if (!strcmp(args[cur_arg], "prefix")) {
if (global.unix_bind.prefix != NULL) {
Alert("parsing [%s:%d] : unix-bind '%s' already specified. Continuing.\n", file, linenum, args[cur_arg]);
err_code |= ERR_ALERT;
cur_arg += 2;
continue;
}
if (*(args[cur_arg+1]) == 0) {
Alert("parsing [%s:%d] : unix_bind '%s' expects a path as an argument.\n", file, linenum, args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.unix_bind.prefix = strdup(args[cur_arg+1]);
cur_arg += 2;
continue;
}
if (!strcmp(args[cur_arg], "mode")) {
global.unix_bind.ux.mode = strtol(args[cur_arg + 1], NULL, 8);
cur_arg += 2;
continue;
}
if (!strcmp(args[cur_arg], "uid")) {
global.unix_bind.ux.uid = atol(args[cur_arg + 1 ]);
cur_arg += 2;
continue;
}
if (!strcmp(args[cur_arg], "gid")) {
global.unix_bind.ux.gid = atol(args[cur_arg + 1 ]);
cur_arg += 2;
continue;
}
if (!strcmp(args[cur_arg], "user")) {
struct passwd *user;
user = getpwnam(args[cur_arg + 1]);
if (!user) {
Alert("parsing [%s:%d] : '%s' : '%s' unknown user.\n",
file, linenum, args[0], args[cur_arg + 1 ]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.unix_bind.ux.uid = user->pw_uid;
cur_arg += 2;
continue;
}
if (!strcmp(args[cur_arg], "group")) {
struct group *group;
group = getgrnam(args[cur_arg + 1]);
if (!group) {
Alert("parsing [%s:%d] : '%s' : '%s' unknown group.\n",
file, linenum, args[0], args[cur_arg + 1 ]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
global.unix_bind.ux.gid = group->gr_gid;
cur_arg += 2;
continue;
}
[CLEANUP] cfgparse: fix reported options for the "bind" keyword
2011-09-04 19:17:06 -04:00
Alert("parsing [%s:%d] : '%s' only supports the 'prefix', 'mode', 'uid', 'gid', 'user' and 'group' options.\n",
[MEDIUM] Add supports of bind on unix sockets.
2010-10-22 11:59:25 -04:00
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
else if (!strcmp(args[0], "log") && kwm == KWM_NO) { /* no log */
/* delete previous herited or defined syslog servers */
struct logsrv *back;
struct logsrv *tmp;
if (*(args[1]) != 0) {
Alert("parsing [%s:%d]:%s : 'no log' does not expect arguments.\n", file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
list_for_each_entry_safe(tmp, back, &global.logsrvs, list) {
LIST_DEL(&tmp->list);
free(tmp);
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "log")) { /* syslog server address */
MEDIUM: config: use str2sa_range() to parse log addresses str2sa_range() is now used to parse log addresses, both INET and UNIX. str2sun() is not used anymore.
2013-03-06 09:02:49 -05:00
struct sockaddr_storage *sk;
int port1, port2;
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
struct logsrv *logsrv;
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
int arg = 0;
int len = 0;
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(8, file, linenum, args, &err_code)) /* does not strictly check optional arguments */
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[1]) == 0 || *(args[2]) == 0) {
Alert("parsing [%s:%d] : '%s' expects <address> and <facility> as arguments.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
logsrv = calloc(1, sizeof(struct logsrv));
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
/* just after the address, a length may be specified */
if (strcmp(args[arg+2], "len") == 0) {
len = atoi(args[arg+3]);
if (len < 80 || len > 65535) {
Alert("parsing [%s:%d] : invalid log length '%s', must be between 80 and 65535.\n",
file, linenum, args[arg+3]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
logsrv->maxlen = len;
/* skip these two args */
arg += 2;
}
else
logsrv->maxlen = MAX_SYSLOG_LEN;
if (logsrv->maxlen > global.max_syslog_len) {
global.max_syslog_len = logsrv->maxlen;
logline = realloc(logline, global.max_syslog_len + 1);
}
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args_idx(3, arg + 1, file, linenum, args, &err_code))
goto out;
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
logsrv->facility = get_log_facility(args[arg+2]);
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
if (logsrv->facility < 0) {
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
Alert("parsing [%s:%d] : unknown log facility '%s'\n", file, linenum, args[arg+2]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
logsrv->facility = 0;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
logsrv->level = 7; /* max syslog level = debug */
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
if (*(args[arg+3])) {
logsrv->level = get_log_level(args[arg+3]);
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
if (logsrv->level < 0) {
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
Alert("parsing [%s:%d] : unknown optional log level '%s'\n", file, linenum, args[arg+3]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
logsrv->level = 0;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
logsrv->minlvl = 0; /* limit syslog level to this level (emerg) */
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
if (*(args[arg+4])) {
logsrv->minlvl = get_log_level(args[arg+4]);
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
if (logsrv->minlvl < 0) {
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
Alert("parsing [%s:%d] : unknown optional minimum log level '%s'\n", file, linenum, args[arg+4]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
logsrv->minlvl = 0;
[MINOR] implement per-logger log level limitation Some people are using haproxy in a shared environment where the system logger by default sends alert and emerg messages to all consoles, which happens when all servers go down on a backend for instance. These people can not always change the system configuration and would like to limit the outgoing messages level in order not to disturb the local users. The addition of an optional 4th field on the "log" line permits exactly this. The minimal log level ensures that all outgoing logs will have at least this level. So the logs are not filtered out, just set to this level.
2009-05-10 11:20:05 -04:00
}
}
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
sk = str2sa_range(args[1], &port1, &port2, &errmsg, NULL);
MEDIUM: config: use str2sa_range() to parse log addresses str2sa_range() is now used to parse log addresses, both INET and UNIX. str2sun() is not used anymore.
2013-03-06 09:02:49 -05:00
if (!sk) {
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
Alert("parsing [%s:%d] : '%s': %s\n", file, linenum, args[0], errmsg);
MEDIUM: config: use str2sa_range() to parse log addresses str2sa_range() is now used to parse log addresses, both INET and UNIX. str2sun() is not used anymore.
2013-03-06 09:02:49 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
free(logsrv);
goto out;
}
logsrv->addr = *sk;
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
MEDIUM: config: use str2sa_range() to parse log addresses str2sa_range() is now used to parse log addresses, both INET and UNIX. str2sun() is not used anymore.
2013-03-06 09:02:49 -05:00
if (sk->ss_family == AF_INET || sk->ss_family == AF_INET6) {
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
if (port1 != port2) {
Alert("parsing [%s:%d] : '%s' : port ranges and offsets are not allowed in '%s'\n",
file, linenum, args[0], args[1]);
[BUG] config: report unresolvable host names as errors When a host name could not be resolved, an alert was emitted but the service used to start with 0.0.0.0 for the IP address, because the address parsing functions could not report an error. This is now changed. This fix must be backported to 1.3 as it was first discovered there.
2010-02-09 14:50:45 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
free(logsrv);
[BUG] config: report unresolvable host names as errors When a host name could not be resolved, an alert was emitted but the service used to start with 0.0.0.0 for the IP address, because the address parsing functions could not report an error. This is now changed. This fix must be backported to 1.3 as it was first discovered there.
2010-02-09 14:50:45 -05:00
goto out;
}
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
logsrv->addr = *sk;
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
if (!port1)
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
set_host_port(&logsrv->addr, SYSLOG_PORT);
[MEDIUM] add support for logging via a UNIX socket The code in haproxy-1.3.13.1 only supports syslogging to an internet address. The attached patch: - Adds support for syslogging to a UNIX domain socket (e.g., /dev/log). If the address field begins with '/' (absolute file path), then AF_UNIX is used to construct the socket. Otherwise, AF_INET is used. - Achieves clean single-source build on both Mac OS X and Linux (sockaddr_in.sin_len and sockaddr_un.sun_len field aren't always present). For handling sendto() failures in send_log(), it appears that the existing code is fine (no need to close/recreate socket) for both UDP and UNIX-domain syslog server. So I left things alone (did not close/recreate socket). Closing/recreating socket after each failure would also work, but would lead to increased amount of unnecessary socket creation/destruction if syslog is temporarily unavailable for some reason (especially for verbose loggers). Please consider this patch for inclusion into the upstream haproxy codebase.
2007-12-05 04:47:29 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
LIST_ADDQ(&global.logsrvs, &logsrv->list);
[MEDIUM] Spread health checks even more When one server appears at the same position in multiple backends, it receives all the checks from all the backends exactly at the same time because the health-checks are only spread within a backend but not globally. Attached patch implements per-server start delay in a different way. Checks are now spread globally - not locally to one backend. It also makes them start faster - IMHO there is no need to add a 'server->inter' when calculating first execution. Calculation were moved from cfgparse.c to checks.c. There is a new function start_checks() and now it is not called when haproxy is started in MODE_CHECK. With this patch it is also possible to set a global 'spread-checks' parameter. It takes a percentage value (1..50, probably something near 5..10 is a good idea) so haproxy adds or removes that many percent to the original interval after each check. My test shows that with 18 backends, 54 servers total and 10000ms/5% it takes about 45m to mix them completely. I decided to use rand/srand pseudo-random number generator. I am aware it is not recommend for a good randomness but a) we do not need a good random generator here b) it is probably the most portable one.
2007-10-14 17:40:01 -04:00
}
[MINOR] log: add support for passing the forwarded hostname Haproxy does not include the hostname rather the IP of the machine in the syslog headers it sends. Unfortunately this means that for each log line rsyslog does a reverse dns on the client IP and in the case of non-routable IPs one gets the public hostname not the internal one. While this is valid according to RFC3164 as one might imagine this is troublsome if you have some machines with public IPs, internal IPs, no reverse DNS entries, etc and you want a standardized hostname based log directory structure. The rfc says the preferred value is the hostname. This patch adds a global "log-send-hostname" statement which accepts an optional string to force the host name. If unset, the local host name is used.
2010-12-29 11:05:48 -05:00
else if (!strcmp(args[0], "log-send-hostname")) { /* set the hostname in syslog header */
char *name;
int len;
if (global.log_send_hostname != NULL) {
Alert("parsing [%s:%d] : '%s' already specified. Continuing.\n", file, linenum, args[0]);
err_code |= ERR_ALERT;
goto out;
}
if (*(args[1]))
name = args[1];
else
name = hostname;
len = strlen(name);
/* We'll add a space after the name to respect the log format */
free(global.log_send_hostname);
global.log_send_hostname = malloc(len + 2);
snprintf(global.log_send_hostname, len + 2, "%s ", name);
}
[MINOR] log: ability to override the syslog tag One of the requirements we have is to run multiple instances of haproxy on a single host; this is so that we can split the responsibilities (and change permissions) between product teams. An issue we ran up against is how we would distinguish between the logs generated by each instance. The solution we came up with (please let me know if there is a better way) is to override the application tag written to syslog. We can then configure syslog to write these to different files. I have attached a patch adding a global option 'log-tag' to override the default syslog tag 'haproxy' (actually defaults to argv[0]).
2010-12-22 11:08:21 -05:00
else if (!strcmp(args[0], "log-tag")) { /* tag to report to syslog */
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] log: ability to override the syslog tag One of the requirements we have is to run multiple instances of haproxy on a single host; this is so that we can split the responsibilities (and change permissions) between product teams. An issue we ran up against is how we would distinguish between the logs generated by each instance. The solution we came up with (please let me know if there is a better way) is to override the application tag written to syslog. We can then configure syslog to write these to different files. I have attached a patch adding a global option 'log-tag' to override the default syslog tag 'haproxy' (actually defaults to argv[0]).
2010-12-22 11:08:21 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a tag for use in syslog.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(global.log_tag);
global.log_tag = strdup(args[1]);
}
[MEDIUM] Spread health checks even more When one server appears at the same position in multiple backends, it receives all the checks from all the backends exactly at the same time because the health-checks are only spread within a backend but not globally. Attached patch implements per-server start delay in a different way. Checks are now spread globally - not locally to one backend. It also makes them start faster - IMHO there is no need to add a 'server->inter' when calculating first execution. Calculation were moved from cfgparse.c to checks.c. There is a new function start_checks() and now it is not called when haproxy is started in MODE_CHECK. With this patch it is also possible to set a global 'spread-checks' parameter. It takes a percentage value (1..50, probably something near 5..10 is a good idea) so haproxy adds or removes that many percent to the original interval after each check. My test shows that with 18 backends, 54 servers total and 10000ms/5% it takes about 45m to mix them completely. I decided to use rand/srand pseudo-random number generator. I am aware it is not recommend for a good randomness but a) we do not need a good random generator here b) it is probably the most portable one.
2007-10-14 17:40:01 -04:00
else if (!strcmp(args[0], "spread-checks")) { /* random time between checks (0-50) */
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] Spread health checks even more When one server appears at the same position in multiple backends, it receives all the checks from all the backends exactly at the same time because the health-checks are only spread within a backend but not globally. Attached patch implements per-server start delay in a different way. Checks are now spread globally - not locally to one backend. It also makes them start faster - IMHO there is no need to add a 'server->inter' when calculating first execution. Calculation were moved from cfgparse.c to checks.c. There is a new function start_checks() and now it is not called when haproxy is started in MODE_CHECK. With this patch it is also possible to set a global 'spread-checks' parameter. It takes a percentage value (1..50, probably something near 5..10 is a good idea) so haproxy adds or removes that many percent to the original interval after each check. My test shows that with 18 backends, 54 servers total and 10000ms/5% it takes about 45m to mix them completely. I decided to use rand/srand pseudo-random number generator. I am aware it is not recommend for a good randomness but a) we do not need a good random generator here b) it is probably the most portable one.
2007-10-14 17:40:01 -04:00
if (global.spread_checks != 0) {
Alert("parsing [%s:%d]: spread-checks already specified. Continuing.\n", file, linenum);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT;
goto out;
[MEDIUM] Spread health checks even more When one server appears at the same position in multiple backends, it receives all the checks from all the backends exactly at the same time because the health-checks are only spread within a backend but not globally. Attached patch implements per-server start delay in a different way. Checks are now spread globally - not locally to one backend. It also makes them start faster - IMHO there is no need to add a 'server->inter' when calculating first execution. Calculation were moved from cfgparse.c to checks.c. There is a new function start_checks() and now it is not called when haproxy is started in MODE_CHECK. With this patch it is also possible to set a global 'spread-checks' parameter. It takes a percentage value (1..50, probably something near 5..10 is a good idea) so haproxy adds or removes that many percent to the original interval after each check. My test shows that with 18 backends, 54 servers total and 10000ms/5% it takes about 45m to mix them completely. I decided to use rand/srand pseudo-random number generator. I am aware it is not recommend for a good randomness but a) we do not need a good random generator here b) it is probably the most portable one.
2007-10-14 17:40:01 -04:00
}
if (*(args[1]) == 0) {
Alert("parsing [%s:%d]: '%s' expects an integer argument (0..50).\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] Spread health checks even more When one server appears at the same position in multiple backends, it receives all the checks from all the backends exactly at the same time because the health-checks are only spread within a backend but not globally. Attached patch implements per-server start delay in a different way. Checks are now spread globally - not locally to one backend. It also makes them start faster - IMHO there is no need to add a 'server->inter' when calculating first execution. Calculation were moved from cfgparse.c to checks.c. There is a new function start_checks() and now it is not called when haproxy is started in MODE_CHECK. With this patch it is also possible to set a global 'spread-checks' parameter. It takes a percentage value (1..50, probably something near 5..10 is a good idea) so haproxy adds or removes that many percent to the original interval after each check. My test shows that with 18 backends, 54 servers total and 10000ms/5% it takes about 45m to mix them completely. I decided to use rand/srand pseudo-random number generator. I am aware it is not recommend for a good randomness but a) we do not need a good random generator here b) it is probably the most portable one.
2007-10-14 17:40:01 -04:00
}
global.spread_checks = atol(args[1]);
if (global.spread_checks < 0 || global.spread_checks > 50) {
Alert("parsing [%s:%d]: 'spread-checks' needs a positive value in range 0..50.\n", file, linenum);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] Spread health checks even more When one server appears at the same position in multiple backends, it receives all the checks from all the backends exactly at the same time because the health-checks are only spread within a backend but not globally. Attached patch implements per-server start delay in a different way. Checks are now spread globally - not locally to one backend. It also makes them start faster - IMHO there is no need to add a 'server->inter' when calculating first execution. Calculation were moved from cfgparse.c to checks.c. There is a new function start_checks() and now it is not called when haproxy is started in MODE_CHECK. With this patch it is also possible to set a global 'spread-checks' parameter. It takes a percentage value (1..50, probably something near 5..10 is a good idea) so haproxy adds or removes that many percent to the original interval after each check. My test shows that with 18 backends, 54 servers total and 10000ms/5% it takes about 45m to mix them completely. I decided to use rand/srand pseudo-random number generator. I am aware it is not recommend for a good randomness but a) we do not need a good random generator here b) it is probably the most portable one.
2007-10-14 17:40:01 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: checks: add a new global max-spread-checks directive This directive ensures that checks with a huge interval do not start too far apart at the beginning.
2014-04-25 04:46:47 -04:00
else if (!strcmp(args[0], "max-spread-checks")) { /* maximum time between first and last check */
const char *err;
unsigned int val;
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MINOR: checks: add a new global max-spread-checks directive This directive ensures that checks with a huge interval do not start too far apart at the beginning.
2014-04-25 04:46:47 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d]: '%s' expects an integer argument (0..50).\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
err = parse_time_err(args[1], &val, TIME_UNIT_MS);
if (err) {
Alert("parsing [%s:%d]: unsupported character '%c' in '%s' (wants an integer delay).\n", file, linenum, *err, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
}
global.max_spread_checks = val;
if (global.max_spread_checks < 0) {
Alert("parsing [%s:%d]: '%s' needs a positive delay in milliseconds.\n",file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
}
}
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
else if (strcmp(args[0], "cpu-map") == 0) { /* map a process list to a CPU set */
#ifdef USE_CPU_AFFINITY
int cur_arg, i;
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
unsigned long proc = 0;
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
unsigned long cpus = 0;
if (strcmp(args[1], "all") == 0)
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
proc = ~0UL;
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
else if (strcmp(args[1], "odd") == 0)
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
proc = ~0UL/3UL; /* 0x555....555 */
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
else if (strcmp(args[1], "even") == 0)
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
proc = (~0UL/3UL) << 1; /* 0xAAA...AAA */
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
else {
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
proc = atol(args[1]);
if (proc >= 1 && proc <= LONGBITS)
proc = 1UL << (proc - 1);
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
}
if (!proc || !*args[2]) {
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
Alert("parsing [%s:%d]: %s expects a process number including 'all', 'odd', 'even', or a number from 1 to %d, followed by a list of CPU ranges with numbers from 0 to %d.\n",
file, linenum, args[0], LONGBITS, LONGBITS - 1);
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
cur_arg = 2;
while (*args[cur_arg]) {
unsigned int low, high;
BUILD: silence a warning on Solaris about usage of isdigit() On Solaris, isdigit() is a macro and it complains about the use of a char instead of the int for the argument. Let's cast it to an int to silence it.
2012-11-21 19:04:31 -05:00
if (isdigit((int)*args[cur_arg])) {
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
char *dash = strchr(args[cur_arg], '-');
low = high = str2uic(args[cur_arg]);
if (dash)
high = str2uic(dash + 1);
if (high < low) {
unsigned int swap = low;
low = high;
high = swap;
}
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
if (high >= LONGBITS) {
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
Alert("parsing [%s:%d]: %s supports CPU numbers from 0 to %d.\n",
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
file, linenum, args[0], LONGBITS - 1);
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
while (low <= high)
cpus |= 1UL << low++;
}
else {
Alert("parsing [%s:%d]: %s : '%s' is not a CPU range.\n",
file, linenum, args[0], args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
cur_arg++;
}
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
for (i = 0; i < LONGBITS; i++)
if (proc & (1UL << i))
MEDIUM: global: add support for CPU binding on Linux ("cpu-map") The new "cpu-map" directive allows one to assign the CPU sets that a process is allowed to bind to. This is useful in combination with the "nbproc" and "bind-process" directives. The support is implicit on Linux 2.6.28 and above.
2012-11-16 10:12:27 -05:00
global.cpu_map[i] = cpus;
#else
Alert("parsing [%s:%d] : '%s' is not enabled, please check build options for USE_CPU_AFFINITY.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
#endif
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else {
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
struct cfg_kw_list *kwl;
int index;
[MINOR] cfgparse: add support for warnings in external functions Some parsers will need to report warnings in some cases. Let's use positive values for that.
2008-07-09 14:22:56 -04:00
int rc;
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
list_for_each_entry(kwl, &cfg_keywords.list, list) {
for (index = 0; kwl->kw[index].kw != NULL; index++) {
if (kwl->kw[index].section != CFG_GLOBAL)
continue;
if (strcmp(kwl->kw[index].kw, args[0]) == 0) {
MINOR: config: pass the file and line to config keyword parsers This will be needed when we need to create bind config settings.
2012-09-18 14:02:48 -04:00
rc = kwl->kw[index].parse(args, CFG_GLOBAL, NULL, NULL, file, linenum, &errmsg);
[MINOR] cfgparse: add support for warnings in external functions Some parsers will need to report warnings in some cases. Let's use positive values for that.
2008-07-09 14:22:56 -04:00
if (rc < 0) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
Alert("parsing [%s:%d] : %s\n", file, linenum, errmsg);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
}
[MINOR] cfgparse: add support for warnings in external functions Some parsers will need to report warnings in some cases. Let's use positive values for that.
2008-07-09 14:22:56 -04:00
else if (rc > 0) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
Warning("parsing [%s:%d] : %s\n", file, linenum, errmsg);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_WARN;
goto out;
[MINOR] cfgparse: add support for warnings in external functions Some parsers will need to report warnings in some cases. Let's use positive values for that.
2008-07-09 14:22:56 -04:00
}
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
goto out;
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
}
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
Alert("parsing [%s:%d] : unknown keyword '%s' in '%s' section\n", file, linenum, args[0], "global");
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
out:
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
free(errmsg);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
return err_code;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
void init_default_instance()
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
[MINOR] config: centralize proxy struct initialization
2010-01-03 14:23:58 -05:00
init_new_proxy(&defproxy);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
defproxy.mode = PR_MODE_TCP;
defproxy.state = PR_STNEW;
defproxy.maxconn = cfg_maxpconn;
defproxy.conn_retries = CONN_RETRIES;
MEDIUM: backend: Allow redispatch on retry intervals For backend load balancing it sometimes makes sense to redispatch rather than retrying against the same server. For example, when machines or routers fail you may not want to waste time retrying against a dead server and would instead prefer to immediately redispatch against other servers. This patch allows backend sections to specify that they want to redispatch on a particular interval. If the interval N is positive the redispatch occurs on every Nth retry, and if the interval N is negative then the redispatch occurs on the Nth retry prior to the last retry (-1 is the default and maintains backwards compatibility). In low latency environments tuning this setting can save a few hundred milliseconds when backends fail.
2015-05-12 02:25:34 -04:00
defproxy.redispatch_after = 0;
[MEDIUM] default-server support This patch implements default-server support allowing to change default server options. It can be used in [defaults] or [backend]/[listen] sections. Currently the following options are supported: - error-limit - fall - inter - fastinter - downinter - maxconn - maxqueue - minconn - on-error - port - rise - slowstart - weight
2010-01-05 10:38:49 -05:00
MEDIUM: Split up struct server's check element This is in preparation for associating a agent check with a server which runs as well as the server's existing check. The split has been made by: * Moving elements of struct server's check element that will be shared by both checks into a new check_common element of struct server. * Moving the remaining elements to a new struct check and making struct server's check element a struct check. * Adding a server element to struct check, a back-pointer to the server element it is a member of. - At this time the server could be obtained using container_of, however, this will not be so easy once a second struct check element is added to struct server to accommodate an agent health check. Signed-off-by: Simon Horman <horms@verge.net.au>
2013-02-22 20:16:43 -05:00
defproxy.defsrv.check.inter = DEF_CHKINTR;
defproxy.defsrv.check.fastinter = 0;
defproxy.defsrv.check.downinter = 0;
MEDIUM: checks: Add supplementary agent checks Allow an auxiliary agent check to be run independently of the regular a regular health check. This is enabled by the agent-check server setting. The agent-port, which specifies the TCP port to use for the agent's connections, is required. The agent-inter, which specifies the interval between agent checks and timeout of agent checks, is optional. If not set the value for regular checks is used. e.g. server web1_1 127.0.0.1:80 check agent-port 10000 If either the health or agent check determines that a server is down then it is marked as being down, otherwise it is marked as being up. An agent health check performed by opening a TCP socket and reading an ASCII string. The string should have one of the following forms: * An ASCII representation of an positive integer percentage. e.g. "75%" Values in this format will set the weight proportional to the initial weight of a server as configured when haproxy starts. * The string "drain". This will cause the weight of a server to be set to 0, and thus it will not accept any new connections other than those that are accepted via persistence. * The string "down", optionally followed by a description string. Mark the server as down and log the description string as the reason. * The string "stopped", optionally followed by a description string. This currently has the same behaviour as "down". * The string "fail", optionally followed by a description string. This currently has the same behaviour as "down". Signed-off-by: Simon Horman <horms@verge.net.au>
2013-11-24 20:46:36 -05:00
defproxy.defsrv.agent.inter = DEF_CHKINTR;
defproxy.defsrv.agent.fastinter = 0;
defproxy.defsrv.agent.downinter = 0;
MEDIUM: Set rise and fall of agent checks to 1 This is achieved by moving rise and fall from struct server to struct check. After this move the behaviour of the primary check, server->check is unchanged. However, the secondary agent check, server->agent now has independent rise and fall values each of which are set to 1. The result is that receiving "fail", "stopped" or "down" just once from the agent will mark the server as down. And receiving a weight just once will allow the server to be marked up if its primary check is in good health. This opens up the scope to allow the rise and fall values of the agent check to be configurable, however this has not been implemented at this stage. Signed-off-by: Simon Horman <horms@verge.net.au>
2013-11-24 20:46:38 -05:00
defproxy.defsrv.check.rise = DEF_RISETIME;
defproxy.defsrv.check.fall = DEF_FALLTIME;
defproxy.defsrv.agent.rise = DEF_AGENT_RISETIME;
defproxy.defsrv.agent.fall = DEF_AGENT_FALLTIME;
REORG: server: move the check-specific parts into a check subsection The health checks in the servers are becoming a real mess, move them into their own subsection. We'll soon need to have a struct buffer to replace the char * as well as check-specific protocol and transport layers.
2012-09-28 09:01:02 -04:00
defproxy.defsrv.check.port = 0;
MEDIUM: checks: Add supplementary agent checks Allow an auxiliary agent check to be run independently of the regular a regular health check. This is enabled by the agent-check server setting. The agent-port, which specifies the TCP port to use for the agent's connections, is required. The agent-inter, which specifies the interval between agent checks and timeout of agent checks, is optional. If not set the value for regular checks is used. e.g. server web1_1 127.0.0.1:80 check agent-port 10000 If either the health or agent check determines that a server is down then it is marked as being down, otherwise it is marked as being up. An agent health check performed by opening a TCP socket and reading an ASCII string. The string should have one of the following forms: * An ASCII representation of an positive integer percentage. e.g. "75%" Values in this format will set the weight proportional to the initial weight of a server as configured when haproxy starts. * The string "drain". This will cause the weight of a server to be set to 0, and thus it will not accept any new connections other than those that are accepted via persistence. * The string "down", optionally followed by a description string. Mark the server as down and log the description string as the reason. * The string "stopped", optionally followed by a description string. This currently has the same behaviour as "down". * The string "fail", optionally followed by a description string. This currently has the same behaviour as "down". Signed-off-by: Simon Horman <horms@verge.net.au>
2013-11-24 20:46:36 -05:00
defproxy.defsrv.agent.port = 0;
[MEDIUM] default-server support This patch implements default-server support allowing to change default server options. It can be used in [defaults] or [backend]/[listen] sections. Currently the following options are supported: - error-limit - fall - inter - fastinter - downinter - maxconn - maxqueue - minconn - on-error - port - rise - slowstart - weight
2010-01-05 10:38:49 -05:00
defproxy.defsrv.maxqueue = 0;
defproxy.defsrv.minconn = 0;
defproxy.defsrv.maxconn = 0;
defproxy.defsrv.slowstart = 0;
defproxy.defsrv.onerror = DEF_HANA_ONERR;
defproxy.defsrv.consecutive_errors_limit = DEF_HANA_ERRLIMIT;
defproxy.defsrv.uweight = defproxy.defsrv.iweight = 1;
MEDIUM: Allow suppression of email alerts by log level This patch adds a new option which allows configuration of the maximum log level of messages for which email alerts will be sent. The default is alert which is more restrictive than the current code which sends email alerts for all priorities. That behaviour may be configured using the new configuration option to set the maximum level to notice or greater. email-alert level notice Signed-off-by: Simon Horman <horms@verge.net.au>
2015-02-05 21:11:57 -05:00
defproxy.email_alert.level = LOG_ALERT;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
/* This function createss a new req* or rsp* rule to the proxy. It compiles the
* regex and may return the ERR_WARN bit, and error bits such as ERR_ALERT and
* ERR_FATAL in case of error.
*/
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
static int create_cond_regex_rule(const char *file, int line,
struct proxy *px, int dir, int action, int flags,
const char *cmd, const char *reg, const char *repl,
const char **cond_start)
{
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
struct my_regex *preg = NULL;
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
char *errmsg = NULL;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
const char *err;
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
char *error;
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
int ret_code = 0;
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
struct acl_cond *cond = NULL;
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
int cs;
int cap;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (px == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, line, cmd);
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
goto err;
}
if (*reg == 0) {
Alert("parsing [%s:%d] : '%s' expects <regex> as an argument.\n", file, line, cmd);
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
goto err;
}
if (warnifnotcap(px, PR_CAP_RS, file, line, cmd, NULL))
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code |= ERR_WARN;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
if (cond_start &&
(strcmp(*cond_start, "if") == 0 || strcmp(*cond_start, "unless") == 0)) {
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
if ((cond = build_acl_cond(file, line, px, cond_start, &errmsg)) == NULL) {
Alert("parsing [%s:%d] : error detected while parsing a '%s' condition : %s.\n",
file, line, cmd, errmsg);
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
goto err;
}
}
else if (cond_start && **cond_start) {
Alert("parsing [%s:%d] : '%s' : Expecting nothing, 'if', or 'unless', got '%s'.\n",
file, line, cmd, *cond_start);
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
goto err;
}
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code |= warnif_cond_conflicts(cond,
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
(dir == SMP_OPT_DIR_REQ) ?
((px->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR) :
((px->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR),
file, line);
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
preg = calloc(1, sizeof(*preg));
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (!preg) {
Alert("parsing [%s:%d] : '%s' : not enough memory to build regex.\n", file, line, cmd);
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code = ERR_ALERT | ERR_FATAL;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
goto err;
}
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
cs = !(flags & REG_ICASE);
cap = !(flags & REG_NOSUB);
error = NULL;
if (!regex_comp(reg, preg, cs, cap, &error)) {
Alert("parsing [%s:%d] : '%s' : regular expression '%s' : %s\n", file, line, cmd, reg, error);
free(error);
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code = ERR_ALERT | ERR_FATAL;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
goto err;
}
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
err = chain_regex((dir == SMP_OPT_DIR_REQ) ? &px->req_exp : &px->rsp_exp,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
preg, action, repl ? strdup(repl) : NULL, cond);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (repl && err) {
Alert("parsing [%s:%d] : '%s' : invalid character or unterminated sequence in replacement string near '%c'.\n",
file, line, cmd, *err);
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code |= ERR_ALERT | ERR_FATAL;
goto err_free;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
}
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
if (dir == SMP_OPT_DIR_REQ && warnif_misplaced_reqxxx(px, file, line, cmd))
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
ret_code |= ERR_WARN;
return ret_code;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
err_free:
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
regex_free(preg);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err:
free(preg);
BUG/MAJOR: config: don't free valid regex memory Thomas Heil reported that previous commit 07fcaaa ("MINOR: fix a few memory usage errors") make haproxy crash when req* rules are used. As diagnosed by Cyril Bonté, this commit introduced a regression which makes haproxy free the memory areas allocated for regex even when they're going to be used, resulting in the crashes. This patch does three things : - undo the free() on the valid path - add regfree() on the error path but only when regcomp() succeeds - rename err_code to ret_code to avoid confusing the valid return path with an error path.
2014-05-18 02:11:41 -04:00
free(errmsg);
return ret_code;
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
CLEANUP: cfgparse: remove reference to 'ruleset' section The 'ruleset' section was never implemented. This patch remove references and tests about this keyword.
2015-04-14 10:35:22 -04:00
* Parse a line in a <listen>, <frontend> or <backend> section.
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
* Returns the error code, 0 if OK, or any combination of :
* - ERR_ABORT: must abort ASAP
* - ERR_FATAL: we can continue parsing but not start the service
* - ERR_WARN: a warning has been emitted
* - ERR_ALERT: an alert has been emitted
* Only the two first ones can stop processing, the two others are just
* indicators.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
int cfg_parse_peers(const char *file, int linenum, char **args, int kwm)
{
static struct peers *curpeers = NULL;
struct peer *newpeer = NULL;
const char *err;
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
struct bind_conf *bind_conf;
struct listener *l;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
int err_code = 0;
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
char *errmsg = NULL;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
if (strcmp(args[0], "peers") == 0) { /* new peers section */
MINOR: config: report missing peers section name Right now we report "invalid character ''" which is a bit confusing, better make a special case of the missing name.
2013-03-05 05:31:55 -05:00
if (!*args[1]) {
Alert("parsing [%s:%d] : missing name for peers section.\n", file, linenum);
BUG/MEDIUM: config: immediately abort if peers section has no name Cyril Bonté reported that despite commit 0dbbf317 which attempted to fix the crash when a peers section has no name, we still get a segfault after the error message when parsing the peers. The reason is that the returned error code is ERR_FATAL and not ERR_ABORT, so the parsing continues while the section was not initialized. This is 1.5-specific, no backport is needed.
2014-02-16 02:20:13 -05:00
err_code |= ERR_ALERT | ERR_ABORT;
MINOR: config: report missing peers section name Right now we report "invalid character ''" which is a bit confusing, better make a special case of the missing name.
2013-03-05 05:31:55 -05:00
goto out;
}
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
MEDIUM: cfgparse: check section maximum number of arguments This patch checks the number of arguments of the keywords: 'global', 'defaults', 'listen', 'backend', 'frontend', 'peers' and 'userlist' The 'global' section does not take any arguments. Proxy sections does not support bind address as argument anymore. Those sections supports only an <id> argument. The 'defaults' section didn't had any check on its arguments. It takes an optional <name> argument. 'peers' section takes a <peersect> argument. 'userlist' section takes a <listname> argument.
2015-04-28 10:55:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in '%s' name '%s'.\n",
file, linenum, *err, args[0], args[1]);
BUG/MEDIUM: config: immediately abort if peers section has no name Cyril Bonté reported that despite commit 0dbbf317 which attempted to fix the crash when a peers section has no name, we still get a segfault after the error message when parsing the peers. The reason is that the returned error code is ERR_FATAL and not ERR_ABORT, so the parsing continues while the section was not initialized. This is 1.5-specific, no backport is needed.
2014-02-16 02:20:13 -05:00
err_code |= ERR_ALERT | ERR_ABORT;
MINOR: config: report missing peers section name Right now we report "invalid character ''" which is a bit confusing, better make a special case of the missing name.
2013-03-05 05:31:55 -05:00
goto out;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
}
for (curpeers = peers; curpeers != NULL; curpeers = curpeers->next) {
/*
* If there are two proxies with the same name only following
* combinations are allowed:
*/
if (strcmp(curpeers->id, args[1]) == 0) {
MEDIUM: config: reject invalid config with name duplicates Since 1.4 we used to emit a warning when two frontends or two backends had the same name. In 1.5 we added the same warning for two peers sections. In 1.6 we added the same warning for two mailers sections. It's about time to reject such invalid configurations, the impact they have on the code complexity is huge and it is becoming a real obstacle to some improvements such as restoring servers check status across reloads. Now these errors are reported as fatal errors and will need to be fixed. Anyway, till now there was no guarantee that what was written was working as expected since the behaviour is not defined (eg: use_backend with a name used by two backends leads to undefined behaviour). Example of output : [ALERT] 145/104759 (31564) : Parsing [prx.cfg:12]: mailers section 'm' has the same name as another mailers section declared at prx.cfg:10. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:16]: peers section 'p' has the same name as another peers section declared at prx.cfg:14. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:21]: frontend 'f' has the same name as another frontend declared at prx.cfg:18. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:27]: backend 'b' has the same name as another backend declared at prx.cfg:24. [ALERT] 145/104759 (31564) : Error(s) found in configuration file : prx.cfg [ALERT] 145/104759 (31564) : Fatal errors found in configuration.
2015-05-26 04:35:50 -04:00
Alert("Parsing [%s:%d]: peers section '%s' has the same name as another peers section declared at %s:%d.\n",
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
file, linenum, args[1], curpeers->conf.file, curpeers->conf.line);
MEDIUM: config: reject invalid config with name duplicates Since 1.4 we used to emit a warning when two frontends or two backends had the same name. In 1.5 we added the same warning for two peers sections. In 1.6 we added the same warning for two mailers sections. It's about time to reject such invalid configurations, the impact they have on the code complexity is huge and it is becoming a real obstacle to some improvements such as restoring servers check status across reloads. Now these errors are reported as fatal errors and will need to be fixed. Anyway, till now there was no guarantee that what was written was working as expected since the behaviour is not defined (eg: use_backend with a name used by two backends leads to undefined behaviour). Example of output : [ALERT] 145/104759 (31564) : Parsing [prx.cfg:12]: mailers section 'm' has the same name as another mailers section declared at prx.cfg:10. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:16]: peers section 'p' has the same name as another peers section declared at prx.cfg:14. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:21]: frontend 'f' has the same name as another frontend declared at prx.cfg:18. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:27]: backend 'b' has the same name as another backend declared at prx.cfg:24. [ALERT] 145/104759 (31564) : Error(s) found in configuration file : prx.cfg [ALERT] 145/104759 (31564) : Fatal errors found in configuration.
2015-05-26 04:35:50 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
}
}
if ((curpeers = (struct peers *)calloc(1, sizeof(struct peers))) == NULL) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
curpeers->next = peers;
peers = curpeers;
BUG/MINOR: config: use a copy of the file name in proxy configurations Each proxy contains a reference to the original config file and line number where it was declared. The pointer used is just a reference to the one passed to the function instead of being duplicated. The effect is that it is not valid anymore at the end of the parsing and that all proxies will be enumerated as coming from the same file on some late configuration errors. This may happen for exmaple when reporting SSL certificate issues. By copying using strdup(), we avoid this issue. 1.4 has the same issue, though no report of the proxy file name is done out of the config section. Anyway a backport is recommended to ease post-mortem analysis.
2012-10-04 02:01:43 -04:00
curpeers->conf.file = strdup(file);
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
curpeers->conf.line = linenum;
curpeers->last_change = now.tv_sec;
curpeers->id = strdup(args[1]);
MEDIUM: peers: add the ability to disable a peers section Sometimes it's very hard to disable the use of peers because an empty section is not valid, so it is necessary to comment out all references to the section, and not to forget to restore them in the same state after the operation. Let's add a "disabled" keyword just like for proxies. A ->state member in the peers struct is even present for this purpose but was never used at all. Maybe it would make sense to backport this to 1.5 as it's really cumbersome there.
2015-05-01 14:02:17 -04:00
curpeers->state = PR_STNEW;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
}
else if (strcmp(args[0], "peer") == 0) { /* peer definition */
[MEDIUM] add internal support for IPv6 server addresses This patch turns internal server addresses to sockaddr_storage to store IPv6 addresses, and makes the connect() function use it. This code already works but some caveats with getaddrinfo/gethostbyname still need to be sorted out while the changes had to be merged at this stage of internal architecture changes. So for now the config parser will not emit an IPv6 address yet so that user experience remains unchanged. This change should have absolutely zero user-visible effect, otherwise it's a bug introduced during the merge, that should be reported ASAP.
2011-03-10 16:26:24 -05:00
struct sockaddr_storage *sk;
MEDIUM: config: use str2sa_range() to parse peers addresses Similarly to previous changes, use str2sa_range() so that we can detect invalid addresses or port configurations in peers.
2013-02-20 13:20:59 -05:00
int port1, port2;
MEDIUM: config: add complete support for str2sa_range() in 'peer' The peer addresses are now completely parsed using str2sa_range() and the resulting protocol is checked for support for connect().
2013-03-10 13:37:42 -04:00
struct protocol *proto;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
if (!*args[2]) {
Alert("parsing [%s:%d] : '%s' expects <name> and <addr>[:<port>] as arguments.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in server name '%s'.\n",
file, linenum, *err, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if ((newpeer = (struct peer *)calloc(1, sizeof(struct peer))) == NULL) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
/* the peers are linked backwards first */
curpeers->count++;
newpeer->next = curpeers->remote;
curpeers->remote = newpeer;
BUG/MINOR: config: use a copy of the file name in proxy configurations Each proxy contains a reference to the original config file and line number where it was declared. The pointer used is just a reference to the one passed to the function instead of being duplicated. The effect is that it is not valid anymore at the end of the parsing and that all proxies will be enumerated as coming from the same file on some late configuration errors. This may happen for exmaple when reporting SSL certificate issues. By copying using strdup(), we avoid this issue. 1.4 has the same issue, though no report of the proxy file name is done out of the config section. Anyway a backport is recommended to ease post-mortem analysis.
2012-10-04 02:01:43 -04:00
newpeer->conf.file = strdup(file);
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
newpeer->conf.line = linenum;
newpeer->last_change = now.tv_sec;
newpeer->id = strdup(args[1]);
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
sk = str2sa_range(args[2], &port1, &port2, &errmsg, NULL);
MEDIUM: config: use str2sa_range() to parse peers addresses Similarly to previous changes, use str2sa_range() so that we can detect invalid addresses or port configurations in peers.
2013-02-20 13:20:59 -05:00
if (!sk) {
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
Alert("parsing [%s:%d] : '%s %s' : %s\n", file, linenum, args[0], args[1], errmsg);
MEDIUM: config: add complete support for str2sa_range() in 'peer' The peer addresses are now completely parsed using str2sa_range() and the resulting protocol is checked for support for connect().
2013-03-10 13:37:42 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
proto = protocol_by_family(sk->ss_family);
if (!proto || !proto->connect) {
Alert("parsing [%s:%d] : '%s %s' : connect() not supported for this address family.\n",
file, linenum, args[0], args[1]);
MEDIUM: config: use str2sa_range() to parse peers addresses Similarly to previous changes, use str2sa_range() so that we can detect invalid addresses or port configurations in peers.
2013-02-20 13:20:59 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
}
MEDIUM: config: use str2sa_range() to parse peers addresses Similarly to previous changes, use str2sa_range() so that we can detect invalid addresses or port configurations in peers.
2013-02-20 13:20:59 -05:00
if (port1 != port2) {
Alert("parsing [%s:%d] : '%s %s' : port ranges and offsets are not allowed in '%s'\n",
file, linenum, args[0], args[1], args[2]);
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: config: use str2sa_range() to parse peers addresses Similarly to previous changes, use str2sa_range() so that we can detect invalid addresses or port configurations in peers.
2013-02-20 13:20:59 -05:00
if (!port1) {
Alert("parsing [%s:%d] : '%s %s' : missing or invalid port in '%s'\n",
file, linenum, args[0], args[1], args[2]);
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: config: use str2sa_range() to parse peers addresses Similarly to previous changes, use str2sa_range() so that we can detect invalid addresses or port configurations in peers.
2013-02-20 13:20:59 -05:00
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
newpeer->addr = *sk;
MEDIUM: config: add complete support for str2sa_range() in 'peer' The peer addresses are now completely parsed using str2sa_range() and the resulting protocol is checked for support for connect().
2013-03-10 13:37:42 -04:00
newpeer->proto = proto;
REORG: connection: rename the data layer the "transport layer" While working on the changes required to make the health checks use the new connections, it started to become obvious that some naming was not logical at all in the connections. Specifically, it is not logical to call the "data layer" the layer which is in charge for all the handshake and which does not yet provide a data layer once established until a session has allocated all the required buffers. In fact, it's more a transport layer, which makes much more sense. The transport layer offers a medium on which data can transit, and it offers the functions to move these data when the upper layer requests this. And it is the upper layer which iterates over the transport layer's functions to move data which should be called the data layer. The use case where it's obvious is with embryonic sessions : an incoming SSL connection is accepted. Only the connection is allocated, not the buffers nor stream interface, etc... The connection handles the SSL handshake by itself. Once this handshake is complete, we can't use the data functions because the buffers and stream interface are not there yet. Hence we have to first call a specific function to complete the session initialization, after which we'll be able to use the data functions. This clearly proves that SSL here is only a transport layer and that the stream interface constitutes the data layer. A similar change will be performed to rename app_cb => data, but the two could not be in the same commit for obvious reasons.
2012-10-02 18:19:48 -04:00
newpeer->xprt = &raw_sock;
MEDIUM: stream_interface: derive the socket operations from the target Instead of hard-coding sock_raw in connect_server(), we set this socket operation at config parsing time. Right now, only servers and peers have it. Proxies are still hard-coded as sock_raw. This will be needed for future work on SSL which requires a different socket layer.
2012-05-11 12:32:18 -04:00
newpeer->sock_init_arg = NULL;
REORG/MEDIUM: replace stream interface protocol functions by a proto pointer The stream interface now makes use of the socket protocol pointer instead of the direct functions.
2012-05-07 12:12:14 -04:00
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
if (strcmp(newpeer->id, localpeer) == 0) {
/* Current is local peer, it define a frontend */
newpeer->local = 1;
MAJOR: peers: peers protocol version 2.0 This patch does'nt add any new feature: the functional behavior is the same than version 1.0. Technical differences: In this version all updates on different stick tables are multiplexed on the same tcp session. There is only one established tcp session per peer whereas in first version there was one established tcp session per peer and per stick table. Messages format was reviewed to be more evolutive and to support further types of data exchange such as SSL sessions or other sticktable's data types (currently only the sticktable's server id is supported).
2015-05-12 12:49:09 -04:00
peers->local = newpeer;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
if (!curpeers->peers_fe) {
if ((curpeers->peers_fe = calloc(1, sizeof(struct proxy))) == NULL) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
[BUG] proxy: stats frontend and peers were missing many initializers This was revealed with one of the very latest patches which caused the listener_queue not to be initialized on the stats socket frontend. And in fact a number of other ones were missing too. This is getting so boring that now we'll always make use of the same function to initialize any proxy. Doing so has even saved about 500 bytes on the binary due to the avoided code redundancy. No backport is needed.
2011-07-28 19:49:03 -04:00
init_new_proxy(curpeers->peers_fe);
curpeers->peers_fe->parent = curpeers;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
curpeers->peers_fe->id = strdup(args[1]);
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
curpeers->peers_fe->conf.args.file = curpeers->peers_fe->conf.file = strdup(file);
curpeers->peers_fe->conf.args.line = curpeers->peers_fe->conf.line = linenum;
MINOR: peers: centralize configuration of the peers frontend This is in order to stop exporting the peer_accept() function.
2015-03-13 10:47:26 -04:00
peers_setup_frontend(curpeers->peers_fe);
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
bind_conf = bind_conf_alloc(&curpeers->peers_fe->conf.bind, file, linenum, args[2]);
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
if (!str2listener(args[2], curpeers->peers_fe, bind_conf, file, linenum, &errmsg)) {
if (errmsg && *errmsg) {
indent_msg(&errmsg, 2);
Alert("parsing [%s:%d] : '%s %s' : %s\n", file, linenum, args[0], args[1], errmsg);
MINOR: config: make str2listener() use memprintf() to report errors. This will make it possible to use the function for other listening sockets.
2012-09-20 14:01:39 -04:00
}
else
Alert("parsing [%s:%d] : '%s %s' : error encountered while parsing listening address %s.\n",
file, linenum, args[0], args[1], args[2]);
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
err_code |= ERR_FATAL;
goto out;
}
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
list_for_each_entry(l, &bind_conf->listeners, by_bind) {
CLEANUP: config: set the maxaccept value for peers listeners earlier Since we introduced bind_conf in peers, we can set maxaccept in a cleaner way at the proper time, let's do this to make the code more readable.
2013-01-18 04:51:07 -05:00
l->maxaccept = 1;
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
l->maxconn = ((struct proxy *)curpeers->peers_fe)->maxconn;
l->backlog = ((struct proxy *)curpeers->peers_fe)->backlog;
REORG: session: move the session parts out of stream.c This concerns everythins related to accepting a new session and expiring the embryonic session. There's still a hard-coded call to stream_accept_session() which could be set somewhere in the frontend, but for now it's not a problem.
2015-04-04 12:50:31 -04:00
l->accept = session_accept_fd;
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
l->handler = process_stream;
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
l->analysers |= ((struct proxy *)curpeers->peers_fe)->fe_req_ana;
MEDIUM: listener: store the default target per listener This will be useful later to state that some listeners have to use certain decoders (typically an HTTP/2 decoder) regardless of the regular processing applied to other listeners. For now it simply defaults to the frontend's default target, and it is used by the session.
2015-03-13 11:43:12 -04:00
l->default_target = ((struct proxy *)curpeers->peers_fe)->default_target;
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
l->options |= LI_O_UNLIMITED; /* don't make the peers subject to global limits */
global.maxsock += l->maxconn;
}
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
}
BUG/MEDIUM: config: verbosely reject peers sections with multiple local peers If a peers section contains several instances of the local peer name, only the first one was considered and the next ones were silently ignored. This can cause some trouble to debug such a configuration. Now the extra entries are rejected with an error message indicating where the first occurrence was found.
2013-01-18 05:12:27 -05:00
else {
Alert("parsing [%s:%d] : '%s %s' : local peer name already referenced at %s:%d.\n",
file, linenum, args[0], args[1],
curpeers->peers_fe->conf.file, curpeers->peers_fe->conf.line);
err_code |= ERR_FATAL;
goto out;
}
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
}
} /* neither "peer" nor "peers" */
MEDIUM: peers: add the ability to disable a peers section Sometimes it's very hard to disable the use of peers because an empty section is not valid, so it is necessary to comment out all references to the section, and not to forget to restore them in the same state after the operation. Let's add a "disabled" keyword just like for proxies. A ->state member in the peers struct is even present for this purpose but was never used at all. Maybe it would make sense to backport this to 1.5 as it's really cumbersome there.
2015-05-01 14:02:17 -04:00
else if (!strcmp(args[0], "disabled")) { /* disables this peers section */
curpeers->state = PR_STSTOPPED;
}
else if (!strcmp(args[0], "enabled")) { /* enables this peers section (used to revert a disabled default) */
curpeers->state = PR_STNEW;
}
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
else if (*args[0] != 0) {
Alert("parsing [%s:%d] : unknown keyword '%s' in '%s' section\n", file, linenum, args[0], cursection);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
out:
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
free(errmsg);
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
return err_code;
}
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
/*
* Parse a <resolvers> section.
* Returns the error code, 0 if OK, or any combination of :
* - ERR_ABORT: must abort ASAP
* - ERR_FATAL: we can continue parsing but not start the service
* - ERR_WARN: a warning has been emitted
* - ERR_ALERT: an alert has been emitted
* Only the two first ones can stop processing, the two others are just
* indicators.
*/
int cfg_parse_resolvers(const char *file, int linenum, char **args, int kwm)
{
static struct dns_resolvers *curr_resolvers = NULL;
struct dns_nameserver *newnameserver = NULL;
const char *err;
int err_code = 0;
char *errmsg = NULL;
if (strcmp(args[0], "resolvers") == 0) { /* new resolvers section */
if (!*args[1]) {
Alert("parsing [%s:%d] : missing name for resolvers section.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in '%s' name '%s'.\n",
file, linenum, *err, args[0], args[1]);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
list_for_each_entry(curr_resolvers, &dns_resolvers, list) {
/* Error if two resolvers owns the same name */
if (strcmp(curr_resolvers->id, args[1]) == 0) {
Alert("Parsing [%s:%d]: resolvers '%s' has same name as another resolvers (declared at %s:%d).\n",
file, linenum, args[1], curr_resolvers->conf.file, curr_resolvers->conf.line);
err_code |= ERR_ALERT | ERR_ABORT;
}
}
if ((curr_resolvers = (struct dns_resolvers *)calloc(1, sizeof(struct dns_resolvers))) == NULL) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
/* default values */
LIST_ADDQ(&dns_resolvers, &curr_resolvers->list);
curr_resolvers->conf.file = strdup(file);
curr_resolvers->conf.line = linenum;
curr_resolvers->id = strdup(args[1]);
curr_resolvers->query_ids = EB_ROOT;
/* default hold period for valid is 10s */
BUG/MINOR: dns: wrong time unit for some DNS default parameters Madison May reported that the timeout applied by the default configuration is inproperly set up. This patch fix this: - hold valid default to 10s - timeout retry default to 1s
2015-07-14 15:42:49 -04:00
curr_resolvers->hold.valid = 10000;
curr_resolvers->timeout.retry = 1000;
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
curr_resolvers->resolve_retries = 3;
LIST_INIT(&curr_resolvers->nameserver_list);
LIST_INIT(&curr_resolvers->curr_resolution);
}
else if (strcmp(args[0], "nameserver") == 0) { /* nameserver definition */
struct sockaddr_storage *sk;
int port1, port2;
struct protocol *proto;
if (!*args[2]) {
Alert("parsing [%s:%d] : '%s' expects <name> and <addr>[:<port>] as arguments.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in server name '%s'.\n",
file, linenum, *err, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if ((newnameserver = (struct dns_nameserver *)calloc(1, sizeof(struct dns_nameserver))) == NULL) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
/* the nameservers are linked backward first */
LIST_ADDQ(&curr_resolvers->nameserver_list, &newnameserver->list);
curr_resolvers->count_nameservers++;
newnameserver->resolvers = curr_resolvers;
newnameserver->conf.file = strdup(file);
newnameserver->conf.line = linenum;
newnameserver->id = strdup(args[1]);
sk = str2sa_range(args[2], &port1, &port2, &errmsg, NULL);
if (!sk) {
Alert("parsing [%s:%d] : '%s %s' : %s\n", file, linenum, args[0], args[1], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
proto = protocol_by_family(sk->ss_family);
if (!proto || !proto->connect) {
Alert("parsing [%s:%d] : '%s %s' : connect() not supported for this address family.\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (port1 != port2) {
Alert("parsing [%s:%d] : '%s %s' : port ranges and offsets are not allowed in '%s'\n",
file, linenum, args[0], args[1], args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
newnameserver->addr = *sk;
}
else if (strcmp(args[0], "hold") == 0) { /* hold periods */
const char *res;
unsigned int time;
if (!*args[2]) {
Alert("parsing [%s:%d] : '%s' expects an <event> and a <time> as arguments.\n",
file, linenum, args[0]);
Alert("<event> can be either 'valid', 'nx', 'refused', 'timeout', or 'other'\n");
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
res = parse_time_err(args[2], &time, TIME_UNIT_MS);
if (res) {
Alert("parsing [%s:%d]: unexpected character '%c' in argument to <%s>.\n",
file, linenum, *res, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (strcmp(args[1], "valid") == 0)
curr_resolvers->hold.valid = time;
else {
Alert("parsing [%s:%d] : '%s' unknown <event>: '%s', expects 'valid'\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
else if (strcmp(args[0], "resolve_retries") == 0) {
if (!*args[1]) {
Alert("parsing [%s:%d] : '%s' expects <nb> as argument.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curr_resolvers->resolve_retries = atoi(args[1]);
}
else if (strcmp(args[0], "timeout") == 0) {
const char *res;
unsigned int timeout_retry;
if (!*args[2]) {
Alert("parsing [%s:%d] : '%s' expects 'retry' and <time> as arguments.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
res = parse_time_err(args[2], &timeout_retry, TIME_UNIT_MS);
if (res) {
Alert("parsing [%s:%d]: unexpected character '%c' in argument to <%s>.\n",
file, linenum, *res, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curr_resolvers->timeout.retry = timeout_retry;
} /* neither "nameserver" nor "resolvers" */
else if (*args[0] != 0) {
Alert("parsing [%s:%d] : unknown keyword '%s' in '%s' section\n", file, linenum, args[0], cursection);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
out:
free(errmsg);
return err_code;
}
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
/*
CLEANUP: cfgparse: remove reference to 'ruleset' section The 'ruleset' section was never implemented. This patch remove references and tests about this keyword.
2015-04-14 10:35:22 -04:00
* Parse a line in a <listen>, <frontend> or <backend> section.
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
* Returns the error code, 0 if OK, or any combination of :
* - ERR_ABORT: must abort ASAP
* - ERR_FATAL: we can continue parsing but not start the service
* - ERR_WARN: a warning has been emitted
* - ERR_ALERT: an alert has been emitted
* Only the two first ones can stop processing, the two others are just
* indicators.
*/
int cfg_parse_mailers(const char *file, int linenum, char **args, int kwm)
{
static struct mailers *curmailers = NULL;
struct mailer *newmailer = NULL;
const char *err;
int err_code = 0;
char *errmsg = NULL;
if (strcmp(args[0], "mailers") == 0) { /* new mailers section */
if (!*args[1]) {
Alert("parsing [%s:%d] : missing name for mailers section.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in '%s' name '%s'.\n",
file, linenum, *err, args[0], args[1]);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
for (curmailers = mailers; curmailers != NULL; curmailers = curmailers->next) {
/*
* If there are two proxies with the same name only following
* combinations are allowed:
*/
if (strcmp(curmailers->id, args[1]) == 0) {
MEDIUM: config: reject invalid config with name duplicates Since 1.4 we used to emit a warning when two frontends or two backends had the same name. In 1.5 we added the same warning for two peers sections. In 1.6 we added the same warning for two mailers sections. It's about time to reject such invalid configurations, the impact they have on the code complexity is huge and it is becoming a real obstacle to some improvements such as restoring servers check status across reloads. Now these errors are reported as fatal errors and will need to be fixed. Anyway, till now there was no guarantee that what was written was working as expected since the behaviour is not defined (eg: use_backend with a name used by two backends leads to undefined behaviour). Example of output : [ALERT] 145/104759 (31564) : Parsing [prx.cfg:12]: mailers section 'm' has the same name as another mailers section declared at prx.cfg:10. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:16]: peers section 'p' has the same name as another peers section declared at prx.cfg:14. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:21]: frontend 'f' has the same name as another frontend declared at prx.cfg:18. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:27]: backend 'b' has the same name as another backend declared at prx.cfg:24. [ALERT] 145/104759 (31564) : Error(s) found in configuration file : prx.cfg [ALERT] 145/104759 (31564) : Fatal errors found in configuration.
2015-05-26 04:35:50 -04:00
Alert("Parsing [%s:%d]: mailers section '%s' has the same name as another mailers section declared at %s:%d.\n",
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
file, linenum, args[1], curmailers->conf.file, curmailers->conf.line);
MEDIUM: config: reject invalid config with name duplicates Since 1.4 we used to emit a warning when two frontends or two backends had the same name. In 1.5 we added the same warning for two peers sections. In 1.6 we added the same warning for two mailers sections. It's about time to reject such invalid configurations, the impact they have on the code complexity is huge and it is becoming a real obstacle to some improvements such as restoring servers check status across reloads. Now these errors are reported as fatal errors and will need to be fixed. Anyway, till now there was no guarantee that what was written was working as expected since the behaviour is not defined (eg: use_backend with a name used by two backends leads to undefined behaviour). Example of output : [ALERT] 145/104759 (31564) : Parsing [prx.cfg:12]: mailers section 'm' has the same name as another mailers section declared at prx.cfg:10. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:16]: peers section 'p' has the same name as another peers section declared at prx.cfg:14. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:21]: frontend 'f' has the same name as another frontend declared at prx.cfg:18. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:27]: backend 'b' has the same name as another backend declared at prx.cfg:24. [ALERT] 145/104759 (31564) : Error(s) found in configuration file : prx.cfg [ALERT] 145/104759 (31564) : Fatal errors found in configuration.
2015-05-26 04:35:50 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
}
}
if ((curmailers = (struct mailers *)calloc(1, sizeof(struct mailers))) == NULL) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
curmailers->next = mailers;
mailers = curmailers;
curmailers->conf.file = strdup(file);
curmailers->conf.line = linenum;
curmailers->id = strdup(args[1]);
}
else if (strcmp(args[0], "mailer") == 0) { /* mailer definition */
struct sockaddr_storage *sk;
int port1, port2;
struct protocol *proto;
if (!*args[2]) {
Alert("parsing [%s:%d] : '%s' expects <name> and <addr>[:<port>] as arguments.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in server name '%s'.\n",
file, linenum, *err, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if ((newmailer = (struct mailer *)calloc(1, sizeof(struct mailer))) == NULL) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
/* the mailers are linked backwards first */
curmailers->count++;
newmailer->next = curmailers->mailer_list;
curmailers->mailer_list = newmailer;
newmailer->mailers = curmailers;
newmailer->conf.file = strdup(file);
newmailer->conf.line = linenum;
newmailer->id = strdup(args[1]);
sk = str2sa_range(args[2], &port1, &port2, &errmsg, NULL);
if (!sk) {
Alert("parsing [%s:%d] : '%s %s' : %s\n", file, linenum, args[0], args[1], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
proto = protocol_by_family(sk->ss_family);
MEDIUM: Support sending email alerts Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:23:00 -05:00
if (!proto || !proto->connect || proto->sock_prot != IPPROTO_TCP) {
Alert("parsing [%s:%d] : '%s %s' : TCP not supported for this address family.\n",
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (port1 != port2) {
Alert("parsing [%s:%d] : '%s %s' : port ranges and offsets are not allowed in '%s'\n",
file, linenum, args[0], args[1], args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (!port1) {
Alert("parsing [%s:%d] : '%s %s' : missing or invalid port in '%s'\n",
file, linenum, args[0], args[1], args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
newmailer->addr = *sk;
newmailer->proto = proto;
newmailer->xprt = &raw_sock;
newmailer->sock_init_arg = NULL;
} /* neither "mailer" nor "mailers" */
else if (*args[0] != 0) {
Alert("parsing [%s:%d] : unknown keyword '%s' in '%s' section\n", file, linenum, args[0], cursection);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
out:
free(errmsg);
return err_code;
}
MEDIUM: Allow configuration of email alerts This currently does nothing beyond parsing the configuration and storing in the proxy as there is no implementation of email alerts. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:59 -05:00
static void free_email_alert(struct proxy *p)
{
free(p->email_alert.mailers.name);
p->email_alert.mailers.name = NULL;
free(p->email_alert.from);
p->email_alert.from = NULL;
free(p->email_alert.to);
p->email_alert.to = NULL;
free(p->email_alert.myhostname);
p->email_alert.myhostname = NULL;
}
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
static struct proxy *curproxy = NULL;
[CLEANUP] add a few "const char *" where appropriate As suggested by Markus Elfring, a few "const char *" have replaced some "char *" declarations where a function is not expected to modify a value. It does not change the code but it helps detecting coding errors.
2006-10-15 09:17:57 -04:00
const char *err;
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
char *error;
[MEDIUM] add support for time units in the configuration It is not always handy to manipulate large values exprimed in milliseconds for timeouts. Also, some values are entered in seconds (such as the stats refresh interval). This patch adds support for time units. It knows about 'us', 'ms', 's', 'm', 'h', and 'd'. It automatically converts each value into the caller's expected unit. Unit-less values are still passed unchanged. The unit must be passed as a suffix to the number. For instance: clitimeout 15m If any character is not understood, an error is returned.
2007-12-02 16:15:14 -05:00
int rc;
unsigned val;
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
int err_code = 0;
[CLEANUP] config: specify correct const char types to warnif_* functions Also factor out a few declarations of acl_cond everywhere.
2010-01-28 13:01:34 -05:00
struct acl_cond *cond = NULL;
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
struct logsrv *tmplogsrv;
MINOR: cfgparse: use a common errmsg pointer for all parsers In order to generalize the simplified error reporting mechanism, let's centralize the error pointer.
2012-05-08 11:37:49 -04:00
char *errmsg = NULL;
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
struct bind_conf *bind_conf;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (!strcmp(args[0], "listen"))
rc = PR_CAP_LISTEN;
else if (!strcmp(args[0], "frontend"))
rc = PR_CAP_FE | PR_CAP_RS;
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
else if (!strcmp(args[0], "backend"))
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
rc = PR_CAP_BE | PR_CAP_RS;
else
rc = PR_CAP_NONE;
if (rc != PR_CAP_NONE) { /* new proxy */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (!*args[1]) {
Alert("parsing [%s:%d] : '%s' expects an <id> argument and\n"
" optionnally supports [addr1]:port1[-end1]{,[addr]:port[-end]}...\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[PATCH]: Check for duplicated conflicting proxies Currently haproxy accepts a config with duplicated proxies (listen/fronted/backed/ruleset). This patch fix this, so the application will complain when there is an error. With this modification it is still possible to use the same name for two proxies (for example frontend&backend) as long there is no conflict: listen backend frontend ruleset listen - - - - backend - - OK - frontend - OK - - ruleset - - - - Best regards, Krzysztof Oledzki
2007-10-20 20:55:17 -04:00
[MEDIUM] restrict the set of allowed characters for identifiers In order to avoid issues in the future, we want to restrict the set of allowed characters for identifiers. Starting from now, only A-Z, a-z, 0-9, '-', '_', '.' and ':' will be allowed for a proxy, a server or an ACL name. A test file has been added to check the restriction.
2007-12-02 12:45:09 -05:00
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in '%s' name '%s'.\n",
file, linenum, *err, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] restrict the set of allowed characters for identifiers In order to avoid issues in the future, we want to restrict the set of allowed characters for identifiers. Starting from now, only A-Z, a-z, 0-9, '-', '_', '.' and ':' will be allowed for a proxy, a server or an ACL name. A test file has been added to check the restriction.
2007-12-02 12:45:09 -05:00
}
MINOR: config: don't open-code proxy name lookups We can now safely use the standard functions to detect proxy name duplicates.
2015-05-26 05:45:02 -04:00
curproxy = (rc & PR_CAP_FE) ? proxy_fe_by_name(args[1]) : proxy_be_by_name(args[1]);
if (curproxy) {
Alert("Parsing [%s:%d]: %s '%s' has the same name as %s '%s' declared at %s:%d.\n",
file, linenum, proxy_cap_str(rc), args[1], proxy_type_str(curproxy),
curproxy->id, curproxy->conf.file, curproxy->conf.line);
MEDIUM: config: reject invalid config with name duplicates Since 1.4 we used to emit a warning when two frontends or two backends had the same name. In 1.5 we added the same warning for two peers sections. In 1.6 we added the same warning for two mailers sections. It's about time to reject such invalid configurations, the impact they have on the code complexity is huge and it is becoming a real obstacle to some improvements such as restoring servers check status across reloads. Now these errors are reported as fatal errors and will need to be fixed. Anyway, till now there was no guarantee that what was written was working as expected since the behaviour is not defined (eg: use_backend with a name used by two backends leads to undefined behaviour). Example of output : [ALERT] 145/104759 (31564) : Parsing [prx.cfg:12]: mailers section 'm' has the same name as another mailers section declared at prx.cfg:10. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:16]: peers section 'p' has the same name as another peers section declared at prx.cfg:14. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:21]: frontend 'f' has the same name as another frontend declared at prx.cfg:18. [ALERT] 145/104759 (31564) : Parsing [prx.cfg:27]: backend 'b' has the same name as another backend declared at prx.cfg:24. [ALERT] 145/104759 (31564) : Error(s) found in configuration file : prx.cfg [ALERT] 145/104759 (31564) : Fatal errors found in configuration.
2015-05-26 04:35:50 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[PATCH]: Check for duplicated conflicting proxies Currently haproxy accepts a config with duplicated proxies (listen/fronted/backed/ruleset). This patch fix this, so the application will complain when there is an error. With this modification it is still possible to use the same name for two proxies (for example frontend&backend) as long there is no conflict: listen backend frontend ruleset listen - - - - backend - - OK - frontend - OK - - ruleset - - - - Best regards, Krzysztof Oledzki
2007-10-20 20:55:17 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if ((curproxy = (struct proxy *)calloc(1, sizeof(struct proxy))) == NULL) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[CLEANUP] config: catch and report some possibly wrong rule ordering There are some configurations in which redirect rules are declared after use_backend rules. We can also find "block" rules after any of these ones. The processing sequence is : - block - redirect - use_backend So as of now we try to detect wrong ordering to warn the user about a possibly undesired behaviour.
2009-03-15 10:23:16 -04:00
[MINOR] config: centralize proxy struct initialization
2010-01-03 14:23:58 -05:00
init_new_proxy(curproxy);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->next = proxy;
proxy = curproxy;
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
curproxy->conf.args.file = curproxy->conf.file = strdup(file);
curproxy->conf.args.line = curproxy->conf.line = linenum;
[MEDIUM] stats: report server and backend cumulated downtime Hello, This patch implements new statistics for SLA calculation by adding new field 'Dwntime' with total down time since restart (both HTTP/CSV) and extending status field (HTTP) or inserting a new one (CSV) with time showing how long each server/backend is in a current state. Additionaly, down transations are also calculated and displayed for backends, so it is possible to know how many times selected backend was down, generating "No server is available to handle this request." error. New information are presentetd in two different ways: - for HTTP: a "human redable form", one of "100000d 23h", "23h 59m" or "59m 59s" - for CSV: seconds I believe that seconds resolution is enough. As there are more columns in the status page I decided to shrink some names to make more space: - Weight -> Wght - Check -> Chk - Down -> Dwn Making described changes I also made some improvements and fixed some small bugs: - don't increment s->health above 's->rise + s->fall - 1'. Previously it was incremented an then (re)set to 's->rise + s->fall - 1'. - do not set server down if it is down already - do not set server up if it is up already - fix colspan in multiple places (mostly introduced by my previous patch) - add missing "status" header to CSV - fix order of retries/redispatches in server (CSV) - s/Tthen/Then/ - s/server/backend/ in DATA_ST_PX_BE (dumpstats.c) Changes from previous version: - deal with negative time intervales - don't relay on s->state (SRV_RUNNING) - little reworked human_time + compacted format (no spaces). If needed it can be used in the future for other purposes by optionally making "cnt" as an argument - leave set_server_down mostly unchanged - only little reworked "process_chk: 9" - additional fields in CSV are appended to the rigth - fix "SEC" macro - named arguments (human_time, be_downtime, srv_downtime) Hope it is OK. If there are only cosmetic changes needed please fill free to correct it, however if there are some bigger changes required I would like to discuss it first or at last to know what exactly was changed especially since I already put this patch into my production server. :) Thank you, Best regards, Krzysztof Oledzki
2007-10-22 10:21:10 -04:00
curproxy->last_change = now.tv_sec;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->id = strdup(args[1]);
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
curproxy->cap = rc;
MEDIUM: proxy: create a tree to store proxies by name Large configurations can take time to parse when thousands of backends are in use. Let's store all the proxies in trees. findproxy_mode() has been modified to use the tree for lookups, which has divided the parsing time by about 2.5. But many lookups are still present at many places and need to be dealt with.
2014-03-15 02:22:35 -04:00
proxy_store_name(curproxy);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: cfgparse: check section maximum number of arguments This patch checks the number of arguments of the keywords: 'global', 'defaults', 'listen', 'backend', 'frontend', 'peers' and 'userlist' The 'global' section does not take any arguments. Proxy sections does not support bind address as argument anymore. Those sections supports only an <id> argument. The 'defaults' section didn't had any check on its arguments. It takes an optional <name> argument. 'peers' section takes a <peersect> argument. 'userlist' section takes a <listname> argument.
2015-04-28 10:55:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code)) {
if (curproxy->cap & PR_CAP_FE)
Alert("parsing [%s:%d] : please use the 'bind' keyword for listening addresses.\n", file, linenum);
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
/* set default values */
[MEDIUM] default-server support This patch implements default-server support allowing to change default server options. It can be used in [defaults] or [backend]/[listen] sections. Currently the following options are supported: - error-limit - fall - inter - fastinter - downinter - maxconn - maxqueue - minconn - on-error - port - rise - slowstart - weight
2010-01-05 10:38:49 -05:00
memcpy(&curproxy->defsrv, &defproxy.defsrv, sizeof(curproxy->defsrv));
[MINOR] config: report "default-server" instead of "(null)" in error messages When an error is reported in a default-server entry, we want to have that name in the error message instead of "(null)".
2010-04-07 10:06:40 -04:00
curproxy->defsrv.id = "default-server";
[MEDIUM] default-server support This patch implements default-server support allowing to change default server options. It can be used in [defaults] or [backend]/[listen] sections. Currently the following options are supported: - error-limit - fall - inter - fastinter - downinter - maxconn - maxqueue - minconn - on-error - port - rise - slowstart - weight
2010-01-05 10:38:49 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->state = defproxy.state;
curproxy->options = defproxy.options;
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
curproxy->options2 = defproxy.options2;
[MINOR] config: track "no option"/"option" changes Sometimes we would want to implement implicit default options, but for this we need to be able to disable them, which requires to keep track of "no option" settings. With this change, an option explicitly disabled in a defaults section will still be seen as explicitly disabled. There should be no regression as nothing makes use of this yet.
2009-06-14 05:10:45 -04:00
curproxy->no_options = defproxy.no_options;
curproxy->no_options2 = defproxy.no_options2;
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
curproxy->bind_proc = defproxy.bind_proc;
[MEDIUM] add the "except" keyword to the "forwardfor" option Patch from Bryan Germann for 1.2.17. In some circumstances, it is useful not to add the X-Forwarded-For header, for instance when the client is another reverse-proxy or stunnel running on the same machine and which already adds it. This patch adds the "except" keyword to the "forwardfor" option, allowing to specify an address or network which will not be added to this header.
2007-03-25 10:00:04 -04:00
curproxy->except_net = defproxy.except_net;
curproxy->except_mask = defproxy.except_mask;
[BUG] x-original-to: fix missing initialization to default value
2009-05-08 11:02:07 -04:00
curproxy->except_to = defproxy.except_to;
[MINOR] add X-Original-To: header I have attached a patch which will add on every http request a new header 'X-Original-To'. If you have HAProxy running in transparent mode with a big number of SQUID servers behind it, it is very nice to have the original destination ip as a common header to make decisions based on it. The whole thing is configurable with a new option 'originalto'. I have updated the sourcecode as well as the documentation. The 'haproxy-en.txt' and 'haproxy-fr.txt' files are untouched, due to lack of my french language knowledge. ;) Also the patch adds this header for IPv4 only. I haven't any IPv6 test environment running here and don't know if getsockopt() with SO_ORIGINAL_DST will work on IPv6. If someone knows it and wants to test it I can modify the diff. Feel free to ask me questions or things which should be changed. :) --Maik
2009-04-17 12:53:21 -04:00
curproxy->except_mask_to = defproxy.except_mask_to;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[BUG] Fix empty X-Forwarded-For header name when set in defaults section The following patch introduced a minor bug : [MINOR] permit renaming of x-forwarded-for header If "option forwardfor" is declared in a defaults section, the header name is never set and we see an empty header name before the value. Also, the header name was not reset between two defaults sections.
2008-08-23 02:18:21 -04:00
if (defproxy.fwdfor_hdr_len) {
curproxy->fwdfor_hdr_len = defproxy.fwdfor_hdr_len;
curproxy->fwdfor_hdr_name = strdup(defproxy.fwdfor_hdr_name);
}
[BUG] x-original-to: name was not set in default instance This resulted in an empty header name when option originalto was declared in a default sections.
2009-11-30 05:50:16 -05:00
if (defproxy.orgto_hdr_len) {
curproxy->orgto_hdr_len = defproxy.orgto_hdr_len;
curproxy->orgto_hdr_name = strdup(defproxy.orgto_hdr_name);
}
MEDIUM: http: add support for sending the server's name in the outgoing request New option "http-send-name-header" specifies the name of a header which will hold the server name in outgoing requests. This is the name of the server the connection is really sent to, which means that upon redispatches, the header's value is updated so that it always matches the server's name.
2012-01-04 13:02:01 -05:00
if (defproxy.server_id_hdr_len) {
curproxy->server_id_hdr_len = defproxy.server_id_hdr_len;
curproxy->server_id_hdr_name = strdup(defproxy.server_id_hdr_name);
}
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (curproxy->cap & PR_CAP_FE) {
curproxy->maxconn = defproxy.maxconn;
[MINOR] add support for the "backlog" parameter Add the "backlog" parameter to frontends, to give hints to the system about the approximate listen backlog desired size. In order to protect against SYN flood attacks, one solution is to increase the system's SYN backlog size. Depending on the system, sometimes it is just tunable via a system parameter, sometimes it is not adjustable at all, and sometimes the system relies on hints given by the application at the time of the listen() syscall. By default, HAProxy passes the frontend's maxconn value to the listen() syscall. On systems which can make use of this value, it can sometimes be useful to be able to specify a different value, hence this backlog parameter.
2008-01-06 04:55:10 -05:00
curproxy->backlog = defproxy.backlog;
[MINOR] compute the max of sessions/s on fe/be/srv Some users want to keep the max sessions/s seen on servers, frontends and backends for capacity planning. It's easy to grab it while the session count is updated, so let's keep it.
2009-05-10 12:52:49 -04:00
curproxy->fe_sps_lim = defproxy.fe_sps_lim;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
/* initialize error relocations */
[MAJOR] struct chunk rework Add size to struct chunk and simplify the code as there is no longer required to pass sizeof in chunk_printf().
2009-09-27 07:23:20 -04:00
for (rc = 0; rc < HTTP_ERR_SIZE; rc++)
chunk_dup(&curproxy->errmsg[rc], &defproxy.errmsg[rc]);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
curproxy->to_log = defproxy.to_log & ~LW_COOKIE & ~LW_REQHDR & ~ LW_RSPHDR;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (curproxy->cap & PR_CAP_BE) {
BUG/MINOR: config: don't inherit the default balance algorithm in frontends Tom Limoncelli from Stack Exchange reported a minor bug : the frontend inherits the LB parameters from the defaults sections. The impact is that if a "balance" directive uses any L7 parameter in the defaults sections and the frontend is in TCP mode, a warning is emitted about their incompatibility. The warning is harmless but a valid, sane config should never cause any warning to be reported. This fix should be backported into 1.5 and possibly 1.4.
2014-11-18 09:04:29 -05:00
curproxy->lbprm.algo = defproxy.lbprm.algo;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
curproxy->fullconn = defproxy.fullconn;
curproxy->conn_retries = defproxy.conn_retries;
MEDIUM: backend: Allow redispatch on retry intervals For backend load balancing it sometimes makes sense to redispatch rather than retrying against the same server. For example, when machines or routers fail you may not want to waste time retrying against a dead server and would instead prefer to immediately redispatch against other servers. This patch allows backend sections to specify that they want to redispatch on a particular interval. If the interval N is positive the redispatch occurs on every Nth retry, and if the interval N is negative then the redispatch occurs on the Nth retry prior to the last retry (-1 is the default and maintains backwards compatibility). In low latency environments tuning this setting can save a few hundred milliseconds when backends fail.
2015-05-12 02:25:34 -04:00
curproxy->redispatch_after = defproxy.redispatch_after;
MINOR: http: implement the max-keep-alive-queue setting Finn Arne Gangstad suggested that we should have the ability to break keep-alive when the target server has reached its maxconn and that a number of connections are present in the queue. After some discussion around his proposed patch, the following solution was suggested : have a per-proxy setting to fix a limit to the number of queued connections on a server after which we break keep-alive. This ensures that even in high latency networks where keep-alive is beneficial, we try to find a different server. This patch is partially based on his original proposal and implements this configurable threshold.
2014-04-25 07:58:37 -04:00
curproxy->max_ka_queue = defproxy.max_ka_queue;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MINOR] checks: ensure that we can inherit binary checks from the defaults section Health checks were all pure ASCII, but we're going to have to support some binary checks (eg: SQL). When they're inherited from the default section, they will be truncated to the first \0 due to strdup(). Let's fix that with a simple malloc. (cherry picked from commit 98fc04a766bcff80f57db2b1cd865c91761b131b)
2010-10-22 10:15:31 -04:00
if (defproxy.check_req) {
curproxy->check_req = calloc(1, defproxy.check_len);
memcpy(curproxy->check_req, defproxy.check_req, defproxy.check_len);
}
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
curproxy->check_len = defproxy.check_len;
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
if (defproxy.expect_str) {
curproxy->expect_str = strdup(defproxy.expect_str);
if (defproxy.expect_regex) {
/* note: this regex is known to be valid */
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
curproxy->expect_regex = calloc(1, sizeof(*curproxy->expect_regex));
regex_comp(defproxy.expect_str, curproxy->expect_regex, 1, 1, NULL);
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
}
}
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
curproxy->ck_opts = defproxy.ck_opts;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (defproxy.cookie_name)
curproxy->cookie_name = strdup(defproxy.cookie_name);
curproxy->cookie_len = defproxy.cookie_len;
[BUG] config: cookie domain was ignored in defaults sections Since cookie can appear in a defaults section, the domain extension must be supported there as well. (cherry picked from commit baf78c8e03db8c2255aefb6e11b38b48d1ec5d34)
2009-12-03 17:13:06 -05:00
if (defproxy.cookie_domain)
curproxy->cookie_domain = strdup(defproxy.cookie_domain);
[MEDIUM] introduce the "url_param" balance method Some applications do not have a strict persistence requirement, yet it is still desirable for performance considerations, due to local caches on the servers. For some reasons, there are some applications which cannot rely on cookies, and for which the last resort is to use a parameter passed in the URL. The new 'url_param' balance method is there to solve this issue. It accepts a parameter name which is looked up from the URL and which is then hashed to select a server. If the parameter is not found, then the round robin algorithm is used in order to provide a normal load balancing across the servers for the first requests. It would have been possible to use a source IP hash instead, but since such applications are generally buried behind multiple levels of reverse-proxies, it would not provide a good balance. The doc has been updated, and two regression testing configurations have been added.
2007-11-01 17:48:15 -04:00
[MINOR] cookie: add options "maxidle" and "maxlife" Add two new arguments to the "cookie" keyword, to be able to fix a max idle and max life on them. Right now only the parameter parsing is implemented. (cherry picked from commit 9ad5dec4c3bb8f29129f292cb22d3fc495fcc98a)
2010-10-06 10:59:56 -04:00
if (defproxy.cookie_maxidle)
curproxy->cookie_maxidle = defproxy.cookie_maxidle;
if (defproxy.cookie_maxlife)
curproxy->cookie_maxlife = defproxy.cookie_maxlife;
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
if (defproxy.rdp_cookie_name)
curproxy->rdp_cookie_name = strdup(defproxy.rdp_cookie_name);
curproxy->rdp_cookie_len = defproxy.rdp_cookie_len;
[MEDIUM] introduce the "url_param" balance method Some applications do not have a strict persistence requirement, yet it is still desirable for performance considerations, due to local caches on the servers. For some reasons, there are some applications which cannot rely on cookies, and for which the last resort is to use a parameter passed in the URL. The new 'url_param' balance method is there to solve this issue. It accepts a parameter name which is looked up from the URL and which is then hashed to select a server. If the parameter is not found, then the round robin algorithm is used in order to provide a normal load balancing across the servers for the first requests. It would have been possible to use a source IP hash instead, but since such applications are generally buried behind multiple levels of reverse-proxies, it would not provide a good balance. The doc has been updated, and two regression testing configurations have been added.
2007-11-01 17:48:15 -04:00
if (defproxy.url_param_name)
curproxy->url_param_name = strdup(defproxy.url_param_name);
curproxy->url_param_len = defproxy.url_param_len;
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
[MEDIUM] add support for "balance hdr(name)" There is a patch made by me that allow for balancing on any http header field. [WT: made minor changes: - turned 'balance header name' into 'balance hdr(name)' to match more closely the ACL syntax for easier future convergence - renamed the proxy structure fields header_* => hh_* - made it possible to use the domain name reduction to any header, not only "host" since it makes sense to do it with other ones. Otherwise patch looks good. /WT]
2009-03-25 08:02:10 -04:00
if (defproxy.hh_name)
curproxy->hh_name = strdup(defproxy.hh_name);
curproxy->hh_len = defproxy.hh_len;
curproxy->hh_match_domain = defproxy.hh_match_domain;
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
if (defproxy.conn_src.iface_name)
curproxy->conn_src.iface_name = strdup(defproxy.conn_src.iface_name);
curproxy->conn_src.iface_len = defproxy.conn_src.iface_len;
BUG/MINOR: config: "source" does not work in defaults section Source function will not work with the following line in default section: source 0.0.0.0 usesrc clientip even that related settings by iptables and ip rule have been set correctly. But it can work well in backend setcion. The reason is that the operation in line 1815 in cfgparse.c as below: curproxy->conn_src.opts = defproxy.conn_src.opts & ~CO_SRC_TPROXY_MASK; clears three low bits of conn_src.opts which stores the configuration of 'usesrc'. Without correct bits set, the source address function can not work well. They should be copied to the backend proxy without being modified. Since conn_src.tproxy_addr had not copied from defproxy to backend proxy while initializing backend proxy, source function will not work well with explicit source address set in default section either. Signed-off-by: Godbach <nylzhaowei@gmail.com> Note: the bug was introduced in 1.5-dev16 with commit ef9a3605
2013-04-23 03:27:57 -04:00
curproxy->conn_src.opts = defproxy.conn_src.opts;
REORG: tproxy: prepare the transparent proxy defines for accepting other OSes This patch does not change the logic of the code, it only changes the way OS-specific defines are tested. At the moment the transparent proxy code heavily depends on Linux-specific defines. This first patch introduces a new define "CONFIG_HAP_TRANSPARENT" which is set every time the defines used by transparent proxy are present. This also means that with an up-to-date libc, it should not be necessary anymore to force CONFIG_HAP_LINUX_TPROXY during the build, as the flags will automatically be detected. The CTTPROXY flags still remain separate because this older API doesn't work the same way. A new line has been added in the version output for haproxy -vv to indicate what transparent proxy support is available.
2013-05-08 16:49:23 -04:00
#if defined(CONFIG_HAP_CTTPROXY) || defined(CONFIG_HAP_TRANSPARENT)
BUG/MINOR: config: "source" does not work in defaults section Source function will not work with the following line in default section: source 0.0.0.0 usesrc clientip even that related settings by iptables and ip rule have been set correctly. But it can work well in backend setcion. The reason is that the operation in line 1815 in cfgparse.c as below: curproxy->conn_src.opts = defproxy.conn_src.opts & ~CO_SRC_TPROXY_MASK; clears three low bits of conn_src.opts which stores the configuration of 'usesrc'. Without correct bits set, the source address function can not work well. They should be copied to the backend proxy without being modified. Since conn_src.tproxy_addr had not copied from defproxy to backend proxy while initializing backend proxy, source function will not work well with explicit source address set in default section either. Signed-off-by: Godbach <nylzhaowei@gmail.com> Note: the bug was introduced in 1.5-dev16 with commit ef9a3605
2013-04-23 03:27:57 -04:00
curproxy->conn_src.tproxy_addr = defproxy.conn_src.tproxy_addr;
BUILD: last fix broke non-linux platforms src.tproxy_addr only exists on linux.
2013-04-25 11:35:22 -04:00
#endif
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
}
[MINOR] config: the "capture" keyword is not allowed in backends The "capture" keyword is only supported by frontends, fix the check.
2009-07-23 07:24:23 -04:00
if (curproxy->cap & PR_CAP_FE) {
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (defproxy.capture_name)
curproxy->capture_name = strdup(defproxy.capture_name);
curproxy->capture_namelen = defproxy.capture_namelen;
curproxy->capture_len = defproxy.capture_len;
}
if (curproxy->cap & PR_CAP_FE) {
[CLEANUP] grouped all timeouts in one structure All known timeouts in a proxy have been grouped into a "timeout" sub-structure.
2007-12-02 19:38:36 -05:00
curproxy->timeout.client = defproxy.timeout.client;
BUG/MEDIUM: fix ignored values for half-closed timeouts (client-fin and server-fin) in defaults section. Signed-off-by: Simone Gotti <simone.gotti@gmail.com> WT: bug introduced with the new feature in 1.5-dev25, no backport is needed.
2014-06-11 06:25:28 -04:00
curproxy->timeout.clientfin = defproxy.timeout.clientfin;
[MEDIUM] introduce separation between contimeout, and tarpit + queue Now the connect timeout, tarpit timeout and queue timeout are distinct. In order to retain compatibility with older versions, if either queue or tarpit is left unset both in the proxy and in the default proxy, then it is inherited from the connect timeout as before.
2007-12-02 18:36:16 -05:00
curproxy->timeout.tarpit = defproxy.timeout.tarpit;
[MEDIUM] introduce "timeout http-request" in frontends In order to offer DoS protection, it may be required to lower the maximum accepted time to receive a complete HTTP request without affecting the client timeout. This helps protecting against established connections on which nothing is sent. The client timeout cannot offer a good protection against this abuse because it is an inactivity timeout, which means that if the attacker sends one character every now and then, the timeout will not trigger. With the HTTP request timeout, no matter what speed the client types, the request will be aborted if it does not complete in time.
2008-01-06 07:24:40 -05:00
curproxy->timeout.httpreq = defproxy.timeout.httpreq;
[MINOR] http: add a separate "http-keep-alive" timeout This one is used to wait for next request after a response was sent to the client.
2010-01-10 08:46:16 -05:00
curproxy->timeout.httpka = defproxy.timeout.httpka;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
curproxy->mon_net = defproxy.mon_net;
curproxy->mon_mask = defproxy.mon_mask;
if (defproxy.monitor_uri)
curproxy->monitor_uri = strdup(defproxy.monitor_uri);
curproxy->monitor_uri_len = defproxy.monitor_uri_len;
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
if (defproxy.defbe.name)
curproxy->defbe.name = strdup(defproxy.defbe.name);
BUG/MINOR: log: don't report logformat errors in backends Logs have always been ignored by backends, do not report useless warnings there.
2012-05-31 13:39:23 -04:00
/* get either a pointer to the logformat string or a copy of it */
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
curproxy->conf.logformat_string = defproxy.conf.logformat_string;
if (curproxy->conf.logformat_string &&
curproxy->conf.logformat_string != default_http_log_format &&
curproxy->conf.logformat_string != default_tcp_log_format &&
curproxy->conf.logformat_string != clf_http_log_format)
curproxy->conf.logformat_string = strdup(curproxy->conf.logformat_string);
if (defproxy.conf.lfs_file) {
curproxy->conf.lfs_file = strdup(defproxy.conf.lfs_file);
curproxy->conf.lfs_line = defproxy.conf.lfs_line;
}
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
}
if (curproxy->cap & PR_CAP_BE) {
[CLEANUP] grouped all timeouts in one structure All known timeouts in a proxy have been grouped into a "timeout" sub-structure.
2007-12-02 19:38:36 -05:00
curproxy->timeout.connect = defproxy.timeout.connect;
curproxy->timeout.server = defproxy.timeout.server;
BUG/MEDIUM: fix ignored values for half-closed timeouts (client-fin and server-fin) in defaults section. Signed-off-by: Simone Gotti <simone.gotti@gmail.com> WT: bug introduced with the new feature in 1.5-dev25, no backport is needed.
2014-06-11 06:25:28 -04:00
curproxy->timeout.serverfin = defproxy.timeout.serverfin;
[MEDIUM]: rework checks handling This patch adds two new variables: fastinter and downinter. When server state is: - non-transitionally UP -> inter (no change) - transitionally UP (going down), unchecked or transitionally DOWN (going up) -> fastinter - down -> downinter It allows to set something like: server sr6 127.0.51.61:80 cookie s6 check inter 10000 downinter 20000 fastinter 500 fall 3 weight 40 In the above example haproxy uses 10000ms between checks but as soon as one check fails fastinter (500ms) is used. If server is down downinter (20000) is used or fastinter (500ms) if one check pass. Fastinter is also used when haproxy starts. New "timeout.check" variable was added, if set haproxy uses it as an additional read timeout, but only after a connection has been already established. I was thinking about using "timeout.server" here but most people set this with an addition reserve but still want checks to kick out laggy servers. Please also note that in most cases check request is much simpler and faster to handle than normal requests so this timeout should be smaller. I also changed the timeout used for check connections establishing. Changes from the previous version: - use tv_isset() to check if the timeout is set, - use min("timeout connect", "inter") but only if "timeout check" is set as this min alone may be to short for full (connect + read) check, - debug code (fprintf) commented/removed - documentation Compile tested only (sorry!) as I'm currently traveling but changes are rather small and trivial.
2008-01-20 19:54:06 -05:00
curproxy->timeout.check = defproxy.timeout.check;
[MEDIUM] introduce separation between contimeout, and tarpit + queue Now the connect timeout, tarpit timeout and queue timeout are distinct. In order to retain compatibility with older versions, if either queue or tarpit is left unset both in the proxy and in the default proxy, then it is inherited from the connect timeout as before.
2007-12-02 18:36:16 -05:00
curproxy->timeout.queue = defproxy.timeout.queue;
[MINOR] tarpit timeout is also allowed in backends Since the tarpit action may be set in backends too, its timeout must be configurable there.
2008-01-06 07:40:03 -05:00
curproxy->timeout.tarpit = defproxy.timeout.tarpit;
[MINOR] http: take http request timeout from the backend Since we can now switch from TCP to HTTP, we need to be able to apply the HTTP request timeout after switching. That means we need to take it from the backend and not from the frontend. Since the backend points to the frontend before switching, that changes nothing for the normal case.
2009-07-12 04:03:17 -04:00
curproxy->timeout.httpreq = defproxy.timeout.httpreq;
[MINOR] http: add a separate "http-keep-alive" timeout This one is used to wait for next request after a response was sent to the client.
2010-01-10 08:46:16 -05:00
curproxy->timeout.httpka = defproxy.timeout.httpka;
MEDIUM: session: add support for tunnel timeouts Tunnel timeouts are used when TCP connections are forwarded, or when forwarding upgraded HTTP connections (WebSocket) as well as CONNECT requests to proxies. This timeout allows long-lived sessions to be supported without having to set large timeouts to normal requests.
2012-05-12 06:50:00 -04:00
curproxy->timeout.tunnel = defproxy.timeout.tunnel;
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
curproxy->conn_src.source_addr = defproxy.conn_src.source_addr;
[MINOR] store HTTP error messages into a chunk array HTTP error messages were all specific cases handled by an IF. Now they are all in an array so that it will be easier to add new ones. Also, the return functions now use chunks as inputs so that it should be easier to provide alternative return messages if needed.
2006-12-23 14:51:41 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->mode = defproxy.mode;
BUG/MEDIUM: stats: mismatch between behaviour and doc about front/back In version 1.3.4, we got the ability to split configuration parts between frontends and backends. The stats was attached to the backend and a control was made to ensure that it was used only in a listen or backend section, but not in a frontend. The documentation clearly says that the statement may only be used in the backend. But since that same version above, the defaults stats configuration is only filled in the frontend part of the proxy and not in the backend's. So a backend will not get stats which are enabled in a defaults section, despite what the doc says. However, a frontend configured after a defaults section will get stats and will not emit the warning! There were many technical limitations in 1.3.4 making it impossible to have the stats working both in the frontend and backend, but now this has become a total mess. It's common however to see people create a frontend with a perfectly working stats configuration which only emits a warning stating that it might not work, adding to the confusion. Most people workaround the tricky behaviour by declaring a "listen" section with no server, which was the recommended solution in 1.3 where it was even suggested to add a dispatch address to avoid a warning. So the right solution seems to do the following : - ensure that the defaults section's settings apply to the backends, as documented ; - let the frontends work in order not to break existing setups relying on the defaults section ; - officially allow stats to be declared in frontends and remove the warninng This patch should probably not be backported since it's not certain that 1.4 is fully compatible with having stats in frontends and backends (which was really made possible thanks to applets).
2014-04-24 16:10:39 -04:00
curproxy->uri_auth = defproxy.uri_auth; /* for stats */
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
/* copy default logsrvs to curproxy */
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
list_for_each_entry(tmplogsrv, &defproxy.logsrvs, list) {
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
struct logsrv *node = malloc(sizeof(struct logsrv));
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
memcpy(node, tmplogsrv, sizeof(struct logsrv));
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
LIST_INIT(&node->list);
LIST_ADDQ(&curproxy->logsrvs, &node->list);
}
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
curproxy->conf.uniqueid_format_string = defproxy.conf.uniqueid_format_string;
if (curproxy->conf.uniqueid_format_string)
curproxy->conf.uniqueid_format_string = strdup(curproxy->conf.uniqueid_format_string);
MINOR: logs: add a new per-proxy "log-tag" directive This is equivalent to what was done in commit 48936af ("[MINOR] log: ability to override the syslog tag") but this time instead of doing this globally, it does it per proxy. The purpose is to be able to use a separate log tag for various proxies (eg: make it easier to route log messages depending on the customer).
2015-01-07 09:03:42 -05:00
if (defproxy.log_tag)
curproxy->log_tag = strdup(defproxy.log_tag);
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (defproxy.conf.uif_file) {
curproxy->conf.uif_file = strdup(defproxy.conf.uif_file);
curproxy->conf.uif_line = defproxy.conf.uif_line;
}
MEDIUM: log: Unique ID The Unique ID, is an ID generated with several informations. You can use a log-format string to customize it, with the "unique-id-format" keyword, and insert it in the request header, with the "unique-id-header" keyword.
2012-03-12 07:48:57 -04:00
/* copy default header unique id */
if (defproxy.header_unique_id)
curproxy->header_unique_id = strdup(defproxy.header_unique_id);
MEDIUM: HTTP compression (zlib library support) This commit introduces HTTP compression using the zlib library. http_response_forward_body has been modified to call the compression functions. This feature includes 3 algorithms: identity, gzip and deflate: * identity: this is mostly for debugging, and it was useful for developping the compression feature. With Content-Length in input, it is making each chunk with the data available in the current buffer. With chunks in input, it is rechunking, the output chunks will be bigger or smaller depending of the size of the input chunk and the size of the buffer. Identity does not apply any change on data. * gzip: same as identity, but applying a gzip compression. The data are deflated using the Z_NO_FLUSH flag in zlib. When there is no more data in the input buffer, it flushes the data in the output buffer (Z_SYNC_FLUSH). At the end of data, when it receives the last chunk in input, or when there is no more data to read, it writes the end of data with Z_FINISH and the ending chunk. * deflate: same as gzip, but with deflate algorithm and zlib format. Note that this algorithm has ambiguous support on many browsers and no support at all from recent ones. It is strongly recommended not to use it for anything else than experimentation. You can't choose the compression ratio at the moment, it will be set to Z_BEST_SPEED (1), as tests have shown very little benefit in terms of compression ration when going above for HTML contents, at the cost of a massive CPU impact. Compression will be activated depending of the Accept-Encoding request header. With identity, it does not take care of that header. To build HAProxy with zlib support, use USE_ZLIB=1 in the make parameters. This work was initially started by David Du Colombier at Exceliance.
2012-10-23 04:25:10 -04:00
/* default compression options */
if (defproxy.comp != NULL) {
curproxy->comp = calloc(1, sizeof(struct comp));
curproxy->comp->algos = defproxy.comp->algos;
curproxy->comp->types = defproxy.comp->types;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->grace = defproxy.grace;
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
curproxy->conf.used_listener_id = EB_ROOT;
curproxy->conf.used_server_id = EB_ROOT;
[MEDIUM] implemented the 'monitor-uri' keyword. It is used to test haproxy's status with an HTTP request to which it will reply with HTTP/1.0 200 OK.
2006-07-09 02:22:27 -04:00
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
if (defproxy.check_path)
curproxy->check_path = strdup(defproxy.check_path);
if (defproxy.check_command)
curproxy->check_command = strdup(defproxy.check_command);
MEDIUM: Allow configuration of email alerts This currently does nothing beyond parsing the configuration and storing in the proxy as there is no implementation of email alerts. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:59 -05:00
if (defproxy.email_alert.mailers.name)
curproxy->email_alert.mailers.name = strdup(defproxy.email_alert.mailers.name);
if (defproxy.email_alert.from)
curproxy->email_alert.from = strdup(defproxy.email_alert.from);
if (defproxy.email_alert.to)
curproxy->email_alert.to = strdup(defproxy.email_alert.to);
if (defproxy.email_alert.myhostname)
curproxy->email_alert.myhostname = strdup(defproxy.email_alert.myhostname);
MEDIUM: Allow suppression of email alerts by log level This patch adds a new option which allows configuration of the maximum log level of messages for which email alerts will be sent. The default is alert which is more restrictive than the current code which sends email alerts for all priorities. That behaviour may be configured using the new configuration option to set the maximum level to notice or greater. email-alert level notice Signed-off-by: Simon Horman <horms@verge.net.au>
2015-02-05 21:11:57 -05:00
curproxy->email_alert.level = defproxy.email_alert.level;
MEDIUM: Allow configuration of email alerts This currently does nothing beyond parsing the configuration and storing in the proxy as there is no implementation of email alerts. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:59 -05:00
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "defaults")) { /* use this one to assign default values */
/* some variables may have already been initialized earlier */
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
/* FIXME-20070101: we should do this too at the end of the
* config parsing to free all default values.
*/
MEDIUM: cfgparse: check section maximum number of arguments This patch checks the number of arguments of the keywords: 'global', 'defaults', 'listen', 'backend', 'frontend', 'peers' and 'userlist' The 'global' section does not take any arguments. Proxy sections does not support bind address as argument anymore. Those sections supports only an <id> argument. The 'defaults' section didn't had any check on its arguments. It takes an optional <name> argument. 'peers' section takes a <peersect> argument. 'userlist' section takes a <listname> argument.
2015-04-28 10:55:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code)) {
err_code |= ERR_ABORT;
goto out;
}
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(defproxy.check_req);
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
free(defproxy.check_command);
free(defproxy.check_path);
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(defproxy.cookie_name);
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
free(defproxy.rdp_cookie_name);
[BUG] config: cookie domain was ignored in defaults sections Since cookie can appear in a defaults section, the domain extension must be supported there as well. (cherry picked from commit baf78c8e03db8c2255aefb6e11b38b48d1ec5d34)
2009-12-03 17:13:06 -05:00
free(defproxy.cookie_domain);
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(defproxy.url_param_name);
[MEDIUM] add support for "balance hdr(name)" There is a patch made by me that allow for balancing on any http header field. [WT: made minor changes: - turned 'balance header name' into 'balance hdr(name)' to match more closely the ACL syntax for easier future convergence - renamed the proxy structure fields header_* => hh_* - made it possible to use the domain name reduction to any header, not only "host" since it makes sense to do it with other ones. Otherwise patch looks good. /WT]
2009-03-25 08:02:10 -04:00
free(defproxy.hh_name);
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(defproxy.capture_name);
free(defproxy.monitor_uri);
free(defproxy.defbe.name);
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
free(defproxy.conn_src.iface_name);
[BUG] Fix empty X-Forwarded-For header name when set in defaults section The following patch introduced a minor bug : [MINOR] permit renaming of x-forwarded-for header If "option forwardfor" is declared in a defaults section, the header name is never set and we see an empty header name before the value. Also, the header name was not reset between two defaults sections.
2008-08-23 02:18:21 -04:00
free(defproxy.fwdfor_hdr_name);
defproxy.fwdfor_hdr_len = 0;
[BUG] x-original-to: name was not set in default instance This resulted in an empty header name when option originalto was declared in a default sections.
2009-11-30 05:50:16 -05:00
free(defproxy.orgto_hdr_name);
defproxy.orgto_hdr_len = 0;
MEDIUM: http: add support for sending the server's name in the outgoing request New option "http-send-name-header" specifies the name of a header which will hold the server name in outgoing requests. This is the name of the server the connection is really sent to, which means that upon redispatches, the header's value is updated so that it always matches the server's name.
2012-01-04 13:02:01 -05:00
free(defproxy.server_id_hdr_name);
defproxy.server_id_hdr_len = 0;
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
free(defproxy.expect_str);
MINOR: regex: fix a little configuration memory leak. The function regfree free the memory allocated to the pattern buffer by the compiling process. It is not freeing the buffer itself.
2014-06-11 08:45:31 -04:00
if (defproxy.expect_regex) {
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
regex_free(defproxy.expect_regex);
MINOR: regex: fix a little configuration memory leak. The function regfree free the memory allocated to the pattern buffer by the compiling process. It is not freeing the buffer itself.
2014-06-11 08:45:31 -04:00
free(defproxy.expect_regex);
defproxy.expect_regex = NULL;
}
[MINOR] store HTTP error messages into a chunk array HTTP error messages were all specific cases handled by an IF. Now they are all in an array so that it will be easier to add new ones. Also, the return functions now use chunks as inputs so that it should be easier to provide alternative return messages if needed.
2006-12-23 14:51:41 -05:00
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (defproxy.conf.logformat_string != default_http_log_format &&
defproxy.conf.logformat_string != default_tcp_log_format &&
defproxy.conf.logformat_string != clf_http_log_format)
free(defproxy.conf.logformat_string);
BUG/MINOR: fix option httplog validation with TCP frontends Option httplog needs to be checked only once the proxy has been validated, so that its final mode (tcp/http) can be used. Also we need to check for httplog before checking the log format, so that we can report a warning about this specific option and not about the format it implies.
2012-05-31 13:30:26 -04:00
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
free(defproxy.conf.uniqueid_format_string);
free(defproxy.conf.lfs_file);
free(defproxy.conf.uif_file);
MINOR: logs: add a new per-proxy "log-tag" directive This is equivalent to what was done in commit 48936af ("[MINOR] log: ability to override the syslog tag") but this time instead of doing this globally, it does it per proxy. The purpose is to be able to use a separate log tag for various proxies (eg: make it easier to route log messages depending on the customer).
2015-01-07 09:03:42 -05:00
free(defproxy.log_tag);
MEDIUM: Allow configuration of email alerts This currently does nothing beyond parsing the configuration and storing in the proxy as there is no implementation of email alerts. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:59 -05:00
free_email_alert(&defproxy);
BUG/MINOR: fix option httplog validation with TCP frontends Option httplog needs to be checked only once the proxy has been validated, so that its final mode (tcp/http) can be used. Also we need to check for httplog before checking the log format, so that we can report a warning about this specific option and not about the format it implies.
2012-05-31 13:30:26 -04:00
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
for (rc = 0; rc < HTTP_ERR_SIZE; rc++)
[MAJOR] struct chunk rework Add size to struct chunk and simplify the code as there is no longer required to pass sizeof in chunk_printf().
2009-09-27 07:23:20 -04:00
chunk_destroy(&defproxy.errmsg[rc]);
[MINOR] store HTTP error messages into a chunk array HTTP error messages were all specific cases handled by an IF. Now they are all in an array so that it will be easier to add new ones. Also, the return functions now use chunks as inputs so that it should be easier to provide alternative return messages if needed.
2006-12-23 14:51:41 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* we cannot free uri_auth because it might already be used */
init_default_instance();
curproxy = &defproxy;
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
curproxy->conf.args.file = curproxy->conf.file = strdup(file);
curproxy->conf.args.line = curproxy->conf.line = linenum;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
defproxy.cap = PR_CAP_LISTEN; /* all caps for now */
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (curproxy == NULL) {
Alert("parsing [%s:%d] : 'listen' or 'defaults' expected.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
/* update the current file and line being parsed */
curproxy->conf.args.file = curproxy->conf.file;
curproxy->conf.args.line = linenum;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
/* Now let's parse the proxy-specific keywords */
REORG: cfgparse: move server keyword parsing to server.c The cfgparse.c file becomes huge, and a large part of it comes from the server keyword parser. Since the configuration is a bit more modular now, move this parser to server.c. This patch also moves the check of the "server" keyword earlier in the supported keywords list, resulting in a slightly faster config parsing for configs with large numbers of servers (about 10%). No functional change was made, only the code was moved.
2014-03-31 04:39:59 -04:00
if (!strcmp(args[0], "server") || !strcmp(args[0], "default-server")) {
err_code |= parse_server(file, linenum, args, curproxy, &defproxy);
if (err_code & ERR_FATAL)
goto out;
}
else if (!strcmp(args[0], "bind")) { /* new listen addresses */
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
struct listener *l;
[MINOR] add support for bind interface name By appending "interface <name>" to a "bind" line, it is now possible to specifically bind to a physical interface name. Note that this currently only works on Linux and requires root privileges.
2009-02-04 11:19:29 -05:00
int cur_arg;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: tools: support specifying explicit address families in str2sa_range() This change allows one to force the address family in any address parsed by str2sa_range() by specifying it as a prefix followed by '@' then the address. Currently supported address prefixes are 'ipv4@', 'ipv6@', 'unix@'. This also helps forcing resolving for host names (when getaddrinfo is used), and force the family of the empty address (eg: 'ipv4@' = 0.0.0.0 while 'ipv6@' = ::). The main benefits is that unix sockets can now get a local name without being forced to begin with a slash. This is useful during development as it is no longer necessary to have stats socket sent to /tmp.
2013-03-10 16:32:12 -04:00
if (!*(args[1])) {
[MINOR] cfgparse: report support of <path> for the 'bind' statements "bind" now supports unix sockets, so report that in the error message.
2010-11-09 03:50:37 -05:00
Alert("parsing [%s:%d] : '%s' expects {<path>|[addr1]:port1[-end1]}{,[addr]:port[-end]}... as arguments.\n",
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] support fully transparent proxy on Linux (USE_LINUX_TPROXY) Using some Linux kernel patches, it is possible to redirect non-local traffic to local sockets when IP forwarding is enabled. In order to enable this option, we introduce the "transparent" option keyword on the "bind" command line. It will make the socket reachable by remote sources even if the destination address does not belong to the machine.
2008-01-13 08:49:51 -05:00
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
bind_conf = bind_conf_alloc(&curproxy->conf.bind, file, linenum, args[1]);
BUG/MINOR: unix: remove the 'level' field from the ux struct Commit 290e63aa moved the unix parameters out of the global stats socket to the bind_conf struct. As such the stats admin level was also moved overthere, but it remained in the stats global section where it was not used, except by a nasty memcpy() used to initialize the ux struct in the bind_conf with too large data. Fortunately, the extra data copied were the previous level over the new level so it did not have any impact, but it could have been worse. This bug is 1.5 specific, no backport is needed. Reported-by: Dinko Korunic <dkorunic@reflected.net>
2013-01-24 09:17:20 -05:00
/* use default settings for unix sockets */
bind_conf->ux.uid = global.unix_bind.ux.uid;
bind_conf->ux.gid = global.unix_bind.ux.gid;
bind_conf->ux.mode = global.unix_bind.ux.mode;
[MINOR] listener: add the "accept-proxy" option to the "bind" keyword This option will enable the AN_REQ_DECODE_PROXY analyser on the requests that come from those listeners.
2010-10-15 08:27:08 -04:00
/* NOTE: the following line might create several listeners if there
* are comma-separated IPs or port ranges. So all further processing
* will have to be applied to all listeners created after last_listen.
*/
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
if (!str2listener(args[1], curproxy, bind_conf, file, linenum, &errmsg)) {
if (errmsg && *errmsg) {
indent_msg(&errmsg, 2);
Alert("parsing [%s:%d] : '%s' : %s\n", file, linenum, args[0], errmsg);
MINOR: config: make str2listener() use memprintf() to report errors. This will make it possible to use the function for other listening sockets.
2012-09-20 14:01:39 -04:00
}
else
Alert("parsing [%s:%d] : '%s' : error encountered while parsing listening address '%s'.\n",
file, linenum, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MINOR] add support for bind interface name By appending "interface <name>" to a "bind" line, it is now possible to specifically bind to a physical interface name. Note that this currently only works on Linux and requires root privileges.
2009-02-04 11:19:29 -05:00
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
list_for_each_entry(l, &bind_conf->listeners, by_bind) {
/* Set default global rights and owner for unix bind */
[BUG] cfgparse: correctly count one socket per port in ranges We used to only count one socket instead of one per listener. This makes the socket count wrong, preventing from automatically computing the proper number of sockets to bind. This fix must be backported to 1.4 and 1.3.
2011-02-16 05:08:57 -05:00
global.maxsock++;
[MINOR] config: reference file and line with any listener/proxy/server declaration Those will be used later for cross-references of conflicts or errors.
2009-10-04 14:54:54 -04:00
}
[MINOR] add support for bind interface name By appending "interface <name>" to a "bind" line, it is now possible to specifically bind to a physical interface name. Note that this currently only works on Linux and requires root privileges.
2009-02-04 11:19:29 -05:00
cur_arg = 2;
while (*(args[cur_arg])) {
MEDIUM: config: enumerate full list of registered "bind" keywords upon error When an unknown "bind" keyword is detected, dump the list of all registered keywords. Unsupported default alternatives are also reported as "not supported".
2012-09-18 12:01:17 -04:00
static int bind_dumped;
MEDIUM: listener: add a minimal framework to register "bind" keyword options With the arrival of SSL, the "bind" keyword has received even more options, all of which are processed in cfgparse in a cumbersome way. So it's time to let modules register their own bind options. This is done very similarly to the ACLs with a small difference in that we make the difference between an unknown option and a known, unimplemented option.
2012-09-12 17:17:10 -04:00
struct bind_kw *kw;
MEDIUM: config: enumerate full list of registered "bind" keywords upon error When an unknown "bind" keyword is detected, dump the list of all registered keywords. Unsupported default alternatives are also reported as "not supported".
2012-09-18 12:01:17 -04:00
char *err;
MEDIUM: listener: add a minimal framework to register "bind" keyword options With the arrival of SSL, the "bind" keyword has received even more options, all of which are processed in cfgparse in a cumbersome way. So it's time to let modules register their own bind options. This is done very similarly to the ACLs with a small difference in that we make the difference between an unknown option and a known, unimplemented option.
2012-09-12 17:17:10 -04:00
kw = bind_find_kw(args[cur_arg]);
if (kw) {
char *err = NULL;
int code;
if (!kw->parse) {
MINOR: config: improve error reporting for "bind" lines We now report the bind argument, which was missing in all error reports. It is now much more convenient to spot configuration mistakes.
2012-09-18 10:34:09 -04:00
Alert("parsing [%s:%d] : '%s %s' : '%s' option is not implemented in this version (check build options).\n",
file, linenum, args[0], args[1], args[cur_arg]);
MEDIUM: listener: add a minimal framework to register "bind" keyword options With the arrival of SSL, the "bind" keyword has received even more options, all of which are processed in cfgparse in a cumbersome way. So it's time to let modules register their own bind options. This is done very similarly to the ACLs with a small difference in that we make the difference between an unknown option and a known, unimplemented option.
2012-09-12 17:17:10 -04:00
cur_arg += 1 + kw->skip ;
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
code = kw->parse(args, cur_arg, curproxy, bind_conf, &err);
MEDIUM: listener: add a minimal framework to register "bind" keyword options With the arrival of SSL, the "bind" keyword has received even more options, all of which are processed in cfgparse in a cumbersome way. So it's time to let modules register their own bind options. This is done very similarly to the ACLs with a small difference in that we make the difference between an unknown option and a known, unimplemented option.
2012-09-12 17:17:10 -04:00
err_code |= code;
if (code) {
if (err && *err) {
indent_msg(&err, 2);
MINOR: config: improve error reporting for "bind" lines We now report the bind argument, which was missing in all error reports. It is now much more convenient to spot configuration mistakes.
2012-09-18 10:34:09 -04:00
Alert("parsing [%s:%d] : '%s %s' : %s\n", file, linenum, args[0], args[1], err);
MEDIUM: listener: add a minimal framework to register "bind" keyword options With the arrival of SSL, the "bind" keyword has received even more options, all of which are processed in cfgparse in a cumbersome way. So it's time to let modules register their own bind options. This is done very similarly to the ACLs with a small difference in that we make the difference between an unknown option and a known, unimplemented option.
2012-09-12 17:17:10 -04:00
}
else
MINOR: config: improve error reporting for "bind" lines We now report the bind argument, which was missing in all error reports. It is now much more convenient to spot configuration mistakes.
2012-09-18 10:34:09 -04:00
Alert("parsing [%s:%d] : '%s %s' : error encountered while processing '%s'.\n",
file, linenum, args[0], args[1], args[cur_arg]);
MEDIUM: listener: add a minimal framework to register "bind" keyword options With the arrival of SSL, the "bind" keyword has received even more options, all of which are processed in cfgparse in a cumbersome way. So it's time to let modules register their own bind options. This is done very similarly to the ACLs with a small difference in that we make the difference between an unknown option and a known, unimplemented option.
2012-09-12 17:17:10 -04:00
if (code & ERR_FATAL) {
free(err);
cur_arg += 1 + kw->skip;
goto out;
}
}
free(err);
cur_arg += 1 + kw->skip;
continue;
}
MEDIUM: config: enumerate full list of registered "bind" keywords upon error When an unknown "bind" keyword is detected, dump the list of all registered keywords. Unsupported default alternatives are also reported as "not supported".
2012-09-18 12:01:17 -04:00
err = NULL;
if (!bind_dumped) {
bind_dump_kws(&err);
indent_msg(&err, 4);
bind_dumped = 1;
}
Alert("parsing [%s:%d] : '%s %s' unknown keyword '%s'.%s%s\n",
file, linenum, args[0], args[1], args[cur_arg],
err ? " Registered keywords :" : "", err ? err : "");
free(err);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] support fully transparent proxy on Linux (USE_LINUX_TPROXY) Using some Linux kernel patches, it is possible to redirect non-local traffic to local sockets when IP forwarding is enabled. In order to enable this option, we introduce the "transparent" option keyword on the "bind" command line. It will make the socket reachable by remote sources even if the destination address does not belong to the machine.
2008-01-13 08:49:51 -05:00
}
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "monitor-net")) { /* set the range of IPs to ignore */
MINOR: standard: Disable ip resolution during the runtime The function str2net runs DNS resolution if valid ip cannot be parsed. The DNS function used is the standard function of the libc and it performs asynchronous request. The asynchronous request is not compatible with the haproxy archictecture. str2net() is used during the runtime throught the "socket". This patch remove the DNS resolution during the runtime.
2014-02-11 09:23:04 -05:00
if (!*args[1] || !str2net(args[1], 1, &curproxy->mon_net, &curproxy->mon_mask)) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
Alert("parsing [%s:%d] : '%s' expects address[/mask].\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* flush useless bits */
curproxy->mon_net.s_addr &= curproxy->mon_mask.s_addr;
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] implemented the 'monitor-uri' keyword. It is used to test haproxy's status with an HTTP request to which it will reply with HTTP/1.0 200 OK.
2006-07-09 02:22:27 -04:00
else if (!strcmp(args[0], "monitor-uri")) { /* set the URI to intercept */
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] implemented the 'monitor-uri' keyword. It is used to test haproxy's status with an HTTP request to which it will reply with HTTP/1.0 200 OK.
2006-07-09 02:22:27 -04:00
if (!*args[1]) {
Alert("parsing [%s:%d] : '%s' expects an URI.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] implemented the 'monitor-uri' keyword. It is used to test haproxy's status with an HTTP request to which it will reply with HTTP/1.0 200 OK.
2006-07-09 02:22:27 -04:00
}
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(curproxy->monitor_uri);
[MAJOR] huge rework of the HTTP request FSM The HTTP parser has been rewritten for better compliance to RFC2616. The same parser is now usable for both requests and responses, and it now supports HTTP/0.9 as well as multi-line headers. It has also been improved for speed ; a typicial HTTP request is parsed in about 2 microseconds on a 1 GHz processor. The monitor-uri check has been moved so that the requests are not logged. The httpclose option now tries to change as little as possible in the request, and does not affect the first header if it is already set to 'close'. HTTP/0.9 requests are converted to HTTP/1.0 before being forwarded. Headers and request transformations are now distinct. The headers list is updated after each insertion/removal/transformation. The request is re-parsed and checked after each transformation. It is not possible anymore to remove a request, and requests which lead to invalid request lines are now rejected.
2007-01-21 13:16:41 -05:00
curproxy->monitor_uri_len = strlen(args[1]);
[MEDIUM] implemented the 'monitor-uri' keyword. It is used to test haproxy's status with an HTTP request to which it will reply with HTTP/1.0 200 OK.
2006-07-09 02:22:27 -04:00
curproxy->monitor_uri = (char *)calloc(1, curproxy->monitor_uri_len + 1);
[MAJOR] huge rework of the HTTP request FSM The HTTP parser has been rewritten for better compliance to RFC2616. The same parser is now usable for both requests and responses, and it now supports HTTP/0.9 as well as multi-line headers. It has also been improved for speed ; a typicial HTTP request is parsed in about 2 microseconds on a 1 GHz processor. The monitor-uri check has been moved so that the requests are not logged. The httpclose option now tries to change as little as possible in the request, and does not affect the first header if it is already set to 'close'. HTTP/0.9 requests are converted to HTTP/1.0 before being forwarded. Headers and request transformations are now distinct. The headers list is updated after each insertion/removal/transformation. The request is re-parsed and checked after each transformation. It is not possible anymore to remove a request, and requests which lead to invalid request lines are now rejected.
2007-01-21 13:16:41 -05:00
memcpy(curproxy->monitor_uri, args[1], curproxy->monitor_uri_len);
[MEDIUM] implemented the 'monitor-uri' keyword. It is used to test haproxy's status with an HTTP request to which it will reply with HTTP/1.0 200 OK.
2006-07-09 02:22:27 -04:00
curproxy->monitor_uri[curproxy->monitor_uri_len] = '\0';
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[MEDIUM] implemented the 'monitor-uri' keyword. It is used to test haproxy's status with an HTTP request to which it will reply with HTTP/1.0 200 OK.
2006-07-09 02:22:27 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "mode")) { /* sets the proxy mode */
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (!strcmp(args[1], "http")) curproxy->mode = PR_MODE_HTTP;
else if (!strcmp(args[1], "tcp")) curproxy->mode = PR_MODE_TCP;
else if (!strcmp(args[1], "health")) curproxy->mode = PR_MODE_HEALTH;
else {
Alert("parsing [%s:%d] : unknown proxy mode '%s'.\n", file, linenum, args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
[MINOR] Implement persistent id for proxies and servers This patch adds a possibility to set a persistent id for a proxy/server. Now, even if some proxies/servers are inserted/deleted/moved, iids and sids can be still used reliable. Some people add servers with tricky names (BACKEND or FRONTEND for example). So I also added one more field ('type') to distinguish between a backend (0), frontend (1) and server (2) without complicated logic: if name==BACKEND and sid==0 then type is BACKEND else type is SERVER, etc for a FRONTEND. It also makes possible to have one frontend with more than one IP (a patch coming soon) with independed stats - for example to differs between remote and local traffic. Finally, I added documentation about the CSV format. This patch depends on '[MEDIUM] Implement "track [<backend>/]<server>"'
2008-02-22 19:19:10 -05:00
else if (!strcmp(args[0], "id")) {
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
struct eb32_node *node;
[MINOR] Implement persistent id for proxies and servers This patch adds a possibility to set a persistent id for a proxy/server. Now, even if some proxies/servers are inserted/deleted/moved, iids and sids can be still used reliable. Some people add servers with tricky names (BACKEND or FRONTEND for example). So I also added one more field ('type') to distinguish between a backend (0), frontend (1) and server (2) without complicated logic: if name==BACKEND and sid==0 then type is BACKEND else type is SERVER, etc for a FRONTEND. It also makes possible to have one frontend with more than one IP (a patch coming soon) with independed stats - for example to differs between remote and local traffic. Finally, I added documentation about the CSV format. This patch depends on '[MEDIUM] Implement "track [<backend>/]<server>"'
2008-02-22 19:19:10 -05:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] Implement persistent id for proxies and servers This patch adds a possibility to set a persistent id for a proxy/server. Now, even if some proxies/servers are inserted/deleted/moved, iids and sids can be still used reliable. Some people add servers with tricky names (BACKEND or FRONTEND for example). So I also added one more field ('type') to distinguish between a backend (0), frontend (1) and server (2) without complicated logic: if name==BACKEND and sid==0 then type is BACKEND else type is SERVER, etc for a FRONTEND. It also makes possible to have one frontend with more than one IP (a patch coming soon) with independed stats - for example to differs between remote and local traffic. Finally, I added documentation about the CSV format. This patch depends on '[MEDIUM] Implement "track [<backend>/]<server>"'
2008-02-22 19:19:10 -05:00
}
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] Implement persistent id for proxies and servers This patch adds a possibility to set a persistent id for a proxy/server. Now, even if some proxies/servers are inserted/deleted/moved, iids and sids can be still used reliable. Some people add servers with tricky names (BACKEND or FRONTEND for example). So I also added one more field ('type') to distinguish between a backend (0), frontend (1) and server (2) without complicated logic: if name==BACKEND and sid==0 then type is BACKEND else type is SERVER, etc for a FRONTEND. It also makes possible to have one frontend with more than one IP (a patch coming soon) with independed stats - for example to differs between remote and local traffic. Finally, I added documentation about the CSV format. This patch depends on '[MEDIUM] Implement "track [<backend>/]<server>"'
2008-02-22 19:19:10 -05:00
if (!*args[1]) {
Alert("parsing [%s:%d]: '%s' expects an integer argument.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] Implement persistent id for proxies and servers This patch adds a possibility to set a persistent id for a proxy/server. Now, even if some proxies/servers are inserted/deleted/moved, iids and sids can be still used reliable. Some people add servers with tricky names (BACKEND or FRONTEND for example). So I also added one more field ('type') to distinguish between a backend (0), frontend (1) and server (2) without complicated logic: if name==BACKEND and sid==0 then type is BACKEND else type is SERVER, etc for a FRONTEND. It also makes possible to have one frontend with more than one IP (a patch coming soon) with independed stats - for example to differs between remote and local traffic. Finally, I added documentation about the CSV format. This patch depends on '[MEDIUM] Implement "track [<backend>/]<server>"'
2008-02-22 19:19:10 -05:00
}
curproxy->uuid = atol(args[1]);
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
curproxy->conf.id.key = curproxy->uuid;
MINOR: proxy: add a flag to memorize that the proxy's ID was forced This will be used to know if proxy's ID should be considered when names mismatch upon check status reload.
2015-05-27 10:44:02 -04:00
curproxy->options |= PR_O_FORCED_ID;
[MINOR] Implement persistent id for proxies and servers This patch adds a possibility to set a persistent id for a proxy/server. Now, even if some proxies/servers are inserted/deleted/moved, iids and sids can be still used reliable. Some people add servers with tricky names (BACKEND or FRONTEND for example). So I also added one more field ('type') to distinguish between a backend (0), frontend (1) and server (2) without complicated logic: if name==BACKEND and sid==0 then type is BACKEND else type is SERVER, etc for a FRONTEND. It also makes possible to have one frontend with more than one IP (a patch coming soon) with independed stats - for example to differs between remote and local traffic. Finally, I added documentation about the CSV format. This patch depends on '[MEDIUM] Implement "track [<backend>/]<server>"'
2008-02-22 19:19:10 -05:00
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
if (curproxy->uuid <= 0) {
Alert("parsing [%s:%d]: custom id has to be > 0.\n",
[MINOR] Implement persistent id for proxies and servers This patch adds a possibility to set a persistent id for a proxy/server. Now, even if some proxies/servers are inserted/deleted/moved, iids and sids can be still used reliable. Some people add servers with tricky names (BACKEND or FRONTEND for example). So I also added one more field ('type') to distinguish between a backend (0), frontend (1) and server (2) without complicated logic: if name==BACKEND and sid==0 then type is BACKEND else type is SERVER, etc for a FRONTEND. It also makes possible to have one frontend with more than one IP (a patch coming soon) with independed stats - for example to differs between remote and local traffic. Finally, I added documentation about the CSV format. This patch depends on '[MEDIUM] Implement "track [<backend>/]<server>"'
2008-02-22 19:19:10 -05:00
file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] Implement persistent id for proxies and servers This patch adds a possibility to set a persistent id for a proxy/server. Now, even if some proxies/servers are inserted/deleted/moved, iids and sids can be still used reliable. Some people add servers with tricky names (BACKEND or FRONTEND for example). So I also added one more field ('type') to distinguish between a backend (0), frontend (1) and server (2) without complicated logic: if name==BACKEND and sid==0 then type is BACKEND else type is SERVER, etc for a FRONTEND. It also makes possible to have one frontend with more than one IP (a patch coming soon) with independed stats - for example to differs between remote and local traffic. Finally, I added documentation about the CSV format. This patch depends on '[MEDIUM] Implement "track [<backend>/]<server>"'
2008-02-22 19:19:10 -05:00
}
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
node = eb32_lookup(&used_proxy_id, curproxy->uuid);
if (node) {
struct proxy *target = container_of(node, struct proxy, conf.id);
Alert("parsing [%s:%d]: %s %s reuses same custom id as %s %s (declared at %s:%d).\n",
file, linenum, proxy_type_str(curproxy), curproxy->id,
proxy_type_str(target), target->id, target->conf.file, target->conf.line);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
eb32_insert(&used_proxy_id, &curproxy->conf.id);
[MINOR] Implement persistent id for proxies and servers This patch adds a possibility to set a persistent id for a proxy/server. Now, even if some proxies/servers are inserted/deleted/moved, iids and sids can be still used reliable. Some people add servers with tricky names (BACKEND or FRONTEND for example). So I also added one more field ('type') to distinguish between a backend (0), frontend (1) and server (2) without complicated logic: if name==BACKEND and sid==0 then type is BACKEND else type is SERVER, etc for a FRONTEND. It also makes possible to have one frontend with more than one IP (a patch coming soon) with independed stats - for example to differs between remote and local traffic. Finally, I added documentation about the CSV format. This patch depends on '[MEDIUM] Implement "track [<backend>/]<server>"'
2008-02-22 19:19:10 -05:00
}
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
else if (!strcmp(args[0], "description")) {
int i, len=0;
char *d;
[CLEANUP] Keep in sync "defaults" support between documentation and code Hi Willy, I've made a quick pass on the "defaults" column in the Proxy keywords matrix (chapter 4.1. in the documentation). This patch resyncs the code and the documentation. I let you decide if some keywords that still work in the "defaults" section should be forbidden. - default_backend : in the matrix, "defaults" was not supported but the keyword details say it is. Tests also shows it works, then I've updated the matrix. - capture cookie : in the keyword details, we can read `It is not possible to specify a capture in a "defaults" section.'. Ok, even if the tests worked, I've added an alert in the configuration parser (as it is for capture request/response header). - description : not supported in "defaults", I added an alert in the parser. I've also noticed that this keyword doesn't appear in the documentation. There's one "description" entry, but for the "global" section, which is for a different use (the patch doesn't update the documentation). - grace : even if this is maybe useless, it works in "defaults". Documentation is updated. - redirect : alert is added in the parser. - rsprep : alert added in the parser. -- Cyril Bonté
2010-01-24 17:29:44 -05:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
if (!*args[1]) {
Alert("parsing [%s:%d]: '%s' expects a string argument.\n",
file, linenum, args[0]);
return -1;
}
BUILD/MEDIUM: cfgparse: get rid of sprintf() A few occurrences of sprintf() were causing harmless warnings on OpenBSD : src/cfgparse.o(.text+0x259e): In function `cfg_parse_global': src/cfgparse.c:1044: warning: sprintf() is often misused, please use snprintf() These ones were easy to get rid of, so better do it.
2014-04-14 09:00:39 -04:00
for (i = 1; *args[i]; i++)
len += strlen(args[i]) + 1;
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
d = (char *)calloc(1, len);
curproxy->desc = d;
BUILD/MEDIUM: cfgparse: get rid of sprintf() A few occurrences of sprintf() were causing harmless warnings on OpenBSD : src/cfgparse.o(.text+0x259e): In function `cfg_parse_global': src/cfgparse.c:1044: warning: sprintf() is often misused, please use snprintf() These ones were easy to get rid of, so better do it.
2014-04-14 09:00:39 -04:00
d += snprintf(d, curproxy->desc + len - d, "%s", args[1]);
for (i = 2; *args[i]; i++)
d += snprintf(d, curproxy->desc + len - d, " %s", args[i]);
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "disabled")) { /* disables this proxy */
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->state = PR_STSTOPPED;
}
else if (!strcmp(args[0], "enabled")) { /* enables this proxy (used to revert a disabled default) */
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->state = PR_STNEW;
}
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
else if (!strcmp(args[0], "bind-process")) { /* enable this proxy only on some processes */
int cur_arg = 1;
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
unsigned long set = 0;
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
while (*args[cur_arg]) {
MINOR: config: support process ranges for "bind-process" Several users have already been caught by "bind-process" which does not support ranges, so let's support them now.
2012-11-15 11:50:01 -05:00
unsigned int low, high;
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
if (strcmp(args[cur_arg], "all") == 0) {
set = 0;
break;
}
else if (strcmp(args[cur_arg], "odd") == 0) {
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
set |= ~0UL/3UL; /* 0x555....555 */
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
}
else if (strcmp(args[cur_arg], "even") == 0) {
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
set |= (~0UL/3UL) << 1; /* 0xAAA...AAA */
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
}
BUILD: silence a warning on Solaris about usage of isdigit() On Solaris, isdigit() is a macro and it complains about the use of a char instead of the int for the argument. Let's cast it to an int to silence it.
2012-11-21 19:04:31 -05:00
else if (isdigit((int)*args[cur_arg])) {
MINOR: config: support process ranges for "bind-process" Several users have already been caught by "bind-process" which does not support ranges, so let's support them now.
2012-11-15 11:50:01 -05:00
char *dash = strchr(args[cur_arg], '-');
low = high = str2uic(args[cur_arg]);
if (dash)
high = str2uic(dash + 1);
if (high < low) {
unsigned int swap = low;
low = high;
high = swap;
}
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
if (low < 1 || high > LONGBITS) {
Alert("parsing [%s:%d]: %s supports process numbers from 1 to %d.\n",
file, linenum, args[0], LONGBITS);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
}
MINOR: config: support process ranges for "bind-process" Several users have already been caught by "bind-process" which does not support ranges, so let's support them now.
2012-11-15 11:50:01 -05:00
while (low <= high)
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
set |= 1UL << (low++ - 1);
MINOR: config: support process ranges for "bind-process" Several users have already been caught by "bind-process" which does not support ranges, so let's support them now.
2012-11-15 11:50:01 -05:00
}
else {
MEDIUM: config: limit nbproc to the machine's word size Some consistency checks cannot be performed between frontends, backends and peers at the moment because there is no way to check for intersection between processes bound to some processes when the number of processes is higher than the number of bits in a word. So first, let's limit the number of processes to the machine's word size. This means nbproc will be limited to 32 on 32-bit machines and 64 on 64-bit machines. This is far more than enough considering that configs rarely go above 16 processes due to scalability and management issues, so 32 or 64 should be fine. This way we'll ensure we can always build a mask of all the processes a section is bound to.
2013-01-18 05:29:29 -05:00
Alert("parsing [%s:%d]: %s expects 'all', 'odd', 'even', or a list of process ranges with numbers from 1 to %d.\n",
file, linenum, args[0], LONGBITS);
MINOR: config: support process ranges for "bind-process" Several users have already been caught by "bind-process" which does not support ranges, so let's support them now.
2012-11-15 11:50:01 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] implement bind-process to limit service presence by process The "bind-process" keyword lets the admin select which instances may run on which process (in multi-process mode). It makes it easier to more evenly distribute the load across multiple processes by avoiding having too many listen to the same IP:ports.
2009-02-04 16:05:05 -05:00
}
cur_arg++;
}
curproxy->bind_proc = set;
}
[MEDIUM] add the 'acl' keyword to the config language The 'acl' keyword allows one to declare a new ACL. It is an important part of the ACL framework.
2007-05-06 18:53:22 -04:00
else if (!strcmp(args[0], "acl")) { /* add an ACL */
[BUG] acl-related keywords are not allowed in defaults sections Using an ACL-related keyword in the defaults section causes a segfault during parsing because the list headers are not initialized. We must initialize list headers for default instance and reject keywords relying on ACLs. (cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4) (cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)
2008-10-12 11:26:37 -04:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BUG] acl-related keywords are not allowed in defaults sections Using an ACL-related keyword in the defaults section causes a segfault during parsing because the list headers are not initialized. We must initialize list headers for default instance and reject keywords relying on ACLs. (cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4) (cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)
2008-10-12 11:26:37 -04:00
}
[MEDIUM] restrict the set of allowed characters for identifiers In order to avoid issues in the future, we want to restrict the set of allowed characters for identifiers. Starting from now, only A-Z, a-z, 0-9, '-', '_', '.' and ':' will be allowed for a proxy, a server or an ACL name. A test file has been added to check the restriction.
2007-12-02 12:45:09 -05:00
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in acl name '%s'.\n",
file, linenum, *err, args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM] restrict the set of allowed characters for identifiers In order to avoid issues in the future, we want to restrict the set of allowed characters for identifiers. Starting from now, only A-Z, a-z, 0-9, '-', '_', '.' and ':' will be allowed for a proxy, a server or an ACL name. A test file has been added to check the restriction.
2007-12-02 12:45:09 -05:00
}
MINOR: pattern: store configuration reference for each acl or map pattern. This patch permit to add reference for each pattern reference. This is useful to identify the acl listed.
2014-02-10 21:31:34 -05:00
if (parse_acl((const char **)args + 1, &curproxy->acl, &errmsg, &curproxy->conf.args, file, linenum) == NULL) {
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
Alert("parsing [%s:%d] : error detected while parsing ACL '%s' : %s.\n",
file, linenum, args[1], errmsg);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add the 'acl' keyword to the config language The 'acl' keyword allows one to declare a new ACL. It is an important part of the ACL framework.
2007-05-06 18:53:22 -04:00
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "cookie")) { /* cookie name */
int cur_arg;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects <cookie_name> as argument.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
curproxy->ck_opts = 0;
[BUG] cookie: correctly unset default cookie parameters When a backend defines a new cookie, it forgot to unset any params that could have been set in a defaults section, resulting in configs that would sometimes refuse to load or not work as expected. (cherry picked from commit f80bf174ed905a29a3ed8ee91fcd528da6df174f)
2010-10-23 05:37:27 -04:00
curproxy->cookie_maxidle = curproxy->cookie_maxlife = 0;
[BUG] config: cookie domain was ignored in defaults sections Since cookie can appear in a defaults section, the domain extension must be supported there as well. (cherry picked from commit baf78c8e03db8c2255aefb6e11b38b48d1ec5d34)
2009-12-03 17:13:06 -05:00
free(curproxy->cookie_domain); curproxy->cookie_domain = NULL;
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(curproxy->cookie_name);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->cookie_name = strdup(args[1]);
curproxy->cookie_len = strlen(curproxy->cookie_name);
[BUG] cookie: correctly unset default cookie parameters When a backend defines a new cookie, it forgot to unset any params that could have been set in a defaults section, resulting in configs that would sometimes refuse to load or not work as expected. (cherry picked from commit f80bf174ed905a29a3ed8ee91fcd528da6df174f)
2010-10-23 05:37:27 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
cur_arg = 2;
while (*(args[cur_arg])) {
if (!strcmp(args[cur_arg], "rewrite")) {
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
curproxy->ck_opts |= PR_CK_RW;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[cur_arg], "indirect")) {
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
curproxy->ck_opts |= PR_CK_IND;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[cur_arg], "insert")) {
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
curproxy->ck_opts |= PR_CK_INS;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[cur_arg], "nocache")) {
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
curproxy->ck_opts |= PR_CK_NOC;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[cur_arg], "postonly")) {
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
curproxy->ck_opts |= PR_CK_POST;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] cookie: add support for the "preserve" option This option makes haproxy preserve any persistence cookie emitted by the server, which allows the server to change it or to unset it, for instance, after a logout request. (cherry picked from commit 52e6d75374c7900c1fe691c5633b4ae029cae8d5)
2010-10-23 06:46:42 -04:00
else if (!strcmp(args[cur_arg], "preserve")) {
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
curproxy->ck_opts |= PR_CK_PSV;
[MINOR] cookie: add support for the "preserve" option This option makes haproxy preserve any persistence cookie emitted by the server, which allows the server to change it or to unset it, for instance, after a logout request. (cherry picked from commit 52e6d75374c7900c1fe691c5633b4ae029cae8d5)
2010-10-23 06:46:42 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[cur_arg], "prefix")) {
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
curproxy->ck_opts |= PR_CK_PFX;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: http: add support for "httponly" and "secure" cookie attributes httponly This option tells haproxy to add an "HttpOnly" cookie attribute when a cookie is inserted. This attribute is used so that a user agent doesn't share the cookie with non-HTTP components. Please check RFC6265 for more information on this attribute. secure This option tells haproxy to add a "Secure" cookie attribute when a cookie is inserted. This attribute is used so that a user agent never emits this cookie over non-secure channels, which means that a cookie learned with this flag will be presented only over SSL/TLS connections. Please check RFC6265 for more information on this attribute.
2012-05-31 15:02:17 -04:00
else if (!strcmp(args[cur_arg], "httponly")) {
curproxy->ck_opts |= PR_CK_HTTPONLY;
}
else if (!strcmp(args[cur_arg], "secure")) {
curproxy->ck_opts |= PR_CK_SECURE;
}
[MINOR] Allow to specify a domain for a cookie This patch allows to specify a domain used when inserting a cookie providing a session stickiness. Usefull for example with wildcard domains. The patch adds one new variable to the struct proxy: cookiedomain. When set the domain is appended to a Set-Cookie header. Domain name is validated using the new invalid_domainchar() function. It is basically invalid_char() limited to [A-Za-z0-9_.-]. Yes, the test is too trivial and does not cover all wrong situations, but the main purpose is to detect most common mistakes, not intentional abuses. The underscore ("_") character is not RFC-valid but as it is often (mis)used so I decided to allow it.
2008-05-23 17:49:32 -04:00
else if (!strcmp(args[cur_arg], "domain")) {
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d]: '%s' expects <domain> as argument.\n",
file, linenum, args[cur_arg]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] Allow to specify a domain for a cookie This patch allows to specify a domain used when inserting a cookie providing a session stickiness. Usefull for example with wildcard domains. The patch adds one new variable to the struct proxy: cookiedomain. When set the domain is appended to a Set-Cookie header. Domain name is validated using the new invalid_domainchar() function. It is basically invalid_char() limited to [A-Za-z0-9_.-]. Yes, the test is too trivial and does not cover all wrong situations, but the main purpose is to detect most common mistakes, not intentional abuses. The underscore ("_") character is not RFC-valid but as it is often (mis)used so I decided to allow it.
2008-05-23 17:49:32 -04:00
}
[BUG] config: fix erroneous check on cookie domain names, again The previous check was correct: the RFC states that it is required to have a domain-name which contained a dot AND began with a dot. However, currently some (all?) browsers do not obey this specification, so such configuration might work. This patch reverts 3d8fbb6658d4414dac20892bbd9e79e14e99e67f but changes the check from FATAL to WARNING and extends the message.
2009-12-15 17:40:47 -05:00
if (*args[cur_arg + 1] != '.' || !strchr(args[cur_arg + 1] + 1, '.')) {
[MINOR] Allow to specify a domain for a cookie This patch allows to specify a domain used when inserting a cookie providing a session stickiness. Usefull for example with wildcard domains. The patch adds one new variable to the struct proxy: cookiedomain. When set the domain is appended to a Set-Cookie header. Domain name is validated using the new invalid_domainchar() function. It is basically invalid_char() limited to [A-Za-z0-9_.-]. Yes, the test is too trivial and does not cover all wrong situations, but the main purpose is to detect most common mistakes, not intentional abuses. The underscore ("_") character is not RFC-valid but as it is often (mis)used so I decided to allow it.
2008-05-23 17:49:32 -04:00
/* rfc2109, 4.3.2 Rejecting Cookies */
[BUG] config: fix erroneous check on cookie domain names, again The previous check was correct: the RFC states that it is required to have a domain-name which contained a dot AND began with a dot. However, currently some (all?) browsers do not obey this specification, so such configuration might work. This patch reverts 3d8fbb6658d4414dac20892bbd9e79e14e99e67f but changes the check from FATAL to WARNING and extends the message.
2009-12-15 17:40:47 -05:00
Warning("parsing [%s:%d]: domain '%s' contains no embedded"
" dots nor does not start with a dot."
" RFC forbids it, this configuration may not work properly.\n",
[MINOR] Allow to specify a domain for a cookie This patch allows to specify a domain used when inserting a cookie providing a session stickiness. Usefull for example with wildcard domains. The patch adds one new variable to the struct proxy: cookiedomain. When set the domain is appended to a Set-Cookie header. Domain name is validated using the new invalid_domainchar() function. It is basically invalid_char() limited to [A-Za-z0-9_.-]. Yes, the test is too trivial and does not cover all wrong situations, but the main purpose is to detect most common mistakes, not intentional abuses. The underscore ("_") character is not RFC-valid but as it is often (mis)used so I decided to allow it.
2008-05-23 17:49:32 -04:00
file, linenum, args[cur_arg + 1]);
[BUG] config: fix erroneous check on cookie domain names, again The previous check was correct: the RFC states that it is required to have a domain-name which contained a dot AND began with a dot. However, currently some (all?) browsers do not obey this specification, so such configuration might work. This patch reverts 3d8fbb6658d4414dac20892bbd9e79e14e99e67f but changes the check from FATAL to WARNING and extends the message.
2009-12-15 17:40:47 -05:00
err_code |= ERR_WARN;
[MINOR] Allow to specify a domain for a cookie This patch allows to specify a domain used when inserting a cookie providing a session stickiness. Usefull for example with wildcard domains. The patch adds one new variable to the struct proxy: cookiedomain. When set the domain is appended to a Set-Cookie header. Domain name is validated using the new invalid_domainchar() function. It is basically invalid_char() limited to [A-Za-z0-9_.-]. Yes, the test is too trivial and does not cover all wrong situations, but the main purpose is to detect most common mistakes, not intentional abuses. The underscore ("_") character is not RFC-valid but as it is often (mis)used so I decided to allow it.
2008-05-23 17:49:32 -04:00
}
err = invalid_domainchar(args[cur_arg + 1]);
if (err) {
Alert("parsing [%s:%d]: character '%c' is not permitted in domain name '%s'.\n",
file, linenum, *err, args[cur_arg + 1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] Allow to specify a domain for a cookie This patch allows to specify a domain used when inserting a cookie providing a session stickiness. Usefull for example with wildcard domains. The patch adds one new variable to the struct proxy: cookiedomain. When set the domain is appended to a Set-Cookie header. Domain name is validated using the new invalid_domainchar() function. It is basically invalid_char() limited to [A-Za-z0-9_.-]. Yes, the test is too trivial and does not cover all wrong situations, but the main purpose is to detect most common mistakes, not intentional abuses. The underscore ("_") character is not RFC-valid but as it is often (mis)used so I decided to allow it.
2008-05-23 17:49:32 -04:00
}
[MINOR] config: support passing multiple "domain" statements to cookies In some environments it is not possible to rely on any wildcard for a domain name (eg: .com, .net, .fr...) so it is required to send multiple domain extensions. (Un)fortunately the syntax check on the domain name prevented that from being done the dirty way. So let's just build a domain list when multiple domains are passed on the same line. (cherry picked from commit 950245ca2b772fd6b99b8152c48c694ed0212857)
2009-12-03 17:28:34 -05:00
if (!curproxy->cookie_domain) {
curproxy->cookie_domain = strdup(args[cur_arg + 1]);
} else {
/* one domain was already specified, add another one by
* building the string which will be returned along with
* the cookie.
*/
char *new_ptr;
int new_len = strlen(curproxy->cookie_domain) +
strlen("; domain=") + strlen(args[cur_arg + 1]) + 1;
new_ptr = malloc(new_len);
snprintf(new_ptr, new_len, "%s; domain=%s", curproxy->cookie_domain, args[cur_arg+1]);
free(curproxy->cookie_domain);
curproxy->cookie_domain = new_ptr;
}
[MINOR] Allow to specify a domain for a cookie This patch allows to specify a domain used when inserting a cookie providing a session stickiness. Usefull for example with wildcard domains. The patch adds one new variable to the struct proxy: cookiedomain. When set the domain is appended to a Set-Cookie header. Domain name is validated using the new invalid_domainchar() function. It is basically invalid_char() limited to [A-Za-z0-9_.-]. Yes, the test is too trivial and does not cover all wrong situations, but the main purpose is to detect most common mistakes, not intentional abuses. The underscore ("_") character is not RFC-valid but as it is often (mis)used so I decided to allow it.
2008-05-23 17:49:32 -04:00
cur_arg++;
}
[MINOR] cookie: add options "maxidle" and "maxlife" Add two new arguments to the "cookie" keyword, to be able to fix a max idle and max life on them. Right now only the parameter parsing is implemented. (cherry picked from commit 9ad5dec4c3bb8f29129f292cb22d3fc495fcc98a)
2010-10-06 10:59:56 -04:00
else if (!strcmp(args[cur_arg], "maxidle")) {
unsigned int maxidle;
const char *res;
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d]: '%s' expects <idletime> in seconds as argument.\n",
file, linenum, args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
res = parse_time_err(args[cur_arg + 1], &maxidle, TIME_UNIT_S);
if (res) {
Alert("parsing [%s:%d]: unexpected character '%c' in argument to <%s>.\n",
file, linenum, *res, args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curproxy->cookie_maxidle = maxidle;
cur_arg++;
}
else if (!strcmp(args[cur_arg], "maxlife")) {
unsigned int maxlife;
const char *res;
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d]: '%s' expects <lifetime> in seconds as argument.\n",
file, linenum, args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
res = parse_time_err(args[cur_arg + 1], &maxlife, TIME_UNIT_S);
if (res) {
Alert("parsing [%s:%d]: unexpected character '%c' in argument to <%s>.\n",
file, linenum, *res, args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curproxy->cookie_maxlife = maxlife;
cur_arg++;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else {
[MINOR] cookie: add options "maxidle" and "maxlife" Add two new arguments to the "cookie" keyword, to be able to fix a max idle and max life on them. Right now only the parameter parsing is implemented. (cherry picked from commit 9ad5dec4c3bb8f29129f292cb22d3fc495fcc98a)
2010-10-06 10:59:56 -04:00
Alert("parsing [%s:%d] : '%s' supports 'rewrite', 'insert', 'prefix', 'indirect', 'nocache', 'postonly', 'domain', 'maxidle, and 'maxlife' options.\n",
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
cur_arg++;
}
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
if (!POWEROF2(curproxy->ck_opts & (PR_CK_RW|PR_CK_IND))) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
Alert("parsing [%s:%d] : cookie 'rewrite' and 'indirect' modes are incompatible.\n",
file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
if (!POWEROF2(curproxy->ck_opts & (PR_CK_RW|PR_CK_INS|PR_CK_PFX))) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
Alert("parsing [%s:%d] : cookie 'rewrite', 'insert' and 'prefix' modes are incompatible.\n",
file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] cookie: add support for the "preserve" option This option makes haproxy preserve any persistence cookie emitted by the server, which allows the server to change it or to unset it, for instance, after a logout request. (cherry picked from commit 52e6d75374c7900c1fe691c5633b4ae029cae8d5)
2010-10-23 06:46:42 -04:00
REORG/MINOR: use dedicated proxy flags for the cookie handling Cookies were mixed with many other options while they're not used as options. Move them to a dedicated bitmask (ck_opts). This has released 7 flags in the proxy options and leaves some room for new proxy flags.
2012-05-31 14:40:20 -04:00
if ((curproxy->ck_opts & (PR_CK_PSV | PR_CK_INS | PR_CK_IND)) == PR_CK_PSV) {
[MINOR] cookie: add support for the "preserve" option This option makes haproxy preserve any persistence cookie emitted by the server, which allows the server to change it or to unset it, for instance, after a logout request. (cherry picked from commit 52e6d75374c7900c1fe691c5633b4ae029cae8d5)
2010-10-23 06:46:42 -04:00
Alert("parsing [%s:%d] : cookie 'preserve' requires at least 'insert' or 'indirect'.\n",
file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}/* end else if (!strcmp(args[0], "cookie")) */
MEDIUM: Allow configuration of email alerts This currently does nothing beyond parsing the configuration and storing in the proxy as there is no implementation of email alerts. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:59 -05:00
else if (!strcmp(args[0], "email-alert")) {
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : missing argument after '%s'.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (!strcmp(args[1], "from")) {
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : missing argument after '%s'.\n",
file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(curproxy->email_alert.from);
curproxy->email_alert.from = strdup(args[2]);
}
else if (!strcmp(args[1], "mailers")) {
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : missing argument after '%s'.\n",
file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(curproxy->email_alert.mailers.name);
curproxy->email_alert.mailers.name = strdup(args[2]);
}
else if (!strcmp(args[1], "myhostname")) {
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : missing argument after '%s'.\n",
file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(curproxy->email_alert.myhostname);
curproxy->email_alert.myhostname = strdup(args[2]);
}
MEDIUM: Allow suppression of email alerts by log level This patch adds a new option which allows configuration of the maximum log level of messages for which email alerts will be sent. The default is alert which is more restrictive than the current code which sends email alerts for all priorities. That behaviour may be configured using the new configuration option to set the maximum level to notice or greater. email-alert level notice Signed-off-by: Simon Horman <horms@verge.net.au>
2015-02-05 21:11:57 -05:00
else if (!strcmp(args[1], "level")) {
curproxy->email_alert.level = get_log_level(args[2]);
if (curproxy->email_alert.level < 0) {
Alert("parsing [%s:%d] : unknown log level '%s' after '%s'\n",
file, linenum, args[1], args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
MEDIUM: Allow configuration of email alerts This currently does nothing beyond parsing the configuration and storing in the proxy as there is no implementation of email alerts. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:59 -05:00
else if (!strcmp(args[1], "to")) {
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : missing argument after '%s'.\n",
file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(curproxy->email_alert.to);
curproxy->email_alert.to = strdup(args[2]);
}
else {
Alert("parsing [%s:%d] : email-alert: unknown argument '%s'.\n",
file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: Allow suppression of email alerts by log level This patch adds a new option which allows configuration of the maximum log level of messages for which email alerts will be sent. The default is alert which is more restrictive than the current code which sends email alerts for all priorities. That behaviour may be configured using the new configuration option to set the maximum level to notice or greater. email-alert level notice Signed-off-by: Simon Horman <horms@verge.net.au>
2015-02-05 21:11:57 -05:00
/* Indicate that the email_alert is at least partially configured */
curproxy->email_alert.set = 1;
MEDIUM: Allow configuration of email alerts This currently does nothing beyond parsing the configuration and storing in the proxy as there is no implementation of email alerts. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:59 -05:00
}/* end else if (!strcmp(args[0], "email-alert")) */
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
else if (!strcmp(args[0], "external-check")) {
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : missing argument after '%s'.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (!strcmp(args[1], "command")) {
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : missing argument after '%s'.\n",
file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(curproxy->check_command);
curproxy->check_command = strdup(args[2]);
}
else if (!strcmp(args[1], "path")) {
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : missing argument after '%s'.\n",
file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(curproxy->check_path);
curproxy->check_path = strdup(args[2]);
}
else {
Alert("parsing [%s:%d] : external-check: unknown argument '%s'.\n",
file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}/* end else if (!strcmp(args[0], "external-check")) */
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
else if (!strcmp(args[0], "persist")) { /* persist */
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : missing persist method.\n",
file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
}
if (!strncmp(args[1], "rdp-cookie", 10)) {
curproxy->options2 |= PR_O2_RDPC_PRST;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
if (*(args[1] + 10) == '(') { /* cookie name */
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
const char *beg, *end;
beg = args[1] + 11;
end = strchr(beg, ')');
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
if (!end || end == beg) {
Alert("parsing [%s:%d] : persist rdp-cookie(name)' requires an rdp cookie name.\n",
file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
}
free(curproxy->rdp_cookie_name);
curproxy->rdp_cookie_name = my_strndup(beg, end - beg);
curproxy->rdp_cookie_len = end-beg;
}
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
else if (*(args[1] + 10) == '\0') { /* default cookie name 'msts' */
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
free(curproxy->rdp_cookie_name);
curproxy->rdp_cookie_name = strdup("msts");
curproxy->rdp_cookie_len = strlen(curproxy->rdp_cookie_name);
}
else { /* syntax */
Alert("parsing [%s:%d] : persist rdp-cookie(name)' requires an rdp cookie name.\n",
file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
}
}
else {
Alert("parsing [%s:%d] : unknown persist method.\n",
file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for RDP cookie persistence The new statement "persist rdp-cookie" enables RDP cookie persistence. The RDP cookie is then extracted from the RDP protocol, and compared against available servers. If a server matches the RDP cookie, then it gets the connection.
2009-06-30 11:57:00 -04:00
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "appsession")) { /* cookie name */
CLEANUP: config: remove appsession initialization Now it asks to check the documentation.
2015-08-10 13:04:29 -04:00
Alert("parsing [%s:%d] : '%s' is not supported anymore, please check the documentation.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "capture")) {
[MINOR] config: the "capture" keyword is not allowed in backends The "capture" keyword is only supported by frontends, fix the check.
2009-07-23 07:24:23 -04:00
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (!strcmp(args[1], "cookie")) { /* name of a cookie to capture */
[CLEANUP] Keep in sync "defaults" support between documentation and code Hi Willy, I've made a quick pass on the "defaults" column in the Proxy keywords matrix (chapter 4.1. in the documentation). This patch resyncs the code and the documentation. I let you decide if some keywords that still work in the "defaults" section should be forbidden. - default_backend : in the matrix, "defaults" was not supported but the keyword details say it is. Tests also shows it works, then I've updated the matrix. - capture cookie : in the keyword details, we can read `It is not possible to specify a capture in a "defaults" section.'. Ok, even if the tests worked, I've added an alert in the configuration parser (as it is for capture request/response header). - description : not supported in "defaults", I added an alert in the parser. I've also noticed that this keyword doesn't appear in the documentation. There's one "description" entry, but for the "global" section, which is for a different use (the patch doesn't update the documentation). - grace : even if this is maybe useless, it works in "defaults". Documentation is updated. - redirect : alert is added in the parser. - rsprep : alert added in the parser. -- Cyril Bonté
2010-01-24 17:29:44 -05:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s %s' not allowed in 'defaults' section.\n", file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args_idx(4, 1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[4]) == 0) {
Alert("parsing [%s:%d] : '%s' expects 'cookie' <cookie_name> 'len' <len>.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(curproxy->capture_name);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->capture_name = strdup(args[2]);
curproxy->capture_namelen = strlen(curproxy->capture_name);
curproxy->capture_len = atol(args[4]);
curproxy->to_log |= LW_COOKIE;
}
else if (!strcmp(args[1], "request") && !strcmp(args[2], "header")) {
struct cap_hdr *hdr;
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s %s' not allowed in 'defaults' section.\n", file, linenum, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args_idx(4, 1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[3]) == 0 || strcmp(args[4], "len") != 0 || *(args[5]) == 0) {
Alert("parsing [%s:%d] : '%s %s' expects 'header' <header_name> 'len' <len>.\n",
file, linenum, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
hdr = calloc(sizeof(struct cap_hdr), 1);
hdr->next = curproxy->req_cap;
hdr->name = strdup(args[3]);
hdr->namelen = strlen(args[3]);
hdr->len = atol(args[5]);
[MAJOR] last bunch of capture changes for mempool v2 The header captures had lots of pools. They have all been transformed.
2007-05-13 16:46:04 -04:00
hdr->pool = create_pool("caphdr", hdr->len + 1, MEM_F_SHARED);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
hdr->index = curproxy->nb_req_cap++;
curproxy->req_cap = hdr;
curproxy->to_log |= LW_REQHDR;
}
else if (!strcmp(args[1], "response") && !strcmp(args[2], "header")) {
struct cap_hdr *hdr;
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s %s' not allowed in 'defaults' section.\n", file, linenum, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: cfgparse: max arguments check in the global section Most of the keywords in the global section does not check the maximum number of arguments. This leds sometines to unused and wrong arguments in the configuration file. This patch add a maximum argument test in many keywords of this section.
2015-05-19 10:37:23 -04:00
if (alertif_too_many_args_idx(4, 1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[3]) == 0 || strcmp(args[4], "len") != 0 || *(args[5]) == 0) {
Alert("parsing [%s:%d] : '%s %s' expects 'header' <header_name> 'len' <len>.\n",
file, linenum, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
hdr = calloc(sizeof(struct cap_hdr), 1);
hdr->next = curproxy->rsp_cap;
hdr->name = strdup(args[3]);
hdr->namelen = strlen(args[3]);
hdr->len = atol(args[5]);
[MAJOR] last bunch of capture changes for mempool v2 The header captures had lots of pools. They have all been transformed.
2007-05-13 16:46:04 -04:00
hdr->pool = create_pool("caphdr", hdr->len + 1, MEM_F_SHARED);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
hdr->index = curproxy->nb_rsp_cap++;
curproxy->rsp_cap = hdr;
curproxy->to_log |= LW_RSPHDR;
}
else {
Alert("parsing [%s:%d] : '%s' expects 'cookie' or 'request header' or 'response header'.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
else if (!strcmp(args[0], "retries")) { /* connection retries */
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument (dispatch counts for one).\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
curproxy->conn_retries = atol(args[1]);
}
[MINOR] http-request: allow/deny/auth support for frontend/backend/listen Use the generic auth framework to control access to frontends/backends/listens
2010-01-29 11:58:21 -05:00
else if (!strcmp(args[0], "http-request")) { /* request access control: allow/deny/auth */
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
struct act_rule *rule;
[MINOR] http-request: allow/deny/auth support for frontend/backend/listen Use the generic auth framework to control access to frontends/backends/listens
2010-01-29 11:58:21 -05:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: http: add http-request 'add-header' and 'set-header' to build headers These two new statements allow to pass information extracted from the request to the server. It's particularly useful for passing SSL information to the server, but may be used for various other purposes such as combining headers together to emulate internal variables.
2012-12-24 09:45:22 -05:00
if (!LIST_ISEMPTY(&curproxy->http_req_rules) &&
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
!LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->cond &&
MINOR: actions: change actions names For performances considerations, some actions are not processed by remote function. They are directly processed by the function. Some of these actions does the same things but for different processing part (request / response). This patch give the same name for the same actions, and change the normalization of the other actions names. This patch is ONLY a rename, it doesn't modify the code.
2015-08-05 13:05:19 -04:00
(LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->action == ACT_ACTION_ALLOW ||
LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->action == ACT_ACTION_DENY ||
LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->action == ACT_HTTP_REDIR ||
LIST_PREV(&curproxy->http_req_rules, struct act_rule *, list)->action == ACT_HTTP_REQ_AUTH)) {
MEDIUM: http: add http-request 'add-header' and 'set-header' to build headers These two new statements allow to pass information extracted from the request to the server. It's particularly useful for passing SSL information to the server, but may be used for various other purposes such as combining headers together to emulate internal variables.
2012-12-24 09:45:22 -05:00
Warning("parsing [%s:%d]: previous '%s' action is final and has no condition attached, further entries are NOOP.\n",
[MINOR] http-request: allow/deny/auth support for frontend/backend/listen Use the generic auth framework to control access to frontends/backends/listens
2010-01-29 11:58:21 -05:00
file, linenum, args[0]);
err_code |= ERR_WARN;
}
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
rule = parse_http_req_cond((const char **)args + 1, file, linenum, curproxy);
[MINOR] http-request: allow/deny/auth support for frontend/backend/listen Use the generic auth framework to control access to frontends/backends/listens
2010-01-29 11:58:21 -05:00
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
if (!rule) {
[MINOR] http-request: allow/deny/auth support for frontend/backend/listen Use the generic auth framework to control access to frontends/backends/listens
2010-01-29 11:58:21 -05:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
MEDIUM: config: report misplaced http-request rules Recently, the http-request ruleset started to be used a lot and some bug reports were caused by misplaced http-request rules because there was no warning if they're after a redirect or use_backend rule. Let's fix this now. http-request rules are just after the block rules.
2014-04-22 19:32:02 -04:00
err_code |= warnif_misplaced_http_req(curproxy, file, linenum, args[0]);
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
err_code |= warnif_cond_conflicts(rule->cond,
(curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
file, linenum);
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
LIST_ADDQ(&curproxy->http_req_rules, &rule->list);
[MINOR] http-request: allow/deny/auth support for frontend/backend/listen Use the generic auth framework to control access to frontends/backends/listens
2010-01-29 11:58:21 -05:00
}
MEDIUM: http: add a new "http-response" ruleset Some actions were clearly missing to process response headers. This patch adds a new "http-response" ruleset which provides the following actions : - allow : stop evaluating http-response rules - deny : stop and reject the response with a 502 - add-header : add a header in log-format mode - set-header : set a header in log-format mode
2013-06-11 10:06:12 -04:00
else if (!strcmp(args[0], "http-response")) { /* response access control */
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
struct act_rule *rule;
MEDIUM: http: add a new "http-response" ruleset Some actions were clearly missing to process response headers. This patch adds a new "http-response" ruleset which provides the following actions : - allow : stop evaluating http-response rules - deny : stop and reject the response with a 502 - add-header : add a header in log-format mode - set-header : set a header in log-format mode
2013-06-11 10:06:12 -04:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (!LIST_ISEMPTY(&curproxy->http_res_rules) &&
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
!LIST_PREV(&curproxy->http_res_rules, struct act_rule *, list)->cond &&
MINOR: actions: change actions names For performances considerations, some actions are not processed by remote function. They are directly processed by the function. Some of these actions does the same things but for different processing part (request / response). This patch give the same name for the same actions, and change the normalization of the other actions names. This patch is ONLY a rename, it doesn't modify the code.
2015-08-05 13:05:19 -04:00
(LIST_PREV(&curproxy->http_res_rules, struct act_rule *, list)->action == ACT_ACTION_ALLOW ||
LIST_PREV(&curproxy->http_res_rules, struct act_rule *, list)->action == ACT_ACTION_DENY)) {
MEDIUM: http: add a new "http-response" ruleset Some actions were clearly missing to process response headers. This patch adds a new "http-response" ruleset which provides the following actions : - allow : stop evaluating http-response rules - deny : stop and reject the response with a 502 - add-header : add a header in log-format mode - set-header : set a header in log-format mode
2013-06-11 10:06:12 -04:00
Warning("parsing [%s:%d]: previous '%s' action is final and has no condition attached, further entries are NOOP.\n",
file, linenum, args[0]);
err_code |= ERR_WARN;
}
rule = parse_http_res_cond((const char **)args + 1, file, linenum, curproxy);
if (!rule) {
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
err_code |= warnif_cond_conflicts(rule->cond,
(curproxy->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR,
file, linenum);
LIST_ADDQ(&curproxy->http_res_rules, &rule->list);
}
MEDIUM: http: add support for sending the server's name in the outgoing request New option "http-send-name-header" specifies the name of a header which will hold the server name in outgoing requests. This is the name of the server the connection is really sent to, which means that upon redispatches, the header's value is updated so that it always matches the server's name.
2012-01-04 13:02:01 -05:00
else if (!strcmp(args[0], "http-send-name-header")) { /* send server name in request header */
/* set the header name and length into the proxy structure */
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
err_code |= ERR_WARN;
if (!*args[1]) {
Alert("parsing [%s:%d] : '%s' requires a header string.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
/* set the desired header name */
free(curproxy->server_id_hdr_name);
curproxy->server_id_hdr_name = strdup(args[1]);
curproxy->server_id_hdr_len = strlen(curproxy->server_id_hdr_name);
}
[MEDIUM] added the 'block' keyword to the config language The new 'block' keyword makes it possible to block a request based on ACL test results. Block accepts two optional arguments : 'if' <cond> and 'unless' <cond>. The request will be blocked with a 403 response if the condition is validated (if) or if it is not (unless). Do not rely on this one too much, as it's more of a proof of concept helping in developing other matches.
2007-05-06 18:58:25 -04:00
else if (!strcmp(args[0], "block")) { /* early blocking based on ACLs */
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
struct act_rule *rule;
MEDIUM: http: emulate "block" rules using "http-request" rules The "block" rules are redundant with http-request rules because they are performed immediately before and do exactly the same thing as "http-request deny". Moreover, this duplication has led to a few minor stats accounting issues fixed lately. Instead of keeping the two rule sets, we now build a list of "block" rules that we compile as "http-request block" and that we later insert at the beginning of the "http-request" rules. The only user-visible change is that in case of a parsing error, the config parser will now report "http-request block rule" instead of "blocking condition".
2014-04-28 16:06:57 -04:00
[BUG] acl-related keywords are not allowed in defaults sections Using an ACL-related keyword in the defaults section causes a segfault during parsing because the list headers are not initialized. We must initialize list headers for default instance and reject keywords relying on ACLs. (cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4) (cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)
2008-10-12 11:26:37 -04:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BUG] acl-related keywords are not allowed in defaults sections Using an ACL-related keyword in the defaults section causes a segfault during parsing because the list headers are not initialized. We must initialize list headers for default instance and reject keywords relying on ACLs. (cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4) (cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)
2008-10-12 11:26:37 -04:00
}
MEDIUM: http: emulate "block" rules using "http-request" rules The "block" rules are redundant with http-request rules because they are performed immediately before and do exactly the same thing as "http-request deny". Moreover, this duplication has led to a few minor stats accounting issues fixed lately. Instead of keeping the two rule sets, we now build a list of "block" rules that we compile as "http-request block" and that we later insert at the beginning of the "http-request" rules. The only user-visible change is that in case of a parsing error, the config parser will now report "http-request block rule" instead of "blocking condition".
2014-04-28 16:06:57 -04:00
/* emulate "block" using "http-request block". Since these rules are supposed to
* be processed before all http-request rules, we put them into their own list
* and will insert them at the end.
*/
rule = parse_http_req_cond((const char **)args, file, linenum, curproxy);
if (!rule) {
err_code |= ERR_ALERT | ERR_ABORT;
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[MEDIUM] added the 'block' keyword to the config language The new 'block' keyword makes it possible to block a request based on ACL test results. Block accepts two optional arguments : 'if' <cond> and 'unless' <cond>. The request will be blocked with a 403 response if the condition is validated (if) or if it is not (unless). Do not rely on this one too much, as it's more of a proof of concept helping in developing other matches.
2007-05-06 18:58:25 -04:00
}
MEDIUM: http: emulate "block" rules using "http-request" rules The "block" rules are redundant with http-request rules because they are performed immediately before and do exactly the same thing as "http-request deny". Moreover, this duplication has led to a few minor stats accounting issues fixed lately. Instead of keeping the two rule sets, we now build a list of "block" rules that we compile as "http-request block" and that we later insert at the beginning of the "http-request" rules. The only user-visible change is that in case of a parsing error, the config parser will now report "http-request block rule" instead of "blocking condition".
2014-04-28 16:06:57 -04:00
err_code |= warnif_misplaced_block(curproxy, file, linenum, args[0]);
err_code |= warnif_cond_conflicts(rule->cond,
(curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
file, linenum);
LIST_ADDQ(&curproxy->block_rules, &rule->list);
MEDIUM: config: inform the user about the deprecatedness of "block" rules It's just a warning emitted once.
2014-04-28 16:28:02 -04:00
if (!already_warned(WARN_BLOCK_DEPRECATED))
Warning("parsing [%s:%d] : The '%s' directive is now deprecated in favor of 'http-request deny' which uses the exact same syntax. The rules are translated but support might disappear in a future version.\n", file, linenum, args[0]);
[MEDIUM] added the 'block' keyword to the config language The new 'block' keyword makes it possible to block a request based on ACL test results. Block accepts two optional arguments : 'if' <cond> and 'unless' <cond>. The request will be blocked with a 403 response if the condition is validated (if) or if it is not (unless). Do not rely on this one too much, as it's more of a proof of concept helping in developing other matches.
2007-05-06 18:58:25 -04:00
}
[MEDIUM] add support for conditional HTTP redirection A new "redirect" keyword adds the ability to send an HTTP 301/302/303 redirection to either an absolute location or to a prefix followed by the original URI. The redirection is conditionned by ACL rules, so it becomes very easy to move parts of a site to another site using this. This work was almost entirely done at Exceliance by Emeric Brun. A test-case has been added in the tests/ directory.
2008-06-07 17:08:56 -04:00
else if (!strcmp(args[0], "redirect")) {
struct redirect_rule *rule;
[CLEANUP] Keep in sync "defaults" support between documentation and code Hi Willy, I've made a quick pass on the "defaults" column in the Proxy keywords matrix (chapter 4.1. in the documentation). This patch resyncs the code and the documentation. I let you decide if some keywords that still work in the "defaults" section should be forbidden. - default_backend : in the matrix, "defaults" was not supported but the keyword details say it is. Tests also shows it works, then I've updated the matrix. - capture cookie : in the keyword details, we can read `It is not possible to specify a capture in a "defaults" section.'. Ok, even if the tests worked, I've added an alert in the configuration parser (as it is for capture request/response header). - description : not supported in "defaults", I added an alert in the parser. I've also noticed that this keyword doesn't appear in the documentation. There's one "description" entry, but for the "global" section, which is for a different use (the patch doesn't update the documentation). - grace : even if this is maybe useless, it works in "defaults". Documentation is updated. - redirect : alert is added in the parser. - rsprep : alert added in the parser. -- Cyril Bonté
2010-01-24 17:29:44 -05:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: http: prepare support for parsing redirect actions on responses In order to support http-response redirect, the parsing needs to be adapted a little bit to only support the "location" type, and to adjust the log-format parser so that it knows the direction of the sample fetch calls.
2015-05-28 09:26:58 -04:00
if ((rule = http_parse_redirect_rule(file, linenum, curproxy, (const char **)args + 1, &errmsg, 0, 0)) == NULL) {
REORG: config: move the http redirect rule parser to proto_http.c We'll have to use this elsewhere soon, let's move it to the proper place.
2012-12-27 06:00:31 -05:00
Alert("parsing [%s:%d] : error detected in %s '%s' while parsing redirect rule : %s.\n",
file, linenum, proxy_type_str(curproxy), curproxy->id, errmsg);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for conditional HTTP redirection A new "redirect" keyword adds the ability to send an HTTP 301/302/303 redirection to either an absolute location or to a prefix followed by the original URI. The redirection is conditionned by ACL rules, so it becomes very easy to move parts of a site to another site using this. This work was almost entirely done at Exceliance by Emeric Brun. A test-case has been added in the tests/ directory.
2008-06-07 17:08:56 -04:00
}
LIST_ADDQ(&curproxy->redirect_rules, &rule->list);
MEDIUM: config: report misplaced use-server rules Till now there was no check against misplaced use-server rules, and no warning was emitted, adding to the confusion. They're processed just after the use_backend rules, or more exactly at the same level but for the backend.
2014-04-22 19:39:04 -04:00
err_code |= warnif_misplaced_redirect(curproxy, file, linenum, args[0]);
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
err_code |= warnif_cond_conflicts(rule->cond,
(curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
file, linenum);
[MEDIUM] add support for conditional HTTP redirection A new "redirect" keyword adds the ability to send an HTTP 301/302/303 redirection to either an absolute location or to a prefix followed by the original URI. The redirection is conditionned by ACL rules, so it becomes very easy to move parts of a site to another site using this. This work was almost entirely done at Exceliance by Emeric Brun. A test-case has been added in the tests/ directory.
2008-06-07 17:08:56 -04:00
}
[DOC] remove buggy comment for use_backend "early blocking based on ACLs" is definitely wrong here
2009-01-27 15:09:41 -05:00
else if (!strcmp(args[0], "use_backend")) {
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
struct switching_rule *rule;
[BUG] acl-related keywords are not allowed in defaults sections Using an ACL-related keyword in the defaults section causes a segfault during parsing because the list headers are not initialized. We must initialize list headers for default instance and reject keywords relying on ACLs. (cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4) (cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)
2008-10-12 11:26:37 -04:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BUG] acl-related keywords are not allowed in defaults sections Using an ACL-related keyword in the defaults section causes a segfault during parsing because the list headers are not initialized. We must initialize list headers for default instance and reject keywords relying on ACLs. (cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4) (cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)
2008-10-12 11:26:37 -04:00
}
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a backend name.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
}
MEDIUM: config: relax use_backend check to make the condition optional Since it became possible to use log-format expressions in use_backend, having a mandatory condition becomes annoying because configurations are full of "if TRUE". Let's relax the check to accept no condition like many other keywords (eg: redirect).
2014-04-22 19:21:56 -04:00
if (strcmp(args[2], "if") == 0 || strcmp(args[2], "unless") == 0) {
if ((cond = build_acl_cond(file, linenum, curproxy, (const char **)args + 2, &errmsg)) == NULL) {
Alert("parsing [%s:%d] : error detected while parsing switching rule : %s.\n",
file, linenum, errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
MEDIUM: config: relax use_backend check to make the condition optional Since it became possible to use log-format expressions in use_backend, having a mandatory condition becomes annoying because configurations are full of "if TRUE". Let's relax the check to accept no condition like many other keywords (eg: redirect).
2014-04-22 19:21:56 -04:00
err_code |= warnif_cond_conflicts(cond, SMP_VAL_FE_SET_BCK, file, linenum);
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
}
rule = (struct switching_rule *)calloc(1, sizeof(*rule));
rule->cond = cond;
rule->be.name = strdup(args[1]);
LIST_INIT(&rule->list);
LIST_ADDQ(&curproxy->switching_rules, &rule->list);
}
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
else if (strcmp(args[0], "use-server") == 0) {
struct server_rule *rule;
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
err_code |= ERR_WARN;
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a server name.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (strcmp(args[2], "if") != 0 && strcmp(args[2], "unless") != 0) {
Alert("parsing [%s:%d] : '%s' requires either 'if' or 'unless' followed by a condition.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
if ((cond = build_acl_cond(file, linenum, curproxy, (const char **)args + 2, &errmsg)) == NULL) {
Alert("parsing [%s:%d] : error detected while parsing switching rule : %s.\n",
file, linenum, errmsg);
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
err_code |= warnif_cond_conflicts(cond, SMP_VAL_BE_SET_SRV, file, linenum);
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
rule = (struct server_rule *)calloc(1, sizeof(*rule));
rule->cond = cond;
rule->srv.name = strdup(args[1]);
LIST_INIT(&rule->list);
LIST_ADDQ(&curproxy->server_rules, &rule->list);
curproxy->be_req_ana |= AN_REQ_SRV_RULES;
}
[MINOR] add the "ignore-persist" option to conditionally ignore persistence This is used to disable persistence depending on some conditions (for example using an ACL matching static files or a specific User-Agent). You can see it as a complement to "force-persist". In the configuration file, the force-persist/ignore-persist declaration order define the rules priority. Used with the "appsesion" keyword, it can also help reducing memory usage, as the session won't be hashed the persistence is ignored.
2010-04-24 18:00:51 -04:00
else if ((!strcmp(args[0], "force-persist")) ||
(!strcmp(args[0], "ignore-persist"))) {
struct persist_rule *rule;
[MINOR] add the "force-persist" statement to force persistence on down servers This is used to force access to down servers for some requests. This is useful when validating that a change on a server correctly works before enabling the server again.
2010-01-22 13:10:05 -05:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (warnifnotcap(curproxy, PR_CAP_FE|PR_CAP_BE, file, linenum, args[0], NULL))
err_code |= ERR_WARN;
[CLEANUP] config: use build_acl_cond() instead of parse_acl_cond() This allows to clean up the code a little bit by moving some of the ACL internals out of the config parser.
2010-01-28 11:12:36 -05:00
if (strcmp(args[1], "if") != 0 && strcmp(args[1], "unless") != 0) {
[MINOR] add the "force-persist" statement to force persistence on down servers This is used to force access to down servers for some requests. This is useful when validating that a change on a server correctly works before enabling the server again.
2010-01-22 13:10:05 -05:00
Alert("parsing [%s:%d] : '%s' requires either 'if' or 'unless' followed by a condition.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
if ((cond = build_acl_cond(file, linenum, curproxy, (const char **)args + 1, &errmsg)) == NULL) {
Alert("parsing [%s:%d] : error detected while parsing a '%s' rule : %s.\n",
file, linenum, args[0], errmsg);
[MINOR] add the "force-persist" statement to force persistence on down servers This is used to force access to down servers for some requests. This is useful when validating that a change on a server correctly works before enabling the server again.
2010-01-22 13:10:05 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
/* note: BE_REQ_CNT is the first one after FE_SET_BCK, which is
* where force-persist is applied.
*/
err_code |= warnif_cond_conflicts(cond, SMP_VAL_BE_REQ_CNT, file, linenum);
[MINOR] add the "force-persist" statement to force persistence on down servers This is used to force access to down servers for some requests. This is useful when validating that a change on a server correctly works before enabling the server again.
2010-01-22 13:10:05 -05:00
[MINOR] add the "ignore-persist" option to conditionally ignore persistence This is used to disable persistence depending on some conditions (for example using an ACL matching static files or a specific User-Agent). You can see it as a complement to "force-persist". In the configuration file, the force-persist/ignore-persist declaration order define the rules priority. Used with the "appsesion" keyword, it can also help reducing memory usage, as the session won't be hashed the persistence is ignored.
2010-04-24 18:00:51 -04:00
rule = (struct persist_rule *)calloc(1, sizeof(*rule));
[MINOR] add the "force-persist" statement to force persistence on down servers This is used to force access to down servers for some requests. This is useful when validating that a change on a server correctly works before enabling the server again.
2010-01-22 13:10:05 -05:00
rule->cond = cond;
[MINOR] add the "ignore-persist" option to conditionally ignore persistence This is used to disable persistence depending on some conditions (for example using an ACL matching static files or a specific User-Agent). You can see it as a complement to "force-persist". In the configuration file, the force-persist/ignore-persist declaration order define the rules priority. Used with the "appsesion" keyword, it can also help reducing memory usage, as the session won't be hashed the persistence is ignored.
2010-04-24 18:00:51 -04:00
if (!strcmp(args[0], "force-persist")) {
rule->type = PERSIST_TYPE_FORCE;
} else {
rule->type = PERSIST_TYPE_IGNORE;
}
[MINOR] add the "force-persist" statement to force persistence on down servers This is used to force access to down servers for some requests. This is useful when validating that a change on a server correctly works before enabling the server again.
2010-01-22 13:10:05 -05:00
LIST_INIT(&rule->list);
[MINOR] add the "ignore-persist" option to conditionally ignore persistence This is used to disable persistence depending on some conditions (for example using an ACL matching static files or a specific User-Agent). You can see it as a complement to "force-persist". In the configuration file, the force-persist/ignore-persist declaration order define the rules priority. Used with the "appsesion" keyword, it can also help reducing memory usage, as the session won't be hashed the persistence is ignored.
2010-04-24 18:00:51 -04:00
LIST_ADDQ(&curproxy->persist_rules, &rule->list);
[MINOR] add the "force-persist" statement to force persistence on down servers This is used to force access to down servers for some requests. This is useful when validating that a change on a server correctly works before enabling the server again.
2010-01-22 13:10:05 -05:00
}
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
else if (!strcmp(args[0], "stick-table")) {
int myidx = 1;
MEDIUM: config: reject conflicts in table names A nasty situation happens when two tables have the same name. Since it is possible to declare a table in a frontend and another one in a backend, this situation may happen and result in a random behaviour each time a table is designated in a "stick" or "track" rule. Let's make sure this is properly detected and stopped. Such a config will now report : [ALERT] 145/104933 (31571) : parsing [prx.cfg:36] : stick-table name 't' conflicts with table declared in frontend 't' at prx.cfg:30. [ALERT] 145/104933 (31571) : Error(s) found in configuration file : prx.cfg [ALERT] 145/104933 (31571) : Fatal errors found in configuration.
2015-05-26 04:49:46 -04:00
struct proxy *other;
MEDIUM: stick-table: remove the now duplicate find_stktable() function Since proxy_tbl_by_name() already does the same job, let's not keep duplicate functions and use this one only.
2015-05-26 06:08:07 -04:00
other = proxy_tbl_by_name(curproxy->id);
MEDIUM: config: reject conflicts in table names A nasty situation happens when two tables have the same name. Since it is possible to declare a table in a frontend and another one in a backend, this situation may happen and result in a random behaviour each time a table is designated in a "stick" or "track" rule. Let's make sure this is properly detected and stopped. Such a config will now report : [ALERT] 145/104933 (31571) : parsing [prx.cfg:36] : stick-table name 't' conflicts with table declared in frontend 't' at prx.cfg:30. [ALERT] 145/104933 (31571) : Error(s) found in configuration file : prx.cfg [ALERT] 145/104933 (31571) : Fatal errors found in configuration.
2015-05-26 04:49:46 -04:00
if (other) {
Alert("parsing [%s:%d] : stick-table name '%s' conflicts with table declared in %s '%s' at %s:%d.\n",
file, linenum, curproxy->id, proxy_type_str(other), other->id, other->conf.file, other->conf.line);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
curproxy->table.id = curproxy->id;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
curproxy->table.type = (unsigned int)-1;
while (*args[myidx]) {
const char *err;
if (strcmp(args[myidx], "size") == 0) {
myidx++;
if (!*(args[myidx])) {
Alert("parsing [%s:%d] : stick-table: missing argument after '%s'.\n",
file, linenum, args[myidx-1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if ((err = parse_size_err(args[myidx], &curproxy->table.size))) {
Alert("parsing [%s:%d] : stick-table: unexpected character '%c' in argument of '%s'.\n",
file, linenum, *err, args[myidx-1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MINOR] config: off-by-one in "stick-table" after list of converters
2010-01-26 12:36:26 -05:00
myidx++;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
}
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
else if (strcmp(args[myidx], "peers") == 0) {
myidx++;
CLEANUP: code style: use tabs to indent codes The original codes are indented by spaces and not aligned with the former line. It should be a convention to indent by tabs in HAProxy. Signed-off-by: Godbach <nylzhaowei@gmail.com>
2013-12-11 06:48:57 -05:00
if (!*(args[myidx])) {
CLEANUP: code style: use tabs to indent codes instead of spaces Signed-off-by: Godbach <nylzhaowei@gmail.com>
2014-04-21 09:52:23 -04:00
Alert("parsing [%s:%d] : stick-table: missing argument after '%s'.\n",
file, linenum, args[myidx-1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
CLEANUP: code style: use tabs to indent codes The original codes are indented by spaces and not aligned with the former line. It should be a convention to indent by tabs in HAProxy. Signed-off-by: Godbach <nylzhaowei@gmail.com>
2013-12-11 06:48:57 -05:00
}
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
curproxy->table.peers.name = strdup(args[myidx++]);
}
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
else if (strcmp(args[myidx], "expire") == 0) {
myidx++;
if (!*(args[myidx])) {
Alert("parsing [%s:%d] : stick-table: missing argument after '%s'.\n",
file, linenum, args[myidx-1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
err = parse_time_err(args[myidx], &val, TIME_UNIT_MS);
if (err) {
Alert("parsing [%s:%d] : stick-table: unexpected character '%c' in argument of '%s'.\n",
file, linenum, *err, args[myidx-1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curproxy->table.expire = val;
[MINOR] config: off-by-one in "stick-table" after list of converters
2010-01-26 12:36:26 -05:00
myidx++;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
}
else if (strcmp(args[myidx], "nopurge") == 0) {
curproxy->table.nopurge = 1;
[MINOR] config: off-by-one in "stick-table" after list of converters
2010-01-26 12:36:26 -05:00
myidx++;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
}
else if (strcmp(args[myidx], "type") == 0) {
myidx++;
if (stktable_parse_type(args, &myidx, &curproxy->table.type, &curproxy->table.key_size) != 0) {
Alert("parsing [%s:%d] : stick-table: unknown type '%s'.\n",
file, linenum, args[myidx]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MINOR] config: off-by-one in "stick-table" after list of converters
2010-01-26 12:36:26 -05:00
/* myidx already points to next arg */
}
[MEDIUM] stick_table: add room for extra data types The stick_tables will now be able to store extra data for a same key. A limited set of extra data types will be defined and for each of them an offset in the sticky session will be assigned at startup time. All of this information will be stored in the stick table. The extra data types will have to be specified after the new "store" keyword of the "stick-table" directive, which will reserve some space for them.
2010-06-06 07:34:54 -04:00
else if (strcmp(args[myidx], "store") == 0) {
[MEDIUM] stick-tables: add stored data argument type checking We're now able to return errors based on the validity of an argument passed to a stick-table store data type. We also support ARG_T_DELAY to pass delays to stored data types (eg: for rate counters).
2010-06-20 04:41:54 -04:00
int type, err;
[MEDIUM] stick-tables: add support for arguments to data_types Some data types will require arguments (eg: period for a rate counter). This patch adds support for such arguments between parenthesis in the "store" directive of the stick-table statement. Right now only integers are supported.
2010-06-20 03:11:39 -04:00
char *cw, *nw, *sa;
[MEDIUM] stick_table: add room for extra data types The stick_tables will now be able to store extra data for a same key. A limited set of extra data types will be defined and for each of them an offset in the sticky session will be assigned at startup time. All of this information will be stored in the stick table. The extra data types will have to be specified after the new "store" keyword of the "stick-table" directive, which will reserve some space for them.
2010-06-06 07:34:54 -04:00
myidx++;
[MINOR] config: support a comma-separated list of store data types in stick-table Sometimes we need to store many data types in stick-tables. Let's support a comma-separated list instead of repeating "store" with each keyword.
2010-06-19 01:12:36 -04:00
nw = args[myidx];
while (*nw) {
/* the "store" keyword supports a comma-separated list */
cw = nw;
[MEDIUM] stick-tables: add support for arguments to data_types Some data types will require arguments (eg: period for a rate counter). This patch adds support for such arguments between parenthesis in the "store" directive of the stick-table statement. Right now only integers are supported.
2010-06-20 03:11:39 -04:00
sa = NULL; /* store arg */
while (*nw && *nw != ',') {
if (*nw == '(') {
*nw = 0;
sa = ++nw;
while (*nw != ')') {
if (!*nw) {
Alert("parsing [%s:%d] : %s: missing closing parenthesis after store option '%s'.\n",
file, linenum, args[0], cw);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
nw++;
}
*nw = '\0';
}
[MINOR] config: support a comma-separated list of store data types in stick-table Sometimes we need to store many data types in stick-tables. Let's support a comma-separated list instead of repeating "store" with each keyword.
2010-06-19 01:12:36 -04:00
nw++;
[MEDIUM] stick-tables: add support for arguments to data_types Some data types will require arguments (eg: period for a rate counter). This patch adds support for such arguments between parenthesis in the "store" directive of the stick-table statement. Right now only integers are supported.
2010-06-20 03:11:39 -04:00
}
[MINOR] config: support a comma-separated list of store data types in stick-table Sometimes we need to store many data types in stick-tables. Let's support a comma-separated list instead of repeating "store" with each keyword.
2010-06-19 01:12:36 -04:00
if (*nw)
*nw++ = '\0';
type = stktable_get_data_type(cw);
if (type < 0) {
Alert("parsing [%s:%d] : %s: unknown store option '%s'.\n",
file, linenum, args[0], cw);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MEDIUM] stick-tables: add stored data argument type checking We're now able to return errors based on the validity of an argument passed to a stick-table store data type. We also support ARG_T_DELAY to pass delays to stored data types (eg: for rate counters).
2010-06-20 04:41:54 -04:00
err = stktable_alloc_data_type(&curproxy->table, type, sa);
switch (err) {
case PE_NONE: break;
case PE_EXIST:
[MINOR] config: support a comma-separated list of store data types in stick-table Sometimes we need to store many data types in stick-tables. Let's support a comma-separated list instead of repeating "store" with each keyword.
2010-06-19 01:12:36 -04:00
Warning("parsing [%s:%d]: %s: store option '%s' already enabled, ignored.\n",
file, linenum, args[0], cw);
err_code |= ERR_WARN;
[MEDIUM] stick-tables: add stored data argument type checking We're now able to return errors based on the validity of an argument passed to a stick-table store data type. We also support ARG_T_DELAY to pass delays to stored data types (eg: for rate counters).
2010-06-20 04:41:54 -04:00
break;
case PE_ARG_MISSING:
Alert("parsing [%s:%d] : %s: missing argument to store option '%s'.\n",
file, linenum, args[0], cw);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
case PE_ARG_NOT_USED:
Alert("parsing [%s:%d] : %s: unexpected argument to store option '%s'.\n",
file, linenum, args[0], cw);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
default:
Alert("parsing [%s:%d] : %s: error when processing store option '%s'.\n",
file, linenum, args[0], cw);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] config: support a comma-separated list of store data types in stick-table Sometimes we need to store many data types in stick-tables. Let's support a comma-separated list instead of repeating "store" with each keyword.
2010-06-19 01:12:36 -04:00
}
[MEDIUM] stick_table: add room for extra data types The stick_tables will now be able to store extra data for a same key. A limited set of extra data types will be defined and for each of them an offset in the sticky session will be assigned at startup time. All of this information will be stored in the stick table. The extra data types will have to be specified after the new "store" keyword of the "stick-table" directive, which will reserve some space for them.
2010-06-06 07:34:54 -04:00
}
myidx++;
}
[MINOR] config: off-by-one in "stick-table" after list of converters
2010-01-26 12:36:26 -05:00
else {
Alert("parsing [%s:%d] : stick-table: unknown argument '%s'.\n",
file, linenum, args[myidx]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
}
}
if (!curproxy->table.size) {
Alert("parsing [%s:%d] : stick-table: missing size.\n",
file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (curproxy->table.type == (unsigned int)-1) {
Alert("parsing [%s:%d] : stick-table: missing type.\n",
file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
else if (!strcmp(args[0], "stick")) {
struct sticking_rule *rule;
REORG: use the name "sample" instead of "pattern" to designate extracted data This is mainly a massive renaming in the code to get it in line with the calling convention. Next patch will rename a few files to complete this operation.
2012-04-27 15:37:17 -04:00
struct sample_expr *expr;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
int myidx = 0;
const char *name = NULL;
int flags;
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL)) {
err_code |= ERR_WARN;
goto out;
}
myidx++;
if ((strcmp(args[myidx], "store") == 0) ||
(strcmp(args[myidx], "store-request") == 0)) {
myidx++;
flags = STK_IS_STORE;
}
else if (strcmp(args[myidx], "store-response") == 0) {
myidx++;
flags = STK_IS_STORE | STK_ON_RSP;
}
else if (strcmp(args[myidx], "match") == 0) {
myidx++;
flags = STK_IS_MATCH;
}
else if (strcmp(args[myidx], "on") == 0) {
myidx++;
flags = STK_IS_MATCH | STK_IS_STORE;
}
else {
Alert("parsing [%s:%d] : '%s' expects 'on', 'match', or 'store'.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (*(args[myidx]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a fetch method.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
curproxy->conf.args.ctx = ARGC_STK;
MINOR: configuration: File and line propagation This patch permits to communicate file and line of the configuration file at the configuration parser.
2014-02-11 08:00:19 -05:00
expr = sample_parse_expr(args, &myidx, file, linenum, &errmsg, &curproxy->conf.args);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
if (!expr) {
MINOR: sample: make sample_parse_expr() use memprintf() to report parse errors Doing so ensures that we're consistent between all the functions in the whole chain. This is important so that we can extract the argument parsing from this function.
2013-12-12 17:16:54 -05:00
Alert("parsing [%s:%d] : '%s': %s\n", file, linenum, args[0], errmsg);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (flags & STK_ON_RSP) {
MEDIUM: samples: use new flags to describe compatibility between fetches and their usages Samples fetches were relying on two flags SMP_CAP_REQ/SMP_CAP_RES to describe whether they were compatible with requests rules or with response rules. This was never reliable because we need a finer granularity (eg: an HTTP request method needs to parse an HTTP request, and is available past this point). Some fetches are also dependant on the context (eg: "hdr" uses request or response depending where it's involved, causing some abiguity). In order to solve this, we need to precisely indicate in fetches what they use, and their users will have to compare with what they have. So now we have a bunch of bits indicating where the sample is fetched in the processing chain, with a few variants indicating for some of them if it is permanent or volatile (eg: an HTTP status is stored into the transaction so it is permanent, despite being caught in the response contents). The fetches also have a second mask indicating their validity domain. This one is computed from a conversion table at registration time, so there is no need for doing it by hand. This validity domain consists in a bitmask with one bit set for each usage point in the processing chain. Some provisions were made for upcoming controls such as connection-based TCP rules which apply on top of the connection layer but before instantiating the session. Then everywhere a fetch is used, the bit for the control point is checked in the fetch's validity domain, and it becomes possible to finely ensure that a fetch will work or not. Note that we need these two separate bitfields because some fetches are usable both in request and response (eg: "hdr", "payload"). So the keyword will have a "use" field made of a combination of several SMP_USE_* values, which will be converted into a wider list of SMP_VAL_* flags. The knowledge of permanent vs dynamic information has disappeared for now, as it was never used. Later we'll probably reintroduce it differently when dealing with variables. Its only use at the moment could have been to avoid caching a dynamic rate measurement, but nothing is cached as of now.
2013-01-07 09:42:20 -05:00
if (!(expr->fetch->val & SMP_VAL_BE_STO_RUL)) {
Alert("parsing [%s:%d] : '%s': fetch method '%s' extracts information from '%s', none of which is available for 'store-response'.\n",
file, linenum, args[0], expr->fetch->kw, sample_src_names(expr->fetch->use));
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
[MINOR] Consistently free expr on error in cfg_parse_listen() It seems to me that without this change cfg_parse_listen() may leak memory.
2011-07-15 00:14:07 -04:00
free(expr);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
goto out;
}
} else {
MEDIUM: samples: use new flags to describe compatibility between fetches and their usages Samples fetches were relying on two flags SMP_CAP_REQ/SMP_CAP_RES to describe whether they were compatible with requests rules or with response rules. This was never reliable because we need a finer granularity (eg: an HTTP request method needs to parse an HTTP request, and is available past this point). Some fetches are also dependant on the context (eg: "hdr" uses request or response depending where it's involved, causing some abiguity). In order to solve this, we need to precisely indicate in fetches what they use, and their users will have to compare with what they have. So now we have a bunch of bits indicating where the sample is fetched in the processing chain, with a few variants indicating for some of them if it is permanent or volatile (eg: an HTTP status is stored into the transaction so it is permanent, despite being caught in the response contents). The fetches also have a second mask indicating their validity domain. This one is computed from a conversion table at registration time, so there is no need for doing it by hand. This validity domain consists in a bitmask with one bit set for each usage point in the processing chain. Some provisions were made for upcoming controls such as connection-based TCP rules which apply on top of the connection layer but before instantiating the session. Then everywhere a fetch is used, the bit for the control point is checked in the fetch's validity domain, and it becomes possible to finely ensure that a fetch will work or not. Note that we need these two separate bitfields because some fetches are usable both in request and response (eg: "hdr", "payload"). So the keyword will have a "use" field made of a combination of several SMP_USE_* values, which will be converted into a wider list of SMP_VAL_* flags. The knowledge of permanent vs dynamic information has disappeared for now, as it was never used. Later we'll probably reintroduce it differently when dealing with variables. Its only use at the moment could have been to avoid caching a dynamic rate measurement, but nothing is cached as of now.
2013-01-07 09:42:20 -05:00
if (!(expr->fetch->val & SMP_VAL_BE_SET_SRV)) {
Alert("parsing [%s:%d] : '%s': fetch method '%s' extracts information from '%s', none of which is available during request.\n",
file, linenum, args[0], expr->fetch->kw, sample_src_names(expr->fetch->use));
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
[MINOR] Consistently free expr on error in cfg_parse_listen() It seems to me that without this change cfg_parse_listen() may leak memory.
2011-07-15 00:14:07 -04:00
free(expr);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
goto out;
}
}
BUG/MAJOR: ensure that hdr_idx is always reserved when L7 fetches are used Baptiste Assmann reported a bug causing a crash on recent versions when sticking rules were set on layer 7 in a TCP proxy. The bug is easier to reproduce with the "defer-accept" option on the "bind" line in order to have some contents to parse when the connection is accepted. The issue is that the acl_prefetch_http() function called from HTTP fetches relies on hdr_idx to be preinitialized, which is not the case if there is no L7 ACL. The solution consists in adding a new SMP_CAP_L7 flag to fetches to indicate that they are expected to work on L7 data, so that the proxy knows that the hdr_idx has to be initialized. This is already how ACL and HTTP mode are handled. The bug was present since 1.5-dev9.
2012-10-05 16:41:26 -04:00
/* check if we need to allocate an hdr_idx struct for HTTP parsing */
MEDIUM: proxy: remove acl_requires and just keep a flag "http_needed" Proxy's acl_requires was a copy of all bits taken from ACLs, but we'll get rid of ACL flags and only rely on sample fetches soon. The proxy's acl_requires was only used to allocate an HTTP context when needed, and was even forced in HTTP mode. So better have a flag which exactly says what it's supposed to be used for.
2013-03-24 02:22:08 -04:00
curproxy->http_needed |= !!(expr->fetch->use & SMP_USE_HTTP_ANY);
BUG/MAJOR: ensure that hdr_idx is always reserved when L7 fetches are used Baptiste Assmann reported a bug causing a crash on recent versions when sticking rules were set on layer 7 in a TCP proxy. The bug is easier to reproduce with the "defer-accept" option on the "bind" line in order to have some contents to parse when the connection is accepted. The issue is that the acl_prefetch_http() function called from HTTP fetches relies on hdr_idx to be preinitialized, which is not the case if there is no L7 ACL. The solution consists in adding a new SMP_CAP_L7 flag to fetches to indicate that they are expected to work on L7 data, so that the proxy knows that the hdr_idx has to be initialized. This is already how ACL and HTTP mode are handled. The bug was present since 1.5-dev9.
2012-10-05 16:41:26 -04:00
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
if (strcmp(args[myidx], "table") == 0) {
myidx++;
name = args[myidx++];
}
[CLEANUP] config: use build_acl_cond() instead of parse_acl_cond() This allows to clean up the code a little bit by moving some of the ACL internals out of the config parser.
2010-01-28 11:12:36 -05:00
if (strcmp(args[myidx], "if") == 0 || strcmp(args[myidx], "unless") == 0) {
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
if ((cond = build_acl_cond(file, linenum, curproxy, (const char **)args + myidx, &errmsg)) == NULL) {
Alert("parsing [%s:%d] : '%s': error detected while parsing sticking condition : %s.\n",
file, linenum, args[0], errmsg);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
[MINOR] Consistently free expr on error in cfg_parse_listen() It seems to me that without this change cfg_parse_listen() may leak memory.
2011-07-15 00:14:07 -04:00
free(expr);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
goto out;
}
}
[CLEANUP] config: use build_acl_cond() instead of parse_acl_cond() This allows to clean up the code a little bit by moving some of the ACL internals out of the config parser.
2010-01-28 11:12:36 -05:00
else if (*(args[myidx])) {
Alert("parsing [%s:%d] : '%s': unknown keyword '%s'.\n",
file, linenum, args[0], args[myidx]);
err_code |= ERR_ALERT | ERR_FATAL;
[MINOR] Consistently free expr on error in cfg_parse_listen() It seems to me that without this change cfg_parse_listen() may leak memory.
2011-07-15 00:14:07 -04:00
free(expr);
[CLEANUP] config: use build_acl_cond() instead of parse_acl_cond() This allows to clean up the code a little bit by moving some of the ACL internals out of the config parser.
2010-01-28 11:12:36 -05:00
goto out;
}
[MEDIUM] Implement tcp inspect response rules
2010-09-23 11:56:44 -04:00
if (flags & STK_ON_RSP)
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
err_code |= warnif_cond_conflicts(cond, SMP_VAL_BE_STO_RUL, file, linenum);
[MEDIUM] Implement tcp inspect response rules
2010-09-23 11:56:44 -04:00
else
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
err_code |= warnif_cond_conflicts(cond, SMP_VAL_BE_SET_SRV, file, linenum);
[CLEANUP] config: use warnif_cond_requires_resp() to check for bad ACLs Factor out some repetitive copy-pasted code to check for request ACLs validity.
2010-01-28 11:59:39 -05:00
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
rule = (struct sticking_rule *)calloc(1, sizeof(*rule));
rule->cond = cond;
rule->expr = expr;
rule->flags = flags;
rule->table.name = name ? strdup(name) : NULL;
LIST_INIT(&rule->list);
if (flags & STK_ON_RSP)
LIST_ADDQ(&curproxy->storersp_rules, &rule->list);
else
LIST_ADDQ(&curproxy->sticking_rules, &rule->list);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "stats")) {
if (curproxy != &defproxy && curproxy->uri_auth == defproxy.uri_auth)
curproxy->uri_auth = NULL; /* we must detach from the default config */
[BUG] cfgparser/stats: fix error message Fix the error message by unification and goto, previously we had two independent lists of supported keywords and were raporting 'stats' instead of a wrong keyword. Code: stats wrong-keyword stats Before: [ALERT] 005/163032 (27175) : parsing [haproxy.cfg:248] : unknown stats parameter 'stats' (expects 'hide-version', 'uri', 'realm', 'auth' or 'enable'). [ALERT] 005/163032 (27175) : parsing [haproxy.cfg:249] : 'stats' expects 'uri', 'realm', 'auth', 'scope' or 'enable', 'hide-version', 'show-node', 'show-desc', 'show-legends'. After: [ALERT] 005/162841 (22710) : parsing [haproxy.cfg:248]: unknown stats parameter 'wrong-keyword', expects 'uri', 'realm', 'auth', 'scope', 'enable', 'hide-version', 'show-node', 'show-desc' or 'show-legends'. [ALERT] 005/162841 (22710) : parsing [haproxy.cfg:249]: missing keyword in 'stats', expects 'uri', 'realm', 'auth', 'scope', 'enable', 'hide-version', 'show-node', 'show-desc' or 'show-legends'.
2010-01-06 10:25:05 -05:00
if (!*args[1]) {
goto stats_error_parsing;
[MEDIUM] stats: add an admin level The stats web interface must be read-only by default to prevent security holes. As it is now allowed to enable/disable servers, a new keyword "stats admin" is introduced to activate this admin level, conditioned by ACLs. (cherry picked from commit 5334bab92ca7debe36df69983c19c21b6dc63f78)
2010-10-11 18:14:36 -04:00
} else if (!strcmp(args[1], "admin")) {
struct stats_admin_rule *rule;
if (curproxy == &defproxy) {
Alert("parsing [%s:%d]: '%s %s' not allowed in 'defaults' section.\n", file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (!stats_check_init_uri_auth(&curproxy->uri_auth)) {
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
if (strcmp(args[2], "if") != 0 && strcmp(args[2], "unless") != 0) {
Alert("parsing [%s:%d] : '%s %s' requires either 'if' or 'unless' followed by a condition.\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
if ((cond = build_acl_cond(file, linenum, curproxy, (const char **)args + 2, &errmsg)) == NULL) {
Alert("parsing [%s:%d] : error detected while parsing a '%s %s' rule : %s.\n",
file, linenum, args[0], args[1], errmsg);
[MEDIUM] stats: add an admin level The stats web interface must be read-only by default to prevent security holes. As it is now allowed to enable/disable servers, a new keyword "stats admin" is introduced to activate this admin level, conditioned by ACLs. (cherry picked from commit 5334bab92ca7debe36df69983c19c21b6dc63f78)
2010-10-11 18:14:36 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
err_code |= warnif_cond_conflicts(cond,
(curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
file, linenum);
[MEDIUM] stats: add an admin level The stats web interface must be read-only by default to prevent security holes. As it is now allowed to enable/disable servers, a new keyword "stats admin" is introduced to activate this admin level, conditioned by ACLs. (cherry picked from commit 5334bab92ca7debe36df69983c19c21b6dc63f78)
2010-10-11 18:14:36 -04:00
rule = (struct stats_admin_rule *)calloc(1, sizeof(*rule));
rule->cond = cond;
LIST_INIT(&rule->list);
LIST_ADDQ(&curproxy->uri_auth->admin_rules, &rule->list);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else if (!strcmp(args[1], "uri")) {
if (*(args[2]) == 0) {
Alert("parsing [%s:%d] : 'uri' needs an URI prefix.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else if (!stats_set_uri(&curproxy->uri_auth, args[2])) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
} else if (!strcmp(args[1], "realm")) {
if (*(args[2]) == 0) {
Alert("parsing [%s:%d] : 'realm' needs an realm name.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else if (!stats_set_realm(&curproxy->uri_auth, args[2])) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
[MINOR] stats: add a new node-name setting The new "node-name" stats setting enables reporting of a node ID on the stats page. It is possible to return the system's host name as well as a specific name.
2009-08-16 04:29:18 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
[MINOR] add support for "stats refresh <interval>" Sometimes it may be desirable to automatically refresh the stats page. Most browsers support the "Refresh:" header with an interval in seconds. Specifying "stats refresh xxx" will automatically add this header.
2007-07-25 01:26:38 -04:00
} else if (!strcmp(args[1], "refresh")) {
[MEDIUM] add support for time units in the configuration It is not always handy to manipulate large values exprimed in milliseconds for timeouts. Also, some values are entered in seconds (such as the stats refresh interval). This patch adds support for time units. It knows about 'us', 'ms', 's', 'm', 'h', and 'd'. It automatically converts each value into the caller's expected unit. Unit-less values are still passed unchanged. The unit must be passed as a suffix to the number. For instance: clitimeout 15m If any character is not understood, an error is returned.
2007-12-02 16:15:14 -05:00
unsigned interval;
err = parse_time_err(args[2], &interval, TIME_UNIT_S);
if (err) {
Alert("parsing [%s:%d] : unexpected character '%c' in stats refresh interval.\n",
file, linenum, *err);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] add support for "stats refresh <interval>" Sometimes it may be desirable to automatically refresh the stats page. Most browsers support the "Refresh:" header with an interval in seconds. Specifying "stats refresh xxx" will automatically add this header.
2007-07-25 01:26:38 -04:00
} else if (!stats_set_refresh(&curproxy->uri_auth, interval)) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
[MINOR] add support for "stats refresh <interval>" Sometimes it may be desirable to automatically refresh the stats page. Most browsers support the "Refresh:" header with an interval in seconds. Specifying "stats refresh xxx" will automatically add this header.
2007-07-25 01:26:38 -04:00
}
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
} else if (!strcmp(args[1], "http-request")) { /* request access control: allow/deny/auth */
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
struct act_rule *rule;
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d]: '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (!stats_check_init_uri_auth(&curproxy->uri_auth)) {
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
if (!LIST_ISEMPTY(&curproxy->uri_auth->http_req_rules) &&
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
!LIST_PREV(&curproxy->uri_auth->http_req_rules, struct act_rule *, list)->cond) {
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
Warning("parsing [%s:%d]: previous '%s' action has no condition attached, further entries are NOOP.\n",
file, linenum, args[0]);
err_code |= ERR_WARN;
}
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
rule = parse_http_req_cond((const char **)args + 2, file, linenum, curproxy);
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
if (!rule) {
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
err_code |= warnif_cond_conflicts(rule->cond,
(curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
file, linenum);
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
LIST_ADDQ(&curproxy->uri_auth->http_req_rules, &rule->list);
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else if (!strcmp(args[1], "auth")) {
if (*(args[2]) == 0) {
Alert("parsing [%s:%d] : 'auth' needs a user:password account.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else if (!stats_add_auth(&curproxy->uri_auth, args[2])) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
} else if (!strcmp(args[1], "scope")) {
if (*(args[2]) == 0) {
Alert("parsing [%s:%d] : 'scope' needs a proxy name.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else if (!stats_add_scope(&curproxy->uri_auth, args[2])) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
} else if (!strcmp(args[1], "enable")) {
if (!stats_check_init_uri_auth(&curproxy->uri_auth)) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] report haproxy's version by default on the stats page For people who manage many haproxies, it is sometimes convenient to be informed of their version. This patch adds this, with the option to disable this report by specifying "stats hide-version". Also, the feature may be permanently disabled by setting the STATS_VERSION_STRING to "" (empty string), or the format can simply be adjusted.
2007-10-15 04:05:11 -04:00
} else if (!strcmp(args[1], "hide-version")) {
if (!stats_set_flag(&curproxy->uri_auth, ST_HIDEVER)) {
Alert("parsing [%s:%d] : out of memory.\n", file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
[MINOR] report haproxy's version by default on the stats page For people who manage many haproxies, it is sometimes convenient to be informed of their version. This patch adds this, with the option to disable this report by specifying "stats hide-version". Also, the feature may be permanently disabled by setting the STATS_VERSION_STRING to "" (empty string), or the format can simply be adjusted.
2007-10-15 04:05:11 -04:00
}
[MINOR]: stats: add show-legends to report additional informations Supported informations, available via "tr/td title": - cap: capabilities (proxy) - mode: one of tcp, http or health (proxy) - id: SNMP ID (proxy, socket, server) - IP (socket, server) - cookie (backend, server)
2010-01-04 10:03:09 -05:00
} else if (!strcmp(args[1], "show-legends")) {
if (!stats_set_flag(&curproxy->uri_auth, ST_SHLGNDS)) {
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
} else if (!strcmp(args[1], "show-node")) {
if (*args[2]) {
int i;
char c;
for (i=0; args[2][i]; i++) {
c = args[2][i];
[BUILD] fix some build warnings on Solaris with is* macros isalnum, isdigit and friends are really annoying because they take an int in which we should pass an unsigned char, while strings everywhere use chars. Solaris uses macros relying on an array for those functions, which easily triggers some warnings showing where we have mistakenly passed a char instead of an unsigned char or an int. Those warnings may indicate real bugs on some platforms depending on the implementation.
2010-03-02 18:16:00 -05:00
if (!isupper((unsigned char)c) && !islower((unsigned char)c) &&
!isdigit((unsigned char)c) && c != '_' && c != '-' && c != '.')
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
break;
}
if (!i || args[2][i]) {
Alert("parsing [%s:%d]: '%s %s' invalid node name - should be a string"
"with digits(0-9), letters(A-Z, a-z), hyphen(-) or underscode(_).\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
if (!stats_set_node(&curproxy->uri_auth, args[2])) {
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
} else if (!strcmp(args[1], "show-desc")) {
char *desc = NULL;
if (*args[2]) {
int i, len=0;
char *d;
BUILD/MEDIUM: cfgparse: get rid of sprintf() A few occurrences of sprintf() were causing harmless warnings on OpenBSD : src/cfgparse.o(.text+0x259e): In function `cfg_parse_global': src/cfgparse.c:1044: warning: sprintf() is often misused, please use snprintf() These ones were easy to get rid of, so better do it.
2014-04-14 09:00:39 -04:00
for (i = 2; *args[i]; i++)
len += strlen(args[i]) + 1;
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
desc = d = (char *)calloc(1, len);
BUILD/MEDIUM: cfgparse: get rid of sprintf() A few occurrences of sprintf() were causing harmless warnings on OpenBSD : src/cfgparse.o(.text+0x259e): In function `cfg_parse_global': src/cfgparse.c:1044: warning: sprintf() is often misused, please use snprintf() These ones were easy to get rid of, so better do it.
2014-04-14 09:00:39 -04:00
d += snprintf(d, desc + len - d, "%s", args[2]);
for (i = 3; *args[i]; i++)
d += snprintf(d, desc + len - d, " %s", args[i]);
[MINOR] add "description", "node" and show-node"/"show-desc", remove "node-name", v2 This patch implements "description" (proxy and global) and "node" (global) options, removes "node-name" and adds "show-node" & "show-desc" options for "stats". It also changes the way the header lines (with proxy name) and the statistics are displayed, so stats no longer look so clumsy with very long names. Instead of "node-name" it is possible to use show-node/show-desc with an optional parameter that overrides a default node/description. backend cust-0045 # report specific values for this customer stats show-node Europe stats show-desc Master node for Europe, Asia, Africa
2009-10-02 16:51:14 -04:00
}
if (!*args[2] && !global.desc)
Warning("parsing [%s:%d]: '%s' requires a parameter or 'desc' to be set in the global section.\n",
file, linenum, args[1]);
else {
if (!stats_set_desc(&curproxy->uri_auth, desc)) {
free(desc);
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
free(desc);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else {
[BUG] cfgparser/stats: fix error message Fix the error message by unification and goto, previously we had two independent lists of supported keywords and were raporting 'stats' instead of a wrong keyword. Code: stats wrong-keyword stats Before: [ALERT] 005/163032 (27175) : parsing [haproxy.cfg:248] : unknown stats parameter 'stats' (expects 'hide-version', 'uri', 'realm', 'auth' or 'enable'). [ALERT] 005/163032 (27175) : parsing [haproxy.cfg:249] : 'stats' expects 'uri', 'realm', 'auth', 'scope' or 'enable', 'hide-version', 'show-node', 'show-desc', 'show-legends'. After: [ALERT] 005/162841 (22710) : parsing [haproxy.cfg:248]: unknown stats parameter 'wrong-keyword', expects 'uri', 'realm', 'auth', 'scope', 'enable', 'hide-version', 'show-node', 'show-desc' or 'show-legends'. [ALERT] 005/162841 (22710) : parsing [haproxy.cfg:249]: missing keyword in 'stats', expects 'uri', 'realm', 'auth', 'scope', 'enable', 'hide-version', 'show-node', 'show-desc' or 'show-legends'.
2010-01-06 10:25:05 -05:00
stats_error_parsing:
[MEDIUM] stats: add an admin level The stats web interface must be read-only by default to prevent security holes. As it is now allowed to enable/disable servers, a new keyword "stats admin" is introduced to activate this admin level, conditioned by ACLs. (cherry picked from commit 5334bab92ca7debe36df69983c19c21b6dc63f78)
2010-10-11 18:14:36 -04:00
Alert("parsing [%s:%d]: %s '%s', expects 'admin', 'uri', 'realm', 'auth', 'scope', 'enable', 'hide-version', 'show-node', 'show-desc' or 'show-legends'.\n",
[BUG] cfgparser/stats: fix error message Fix the error message by unification and goto, previously we had two independent lists of supported keywords and were raporting 'stats' instead of a wrong keyword. Code: stats wrong-keyword stats Before: [ALERT] 005/163032 (27175) : parsing [haproxy.cfg:248] : unknown stats parameter 'stats' (expects 'hide-version', 'uri', 'realm', 'auth' or 'enable'). [ALERT] 005/163032 (27175) : parsing [haproxy.cfg:249] : 'stats' expects 'uri', 'realm', 'auth', 'scope' or 'enable', 'hide-version', 'show-node', 'show-desc', 'show-legends'. After: [ALERT] 005/162841 (22710) : parsing [haproxy.cfg:248]: unknown stats parameter 'wrong-keyword', expects 'uri', 'realm', 'auth', 'scope', 'enable', 'hide-version', 'show-node', 'show-desc' or 'show-legends'. [ALERT] 005/162841 (22710) : parsing [haproxy.cfg:249]: missing keyword in 'stats', expects 'uri', 'realm', 'auth', 'scope', 'enable', 'hide-version', 'show-node', 'show-desc' or 'show-legends'.
2010-01-06 10:25:05 -05:00
file, linenum, *args[1]?"unknown stats parameter":"missing keyword in", args[*args[1]?1:0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
else if (!strcmp(args[0], "option")) {
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
int optnum;
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
if (*(args[1]) == '\0') {
Alert("parsing [%s:%d]: '%s' expects an option name.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
for (optnum = 0; cfg_opts[optnum].name; optnum++) {
if (!strcmp(args[1], cfg_opts[optnum].name)) {
[MINOR] config: detect options not supported due to compilation options Some options depends on the target architecture or compilation options. When such an option is used on a compiled version that doesn't support it, it's probably better to identify it as an unsupported option due to compilation options instead of an unknown option. Edit: better check on the empty capability than on the option bits. -Willy
2010-11-01 14:26:00 -04:00
if (cfg_opts[optnum].cap == PR_CAP_NONE) {
Alert("parsing [%s:%d]: option '%s' is not supported due to build options.\n",
file, linenum, cfg_opts[optnum].name);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
if (warnifnotcap(curproxy, cfg_opts[optnum].cap, file, linenum, args[1], NULL)) {
err_code |= ERR_WARN;
goto out;
}
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
curproxy->no_options &= ~cfg_opts[optnum].val;
curproxy->options &= ~cfg_opts[optnum].val;
switch (kwm) {
case KWM_STD:
curproxy->options |= cfg_opts[optnum].val;
break;
case KWM_NO:
curproxy->no_options |= cfg_opts[optnum].val;
break;
case KWM_DEF: /* already cleared */
break;
[MINOR] config: track "no option"/"option" changes Sometimes we would want to implement implicit default options, but for this we need to be able to disable them, which requires to keep track of "no option" settings. With this change, an option explicitly disabled in a defaults section will still be seen as explicitly disabled. There should be no regression as nothing makes use of this yet.
2009-06-14 05:10:45 -04:00
}
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
}
}
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
for (optnum = 0; cfg_opts2[optnum].name; optnum++) {
if (!strcmp(args[1], cfg_opts2[optnum].name)) {
[MINOR] config: detect options not supported due to compilation options Some options depends on the target architecture or compilation options. When such an option is used on a compiled version that doesn't support it, it's probably better to identify it as an unsupported option due to compilation options instead of an unknown option. Edit: better check on the empty capability than on the option bits. -Willy
2010-11-01 14:26:00 -04:00
if (cfg_opts2[optnum].cap == PR_CAP_NONE) {
Alert("parsing [%s:%d]: option '%s' is not supported due to build options.\n",
file, linenum, cfg_opts2[optnum].name);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
if (warnifnotcap(curproxy, cfg_opts2[optnum].cap, file, linenum, args[1], NULL)) {
err_code |= ERR_WARN;
goto out;
}
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
curproxy->no_options2 &= ~cfg_opts2[optnum].val;
curproxy->options2 &= ~cfg_opts2[optnum].val;
switch (kwm) {
case KWM_STD:
curproxy->options2 |= cfg_opts2[optnum].val;
break;
case KWM_NO:
curproxy->no_options2 |= cfg_opts2[optnum].val;
break;
case KWM_DEF: /* already cleared */
break;
[MINOR] config: track "no option"/"option" changes Sometimes we would want to implement implicit default options, but for this we need to be able to disable them, which requires to keep track of "no option" settings. With this change, an option explicitly disabled in a defaults section will still be seen as explicitly disabled. There should be no regression as nothing makes use of this yet.
2009-06-14 05:10:45 -04:00
}
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
}
}
MAJOR: http: update connection mode configuration At the very beginning of haproxy, there was "option httpclose" to make haproxy add a "Connection: close" header in both directions to invite both sides to agree on closing the connection. It did not work with some rare products, so "option forceclose" was added to do the same and actively close the connection. Then client-side keep-alive was supported, so option http-server-close was introduced. Now we have keep-alive with a fourth option, not to mention the implicit tunnel mode. The connection configuration has become a total mess because all the options above may be combined together, despite almost everyone thinking they cancel each other, as judging from the common problem reports on the mailing list. Unfortunately, re-reading the doc shows that it's not clear at all that options may be combined, and the opposite seems more obvious since they're compared. The most common issue is options being set in the defaults section that are not negated in other sections, but are just combined when the user expects them to be overloaded. The migration to keep-alive by default will only make things worse. So let's start to address the first problem. A transaction can only work in 5 modes today : - tunnel : haproxy doesn't bother with what follows the first req/resp - passive close : option http-close - forced close : option forceclose - server close : option http-server-close with keep-alive on the client side - keep-alive : option http-keep-alive, end to end All 16 combination for each section fall into one of these cases. Same for the 256 combinations resulting from frontend+backend different modes. With this patch, we're doing something slightly different, which will not change anything for users with valid configs, and will only change the behaviour for users with unsafe configs. The principle is that these options may not combined anymore, and that the latest one always overrides all the other ones, including those inherited from the defaults section. The "no option xxx" statement is still supported to cancel one option and fall back to the default one. It is mainly needed to ignore defaults sections (eg: force the tunnel mode). The frontend+backend combinations have not changed. So for examplen the following configuration used to put the connection into forceclose : defaults http mode http option httpclose frontend foo. option http-server-close => http-server-close+httpclose = forceclose before this patch! Now the frontend's config replaces the defaults config and results in the more expected http-server-close. All 25 combinations of the 5 modes in (frontend,backend) have been successfully tested. In order to prepare for upcoming changes, a new "option http-tunnel" was added. It currently only voids all other options, and has the lowest precedence when mixed with another option in another frontend/backend.
2014-01-29 18:15:28 -05:00
/* HTTP options override each other. They can be cancelled using
* "no option xxx" which only switches to default mode if the mode
* was this one (useful for cancelling options set in defaults
* sections).
*/
if (strcmp(args[1], "httpclose") == 0) {
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
MAJOR: http: update connection mode configuration At the very beginning of haproxy, there was "option httpclose" to make haproxy add a "Connection: close" header in both directions to invite both sides to agree on closing the connection. It did not work with some rare products, so "option forceclose" was added to do the same and actively close the connection. Then client-side keep-alive was supported, so option http-server-close was introduced. Now we have keep-alive with a fourth option, not to mention the implicit tunnel mode. The connection configuration has become a total mess because all the options above may be combined together, despite almost everyone thinking they cancel each other, as judging from the common problem reports on the mailing list. Unfortunately, re-reading the doc shows that it's not clear at all that options may be combined, and the opposite seems more obvious since they're compared. The most common issue is options being set in the defaults section that are not negated in other sections, but are just combined when the user expects them to be overloaded. The migration to keep-alive by default will only make things worse. So let's start to address the first problem. A transaction can only work in 5 modes today : - tunnel : haproxy doesn't bother with what follows the first req/resp - passive close : option http-close - forced close : option forceclose - server close : option http-server-close with keep-alive on the client side - keep-alive : option http-keep-alive, end to end All 16 combination for each section fall into one of these cases. Same for the 256 combinations resulting from frontend+backend different modes. With this patch, we're doing something slightly different, which will not change anything for users with valid configs, and will only change the behaviour for users with unsafe configs. The principle is that these options may not combined anymore, and that the latest one always overrides all the other ones, including those inherited from the defaults section. The "no option xxx" statement is still supported to cancel one option and fall back to the default one. It is mainly needed to ignore defaults sections (eg: force the tunnel mode). The frontend+backend combinations have not changed. So for examplen the following configuration used to put the connection into forceclose : defaults http mode http option httpclose frontend foo. option http-server-close => http-server-close+httpclose = forceclose before this patch! Now the frontend's config replaces the defaults config and results in the more expected http-server-close. All 25 combinations of the 5 modes in (frontend,backend) have been successfully tested. In order to prepare for upcoming changes, a new "option http-tunnel" was added. It currently only voids all other options, and has the lowest precedence when mixed with another option in another frontend/backend.
2014-01-29 18:15:28 -05:00
if (kwm == KWM_STD) {
curproxy->options &= ~PR_O_HTTP_MODE;
curproxy->options |= PR_O_HTTP_PCL;
goto out;
}
else if (kwm == KWM_NO) {
if ((curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_PCL)
curproxy->options &= ~PR_O_HTTP_MODE;
goto out;
}
}
else if (strcmp(args[1], "forceclose") == 0) {
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
MAJOR: http: update connection mode configuration At the very beginning of haproxy, there was "option httpclose" to make haproxy add a "Connection: close" header in both directions to invite both sides to agree on closing the connection. It did not work with some rare products, so "option forceclose" was added to do the same and actively close the connection. Then client-side keep-alive was supported, so option http-server-close was introduced. Now we have keep-alive with a fourth option, not to mention the implicit tunnel mode. The connection configuration has become a total mess because all the options above may be combined together, despite almost everyone thinking they cancel each other, as judging from the common problem reports on the mailing list. Unfortunately, re-reading the doc shows that it's not clear at all that options may be combined, and the opposite seems more obvious since they're compared. The most common issue is options being set in the defaults section that are not negated in other sections, but are just combined when the user expects them to be overloaded. The migration to keep-alive by default will only make things worse. So let's start to address the first problem. A transaction can only work in 5 modes today : - tunnel : haproxy doesn't bother with what follows the first req/resp - passive close : option http-close - forced close : option forceclose - server close : option http-server-close with keep-alive on the client side - keep-alive : option http-keep-alive, end to end All 16 combination for each section fall into one of these cases. Same for the 256 combinations resulting from frontend+backend different modes. With this patch, we're doing something slightly different, which will not change anything for users with valid configs, and will only change the behaviour for users with unsafe configs. The principle is that these options may not combined anymore, and that the latest one always overrides all the other ones, including those inherited from the defaults section. The "no option xxx" statement is still supported to cancel one option and fall back to the default one. It is mainly needed to ignore defaults sections (eg: force the tunnel mode). The frontend+backend combinations have not changed. So for examplen the following configuration used to put the connection into forceclose : defaults http mode http option httpclose frontend foo. option http-server-close => http-server-close+httpclose = forceclose before this patch! Now the frontend's config replaces the defaults config and results in the more expected http-server-close. All 25 combinations of the 5 modes in (frontend,backend) have been successfully tested. In order to prepare for upcoming changes, a new "option http-tunnel" was added. It currently only voids all other options, and has the lowest precedence when mixed with another option in another frontend/backend.
2014-01-29 18:15:28 -05:00
if (kwm == KWM_STD) {
curproxy->options &= ~PR_O_HTTP_MODE;
curproxy->options |= PR_O_HTTP_FCL;
goto out;
}
else if (kwm == KWM_NO) {
if ((curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_FCL)
curproxy->options &= ~PR_O_HTTP_MODE;
goto out;
}
}
else if (strcmp(args[1], "http-server-close") == 0) {
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
MAJOR: http: update connection mode configuration At the very beginning of haproxy, there was "option httpclose" to make haproxy add a "Connection: close" header in both directions to invite both sides to agree on closing the connection. It did not work with some rare products, so "option forceclose" was added to do the same and actively close the connection. Then client-side keep-alive was supported, so option http-server-close was introduced. Now we have keep-alive with a fourth option, not to mention the implicit tunnel mode. The connection configuration has become a total mess because all the options above may be combined together, despite almost everyone thinking they cancel each other, as judging from the common problem reports on the mailing list. Unfortunately, re-reading the doc shows that it's not clear at all that options may be combined, and the opposite seems more obvious since they're compared. The most common issue is options being set in the defaults section that are not negated in other sections, but are just combined when the user expects them to be overloaded. The migration to keep-alive by default will only make things worse. So let's start to address the first problem. A transaction can only work in 5 modes today : - tunnel : haproxy doesn't bother with what follows the first req/resp - passive close : option http-close - forced close : option forceclose - server close : option http-server-close with keep-alive on the client side - keep-alive : option http-keep-alive, end to end All 16 combination for each section fall into one of these cases. Same for the 256 combinations resulting from frontend+backend different modes. With this patch, we're doing something slightly different, which will not change anything for users with valid configs, and will only change the behaviour for users with unsafe configs. The principle is that these options may not combined anymore, and that the latest one always overrides all the other ones, including those inherited from the defaults section. The "no option xxx" statement is still supported to cancel one option and fall back to the default one. It is mainly needed to ignore defaults sections (eg: force the tunnel mode). The frontend+backend combinations have not changed. So for examplen the following configuration used to put the connection into forceclose : defaults http mode http option httpclose frontend foo. option http-server-close => http-server-close+httpclose = forceclose before this patch! Now the frontend's config replaces the defaults config and results in the more expected http-server-close. All 25 combinations of the 5 modes in (frontend,backend) have been successfully tested. In order to prepare for upcoming changes, a new "option http-tunnel" was added. It currently only voids all other options, and has the lowest precedence when mixed with another option in another frontend/backend.
2014-01-29 18:15:28 -05:00
if (kwm == KWM_STD) {
curproxy->options &= ~PR_O_HTTP_MODE;
curproxy->options |= PR_O_HTTP_SCL;
goto out;
}
else if (kwm == KWM_NO) {
if ((curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_SCL)
curproxy->options &= ~PR_O_HTTP_MODE;
goto out;
}
}
else if (strcmp(args[1], "http-keep-alive") == 0) {
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
MAJOR: http: update connection mode configuration At the very beginning of haproxy, there was "option httpclose" to make haproxy add a "Connection: close" header in both directions to invite both sides to agree on closing the connection. It did not work with some rare products, so "option forceclose" was added to do the same and actively close the connection. Then client-side keep-alive was supported, so option http-server-close was introduced. Now we have keep-alive with a fourth option, not to mention the implicit tunnel mode. The connection configuration has become a total mess because all the options above may be combined together, despite almost everyone thinking they cancel each other, as judging from the common problem reports on the mailing list. Unfortunately, re-reading the doc shows that it's not clear at all that options may be combined, and the opposite seems more obvious since they're compared. The most common issue is options being set in the defaults section that are not negated in other sections, but are just combined when the user expects them to be overloaded. The migration to keep-alive by default will only make things worse. So let's start to address the first problem. A transaction can only work in 5 modes today : - tunnel : haproxy doesn't bother with what follows the first req/resp - passive close : option http-close - forced close : option forceclose - server close : option http-server-close with keep-alive on the client side - keep-alive : option http-keep-alive, end to end All 16 combination for each section fall into one of these cases. Same for the 256 combinations resulting from frontend+backend different modes. With this patch, we're doing something slightly different, which will not change anything for users with valid configs, and will only change the behaviour for users with unsafe configs. The principle is that these options may not combined anymore, and that the latest one always overrides all the other ones, including those inherited from the defaults section. The "no option xxx" statement is still supported to cancel one option and fall back to the default one. It is mainly needed to ignore defaults sections (eg: force the tunnel mode). The frontend+backend combinations have not changed. So for examplen the following configuration used to put the connection into forceclose : defaults http mode http option httpclose frontend foo. option http-server-close => http-server-close+httpclose = forceclose before this patch! Now the frontend's config replaces the defaults config and results in the more expected http-server-close. All 25 combinations of the 5 modes in (frontend,backend) have been successfully tested. In order to prepare for upcoming changes, a new "option http-tunnel" was added. It currently only voids all other options, and has the lowest precedence when mixed with another option in another frontend/backend.
2014-01-29 18:15:28 -05:00
if (kwm == KWM_STD) {
curproxy->options &= ~PR_O_HTTP_MODE;
curproxy->options |= PR_O_HTTP_KAL;
goto out;
}
else if (kwm == KWM_NO) {
if ((curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_KAL)
curproxy->options &= ~PR_O_HTTP_MODE;
goto out;
}
}
else if (strcmp(args[1], "http-tunnel") == 0) {
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
MAJOR: http: update connection mode configuration At the very beginning of haproxy, there was "option httpclose" to make haproxy add a "Connection: close" header in both directions to invite both sides to agree on closing the connection. It did not work with some rare products, so "option forceclose" was added to do the same and actively close the connection. Then client-side keep-alive was supported, so option http-server-close was introduced. Now we have keep-alive with a fourth option, not to mention the implicit tunnel mode. The connection configuration has become a total mess because all the options above may be combined together, despite almost everyone thinking they cancel each other, as judging from the common problem reports on the mailing list. Unfortunately, re-reading the doc shows that it's not clear at all that options may be combined, and the opposite seems more obvious since they're compared. The most common issue is options being set in the defaults section that are not negated in other sections, but are just combined when the user expects them to be overloaded. The migration to keep-alive by default will only make things worse. So let's start to address the first problem. A transaction can only work in 5 modes today : - tunnel : haproxy doesn't bother with what follows the first req/resp - passive close : option http-close - forced close : option forceclose - server close : option http-server-close with keep-alive on the client side - keep-alive : option http-keep-alive, end to end All 16 combination for each section fall into one of these cases. Same for the 256 combinations resulting from frontend+backend different modes. With this patch, we're doing something slightly different, which will not change anything for users with valid configs, and will only change the behaviour for users with unsafe configs. The principle is that these options may not combined anymore, and that the latest one always overrides all the other ones, including those inherited from the defaults section. The "no option xxx" statement is still supported to cancel one option and fall back to the default one. It is mainly needed to ignore defaults sections (eg: force the tunnel mode). The frontend+backend combinations have not changed. So for examplen the following configuration used to put the connection into forceclose : defaults http mode http option httpclose frontend foo. option http-server-close => http-server-close+httpclose = forceclose before this patch! Now the frontend's config replaces the defaults config and results in the more expected http-server-close. All 25 combinations of the 5 modes in (frontend,backend) have been successfully tested. In order to prepare for upcoming changes, a new "option http-tunnel" was added. It currently only voids all other options, and has the lowest precedence when mixed with another option in another frontend/backend.
2014-01-29 18:15:28 -05:00
if (kwm == KWM_STD) {
curproxy->options &= ~PR_O_HTTP_MODE;
curproxy->options |= PR_O_HTTP_TUN;
goto out;
}
else if (kwm == KWM_NO) {
if ((curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_TUN)
curproxy->options &= ~PR_O_HTTP_MODE;
goto out;
}
}
MEDIUM: backend: Allow redispatch on retry intervals For backend load balancing it sometimes makes sense to redispatch rather than retrying against the same server. For example, when machines or routers fail you may not want to waste time retrying against a dead server and would instead prefer to immediately redispatch against other servers. This patch allows backend sections to specify that they want to redispatch on a particular interval. If the interval N is positive the redispatch occurs on every Nth retry, and if the interval N is negative then the redispatch occurs on the Nth retry prior to the last retry (-1 is the default and maintains backwards compatibility). In low latency environments tuning this setting can save a few hundred milliseconds when backends fail.
2015-05-12 02:25:34 -04:00
/* Redispatch can take an integer argument that control when the
* resispatch occurs. All values are relative to the retries option.
* This can be cancelled using "no option xxx".
*/
if (strcmp(args[1], "redispatch") == 0) {
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL)) {
err_code |= ERR_WARN;
goto out;
}
curproxy->no_options &= ~PR_O_REDISP;
curproxy->options &= ~PR_O_REDISP;
switch (kwm) {
case KWM_STD:
curproxy->options |= PR_O_REDISP;
curproxy->redispatch_after = -1;
if(*args[2]) {
curproxy->redispatch_after = atol(args[2]);
}
break;
case KWM_NO:
curproxy->no_options |= PR_O_REDISP;
curproxy->redispatch_after = 0;
break;
case KWM_DEF: /* already cleared */
break;
}
goto out;
}
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
if (kwm != KWM_STD) {
Alert("parsing [%s:%d]: negation/default is not supported for option '%s'.\n",
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
file, linenum, args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
}
[MINOR] add a new CLF log format Appending the "clf" word after "option httplog" turns the HTTP log format into a CLF format, more suited for certain tools.
2009-06-30 12:26:00 -04:00
if (!strcmp(args[1], "httplog")) {
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
char *logformat;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* generate a complete HTTP log */
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
logformat = default_http_log_format;
[MINOR] add a new CLF log format Appending the "clf" word after "option httplog" turns the HTTP log format into a CLF format, more suited for certain tools.
2009-06-30 12:26:00 -04:00
if (*(args[2]) != '\0') {
if (!strcmp(args[2], "clf")) {
curproxy->options2 |= PR_O2_CLFLOG;
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
logformat = clf_http_log_format;
[MINOR] add a new CLF log format Appending the "clf" word after "option httplog" turns the HTTP log format into a CLF format, more suited for certain tools.
2009-06-30 12:26:00 -04:00
} else {
BUG/MINOR: cfgparse: fix typo in 'option httplog' error message The error message was displaying the wrong argument when 'option httplog' took a wrong argument.
2015-05-28 12:02:48 -04:00
Alert("parsing [%s:%d] : keyword '%s' only supports option 'clf'.\n", file, linenum, args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] add a new CLF log format Appending the "clf" word after "option httplog" turns the HTTP log format into a CLF format, more suited for certain tools.
2009-06-30 12:26:00 -04:00
}
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(1, 1, file, linenum, args, &err_code))
goto out;
[MINOR] add a new CLF log format Appending the "clf" word after "option httplog" turns the HTTP log format into a CLF format, more suited for certain tools.
2009-06-30 12:26:00 -04:00
}
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (curproxy->conf.logformat_string != default_http_log_format &&
curproxy->conf.logformat_string != default_tcp_log_format &&
curproxy->conf.logformat_string != clf_http_log_format)
free(curproxy->conf.logformat_string);
curproxy->conf.logformat_string = logformat;
free(curproxy->conf.lfs_file);
curproxy->conf.lfs_file = strdup(curproxy->conf.args.file);
curproxy->conf.lfs_line = curproxy->conf.args.line;
[MINOR] add a new CLF log format Appending the "clf" word after "option httplog" turns the HTTP log format into a CLF format, more suited for certain tools.
2009-06-30 12:26:00 -04:00
}
MEDIUM: log: use log_format for mode tcplog Merge http_sess_log() and tcp_sess_log() to sess_log() and move it to log.c A new field in logformat_type define if you can use a logformat variable in TCP or HTTP mode. doc: log-format in tcp mode Note that due to the way log buffer allocation currently works, trying to log an HTTP request without "option httplog" is still not possible. This will change in the near future.
2012-02-27 05:23:10 -05:00
else if (!strcmp(args[1], "tcplog")) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* generate a detailed TCP log */
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (curproxy->conf.logformat_string != default_http_log_format &&
curproxy->conf.logformat_string != default_tcp_log_format &&
curproxy->conf.logformat_string != clf_http_log_format)
free(curproxy->conf.logformat_string);
curproxy->conf.logformat_string = default_tcp_log_format;
free(curproxy->conf.lfs_file);
curproxy->conf.lfs_file = strdup(curproxy->conf.args.file);
curproxy->conf.lfs_line = curproxy->conf.args.line;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
MEDIUM: log: use log_format for mode tcplog Merge http_sess_log() and tcp_sess_log() to sess_log() and move it to log.c A new field in logformat_type define if you can use a logformat variable in TCP or HTTP mode. doc: log-format in tcp mode Note that due to the way log buffer allocation currently works, trying to log an HTTP request without "option httplog" is still not possible. This will change in the near future.
2012-02-27 05:23:10 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[1], "tcpka")) {
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
/* enable TCP keep-alives on client and server streams */
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
if (warnifnotcap(curproxy, PR_CAP_BE | PR_CAP_FE, file, linenum, args[1], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
if (curproxy->cap & PR_CAP_FE)
curproxy->options |= PR_O_TCP_CLI_KA;
if (curproxy->cap & PR_CAP_BE)
curproxy->options |= PR_O_TCP_SRV_KA;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[1], "httpchk")) {
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* use HTTP request to check servers' health */
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(curproxy->check_req);
[BUG] config: reset check request to avoid double free when switching to ssl/sql SSL and SQL checks did only perform a free() of the request without replacing it, so having multiple SSL/SQL check declarations after another check type causes a double free condition during config parsing. This should be backported although it's harmless.
2010-02-01 10:31:14 -05:00
curproxy->check_req = NULL;
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
curproxy->options2 &= ~PR_O2_CHK_ANY;
curproxy->options2 |= PR_O2_HTTP_CHK;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (!*args[2]) { /* no argument */
curproxy->check_req = strdup(DEF_CHECK_REQ); /* default request */
curproxy->check_len = strlen(DEF_CHECK_REQ);
} else if (!*args[3]) { /* one argument : URI */
[MINOR] checks: make the HTTP check code add the CRLF itself Currently we cannot easily add headers nor anything to HTTP checks because the requests are pre-formatted with the last CRLF. Make the check code add the CRLF itself so that we can later add useful info.
2010-01-27 05:28:42 -05:00
int reqlen = strlen(args[2]) + strlen("OPTIONS HTTP/1.0\r\n") + 1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
curproxy->check_req = (char *)malloc(reqlen);
curproxy->check_len = snprintf(curproxy->check_req, reqlen,
[MINOR] checks: make the HTTP check code add the CRLF itself Currently we cannot easily add headers nor anything to HTTP checks because the requests are pre-formatted with the last CRLF. Make the check code add the CRLF itself so that we can later add useful info.
2010-01-27 05:28:42 -05:00
"OPTIONS %s HTTP/1.0\r\n", args[2]); /* URI to use */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else { /* more arguments : METHOD URI [HTTP_VER] */
[MINOR] checks: make the HTTP check code add the CRLF itself Currently we cannot easily add headers nor anything to HTTP checks because the requests are pre-formatted with the last CRLF. Make the check code add the CRLF itself so that we can later add useful info.
2010-01-27 05:28:42 -05:00
int reqlen = strlen(args[2]) + strlen(args[3]) + 3 + strlen("\r\n");
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*args[4])
reqlen += strlen(args[4]);
else
reqlen += strlen("HTTP/1.0");
curproxy->check_req = (char *)malloc(reqlen);
curproxy->check_len = snprintf(curproxy->check_req, reqlen,
[MINOR] checks: make the HTTP check code add the CRLF itself Currently we cannot easily add headers nor anything to HTTP checks because the requests are pre-formatted with the last CRLF. Make the check code add the CRLF itself so that we can later add useful info.
2010-01-27 05:28:42 -05:00
"%s %s %s\r\n", args[2], args[3], *args[4]?args[4]:"HTTP/1.0");
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(3, 1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] implement 'option ssl-hello-chk' to use CLIENT HELLO health checks. This makes it possible to relay SSL connections in pure TCP instances while ensuring the remote end really receives our data eventhough intermediate agents (firewalls, proxies, ...) might acknowledge the connection.
2006-07-09 10:42:34 -04:00
else if (!strcmp(args[1], "ssl-hello-chk")) {
/* use SSLv3 CLIENT HELLO to check servers' health */
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MEDIUM] use an array to store most common options Most common options are now stored in an array which eases the parsing and which also permits reporting of ignored options depending on the proxy's capabilities (back/front).
2006-12-30 18:24:10 -05:00
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(curproxy->check_req);
[BUG] config: reset check request to avoid double free when switching to ssl/sql SSL and SQL checks did only perform a free() of the request without replacing it, so having multiple SSL/SQL check declarations after another check type causes a double free condition during config parsing. This should be backported although it's harmless.
2010-02-01 10:31:14 -05:00
curproxy->check_req = NULL;
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
curproxy->options2 &= ~PR_O2_CHK_ANY;
[CLEANUP] proxy: move PR_O_SSL3_CHK to options2 to release one flag We'll need another flag in the 'options' member close to PR_O_TPXY_*, and all are used, so let's move this easy one to options2 (which are already used for SQL checks).
2010-03-29 12:33:29 -04:00
curproxy->options2 |= PR_O2_SSL3_CHK;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
[MEDIUM] implement 'option ssl-hello-chk' to use CLIENT HELLO health checks. This makes it possible to relay SSL connections in pure TCP instances while ensuring the remote end really receives our data eventhough intermediate agents (firewalls, proxies, ...) might acknowledge the connection.
2006-07-09 10:42:34 -04:00
}
[MEDIUM] implement SMTP health checks Peter van Dijk contributed this patch which implements the "smtpchk" option, which is to SMTP what "httpchk" is to HTTP. By default, it sends "HELO localhost" to the servers, and waits for the 250 message, but it can also send a specific request.
2007-05-08 17:50:35 -04:00
else if (!strcmp(args[1], "smtpchk")) {
/* use SMTP request to check servers' health */
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(curproxy->check_req);
[BUG] config: reset check request to avoid double free when switching to ssl/sql SSL and SQL checks did only perform a free() of the request without replacing it, so having multiple SSL/SQL check declarations after another check type causes a double free condition during config parsing. This should be backported although it's harmless.
2010-02-01 10:31:14 -05:00
curproxy->check_req = NULL;
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
curproxy->options2 &= ~PR_O2_CHK_ANY;
curproxy->options2 |= PR_O2_SMTP_CHK;
[MEDIUM] implement SMTP health checks Peter van Dijk contributed this patch which implements the "smtpchk" option, which is to SMTP what "httpchk" is to HTTP. By default, it sends "HELO localhost" to the servers, and waits for the 250 message, but it can also send a specific request.
2007-05-08 17:50:35 -04:00
if (!*args[2] || !*args[3]) { /* no argument or incomplete EHLO host */
curproxy->check_req = strdup(DEF_SMTP_CHECK_REQ); /* default request */
curproxy->check_len = strlen(DEF_SMTP_CHECK_REQ);
} else { /* ESMTP EHLO, or SMTP HELO, and a hostname */
if (!strcmp(args[2], "EHLO") || !strcmp(args[2], "HELO")) {
int reqlen = strlen(args[2]) + strlen(args[3]) + strlen(" \r\n") + 1;
curproxy->check_req = (char *)malloc(reqlen);
curproxy->check_len = snprintf(curproxy->check_req, reqlen,
"%s %s\r\n", args[2], args[3]); /* HELO hostname */
} else {
/* this just hits the default for now, but you could potentially expand it to allow for other stuff
though, it's unlikely you'd want to send anything other than an EHLO or HELO */
curproxy->check_req = strdup(DEF_SMTP_CHECK_REQ); /* default request */
curproxy->check_len = strlen(DEF_SMTP_CHECK_REQ);
}
}
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(2, 1, file, linenum, args, &err_code))
goto out;
[MEDIUM] implement SMTP health checks Peter van Dijk contributed this patch which implements the "smtpchk" option, which is to SMTP what "httpchk" is to HTTP. By default, it sends "HELO localhost" to the servers, and waits for the 250 message, but it can also send a specific request.
2007-05-08 17:50:35 -04:00
}
[MINOR] checks: add PostgreSQL health check I have written a small patch to enable a correct PostgreSQL health check It works similar to mysql-check with the very same parameters. E.g.: listen pgsql 127.0.0.1:5432 mode tcp option pgsql-check user pgsql server masterdb pgsql.server.com:5432 check inter 10000
2011-01-04 09:14:13 -05:00
else if (!strcmp(args[1], "pgsql-check")) {
/* use PostgreSQL request to check servers' health */
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL))
err_code |= ERR_WARN;
free(curproxy->check_req);
curproxy->check_req = NULL;
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
curproxy->options2 &= ~PR_O2_CHK_ANY;
[MINOR] checks: add PostgreSQL health check I have written a small patch to enable a correct PostgreSQL health check It works similar to mysql-check with the very same parameters. E.g.: listen pgsql 127.0.0.1:5432 mode tcp option pgsql-check user pgsql server masterdb pgsql.server.com:5432 check inter 10000
2011-01-04 09:14:13 -05:00
curproxy->options2 |= PR_O2_PGSQL_CHK;
if (*(args[2])) {
int cur_arg = 2;
while (*(args[cur_arg])) {
if (strcmp(args[cur_arg], "user") == 0) {
char * packet;
uint32_t packet_len;
uint32_t pv;
/* suboption header - needs additional argument for it */
if (*(args[cur_arg+1]) == 0) {
Alert("parsing [%s:%d] : '%s %s %s' expects <username> as argument.\n",
file, linenum, args[0], args[1], args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
/* uint32_t + uint32_t + strlen("user")+1 + strlen(username)+1 + 1 */
packet_len = 4 + 4 + 5 + strlen(args[cur_arg + 1])+1 +1;
pv = htonl(0x30000); /* protocol version 3.0 */
packet = (char*) calloc(1, packet_len);
memcpy(packet + 4, &pv, 4);
/* copy "user" */
memcpy(packet + 8, "user", 4);
/* copy username */
memcpy(packet + 13, args[cur_arg+1], strlen(args[cur_arg+1]));
free(curproxy->check_req);
curproxy->check_req = packet;
curproxy->check_len = packet_len;
packet_len = htonl(packet_len);
memcpy(packet, &packet_len, 4);
cur_arg += 2;
} else {
/* unknown suboption - catchall */
Alert("parsing [%s:%d] : '%s %s' only supports optional values: 'user'.\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
} /* end while loop */
}
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(2, 1, file, linenum, args, &err_code))
goto out;
[MINOR] checks: add PostgreSQL health check I have written a small patch to enable a correct PostgreSQL health check It works similar to mysql-check with the very same parameters. E.g.: listen pgsql 127.0.0.1:5432 mode tcp option pgsql-check user pgsql server masterdb pgsql.server.com:5432 check inter 10000
2011-01-04 09:14:13 -05:00
}
[MINOR] check: add redis check support This patch provides a new "option redis-check" statement to enable server health checks based on redis PING request (http://www.redis.io/commands/ping).
2011-08-05 10:23:48 -04:00
else if (!strcmp(args[1], "redis-check")) {
/* use REDIS PING request to check servers' health */
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL))
err_code |= ERR_WARN;
free(curproxy->check_req);
curproxy->check_req = NULL;
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
curproxy->options2 &= ~PR_O2_CHK_ANY;
[MINOR] check: add redis check support This patch provides a new "option redis-check" statement to enable server health checks based on redis PING request (http://www.redis.io/commands/ping).
2011-08-05 10:23:48 -04:00
curproxy->options2 |= PR_O2_REDIS_CHK;
curproxy->check_req = (char *) malloc(sizeof(DEF_REDIS_CHECK_REQ) - 1);
memcpy(curproxy->check_req, DEF_REDIS_CHECK_REQ, sizeof(DEF_REDIS_CHECK_REQ) - 1);
curproxy->check_len = sizeof(DEF_REDIS_CHECK_REQ) - 1;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
[MINOR] check: add redis check support This patch provides a new "option redis-check" statement to enable server health checks based on redis PING request (http://www.redis.io/commands/ping).
2011-08-05 10:23:48 -04:00
}
[MINOR] add option "mysql-check" to use MySQL health checks This patch adds support for MySQL health checks. Those are enabled using the new option "mysql-check".
2010-01-12 03:25:13 -05:00
else if (!strcmp(args[1], "mysql-check")) {
/* use MYSQL request to check servers' health */
[MINOR] add better support to "mysql-check" The MySQL check has been revamped to be able to send real MySQL data, and to avoid Aborted connects on MySQL side. It is however backward compatible with older version, but it is highly recommended to use the new mode, by adding "user <username>" on the "mysql-check" line. The new check consists in sending two MySQL packet, one Client Authentication packet, with "haproxy" username (by default), and one QUIT packet, to correctly close MySQL session. We then parse the Mysql Handshake Initialisation packet and/or Error packet. It is a basic but useful test which does not produce error nor aborted connect on the server. (cherry picked from commit a1e4dcfe5718311b7653d7dabfad65c005d0439b)
2010-10-18 09:58:36 -04:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL))
err_code |= ERR_WARN;
[MINOR] add option "mysql-check" to use MySQL health checks This patch adds support for MySQL health checks. Those are enabled using the new option "mysql-check".
2010-01-12 03:25:13 -05:00
free(curproxy->check_req);
[BUG] config: reset check request to avoid double free when switching to ssl/sql SSL and SQL checks did only perform a free() of the request without replacing it, so having multiple SSL/SQL check declarations after another check type causes a double free condition during config parsing. This should be backported although it's harmless.
2010-02-01 10:31:14 -05:00
curproxy->check_req = NULL;
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
curproxy->options2 &= ~PR_O2_CHK_ANY;
[MINOR] add option "mysql-check" to use MySQL health checks This patch adds support for MySQL health checks. Those are enabled using the new option "mysql-check".
2010-01-12 03:25:13 -05:00
curproxy->options2 |= PR_O2_MYSQL_CHK;
[MINOR] add better support to "mysql-check" The MySQL check has been revamped to be able to send real MySQL data, and to avoid Aborted connects on MySQL side. It is however backward compatible with older version, but it is highly recommended to use the new mode, by adding "user <username>" on the "mysql-check" line. The new check consists in sending two MySQL packet, one Client Authentication packet, with "haproxy" username (by default), and one QUIT packet, to correctly close MySQL session. We then parse the Mysql Handshake Initialisation packet and/or Error packet. It is a basic but useful test which does not produce error nor aborted connect on the server. (cherry picked from commit a1e4dcfe5718311b7653d7dabfad65c005d0439b)
2010-10-18 09:58:36 -04:00
MINOR: checks: mysql-check: Add support for v4.1+ authentication MySQL will in stop supporting pre-4.1 authentication packets in the future and is already giving us a hard time regarding non-silencable warnings which are logged on each health check. Warnings look like the following: "[Warning] Client failed to provide its character set. 'latin1' will be used as client character set." This patch adds basic support for post-4.1 authentication by sending the proper authentication packet with the character set, along with the QUIT command.
2014-05-30 08:26:32 -04:00
/* This is an example of a MySQL >=4.0 client Authentication packet kindly provided by Cyril Bonte.
[MINOR] add better support to "mysql-check" The MySQL check has been revamped to be able to send real MySQL data, and to avoid Aborted connects on MySQL side. It is however backward compatible with older version, but it is highly recommended to use the new mode, by adding "user <username>" on the "mysql-check" line. The new check consists in sending two MySQL packet, one Client Authentication packet, with "haproxy" username (by default), and one QUIT packet, to correctly close MySQL session. We then parse the Mysql Handshake Initialisation packet and/or Error packet. It is a basic but useful test which does not produce error nor aborted connect on the server. (cherry picked from commit a1e4dcfe5718311b7653d7dabfad65c005d0439b)
2010-10-18 09:58:36 -04:00
* const char mysql40_client_auth_pkt[] = {
* "\x0e\x00\x00" // packet length
* "\x01" // packet number
* "\x00\x00" // client capabilities
* "\x00\x00\x01" // max packet
* "haproxy\x00" // username (null terminated string)
* "\x00" // filler (always 0x00)
* "\x01\x00\x00" // packet length
* "\x00" // packet number
* "\x01" // COM_QUIT command
* };
*/
MINOR: checks: mysql-check: Add support for v4.1+ authentication MySQL will in stop supporting pre-4.1 authentication packets in the future and is already giving us a hard time regarding non-silencable warnings which are logged on each health check. Warnings look like the following: "[Warning] Client failed to provide its character set. 'latin1' will be used as client character set." This patch adds basic support for post-4.1 authentication by sending the proper authentication packet with the character set, along with the QUIT command.
2014-05-30 08:26:32 -04:00
/* This is an example of a MySQL >=4.1 client Authentication packet provided by Nenad Merdanovic.
* const char mysql41_client_auth_pkt[] = {
* "\x0e\x00\x00\" // packet length
* "\x01" // packet number
* "\x00\x00\x00\x00" // client capabilities
* "\x00\x00\x00\x01" // max packet
* "\x21" // character set (UTF-8)
* char[23] // All zeroes
* "haproxy\x00" // username (null terminated string)
* "\x00" // filler (always 0x00)
* "\x01\x00\x00" // packet length
* "\x00" // packet number
* "\x01" // COM_QUIT command
* };
*/
[MINOR] add better support to "mysql-check" The MySQL check has been revamped to be able to send real MySQL data, and to avoid Aborted connects on MySQL side. It is however backward compatible with older version, but it is highly recommended to use the new mode, by adding "user <username>" on the "mysql-check" line. The new check consists in sending two MySQL packet, one Client Authentication packet, with "haproxy" username (by default), and one QUIT packet, to correctly close MySQL session. We then parse the Mysql Handshake Initialisation packet and/or Error packet. It is a basic but useful test which does not produce error nor aborted connect on the server. (cherry picked from commit a1e4dcfe5718311b7653d7dabfad65c005d0439b)
2010-10-18 09:58:36 -04:00
if (*(args[2])) {
int cur_arg = 2;
while (*(args[cur_arg])) {
if (strcmp(args[cur_arg], "user") == 0) {
char *mysqluser;
int packetlen, reqlen, userlen;
/* suboption header - needs additional argument for it */
if (*(args[cur_arg+1]) == 0) {
Alert("parsing [%s:%d] : '%s %s %s' expects <username> as argument.\n",
file, linenum, args[0], args[1], args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
mysqluser = args[cur_arg + 1];
userlen = strlen(mysqluser);
MINOR: checks: mysql-check: Add support for v4.1+ authentication MySQL will in stop supporting pre-4.1 authentication packets in the future and is already giving us a hard time regarding non-silencable warnings which are logged on each health check. Warnings look like the following: "[Warning] Client failed to provide its character set. 'latin1' will be used as client character set." This patch adds basic support for post-4.1 authentication by sending the proper authentication packet with the character set, along with the QUIT command.
2014-05-30 08:26:32 -04:00
if (*(args[cur_arg+2])) {
if (!strcmp(args[cur_arg+2], "post-41")) {
packetlen = userlen + 7 + 27;
reqlen = packetlen + 9;
free(curproxy->check_req);
curproxy->check_req = (char *)calloc(1, reqlen);
curproxy->check_len = reqlen;
snprintf(curproxy->check_req, 4, "%c%c%c",
((unsigned char) packetlen & 0xff),
((unsigned char) (packetlen >> 8) & 0xff),
((unsigned char) (packetlen >> 16) & 0xff));
curproxy->check_req[3] = 1;
curproxy->check_req[5] = 130;
curproxy->check_req[11] = 1;
curproxy->check_req[12] = 33;
memcpy(&curproxy->check_req[36], mysqluser, userlen);
curproxy->check_req[36 + userlen + 1 + 1] = 1;
curproxy->check_req[36 + userlen + 1 + 1 + 4] = 1;
cur_arg += 3;
} else {
Alert("parsing [%s:%d] : keyword '%s' only supports option 'post-41'.\n", file, linenum, args[cur_arg+2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
} else {
packetlen = userlen + 7;
reqlen = packetlen + 9;
free(curproxy->check_req);
curproxy->check_req = (char *)calloc(1, reqlen);
curproxy->check_len = reqlen;
snprintf(curproxy->check_req, 4, "%c%c%c",
((unsigned char) packetlen & 0xff),
((unsigned char) (packetlen >> 8) & 0xff),
((unsigned char) (packetlen >> 16) & 0xff));
curproxy->check_req[3] = 1;
curproxy->check_req[5] = 128;
curproxy->check_req[8] = 1;
memcpy(&curproxy->check_req[9], mysqluser, userlen);
curproxy->check_req[9 + userlen + 1 + 1] = 1;
curproxy->check_req[9 + userlen + 1 + 1 + 4] = 1;
cur_arg += 2;
}
[MINOR] add better support to "mysql-check" The MySQL check has been revamped to be able to send real MySQL data, and to avoid Aborted connects on MySQL side. It is however backward compatible with older version, but it is highly recommended to use the new mode, by adding "user <username>" on the "mysql-check" line. The new check consists in sending two MySQL packet, one Client Authentication packet, with "haproxy" username (by default), and one QUIT packet, to correctly close MySQL session. We then parse the Mysql Handshake Initialisation packet and/or Error packet. It is a basic but useful test which does not produce error nor aborted connect on the server. (cherry picked from commit a1e4dcfe5718311b7653d7dabfad65c005d0439b)
2010-10-18 09:58:36 -04:00
} else {
/* unknown suboption - catchall */
Alert("parsing [%s:%d] : '%s %s' only supports optional values: 'user'.\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
} /* end while loop */
}
[MINOR] add option "mysql-check" to use MySQL health checks This patch adds support for MySQL health checks. Those are enabled using the new option "mysql-check".
2010-01-12 03:25:13 -05:00
}
[MINOR] checks: add support for LDAPv3 health checks This patch provides a new "option ldap-check" statement to enable server health checks based on LDAPv3 bind requests. (cherry picked from commit b76b44c6fed8a7ba6f0f565dd72a9cb77aaeca7c)
2010-09-29 12:17:05 -04:00
else if (!strcmp(args[1], "ldap-check")) {
/* use LDAP request to check servers' health */
free(curproxy->check_req);
curproxy->check_req = NULL;
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
curproxy->options2 &= ~PR_O2_CHK_ANY;
[MINOR] checks: add support for LDAPv3 health checks This patch provides a new "option ldap-check" statement to enable server health checks based on LDAPv3 bind requests. (cherry picked from commit b76b44c6fed8a7ba6f0f565dd72a9cb77aaeca7c)
2010-09-29 12:17:05 -04:00
curproxy->options2 |= PR_O2_LDAP_CHK;
curproxy->check_req = (char *) malloc(sizeof(DEF_LDAP_CHECK_REQ) - 1);
memcpy(curproxy->check_req, DEF_LDAP_CHECK_REQ, sizeof(DEF_LDAP_CHECK_REQ) - 1);
curproxy->check_len = sizeof(DEF_LDAP_CHECK_REQ) - 1;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
[MINOR] checks: add support for LDAPv3 health checks This patch provides a new "option ldap-check" statement to enable server health checks based on LDAPv3 bind requests. (cherry picked from commit b76b44c6fed8a7ba6f0f565dd72a9cb77aaeca7c)
2010-09-29 12:17:05 -04:00
}
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
else if (!strcmp(args[1], "tcp-check")) {
/* use raw TCPCHK send/expect to check servers' health */
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[1], NULL))
err_code |= ERR_WARN;
free(curproxy->check_req);
curproxy->check_req = NULL;
curproxy->options2 &= ~PR_O2_CHK_ANY;
curproxy->options2 |= PR_O2_TCPCHK_CHK;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
}
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
else if (!strcmp(args[1], "external-check")) {
/* excute an external command to check servers' health */
free(curproxy->check_req);
curproxy->check_req = NULL;
curproxy->options2 &= ~PR_O2_CHK_ANY;
curproxy->options2 |= PR_O2_EXT_CHK;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
}
[MEDIUM] add the "except" keyword to the "forwardfor" option Patch from Bryan Germann for 1.2.17. In some circumstances, it is useful not to add the X-Forwarded-For header, for instance when the client is another reverse-proxy or stunnel running on the same machine and which already adds it. This patch adds the "except" keyword to the "forwardfor" option, allowing to specify an address or network which will not be added to this header.
2007-03-25 10:00:04 -04:00
else if (!strcmp(args[1], "forwardfor")) {
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
int cur_arg;
/* insert x-forwarded-for field, but not for the IP address listed as an except.
* set default options (ie: bitfield, header name, etc)
[MEDIUM] add the "except" keyword to the "forwardfor" option Patch from Bryan Germann for 1.2.17. In some circumstances, it is useful not to add the X-Forwarded-For header, for instance when the client is another reverse-proxy or stunnel running on the same machine and which already adds it. This patch adds the "except" keyword to the "forwardfor" option, allowing to specify an address or network which will not be added to this header.
2007-03-25 10:00:04 -04:00
*/
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
[MEDIUM] http: make x-forwarded-for addition conditional If "option forwardfor" has the "if-none" argument, then the header is only added when the request did not already have one. This option has security implications, and should not be set blindly.
2011-08-19 16:57:24 -04:00
curproxy->options |= PR_O_FWDFOR | PR_O_FF_ALWAYS;
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
free(curproxy->fwdfor_hdr_name);
curproxy->fwdfor_hdr_name = strdup(DEF_XFORWARDFOR_HDR);
curproxy->fwdfor_hdr_len = strlen(DEF_XFORWARDFOR_HDR);
/* loop to go through arguments - start at 2, since 0+1 = "option" "forwardfor" */
cur_arg = 2;
while (*(args[cur_arg])) {
if (!strcmp(args[cur_arg], "except")) {
/* suboption except - needs additional argument for it */
MINOR: standard: Disable ip resolution during the runtime The function str2net runs DNS resolution if valid ip cannot be parsed. The DNS function used is the standard function of the libc and it performs asynchronous request. The asynchronous request is not compatible with the haproxy archictecture. str2net() is used during the runtime throught the "socket". This patch remove the DNS resolution during the runtime.
2014-02-11 09:23:04 -05:00
if (!*(args[cur_arg+1]) || !str2net(args[cur_arg+1], 1, &curproxy->except_net, &curproxy->except_mask)) {
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
Alert("parsing [%s:%d] : '%s %s %s' expects <address>[/mask] as argument.\n",
file, linenum, args[0], args[1], args[cur_arg]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add the "except" keyword to the "forwardfor" option Patch from Bryan Germann for 1.2.17. In some circumstances, it is useful not to add the X-Forwarded-For header, for instance when the client is another reverse-proxy or stunnel running on the same machine and which already adds it. This patch adds the "except" keyword to the "forwardfor" option, allowing to specify an address or network which will not be added to this header.
2007-03-25 10:00:04 -04:00
}
/* flush useless bits */
curproxy->except_net.s_addr &= curproxy->except_mask.s_addr;
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
cur_arg += 2;
} else if (!strcmp(args[cur_arg], "header")) {
/* suboption header - needs additional argument for it */
if (*(args[cur_arg+1]) == 0) {
Alert("parsing [%s:%d] : '%s %s %s' expects <header_name> as argument.\n",
file, linenum, args[0], args[1], args[cur_arg]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
}
free(curproxy->fwdfor_hdr_name);
curproxy->fwdfor_hdr_name = strdup(args[cur_arg+1]);
curproxy->fwdfor_hdr_len = strlen(curproxy->fwdfor_hdr_name);
cur_arg += 2;
[MEDIUM] http: make x-forwarded-for addition conditional If "option forwardfor" has the "if-none" argument, then the header is only added when the request did not already have one. This option has security implications, and should not be set blindly.
2011-08-19 16:57:24 -04:00
} else if (!strcmp(args[cur_arg], "if-none")) {
curproxy->options &= ~PR_O_FF_ALWAYS;
cur_arg += 1;
[MEDIUM] add the "except" keyword to the "forwardfor" option Patch from Bryan Germann for 1.2.17. In some circumstances, it is useful not to add the X-Forwarded-For header, for instance when the client is another reverse-proxy or stunnel running on the same machine and which already adds it. This patch adds the "except" keyword to the "forwardfor" option, allowing to specify an address or network which will not be added to this header.
2007-03-25 10:00:04 -04:00
} else {
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
/* unknown suboption - catchall */
[MEDIUM] http: make x-forwarded-for addition conditional If "option forwardfor" has the "if-none" argument, then the header is only added when the request did not already have one. This option has security implications, and should not be set blindly.
2011-08-19 16:57:24 -04:00
Alert("parsing [%s:%d] : '%s %s' only supports optional values: 'except', 'header' and 'if-none'.\n",
[MINOR] add X-Original-To: header I have attached a patch which will add on every http request a new header 'X-Original-To'. If you have HAProxy running in transparent mode with a big number of SQUID servers behind it, it is very nice to have the original destination ip as a common header to make decisions based on it. The whole thing is configurable with a new option 'originalto'. I have updated the sourcecode as well as the documentation. The 'haproxy-en.txt' and 'haproxy-fr.txt' files are untouched, due to lack of my french language knowledge. ;) Also the patch adds this header for IPv4 only. I haven't any IPv6 test environment running here and don't know if getsockopt() with SO_ORIGINAL_DST will work on IPv6. If someone knows it and wants to test it I can modify the diff. Feel free to ask me questions or things which should be changed. :) --Maik
2009-04-17 12:53:21 -04:00
file, linenum, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] add X-Original-To: header I have attached a patch which will add on every http request a new header 'X-Original-To'. If you have HAProxy running in transparent mode with a big number of SQUID servers behind it, it is very nice to have the original destination ip as a common header to make decisions based on it. The whole thing is configurable with a new option 'originalto'. I have updated the sourcecode as well as the documentation. The 'haproxy-en.txt' and 'haproxy-fr.txt' files are untouched, due to lack of my french language knowledge. ;) Also the patch adds this header for IPv4 only. I haven't any IPv6 test environment running here and don't know if getsockopt() with SO_ORIGINAL_DST will work on IPv6. If someone knows it and wants to test it I can modify the diff. Feel free to ask me questions or things which should be changed. :) --Maik
2009-04-17 12:53:21 -04:00
}
} /* end while loop */
}
else if (!strcmp(args[1], "originalto")) {
int cur_arg;
/* insert x-original-to field, but not for the IP address listed as an except.
* set default options (ie: bitfield, header name, etc)
*/
curproxy->options |= PR_O_ORGTO;
free(curproxy->orgto_hdr_name);
curproxy->orgto_hdr_name = strdup(DEF_XORIGINALTO_HDR);
curproxy->orgto_hdr_len = strlen(DEF_XORIGINALTO_HDR);
[MEDIUM] http: make x-forwarded-for addition conditional If "option forwardfor" has the "if-none" argument, then the header is only added when the request did not already have one. This option has security implications, and should not be set blindly.
2011-08-19 16:57:24 -04:00
/* loop to go through arguments - start at 2, since 0+1 = "option" "originalto" */
[MINOR] add X-Original-To: header I have attached a patch which will add on every http request a new header 'X-Original-To'. If you have HAProxy running in transparent mode with a big number of SQUID servers behind it, it is very nice to have the original destination ip as a common header to make decisions based on it. The whole thing is configurable with a new option 'originalto'. I have updated the sourcecode as well as the documentation. The 'haproxy-en.txt' and 'haproxy-fr.txt' files are untouched, due to lack of my french language knowledge. ;) Also the patch adds this header for IPv4 only. I haven't any IPv6 test environment running here and don't know if getsockopt() with SO_ORIGINAL_DST will work on IPv6. If someone knows it and wants to test it I can modify the diff. Feel free to ask me questions or things which should be changed. :) --Maik
2009-04-17 12:53:21 -04:00
cur_arg = 2;
while (*(args[cur_arg])) {
if (!strcmp(args[cur_arg], "except")) {
/* suboption except - needs additional argument for it */
MINOR: standard: Disable ip resolution during the runtime The function str2net runs DNS resolution if valid ip cannot be parsed. The DNS function used is the standard function of the libc and it performs asynchronous request. The asynchronous request is not compatible with the haproxy archictecture. str2net() is used during the runtime throught the "socket". This patch remove the DNS resolution during the runtime.
2014-02-11 09:23:04 -05:00
if (!*(args[cur_arg+1]) || !str2net(args[cur_arg+1], 1, &curproxy->except_to, &curproxy->except_mask_to)) {
[MINOR] add X-Original-To: header I have attached a patch which will add on every http request a new header 'X-Original-To'. If you have HAProxy running in transparent mode with a big number of SQUID servers behind it, it is very nice to have the original destination ip as a common header to make decisions based on it. The whole thing is configurable with a new option 'originalto'. I have updated the sourcecode as well as the documentation. The 'haproxy-en.txt' and 'haproxy-fr.txt' files are untouched, due to lack of my french language knowledge. ;) Also the patch adds this header for IPv4 only. I haven't any IPv6 test environment running here and don't know if getsockopt() with SO_ORIGINAL_DST will work on IPv6. If someone knows it and wants to test it I can modify the diff. Feel free to ask me questions or things which should be changed. :) --Maik
2009-04-17 12:53:21 -04:00
Alert("parsing [%s:%d] : '%s %s %s' expects <address>[/mask] as argument.\n",
file, linenum, args[0], args[1], args[cur_arg]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] add X-Original-To: header I have attached a patch which will add on every http request a new header 'X-Original-To'. If you have HAProxy running in transparent mode with a big number of SQUID servers behind it, it is very nice to have the original destination ip as a common header to make decisions based on it. The whole thing is configurable with a new option 'originalto'. I have updated the sourcecode as well as the documentation. The 'haproxy-en.txt' and 'haproxy-fr.txt' files are untouched, due to lack of my french language knowledge. ;) Also the patch adds this header for IPv4 only. I haven't any IPv6 test environment running here and don't know if getsockopt() with SO_ORIGINAL_DST will work on IPv6. If someone knows it and wants to test it I can modify the diff. Feel free to ask me questions or things which should be changed. :) --Maik
2009-04-17 12:53:21 -04:00
}
/* flush useless bits */
curproxy->except_to.s_addr &= curproxy->except_mask_to.s_addr;
cur_arg += 2;
} else if (!strcmp(args[cur_arg], "header")) {
/* suboption header - needs additional argument for it */
if (*(args[cur_arg+1]) == 0) {
Alert("parsing [%s:%d] : '%s %s %s' expects <header_name> as argument.\n",
file, linenum, args[0], args[1], args[cur_arg]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] add X-Original-To: header I have attached a patch which will add on every http request a new header 'X-Original-To'. If you have HAProxy running in transparent mode with a big number of SQUID servers behind it, it is very nice to have the original destination ip as a common header to make decisions based on it. The whole thing is configurable with a new option 'originalto'. I have updated the sourcecode as well as the documentation. The 'haproxy-en.txt' and 'haproxy-fr.txt' files are untouched, due to lack of my french language knowledge. ;) Also the patch adds this header for IPv4 only. I haven't any IPv6 test environment running here and don't know if getsockopt() with SO_ORIGINAL_DST will work on IPv6. If someone knows it and wants to test it I can modify the diff. Feel free to ask me questions or things which should be changed. :) --Maik
2009-04-17 12:53:21 -04:00
}
free(curproxy->orgto_hdr_name);
curproxy->orgto_hdr_name = strdup(args[cur_arg+1]);
curproxy->orgto_hdr_len = strlen(curproxy->orgto_hdr_name);
cur_arg += 2;
} else {
/* unknown suboption - catchall */
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
Alert("parsing [%s:%d] : '%s %s' only supports optional values: 'except' and 'header'.\n",
file, linenum, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add the "except" keyword to the "forwardfor" option Patch from Bryan Germann for 1.2.17. In some circumstances, it is useful not to add the X-Forwarded-For header, for instance when the client is another reverse-proxy or stunnel running on the same machine and which already adds it. This patch adds the "except" keyword to the "forwardfor" option, allowing to specify an address or network which will not be added to this header.
2007-03-25 10:00:04 -04:00
}
[MINOR] permit renaming of x-forwarded-for header Because I needed it in my situation - here's a quick patch to allow changing of the "x-forwarded-for" header by using a suboption to "option forwardfor". Suboption "header XYZ" will set the header from "x-forwarded-for" to "XYZ". Default is still "x-forwarded-for" if the header value isn't defined. Also the suboption 'except a.b.c.d/z' still works on the same line. So it's now: option forwardfor [except a.b.c.d[/z]] [header XYZ]
2008-08-03 04:51:45 -04:00
} /* end while loop */
[MEDIUM] add the "except" keyword to the "forwardfor" option Patch from Bryan Germann for 1.2.17. In some circumstances, it is useful not to add the X-Forwarded-For header, for instance when the client is another reverse-proxy or stunnel running on the same machine and which already adds it. This patch adds the "except" keyword to the "forwardfor" option, allowing to specify an address or network which will not be added to this header.
2007-03-25 10:00:04 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else {
Alert("parsing [%s:%d] : unknown option '%s'.\n", file, linenum, args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
else if (!strcmp(args[0], "default_backend")) {
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a backend name.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
}
[CLEANUP] remove 65 useless NULL checks before free C specification clearly states that free(NULL) is a no-op. So remove useless checks before calling free.
2008-08-03 06:19:50 -04:00
free(curproxy->defbe.name);
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
curproxy->defbe.name = strdup(args[1]);
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(1, 0, file, linenum, args, &err_code))
goto out;
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "redispatch") || !strcmp(args[0], "redisp")) {
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
MEDIUM: config: inform the user only once that "redispatch" is deprecated It may go away in 1.6, but there's no point reporting it for each and every occurrence.
2014-04-28 16:37:32 -04:00
if (!already_warned(WARN_REDISPATCH_DEPRECATED))
Warning("parsing [%s:%d]: keyword '%s' is deprecated in favor of 'option redispatch', and will not be supported by future versions.\n",
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* enable reconnections to dispatch */
curproxy->options |= PR_O_REDISP;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(1, 0, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: config: add new setting "http-reuse" For now it only supports "never", meaning that we never want to reuse a shared connection, and "always", meaning that we can use any connection that was not marked private. When "never" is set, this also implies that no idle connection may become a shared one.
2015-08-05 08:12:31 -04:00
else if (!strcmp(args[0], "http-reuse")) {
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
err_code |= ERR_WARN;
if (strcmp(args[1], "never") == 0) {
/* enable a graceful server shutdown on an HTTP 404 response */
curproxy->options &= ~PR_O_REUSE_MASK;
curproxy->options |= PR_O_REUSE_NEVR;
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
}
MEDIUM: backend: implement "http-reuse safe" The "safe" mode consists in picking existing connections only when processing a request that's not the first one from a connection. This ensures that in case where the server finally times out and closes, the client can decide to replay idempotent requests.
2015-08-05 10:02:46 -04:00
else if (strcmp(args[1], "safe") == 0) {
/* enable a graceful server shutdown on an HTTP 404 response */
curproxy->options &= ~PR_O_REUSE_MASK;
curproxy->options |= PR_O_REUSE_SAFE;
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
}
MEDIUM: backend: add the "http-reuse aggressive" strategy This strategy is less extreme than "always", it only dispatches first requests to validated reused connections, and moves a connection from the idle list to the safe list once it has seen a second request, thus proving that it could be reused.
2015-08-05 11:16:33 -04:00
else if (strcmp(args[1], "aggressive") == 0) {
curproxy->options &= ~PR_O_REUSE_MASK;
curproxy->options |= PR_O_REUSE_AGGR;
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
}
MINOR: config: add new setting "http-reuse" For now it only supports "never", meaning that we never want to reuse a shared connection, and "always", meaning that we can use any connection that was not marked private. When "never" is set, this also implies that no idle connection may become a shared one.
2015-08-05 08:12:31 -04:00
else if (strcmp(args[1], "always") == 0) {
/* enable a graceful server shutdown on an HTTP 404 response */
curproxy->options &= ~PR_O_REUSE_MASK;
curproxy->options |= PR_O_REUSE_ALWS;
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
}
else {
MEDIUM: backend: add the "http-reuse aggressive" strategy This strategy is less extreme than "always", it only dispatches first requests to validated reused connections, and moves a connection from the idle list to the safe list once it has seen a second request, thus proving that it could be reused.
2015-08-05 11:16:33 -04:00
Alert("parsing [%s:%d] : '%s' only supports 'never', 'safe', 'aggressive', 'always'.\n", file, linenum, args[0]);
MINOR: config: add new setting "http-reuse" For now it only supports "never", meaning that we never want to reuse a shared connection, and "always", meaning that we can use any connection that was not marked private. When "never" is set, this also implies that no idle connection may become a shared one.
2015-08-05 08:12:31 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
[MEDIUM] implement "http-check disable-on-404" for graceful shutdown When an HTTP server returns "404 not found", it indicates that at least part of it is still running. For this reason, it can be convenient for application administrators to be able to consider code 404 as valid, but for a server which does not want to participate to load balancing anymore. This is useful to seamlessly exclude a server from a farm without acting on the load balancer. For instance, let's consider that haproxy checks for the "/alive" file. To enable load balancing on a server, the admin would simply do : # touch /var/www/alive And to disable the server, he would simply do : # rm /var/www/alive Another immediate gain from doing this is that it is now possible to send NOTICE messages instead of ALERT messages when a server is first disable, then goes down. This provides a graceful shutdown method. To enable this behaviour, specify "http-check disable-on-404" in the backend.
2007-11-30 04:41:39 -05:00
else if (!strcmp(args[0], "http-check")) {
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MEDIUM] implement "http-check disable-on-404" for graceful shutdown When an HTTP server returns "404 not found", it indicates that at least part of it is still running. For this reason, it can be convenient for application administrators to be able to consider code 404 as valid, but for a server which does not want to participate to load balancing anymore. This is useful to seamlessly exclude a server from a farm without acting on the load balancer. For instance, let's consider that haproxy checks for the "/alive" file. To enable load balancing on a server, the admin would simply do : # touch /var/www/alive And to disable the server, he would simply do : # rm /var/www/alive Another immediate gain from doing this is that it is now possible to send NOTICE messages instead of ALERT messages when a server is first disable, then goes down. This provides a graceful shutdown method. To enable this behaviour, specify "http-check disable-on-404" in the backend.
2007-11-30 04:41:39 -05:00
if (strcmp(args[1], "disable-on-404") == 0) {
/* enable a graceful server shutdown on an HTTP 404 response */
curproxy->options |= PR_O_DISABLE404;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
[MEDIUM] implement "http-check disable-on-404" for graceful shutdown When an HTTP server returns "404 not found", it indicates that at least part of it is still running. For this reason, it can be convenient for application administrators to be able to consider code 404 as valid, but for a server which does not want to participate to load balancing anymore. This is useful to seamlessly exclude a server from a farm without acting on the load balancer. For instance, let's consider that haproxy checks for the "/alive" file. To enable load balancing on a server, the admin would simply do : # touch /var/www/alive And to disable the server, he would simply do : # rm /var/www/alive Another immediate gain from doing this is that it is now possible to send NOTICE messages instead of ALERT messages when a server is first disable, then goes down. This provides a graceful shutdown method. To enable this behaviour, specify "http-check disable-on-404" in the backend.
2007-11-30 04:41:39 -05:00
}
[MINOR] checks: add the server's status in the checks Now a server can check the contents of the header X-Haproxy-Server-State to know how haproxy sees it. The same values as those reported in the stats are provided : - up/down status + check counts - throttle - weight vs backend weight - active sessions vs backend sessions - queue length - haproxy node name
2010-01-27 05:53:01 -05:00
else if (strcmp(args[1], "send-state") == 0) {
/* enable emission of the apparent state of a server in HTTP checks */
curproxy->options2 |= PR_O2_CHK_SNDST;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
[MINOR] checks: add the server's status in the checks Now a server can check the contents of the header X-Haproxy-Server-State to know how haproxy sees it. The same values as those reported in the stats are provided : - up/down status + check counts - throttle - weight vs backend weight - active sessions vs backend sessions - queue length - haproxy node name
2010-01-27 05:53:01 -05:00
}
[MEDIUM] checks: add support for HTTP contents lookup This patch adds the "http-check expect [r]{string,status}" statements which enable health checks based on whether the response status or body to an HTTP request contains a string or matches a regex. This probably is one of the oldest patches that remained unmerged. Over the time, several people have contributed to it, among which FinalBSD (first and second implementations), Nick Chalk (port to 1.4), Anze Skerlavaj (tests and fixes), Cyril Bonté (general fixes), and of course myself for the final fixes and doc during integration. Some people already use an old version of this patch which has several issues, among which the inability to search for a plain string that is not at the beginning of the data, and the inability to look for response contents that are provided in a second and subsequent recv() calls. But since some configs are already deployed, it was quite important to ensure a 100% compatible behaviour on the working cases. Thus, that patch fixes the issues while maintaining config compatibility with already deployed versions. (cherry picked from commit b507c43a3ce9a8e8e4b770e52e4edc20cba4c37f)
2010-03-16 13:46:54 -04:00
else if (strcmp(args[1], "expect") == 0) {
const char *ptr_arg;
int cur_arg;
if (curproxy->options2 & PR_O2_EXP_TYPE) {
Alert("parsing [%s:%d] : '%s %s' already specified.\n", file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
cur_arg = 2;
/* consider exclamation marks, sole or at the beginning of a word */
while (*(ptr_arg = args[cur_arg])) {
while (*ptr_arg == '!') {
curproxy->options2 ^= PR_O2_EXP_INV;
ptr_arg++;
}
if (*ptr_arg)
break;
cur_arg++;
}
/* now ptr_arg points to the beginning of a word past any possible
* exclamation mark, and cur_arg is the argument which holds this word.
*/
if (strcmp(ptr_arg, "status") == 0) {
if (!*(args[cur_arg + 1])) {
Alert("parsing [%s:%d] : '%s %s %s' expects <string> as an argument.\n",
file, linenum, args[0], args[1], ptr_arg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curproxy->options2 |= PR_O2_EXP_STS;
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
free(curproxy->expect_str);
[MEDIUM] checks: add support for HTTP contents lookup This patch adds the "http-check expect [r]{string,status}" statements which enable health checks based on whether the response status or body to an HTTP request contains a string or matches a regex. This probably is one of the oldest patches that remained unmerged. Over the time, several people have contributed to it, among which FinalBSD (first and second implementations), Nick Chalk (port to 1.4), Anze Skerlavaj (tests and fixes), Cyril Bonté (general fixes), and of course myself for the final fixes and doc during integration. Some people already use an old version of this patch which has several issues, among which the inability to search for a plain string that is not at the beginning of the data, and the inability to look for response contents that are provided in a second and subsequent recv() calls. But since some configs are already deployed, it was quite important to ensure a 100% compatible behaviour on the working cases. Thus, that patch fixes the issues while maintaining config compatibility with already deployed versions. (cherry picked from commit b507c43a3ce9a8e8e4b770e52e4edc20cba4c37f)
2010-03-16 13:46:54 -04:00
curproxy->expect_str = strdup(args[cur_arg + 1]);
}
else if (strcmp(ptr_arg, "string") == 0) {
if (!*(args[cur_arg + 1])) {
Alert("parsing [%s:%d] : '%s %s %s' expects <string> as an argument.\n",
file, linenum, args[0], args[1], ptr_arg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curproxy->options2 |= PR_O2_EXP_STR;
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
free(curproxy->expect_str);
[MEDIUM] checks: add support for HTTP contents lookup This patch adds the "http-check expect [r]{string,status}" statements which enable health checks based on whether the response status or body to an HTTP request contains a string or matches a regex. This probably is one of the oldest patches that remained unmerged. Over the time, several people have contributed to it, among which FinalBSD (first and second implementations), Nick Chalk (port to 1.4), Anze Skerlavaj (tests and fixes), Cyril Bonté (general fixes), and of course myself for the final fixes and doc during integration. Some people already use an old version of this patch which has several issues, among which the inability to search for a plain string that is not at the beginning of the data, and the inability to look for response contents that are provided in a second and subsequent recv() calls. But since some configs are already deployed, it was quite important to ensure a 100% compatible behaviour on the working cases. Thus, that patch fixes the issues while maintaining config compatibility with already deployed versions. (cherry picked from commit b507c43a3ce9a8e8e4b770e52e4edc20cba4c37f)
2010-03-16 13:46:54 -04:00
curproxy->expect_str = strdup(args[cur_arg + 1]);
}
else if (strcmp(ptr_arg, "rstatus") == 0) {
if (!*(args[cur_arg + 1])) {
Alert("parsing [%s:%d] : '%s %s %s' expects <regex> as an argument.\n",
file, linenum, args[0], args[1], ptr_arg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curproxy->options2 |= PR_O2_EXP_RSTS;
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
free(curproxy->expect_str);
MINOR: regex: fix a little configuration memory leak. The function regfree free the memory allocated to the pattern buffer by the compiling process. It is not freeing the buffer itself.
2014-06-11 08:45:31 -04:00
if (curproxy->expect_regex) {
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
regex_free(curproxy->expect_regex);
MINOR: regex: fix a little configuration memory leak. The function regfree free the memory allocated to the pattern buffer by the compiling process. It is not freeing the buffer itself.
2014-06-11 08:45:31 -04:00
free(curproxy->expect_regex);
curproxy->expect_regex = NULL;
}
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
curproxy->expect_str = strdup(args[cur_arg + 1]);
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
curproxy->expect_regex = calloc(1, sizeof(*curproxy->expect_regex));
error = NULL;
if (!regex_comp(args[cur_arg + 1], curproxy->expect_regex, 1, 1, &error)) {
Alert("parsing [%s:%d] : '%s %s %s' : bad regular expression '%s': %s.\n",
file, linenum, args[0], args[1], ptr_arg, args[cur_arg + 1], error);
free(error);
[MEDIUM] checks: add support for HTTP contents lookup This patch adds the "http-check expect [r]{string,status}" statements which enable health checks based on whether the response status or body to an HTTP request contains a string or matches a regex. This probably is one of the oldest patches that remained unmerged. Over the time, several people have contributed to it, among which FinalBSD (first and second implementations), Nick Chalk (port to 1.4), Anze Skerlavaj (tests and fixes), Cyril Bonté (general fixes), and of course myself for the final fixes and doc during integration. Some people already use an old version of this patch which has several issues, among which the inability to search for a plain string that is not at the beginning of the data, and the inability to look for response contents that are provided in a second and subsequent recv() calls. But since some configs are already deployed, it was quite important to ensure a 100% compatible behaviour on the working cases. Thus, that patch fixes the issues while maintaining config compatibility with already deployed versions. (cherry picked from commit b507c43a3ce9a8e8e4b770e52e4edc20cba4c37f)
2010-03-16 13:46:54 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
else if (strcmp(ptr_arg, "rstring") == 0) {
if (!*(args[cur_arg + 1])) {
Alert("parsing [%s:%d] : '%s %s %s' expects <regex> as an argument.\n",
file, linenum, args[0], args[1], ptr_arg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curproxy->options2 |= PR_O2_EXP_RSTR;
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
free(curproxy->expect_str);
MINOR: regex: fix a little configuration memory leak. The function regfree free the memory allocated to the pattern buffer by the compiling process. It is not freeing the buffer itself.
2014-06-11 08:45:31 -04:00
if (curproxy->expect_regex) {
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
regex_free(curproxy->expect_regex);
MINOR: regex: fix a little configuration memory leak. The function regfree free the memory allocated to the pattern buffer by the compiling process. It is not freeing the buffer itself.
2014-06-11 08:45:31 -04:00
free(curproxy->expect_regex);
curproxy->expect_regex = NULL;
}
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
curproxy->expect_str = strdup(args[cur_arg + 1]);
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
curproxy->expect_regex = calloc(1, sizeof(*curproxy->expect_regex));
error = NULL;
if (!regex_comp(args[cur_arg + 1], curproxy->expect_regex, 1, 1, &error)) {
Alert("parsing [%s:%d] : '%s %s %s' : bad regular expression '%s': %s.\n",
file, linenum, args[0], args[1], ptr_arg, args[cur_arg + 1], error);
free(error);
[MEDIUM] checks: add support for HTTP contents lookup This patch adds the "http-check expect [r]{string,status}" statements which enable health checks based on whether the response status or body to an HTTP request contains a string or matches a regex. This probably is one of the oldest patches that remained unmerged. Over the time, several people have contributed to it, among which FinalBSD (first and second implementations), Nick Chalk (port to 1.4), Anze Skerlavaj (tests and fixes), Cyril Bonté (general fixes), and of course myself for the final fixes and doc during integration. Some people already use an old version of this patch which has several issues, among which the inability to search for a plain string that is not at the beginning of the data, and the inability to look for response contents that are provided in a second and subsequent recv() calls. But since some configs are already deployed, it was quite important to ensure a 100% compatible behaviour on the working cases. Thus, that patch fixes the issues while maintaining config compatibility with already deployed versions. (cherry picked from commit b507c43a3ce9a8e8e4b770e52e4edc20cba4c37f)
2010-03-16 13:46:54 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
else {
Alert("parsing [%s:%d] : '%s %s' only supports [!] 'status', 'string', 'rstatus', 'rstring', found '%s'.\n",
file, linenum, args[0], args[1], ptr_arg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
[MEDIUM] implement "http-check disable-on-404" for graceful shutdown When an HTTP server returns "404 not found", it indicates that at least part of it is still running. For this reason, it can be convenient for application administrators to be able to consider code 404 as valid, but for a server which does not want to participate to load balancing anymore. This is useful to seamlessly exclude a server from a farm without acting on the load balancer. For instance, let's consider that haproxy checks for the "/alive" file. To enable load balancing on a server, the admin would simply do : # touch /var/www/alive And to disable the server, he would simply do : # rm /var/www/alive Another immediate gain from doing this is that it is now possible to send NOTICE messages instead of ALERT messages when a server is first disable, then goes down. This provides a graceful shutdown method. To enable this behaviour, specify "http-check disable-on-404" in the backend.
2007-11-30 04:41:39 -05:00
else {
[BUG] check: http-check expect + regex would crash in defaults section Manoj Kumar reported a case where haproxy would crash upon start-up. The cause was an "http-check expect" statement declared in the defaults section, which caused a NULL regex to be used during the check. This statement is not allowed in defaults sections precisely because this requires saving a copy of the regex in the default proxy. But the check was not made to prevent it from being declared there, hence the issue. Instead of adding code to detect its abnormal use, we decided to implement it. It was not that much complex because the expect_str part was not used with regexes, so it could hold the string form of the regex in order to compile it again for every backend (there's no way to clone regexes). This patch has been tested and works. So it's both a bugfix and a minor feature enhancement. It should be backported to 1.4 though it's not critical since the config was not supposed to be supported.
2011-08-19 14:04:17 -04:00
Alert("parsing [%s:%d] : '%s' only supports 'disable-on-404', 'send-state', 'expect'.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] implement "http-check disable-on-404" for graceful shutdown When an HTTP server returns "404 not found", it indicates that at least part of it is still running. For this reason, it can be convenient for application administrators to be able to consider code 404 as valid, but for a server which does not want to participate to load balancing anymore. This is useful to seamlessly exclude a server from a farm without acting on the load balancer. For instance, let's consider that haproxy checks for the "/alive" file. To enable load balancing on a server, the admin would simply do : # touch /var/www/alive And to disable the server, he would simply do : # rm /var/www/alive Another immediate gain from doing this is that it is now possible to send NOTICE messages instead of ALERT messages when a server is first disable, then goes down. This provides a graceful shutdown method. To enable this behaviour, specify "http-check disable-on-404" in the backend.
2007-11-30 04:41:39 -05:00
}
}
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
else if (!strcmp(args[0], "tcp-check")) {
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
err_code |= ERR_WARN;
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
if (strcmp(args[1], "comment") == 0) {
int cur_arg;
struct tcpcheck_rule *tcpcheck;
cur_arg = 1;
tcpcheck = (struct tcpcheck_rule *)calloc(1, sizeof(*tcpcheck));
tcpcheck->action = TCPCHK_ACT_COMMENT;
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d] : '%s' expects a comment string.\n",
file, linenum, args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->comment = strdup(args[cur_arg + 1]);
LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list);
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(1, 1, file, linenum, args, &err_code))
goto out;
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
}
else if (strcmp(args[1], "connect") == 0) {
MEDIUM: tcp-check new feature: connect A new tcp-check rule type: connect. It allows HAProxy to test applications which stand on multiple ports or multiple applications load-balanced through the same backend.
2013-12-10 18:52:19 -05:00
const char *ptr_arg;
int cur_arg;
struct tcpcheck_rule *tcpcheck;
/* check if first rule is also a 'connect' action */
BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct The method used to skip to next rule in the list is wrong, it assumes that the list element starts at the same offset as the rule. It happens to be true on most architectures since the list is the first element for now but it's definitely wrong. Now the code doesn't crash anymore when the struct list is moved anywhere else in the struct tcpcheck_rule. This fix must be backported to 1.5.
2015-05-13 06:24:53 -04:00
tcpcheck = LIST_NEXT(&curproxy->tcpcheck_rules, struct tcpcheck_rule *, list);
while (&tcpcheck->list != &curproxy->tcpcheck_rules &&
tcpcheck->action == TCPCHK_ACT_COMMENT) {
tcpcheck = LIST_NEXT(&tcpcheck->list, struct tcpcheck_rule *, list);
}
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct The method used to skip to next rule in the list is wrong, it assumes that the list element starts at the same offset as the rule. It happens to be true on most architectures since the list is the first element for now but it's definitely wrong. Now the code doesn't crash anymore when the struct list is moved anywhere else in the struct tcpcheck_rule. This fix must be backported to 1.5.
2015-05-13 06:24:53 -04:00
if (&tcpcheck->list != &curproxy->tcpcheck_rules
&& tcpcheck->action != TCPCHK_ACT_CONNECT) {
Alert("parsing [%s:%d] : first step MUST also be a 'connect' when there is a 'connect' step in the tcp-check ruleset.\n",
file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
MEDIUM: tcp-check new feature: connect A new tcp-check rule type: connect. It allows HAProxy to test applications which stand on multiple ports or multiple applications load-balanced through the same backend.
2013-12-10 18:52:19 -05:00
}
cur_arg = 2;
tcpcheck = (struct tcpcheck_rule *)calloc(1, sizeof(*tcpcheck));
tcpcheck->action = TCPCHK_ACT_CONNECT;
/* parsing each parameters to fill up the rule */
while (*(ptr_arg = args[cur_arg])) {
/* tcp port */
if (strcmp(args[cur_arg], "port") == 0) {
if ( (atol(args[cur_arg + 1]) > 65535) ||
(atol(args[cur_arg + 1]) < 1) ){
Alert("parsing [%s:%d] : '%s %s %s' expects a valid TCP port (from range 1 to 65535), got %s.\n",
file, linenum, args[0], args[1], "port", args[cur_arg + 1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->port = atol(args[cur_arg + 1]);
cur_arg += 2;
}
/* send proxy protocol */
else if (strcmp(args[cur_arg], "send-proxy") == 0) {
tcpcheck->conn_opts |= TCPCHK_OPT_SEND_PROXY;
cur_arg++;
}
#ifdef USE_OPENSSL
else if (strcmp(args[cur_arg], "ssl") == 0) {
curproxy->options |= PR_O_TCPCHK_SSL;
tcpcheck->conn_opts |= TCPCHK_OPT_SSL;
cur_arg++;
}
#endif /* USE_OPENSSL */
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
/* comment for this tcpcheck line */
else if (strcmp(args[cur_arg], "comment") == 0) {
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d] : '%s' expects a comment string.\n",
file, linenum, args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->comment = strdup(args[cur_arg + 1]);
cur_arg += 2;
}
MEDIUM: tcp-check new feature: connect A new tcp-check rule type: connect. It allows HAProxy to test applications which stand on multiple ports or multiple applications load-balanced through the same backend.
2013-12-10 18:52:19 -05:00
else {
#ifdef USE_OPENSSL
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
Alert("parsing [%s:%d] : '%s %s' expects 'comment', 'port', 'send-proxy' or 'ssl' but got '%s' as argument.\n",
MEDIUM: tcp-check new feature: connect A new tcp-check rule type: connect. It allows HAProxy to test applications which stand on multiple ports or multiple applications load-balanced through the same backend.
2013-12-10 18:52:19 -05:00
#else /* USE_OPENSSL */
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
Alert("parsing [%s:%d] : '%s %s' expects 'comment', 'port', 'send-proxy' or but got '%s' as argument.\n",
MEDIUM: tcp-check new feature: connect A new tcp-check rule type: connect. It allows HAProxy to test applications which stand on multiple ports or multiple applications load-balanced through the same backend.
2013-12-10 18:52:19 -05:00
#endif /* USE_OPENSSL */
file, linenum, args[0], args[1], args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list);
}
else if (strcmp(args[1], "send") == 0) {
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
if (! *(args[2]) ) {
/* SEND string expected */
Alert("parsing [%s:%d] : '%s %s %s' expects <STRING> as argument.\n",
file, linenum, args[0], args[1], args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
} else {
struct tcpcheck_rule *tcpcheck;
tcpcheck = (struct tcpcheck_rule *)calloc(1, sizeof(*tcpcheck));
tcpcheck->action = TCPCHK_ACT_SEND;
tcpcheck->string_len = strlen(args[2]);
tcpcheck->string = strdup(args[2]);
tcpcheck->expect_regex = NULL;
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
/* comment for this tcpcheck line */
if (strcmp(args[3], "comment") == 0) {
if (!*args[4]) {
Alert("parsing [%s:%d] : '%s' expects a comment string.\n",
file, linenum, args[3]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->comment = strdup(args[4]);
}
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list);
}
}
else if (strcmp(args[1], "send-binary") == 0) {
if (! *(args[2]) ) {
/* SEND binary string expected */
Alert("parsing [%s:%d] : '%s %s %s' expects <BINARY STRING> as argument.\n",
file, linenum, args[0], args[1], args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
} else {
struct tcpcheck_rule *tcpcheck;
char *err = NULL;
tcpcheck = (struct tcpcheck_rule *)calloc(1, sizeof(*tcpcheck));
tcpcheck->action = TCPCHK_ACT_SEND;
if (parse_binary(args[2], &tcpcheck->string, &tcpcheck->string_len, &err) == 0) {
Alert("parsing [%s:%d] : '%s %s %s' expects <BINARY STRING> as argument, but %s\n",
file, linenum, args[0], args[1], args[2], err);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->expect_regex = NULL;
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
/* comment for this tcpcheck line */
if (strcmp(args[3], "comment") == 0) {
if (!*args[4]) {
Alert("parsing [%s:%d] : '%s' expects a comment string.\n",
file, linenum, args[3]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->comment = strdup(args[4]);
}
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list);
}
}
else if (strcmp(args[1], "expect") == 0) {
const char *ptr_arg;
int cur_arg;
int inverse = 0;
if (curproxy->options2 & PR_O2_EXP_TYPE) {
Alert("parsing [%s:%d] : '%s %s' already specified.\n", file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
cur_arg = 2;
/* consider exclamation marks, sole or at the beginning of a word */
while (*(ptr_arg = args[cur_arg])) {
while (*ptr_arg == '!') {
inverse = !inverse;
ptr_arg++;
}
if (*ptr_arg)
break;
cur_arg++;
}
/* now ptr_arg points to the beginning of a word past any possible
* exclamation mark, and cur_arg is the argument which holds this word.
*/
if (strcmp(ptr_arg, "binary") == 0) {
BUILD/CLEANUP: config: silent 3 warnings about mixed declarations with code These ones were present in the tcp-check parser.
2015-02-27 10:37:05 -05:00
struct tcpcheck_rule *tcpcheck;
char *err = NULL;
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
if (!*(args[cur_arg + 1])) {
Alert("parsing [%s:%d] : '%s %s %s' expects <binary string> as an argument.\n",
file, linenum, args[0], args[1], ptr_arg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck = (struct tcpcheck_rule *)calloc(1, sizeof(*tcpcheck));
tcpcheck->action = TCPCHK_ACT_EXPECT;
if (parse_binary(args[cur_arg + 1], &tcpcheck->string, &tcpcheck->string_len, &err) == 0) {
Alert("parsing [%s:%d] : '%s %s %s' expects <BINARY STRING> as argument, but %s\n",
file, linenum, args[0], args[1], args[2], err);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->expect_regex = NULL;
tcpcheck->inverse = inverse;
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
/* tcpcheck comment */
cur_arg += 2;
if (strcmp(args[cur_arg], "comment") == 0) {
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d] : '%s' expects a comment string.\n",
file, linenum, args[cur_arg + 1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->comment = strdup(args[cur_arg + 1]);
}
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list);
}
else if (strcmp(ptr_arg, "string") == 0) {
BUILD/CLEANUP: config: silent 3 warnings about mixed declarations with code These ones were present in the tcp-check parser.
2015-02-27 10:37:05 -05:00
struct tcpcheck_rule *tcpcheck;
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
if (!*(args[cur_arg + 1])) {
Alert("parsing [%s:%d] : '%s %s %s' expects <string> as an argument.\n",
file, linenum, args[0], args[1], ptr_arg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck = (struct tcpcheck_rule *)calloc(1, sizeof(*tcpcheck));
tcpcheck->action = TCPCHK_ACT_EXPECT;
tcpcheck->string_len = strlen(args[cur_arg + 1]);
tcpcheck->string = strdup(args[cur_arg + 1]);
tcpcheck->expect_regex = NULL;
tcpcheck->inverse = inverse;
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
/* tcpcheck comment */
cur_arg += 2;
if (strcmp(args[cur_arg], "comment") == 0) {
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d] : '%s' expects a comment string.\n",
file, linenum, args[cur_arg + 1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->comment = strdup(args[cur_arg + 1]);
}
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list);
}
else if (strcmp(ptr_arg, "rstring") == 0) {
BUILD/CLEANUP: config: silent 3 warnings about mixed declarations with code These ones were present in the tcp-check parser.
2015-02-27 10:37:05 -05:00
struct tcpcheck_rule *tcpcheck;
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
if (!*(args[cur_arg + 1])) {
Alert("parsing [%s:%d] : '%s %s %s' expects <regex> as an argument.\n",
file, linenum, args[0], args[1], ptr_arg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck = (struct tcpcheck_rule *)calloc(1, sizeof(*tcpcheck));
tcpcheck->action = TCPCHK_ACT_EXPECT;
tcpcheck->string_len = 0;
tcpcheck->string = NULL;
MEDIUM: regex: replace all standard regex function by own functions This patch remove all references of standard regex in haproxy. The last remaining references are only in the regex.[ch] files. In the file src/checks.c, the original function uses a "pmatch" array. In fact this array is unused. This patch remove it.
2014-06-18 05:35:54 -04:00
tcpcheck->expect_regex = calloc(1, sizeof(*tcpcheck->expect_regex));
error = NULL;
if (!regex_comp(args[cur_arg + 1], tcpcheck->expect_regex, 1, 1, &error)) {
Alert("parsing [%s:%d] : '%s %s %s' : bad regular expression '%s': %s.\n",
file, linenum, args[0], args[1], ptr_arg, args[cur_arg + 1], error);
free(error);
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->inverse = inverse;
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
/* tcpcheck comment */
cur_arg += 2;
if (strcmp(args[cur_arg], "comment") == 0) {
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d] : '%s' expects a comment string.\n",
file, linenum, args[cur_arg + 1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tcpcheck->comment = strdup(args[cur_arg + 1]);
}
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
LIST_ADDQ(&curproxy->tcpcheck_rules, &tcpcheck->list);
}
else {
Alert("parsing [%s:%d] : '%s %s' only supports [!] 'binary', 'string', 'rstring', found '%s'.\n",
file, linenum, args[0], args[1], ptr_arg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
else {
MINOR: include comment in tcpcheck error log tcpcheck error messages include the step id where the error occurs. In some cases, this is not enough. Now, HAProxy also use the comment field of the latest tcpcheck rule which has been run. This commit allows HAProxy to parse a new directive in the tcpcheck ruleset: 'comment'. It is used to setup comments on the current tcpcheck rules.
2015-05-01 02:03:04 -04:00
Alert("parsing [%s:%d] : '%s' only supports 'comment', 'connect', 'send' or 'expect'.\n", file, linenum, args[0]);
MEDIUM: checks: add send/expect tcp based check This is a generic health check which can be used to match a banner or send a request and analyse a server response. It works in a send/expect ways and many exchange can be done between HAProxy and a server to decide the server status, making HAProxy able to speak the server's protocol. It can send arbitrary regular or binary strings and match content as a regular or binary string or a regex. Signed-off-by: Baptiste Assmann <bedis9@gmail.com>
2013-10-06 17:24:13 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
[MEDIUM] add the "fail" condition to monitor requests Under certain circumstances, it is very useful to be able to fail some monitor requests. One specific case is when the number of servers in the backend falls below a certain level. The new "monitor fail" construct followed by either "if"/"unless" <condition> makes it possible to specify ACL-based conditions which will make the monitor return 503 instead of 200. Any number of conditions can be passed. Another use may be to limit the requests to local networks only.
2007-11-30 14:51:32 -05:00
else if (!strcmp(args[0], "monitor")) {
[BUG] acl-related keywords are not allowed in defaults sections Using an ACL-related keyword in the defaults section causes a segfault during parsing because the list headers are not initialized. We must initialize list headers for default instance and reject keywords relying on ACLs. (cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4) (cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)
2008-10-12 11:26:37 -04:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BUG] acl-related keywords are not allowed in defaults sections Using an ACL-related keyword in the defaults section causes a segfault during parsing because the list headers are not initialized. We must initialize list headers for default instance and reject keywords relying on ACLs. (cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4) (cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)
2008-10-12 11:26:37 -04:00
}
[MEDIUM] add the "fail" condition to monitor requests Under certain circumstances, it is very useful to be able to fail some monitor requests. One specific case is when the number of servers in the backend falls below a certain level. The new "monitor fail" construct followed by either "if"/"unless" <condition> makes it possible to specify ACL-based conditions which will make the monitor return 503 instead of 200. Any number of conditions can be passed. Another use may be to limit the requests to local networks only.
2007-11-30 14:51:32 -05:00
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MEDIUM] add the "fail" condition to monitor requests Under certain circumstances, it is very useful to be able to fail some monitor requests. One specific case is when the number of servers in the backend falls below a certain level. The new "monitor fail" construct followed by either "if"/"unless" <condition> makes it possible to specify ACL-based conditions which will make the monitor return 503 instead of 200. Any number of conditions can be passed. Another use may be to limit the requests to local networks only.
2007-11-30 14:51:32 -05:00
if (strcmp(args[1], "fail") == 0) {
/* add a condition to fail monitor requests */
[CLEANUP] config: use build_acl_cond() instead of parse_acl_cond() This allows to clean up the code a little bit by moving some of the ACL internals out of the config parser.
2010-01-28 11:12:36 -05:00
if (strcmp(args[2], "if") != 0 && strcmp(args[2], "unless") != 0) {
[MEDIUM] add the "fail" condition to monitor requests Under certain circumstances, it is very useful to be able to fail some monitor requests. One specific case is when the number of servers in the backend falls below a certain level. The new "monitor fail" construct followed by either "if"/"unless" <condition> makes it possible to specify ACL-based conditions which will make the monitor return 503 instead of 200. Any number of conditions can be passed. Another use may be to limit the requests to local networks only.
2007-11-30 14:51:32 -05:00
Alert("parsing [%s:%d] : '%s %s' requires either 'if' or 'unless' followed by a condition.\n",
file, linenum, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add the "fail" condition to monitor requests Under certain circumstances, it is very useful to be able to fail some monitor requests. One specific case is when the number of servers in the backend falls below a certain level. The new "monitor fail" construct followed by either "if"/"unless" <condition> makes it possible to specify ACL-based conditions which will make the monitor return 503 instead of 200. Any number of conditions can be passed. Another use may be to limit the requests to local networks only.
2007-11-30 14:51:32 -05:00
}
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
if ((cond = build_acl_cond(file, linenum, curproxy, (const char **)args + 2, &errmsg)) == NULL) {
Alert("parsing [%s:%d] : error detected while parsing a '%s %s' condition : %s.\n",
file, linenum, args[0], args[1], errmsg);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add the "fail" condition to monitor requests Under certain circumstances, it is very useful to be able to fail some monitor requests. One specific case is when the number of servers in the backend falls below a certain level. The new "monitor fail" construct followed by either "if"/"unless" <condition> makes it possible to specify ACL-based conditions which will make the monitor return 503 instead of 200. Any number of conditions can be passed. Another use may be to limit the requests to local networks only.
2007-11-30 14:51:32 -05:00
}
LIST_ADDQ(&curproxy->mon_fail_cond, &cond->list);
}
else {
Alert("parsing [%s:%d] : '%s' only supports 'fail'.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add the "fail" condition to monitor requests Under certain circumstances, it is very useful to be able to fail some monitor requests. One specific case is when the number of servers in the backend falls below a certain level. The new "monitor fail" construct followed by either "if"/"unless" <condition> makes it possible to specify ACL-based conditions which will make the monitor return 503 instead of 200. Any number of conditions can be passed. Another use may be to limit the requests to local networks only.
2007-11-30 14:51:32 -05:00
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#ifdef TPROXY
else if (!strcmp(args[0], "transparent")) {
/* enable transparent proxy connections */
curproxy->options |= PR_O_TRANSP;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
#endif
else if (!strcmp(args[0], "maxconn")) { /* maxconn */
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], " Maybe you want 'fullconn' instead ?"))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
curproxy->maxconn = atol(args[1]);
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] add support for the "backlog" parameter Add the "backlog" parameter to frontends, to give hints to the system about the approximate listen backlog desired size. In order to protect against SYN flood attacks, one solution is to increase the system's SYN backlog size. Depending on the system, sometimes it is just tunable via a system parameter, sometimes it is not adjustable at all, and sometimes the system relies on hints given by the application at the time of the listen() syscall. By default, HAProxy passes the frontend's maxconn value to the listen() syscall. On systems which can make use of this value, it can sometimes be useful to be able to specify a different value, hence this backlog parameter.
2008-01-06 04:55:10 -05:00
else if (!strcmp(args[0], "backlog")) { /* backlog */
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MINOR] add support for the "backlog" parameter Add the "backlog" parameter to frontends, to give hints to the system about the approximate listen backlog desired size. In order to protect against SYN flood attacks, one solution is to increase the system's SYN backlog size. Depending on the system, sometimes it is just tunable via a system parameter, sometimes it is not adjustable at all, and sometimes the system relies on hints given by the application at the time of the listen() syscall. By default, HAProxy passes the frontend's maxconn value to the listen() syscall. On systems which can make use of this value, it can sometimes be useful to be able to specify a different value, hence this backlog parameter.
2008-01-06 04:55:10 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] add support for the "backlog" parameter Add the "backlog" parameter to frontends, to give hints to the system about the approximate listen backlog desired size. In order to protect against SYN flood attacks, one solution is to increase the system's SYN backlog size. Depending on the system, sometimes it is just tunable via a system parameter, sometimes it is not adjustable at all, and sometimes the system relies on hints given by the application at the time of the listen() syscall. By default, HAProxy passes the frontend's maxconn value to the listen() syscall. On systems which can make use of this value, it can sometimes be useful to be able to specify a different value, hence this backlog parameter.
2008-01-06 04:55:10 -05:00
}
curproxy->backlog = atol(args[1]);
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] add support for the "backlog" parameter Add the "backlog" parameter to frontends, to give hints to the system about the approximate listen backlog desired size. In order to protect against SYN flood attacks, one solution is to increase the system's SYN backlog size. Depending on the system, sometimes it is just tunable via a system parameter, sometimes it is not adjustable at all, and sometimes the system relies on hints given by the application at the time of the listen() syscall. By default, HAProxy passes the frontend's maxconn value to the listen() syscall. On systems which can make use of this value, it can sometimes be useful to be able to specify a different value, hence this backlog parameter.
2008-01-06 04:55:10 -05:00
}
[MEDIUM] split fe->maxconn into fe->maxconn and be->fullconn The maxconn argument is used only for the listeners, and the fullconn is used only for the backends. If unset, it inherits maxconn's value which itself can inherit the default or the global value (we might need to change this).
2006-12-28 18:10:33 -05:00
else if (!strcmp(args[0], "fullconn")) { /* fullconn */
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], " Maybe you want 'maxconn' instead ?"))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
[MEDIUM] split fe->maxconn into fe->maxconn and be->fullconn The maxconn argument is used only for the listeners, and the fullconn is used only for the backends. If unset, it inherits maxconn's value which itself can inherit the default or the global value (we might need to change this).
2006-12-28 18:10:33 -05:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] split fe->maxconn into fe->maxconn and be->fullconn The maxconn argument is used only for the listeners, and the fullconn is used only for the backends. If unset, it inherits maxconn's value which itself can inherit the default or the global value (we might need to change this).
2006-12-28 18:10:33 -05:00
}
curproxy->fullconn = atol(args[1]);
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MEDIUM] split fe->maxconn into fe->maxconn and be->fullconn The maxconn argument is used only for the listeners, and the fullconn is used only for the backends. If unset, it inherits maxconn's value which itself can inherit the default or the global value (we might need to change this).
2006-12-28 18:10:33 -05:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "grace")) { /* grace time (ms) */
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a time in milliseconds.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] add support for time units in the configuration It is not always handy to manipulate large values exprimed in milliseconds for timeouts. Also, some values are entered in seconds (such as the stats refresh interval). This patch adds support for time units. It knows about 'us', 'ms', 's', 'm', 'h', and 'd'. It automatically converts each value into the caller's expected unit. Unit-less values are still passed unchanged. The unit must be passed as a suffix to the number. For instance: clitimeout 15m If any character is not understood, an error is returned.
2007-12-02 16:15:14 -05:00
err = parse_time_err(args[1], &val, TIME_UNIT_MS);
if (err) {
Alert("parsing [%s:%d] : unexpected character '%c' in grace time.\n",
file, linenum, *err);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for time units in the configuration It is not always handy to manipulate large values exprimed in milliseconds for timeouts. Also, some values are entered in seconds (such as the stats refresh interval). This patch adds support for time units. It knows about 'us', 'ms', 's', 'm', 'h', and 'd'. It automatically converts each value into the caller's expected unit. Unit-less values are still passed unchanged. The unit must be passed as a suffix to the number. For instance: clitimeout 15m If any character is not understood, an error is returned.
2007-12-02 16:15:14 -05:00
}
curproxy->grace = val;
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "dispatch")) { /* dispatch address */
[MEDIUM] add internal support for IPv6 server addresses This patch turns internal server addresses to sockaddr_storage to store IPv6 addresses, and makes the connect() function use it. This code already works but some caveats with getaddrinfo/gethostbyname still need to be sorted out while the changes had to be merged at this stage of internal architecture changes. So for now the config parser will not emit an IPv6 address yet so that user experience remains unchanged. This change should have absolutely zero user-visible effect, otherwise it's a bug introduced during the merge, that should be reported ASAP.
2011-03-10 16:26:24 -05:00
struct sockaddr_storage *sk;
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
int port1, port2;
MEDIUM: config: add complete support for str2sa_range() in dispatch The dispatch statement now completely relies on str2sa_range() to parse an address.
2013-03-06 10:52:04 -05:00
struct protocol *proto;
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
else if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
sk = str2sa_range(args[1], &port1, &port2, &errmsg, NULL);
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
if (!sk) {
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
Alert("parsing [%s:%d] : '%s' : %s\n", file, linenum, args[0], errmsg);
MEDIUM: config: add complete support for str2sa_range() in dispatch The dispatch statement now completely relies on str2sa_range() to parse an address.
2013-03-06 10:52:04 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
proto = protocol_by_family(sk->ss_family);
if (!proto || !proto->connect) {
Alert("parsing [%s:%d] : '%s %s' : connect() not supported for this address family.\n",
file, linenum, args[0], args[1]);
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (port1 != port2) {
Alert("parsing [%s:%d] : '%s' : port ranges and offsets are not allowed in '%s'.\n",
file, linenum, args[0], args[1]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
if (!port1) {
Alert("parsing [%s:%d] : '%s' : missing port number in '%s', <addr:port> expected.\n",
file, linenum, args[0], args[1]);
[BUG] config: report unresolvable host names as errors When a host name could not be resolved, an alert was emitted but the service used to start with 0.0.0.0 for the IP address, because the address parsing functions could not report an error. This is now changed. This fix must be backported to 1.3 as it was first discovered there.
2010-02-09 14:50:45 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[BUG] config: report unresolvable host names as errors When a host name could not be resolved, an alert was emitted but the service used to start with 0.0.0.0 for the IP address, because the address parsing functions could not report an error. This is now changed. This fix must be backported to 1.3 as it was first discovered there.
2010-02-09 14:50:45 -05:00
curproxy->dispatch_addr = *sk;
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
curproxy->options |= PR_O_DISPATCH;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "balance")) { /* set balancing with optional algorithm */
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
MEDIUM: cfgparse: make backend_parse_balance() use memprintf to report errors Using the new error reporting framework makes it easier to report complex errors.
2012-05-08 12:14:39 -04:00
if (backend_parse_balance((const char **)args + 1, &errmsg, curproxy) < 0) {
Alert("parsing [%s:%d] : %s %s\n", file, linenum, args[0], errmsg);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] implement the URI hash algorithm Guillaume Dallaire contributed the URI hashing algorithm for use with proxy-caches. It provides the advantage of optimizing the cache hit rate.
2007-05-08 07:35:26 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] backend: implement consistent hashing variation Consistent hashing provides some interesting advantages over common hashing. It avoids full redistribution in case of a server failure, or when expanding the farm. This has a cost however, the hashing is far from being perfect, as we associate a server to a request by searching the server with the closest key in a tree. Since servers appear multiple times based on their weights, it is recommended to use weights larger than approximately 10-20 in order to smoothen the distribution a bit. In some cases, playing with weights will be the only solution to make a server appear more often and increase chances of being picked, so stats are very important with consistent hashing. In order to indicate the type of hashing, use : hash-type map-based (default, old one) hash-type consistent (new one) Consistent hashing can make sense in a cache farm, in order not to redistribute everyone when a cache changes state. It could also probably be used for long sessions such as terminal sessions, though that has not be attempted yet. More details on this method of hashing here : http://www.spiteful.com/2008/03/17/programmers-toolbox-part-3-consistent-hashing/
2009-10-01 01:52:15 -04:00
else if (!strcmp(args[0], "hash-type")) { /* set hashing method */
MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. Summary: Avalanche is supported not as a native hashing choice, but a modifier on the hashing function. Note that this means that possible configs written after 1.5-dev4 using "hash-type avalanche" will get an informative error instead. But as discussed on the mailing list it seems nobody ever used it anyway, so let's fix it before the final 1.5 release. The default values were selected for backward compatibility with previous releases, as discussed on the mailing list, which means that the consistent hashing will still apply the avalanche hash by default when no explicit algorithm is specified. Examples (default) hash-type map-based Map based hashing using sdbm without avalanche (default) hash-type consistent Consistent hashing using sdbm with avalanche Additional Examples: (a) hash-type map-based sdbm Same as default for map-based above (b) hash-type map-based sdbm avalanche Map based hashing using sdbm with avalanche (c) hash-type map-based djb2 Map based hashing using djb2 without avalanche (d) hash-type map-based djb2 avalanche Map based hashing using djb2 with avalanche (e) hash-type consistent sdbm avalanche Same as default for consistent above (f) hash-type consistent sdbm Consistent hashing using sdbm without avalanche (g) hash-type consistent djb2 Consistent hashing using djb2 without avalanche (h) hash-type consistent djb2 avalanche Consistent hashing using djb2 with avalanche
2013-11-05 11:54:02 -05:00
/**
* The syntax for hash-type config element is
* hash-type {map-based|consistent} [[<algo>] avalanche]
*
* The default hash function is sdbm for map-based and sdbm+avalanche for consistent.
*/
curproxy->lbprm.algo &= ~(BE_LB_HASH_TYPE | BE_LB_HASH_FUNC | BE_LB_HASH_MOD);
MEDIUM: backend: Enhance hash-type directive with an algorithm options Summary: In testing at tumblr, we found that using djb2 hashing instead of the default sdbm hashing resulted is better workload distribution to our backends. This commit implements a change, that allows the user to specify the hash function they want to use. It does not limit itself to consistent hashing scenarios. The supported hash functions are sdbm (default), and djb2. For a discussion of the feature and analysis, see mailing list thread "Consistent hashing alternative to sdbm" : http://marc.info/?l=haproxy&m=138213693909219 Note: This change does NOT make changes to new features, for instance, applying an avalance hashing always being performed before applying consistent hashing.
2013-10-29 23:30:51 -04:00
[MEDIUM] backend: implement consistent hashing variation Consistent hashing provides some interesting advantages over common hashing. It avoids full redistribution in case of a server failure, or when expanding the farm. This has a cost however, the hashing is far from being perfect, as we associate a server to a request by searching the server with the closest key in a tree. Since servers appear multiple times based on their weights, it is recommended to use weights larger than approximately 10-20 in order to smoothen the distribution a bit. In some cases, playing with weights will be the only solution to make a server appear more often and increase chances of being picked, so stats are very important with consistent hashing. In order to indicate the type of hashing, use : hash-type map-based (default, old one) hash-type consistent (new one) Consistent hashing can make sense in a cache farm, in order not to redistribute everyone when a cache changes state. It could also probably be used for long sessions such as terminal sessions, though that has not be attempted yet. More details on this method of hashing here : http://www.spiteful.com/2008/03/17/programmers-toolbox-part-3-consistent-hashing/
2009-10-01 01:52:15 -04:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
err_code |= ERR_WARN;
if (strcmp(args[1], "consistent") == 0) { /* use consistent hashing */
curproxy->lbprm.algo |= BE_LB_HASH_CONS;
}
else if (strcmp(args[1], "map-based") == 0) { /* use map-based hashing */
curproxy->lbprm.algo |= BE_LB_HASH_MAP;
}
MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. Summary: Avalanche is supported not as a native hashing choice, but a modifier on the hashing function. Note that this means that possible configs written after 1.5-dev4 using "hash-type avalanche" will get an informative error instead. But as discussed on the mailing list it seems nobody ever used it anyway, so let's fix it before the final 1.5 release. The default values were selected for backward compatibility with previous releases, as discussed on the mailing list, which means that the consistent hashing will still apply the avalanche hash by default when no explicit algorithm is specified. Examples (default) hash-type map-based Map based hashing using sdbm without avalanche (default) hash-type consistent Consistent hashing using sdbm with avalanche Additional Examples: (a) hash-type map-based sdbm Same as default for map-based above (b) hash-type map-based sdbm avalanche Map based hashing using sdbm with avalanche (c) hash-type map-based djb2 Map based hashing using djb2 without avalanche (d) hash-type map-based djb2 avalanche Map based hashing using djb2 with avalanche (e) hash-type consistent sdbm avalanche Same as default for consistent above (f) hash-type consistent sdbm Consistent hashing using sdbm without avalanche (g) hash-type consistent djb2 Consistent hashing using djb2 without avalanche (h) hash-type consistent djb2 avalanche Consistent hashing using djb2 with avalanche
2013-11-05 11:54:02 -05:00
else if (strcmp(args[1], "avalanche") == 0) {
Alert("parsing [%s:%d] : experimental feature '%s %s' is not supported anymore, please use '%s map-based sdbm avalanche' instead.\n", file, linenum, args[0], args[1], args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] hash: add support for an 'avalanche' hash-type When the number of servers is a multiple of the size of the input set, map-based hash can be inefficient. This typically happens with 64 servers when doing URI hashing. The "avalanche" hash-type applies an avalanche hash before performing a map lookup in order to smooth the distribution. The result is slightly less smooth than the map for small numbers of servers, but still better than the consistent hashing.
2010-11-24 09:04:29 -05:00
}
[MEDIUM] backend: implement consistent hashing variation Consistent hashing provides some interesting advantages over common hashing. It avoids full redistribution in case of a server failure, or when expanding the farm. This has a cost however, the hashing is far from being perfect, as we associate a server to a request by searching the server with the closest key in a tree. Since servers appear multiple times based on their weights, it is recommended to use weights larger than approximately 10-20 in order to smoothen the distribution a bit. In some cases, playing with weights will be the only solution to make a server appear more often and increase chances of being picked, so stats are very important with consistent hashing. In order to indicate the type of hashing, use : hash-type map-based (default, old one) hash-type consistent (new one) Consistent hashing can make sense in a cache farm, in order not to redistribute everyone when a cache changes state. It could also probably be used for long sessions such as terminal sessions, though that has not be attempted yet. More details on this method of hashing here : http://www.spiteful.com/2008/03/17/programmers-toolbox-part-3-consistent-hashing/
2009-10-01 01:52:15 -04:00
else {
MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. Summary: Avalanche is supported not as a native hashing choice, but a modifier on the hashing function. Note that this means that possible configs written after 1.5-dev4 using "hash-type avalanche" will get an informative error instead. But as discussed on the mailing list it seems nobody ever used it anyway, so let's fix it before the final 1.5 release. The default values were selected for backward compatibility with previous releases, as discussed on the mailing list, which means that the consistent hashing will still apply the avalanche hash by default when no explicit algorithm is specified. Examples (default) hash-type map-based Map based hashing using sdbm without avalanche (default) hash-type consistent Consistent hashing using sdbm with avalanche Additional Examples: (a) hash-type map-based sdbm Same as default for map-based above (b) hash-type map-based sdbm avalanche Map based hashing using sdbm with avalanche (c) hash-type map-based djb2 Map based hashing using djb2 without avalanche (d) hash-type map-based djb2 avalanche Map based hashing using djb2 with avalanche (e) hash-type consistent sdbm avalanche Same as default for consistent above (f) hash-type consistent sdbm Consistent hashing using sdbm without avalanche (g) hash-type consistent djb2 Consistent hashing using djb2 without avalanche (h) hash-type consistent djb2 avalanche Consistent hashing using djb2 with avalanche
2013-11-05 11:54:02 -05:00
Alert("parsing [%s:%d] : '%s' only supports 'consistent' and 'map-based'.\n", file, linenum, args[0]);
[MEDIUM] backend: implement consistent hashing variation Consistent hashing provides some interesting advantages over common hashing. It avoids full redistribution in case of a server failure, or when expanding the farm. This has a cost however, the hashing is far from being perfect, as we associate a server to a request by searching the server with the closest key in a tree. Since servers appear multiple times based on their weights, it is recommended to use weights larger than approximately 10-20 in order to smoothen the distribution a bit. In some cases, playing with weights will be the only solution to make a server appear more often and increase chances of being picked, so stats are very important with consistent hashing. In order to indicate the type of hashing, use : hash-type map-based (default, old one) hash-type consistent (new one) Consistent hashing can make sense in a cache farm, in order not to redistribute everyone when a cache changes state. It could also probably be used for long sessions such as terminal sessions, though that has not be attempted yet. More details on this method of hashing here : http://www.spiteful.com/2008/03/17/programmers-toolbox-part-3-consistent-hashing/
2009-10-01 01:52:15 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
MEDIUM: backend: Enhance hash-type directive with an algorithm options Summary: In testing at tumblr, we found that using djb2 hashing instead of the default sdbm hashing resulted is better workload distribution to our backends. This commit implements a change, that allows the user to specify the hash function they want to use. It does not limit itself to consistent hashing scenarios. The supported hash functions are sdbm (default), and djb2. For a discussion of the feature and analysis, see mailing list thread "Consistent hashing alternative to sdbm" : http://marc.info/?l=haproxy&m=138213693909219 Note: This change does NOT make changes to new features, for instance, applying an avalance hashing always being performed before applying consistent hashing.
2013-10-29 23:30:51 -04:00
}
/* set the hash function to use */
if (!*args[2]) {
MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. Summary: Avalanche is supported not as a native hashing choice, but a modifier on the hashing function. Note that this means that possible configs written after 1.5-dev4 using "hash-type avalanche" will get an informative error instead. But as discussed on the mailing list it seems nobody ever used it anyway, so let's fix it before the final 1.5 release. The default values were selected for backward compatibility with previous releases, as discussed on the mailing list, which means that the consistent hashing will still apply the avalanche hash by default when no explicit algorithm is specified. Examples (default) hash-type map-based Map based hashing using sdbm without avalanche (default) hash-type consistent Consistent hashing using sdbm with avalanche Additional Examples: (a) hash-type map-based sdbm Same as default for map-based above (b) hash-type map-based sdbm avalanche Map based hashing using sdbm with avalanche (c) hash-type map-based djb2 Map based hashing using djb2 without avalanche (d) hash-type map-based djb2 avalanche Map based hashing using djb2 with avalanche (e) hash-type consistent sdbm avalanche Same as default for consistent above (f) hash-type consistent sdbm Consistent hashing using sdbm without avalanche (g) hash-type consistent djb2 Consistent hashing using djb2 without avalanche (h) hash-type consistent djb2 avalanche Consistent hashing using djb2 with avalanche
2013-11-05 11:54:02 -05:00
/* the default algo is sdbm */
MEDIUM: backend: Enhance hash-type directive with an algorithm options Summary: In testing at tumblr, we found that using djb2 hashing instead of the default sdbm hashing resulted is better workload distribution to our backends. This commit implements a change, that allows the user to specify the hash function they want to use. It does not limit itself to consistent hashing scenarios. The supported hash functions are sdbm (default), and djb2. For a discussion of the feature and analysis, see mailing list thread "Consistent hashing alternative to sdbm" : http://marc.info/?l=haproxy&m=138213693909219 Note: This change does NOT make changes to new features, for instance, applying an avalance hashing always being performed before applying consistent hashing.
2013-10-29 23:30:51 -04:00
curproxy->lbprm.algo |= BE_LB_HFCN_SDBM;
MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. Summary: Avalanche is supported not as a native hashing choice, but a modifier on the hashing function. Note that this means that possible configs written after 1.5-dev4 using "hash-type avalanche" will get an informative error instead. But as discussed on the mailing list it seems nobody ever used it anyway, so let's fix it before the final 1.5 release. The default values were selected for backward compatibility with previous releases, as discussed on the mailing list, which means that the consistent hashing will still apply the avalanche hash by default when no explicit algorithm is specified. Examples (default) hash-type map-based Map based hashing using sdbm without avalanche (default) hash-type consistent Consistent hashing using sdbm with avalanche Additional Examples: (a) hash-type map-based sdbm Same as default for map-based above (b) hash-type map-based sdbm avalanche Map based hashing using sdbm with avalanche (c) hash-type map-based djb2 Map based hashing using djb2 without avalanche (d) hash-type map-based djb2 avalanche Map based hashing using djb2 with avalanche (e) hash-type consistent sdbm avalanche Same as default for consistent above (f) hash-type consistent sdbm Consistent hashing using sdbm without avalanche (g) hash-type consistent djb2 Consistent hashing using djb2 without avalanche (h) hash-type consistent djb2 avalanche Consistent hashing using djb2 with avalanche
2013-11-05 11:54:02 -05:00
/* if consistent with no argument, then avalanche modifier is also applied */
if ((curproxy->lbprm.algo & BE_LB_HASH_TYPE) == BE_LB_HASH_CONS)
curproxy->lbprm.algo |= BE_LB_HMOD_AVAL;
MEDIUM: backend: Enhance hash-type directive with an algorithm options Summary: In testing at tumblr, we found that using djb2 hashing instead of the default sdbm hashing resulted is better workload distribution to our backends. This commit implements a change, that allows the user to specify the hash function they want to use. It does not limit itself to consistent hashing scenarios. The supported hash functions are sdbm (default), and djb2. For a discussion of the feature and analysis, see mailing list thread "Consistent hashing alternative to sdbm" : http://marc.info/?l=haproxy&m=138213693909219 Note: This change does NOT make changes to new features, for instance, applying an avalance hashing always being performed before applying consistent hashing.
2013-10-29 23:30:51 -04:00
} else {
MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. Summary: Avalanche is supported not as a native hashing choice, but a modifier on the hashing function. Note that this means that possible configs written after 1.5-dev4 using "hash-type avalanche" will get an informative error instead. But as discussed on the mailing list it seems nobody ever used it anyway, so let's fix it before the final 1.5 release. The default values were selected for backward compatibility with previous releases, as discussed on the mailing list, which means that the consistent hashing will still apply the avalanche hash by default when no explicit algorithm is specified. Examples (default) hash-type map-based Map based hashing using sdbm without avalanche (default) hash-type consistent Consistent hashing using sdbm with avalanche Additional Examples: (a) hash-type map-based sdbm Same as default for map-based above (b) hash-type map-based sdbm avalanche Map based hashing using sdbm with avalanche (c) hash-type map-based djb2 Map based hashing using djb2 without avalanche (d) hash-type map-based djb2 avalanche Map based hashing using djb2 with avalanche (e) hash-type consistent sdbm avalanche Same as default for consistent above (f) hash-type consistent sdbm Consistent hashing using sdbm without avalanche (g) hash-type consistent djb2 Consistent hashing using djb2 without avalanche (h) hash-type consistent djb2 avalanche Consistent hashing using djb2 with avalanche
2013-11-05 11:54:02 -05:00
/* set the hash function */
if (!strcmp(args[2], "sdbm")) {
curproxy->lbprm.algo |= BE_LB_HFCN_SDBM;
}
else if (!strcmp(args[2], "djb2")) {
curproxy->lbprm.algo |= BE_LB_HFCN_DJB2;
MEDIUM: backend: add the crc32 hash algorithm for load balancing Since we have it available, let's make it usable for load balancing, it comes at no cost except 3 lines of documentation.
2015-01-20 13:44:50 -05:00
}
else if (!strcmp(args[2], "wt6")) {
MEDIUM: backend: add support for the wt6 hash This function was designed for haproxy while testing other functions in the past. Initially it was not planned to be used given the not very interesting numbers it showed on real URL data : it is not as smooth as the other ones. But later tests showed that the other ones are extremely sensible to the server count and the type of input data, especially DJB2 which must not be used on numeric input. So in fact this function is still a generally average performer and it can make sense to merge it in the end, as it can provide an alternative to sdbm+avalanche or djb2+avalanche for consistent hashing or when hashing on numeric data such as a source IP address or a visitor identifier in a URL parameter.
2013-11-14 08:30:35 -05:00
curproxy->lbprm.algo |= BE_LB_HFCN_WT6;
MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. Summary: Avalanche is supported not as a native hashing choice, but a modifier on the hashing function. Note that this means that possible configs written after 1.5-dev4 using "hash-type avalanche" will get an informative error instead. But as discussed on the mailing list it seems nobody ever used it anyway, so let's fix it before the final 1.5 release. The default values were selected for backward compatibility with previous releases, as discussed on the mailing list, which means that the consistent hashing will still apply the avalanche hash by default when no explicit algorithm is specified. Examples (default) hash-type map-based Map based hashing using sdbm without avalanche (default) hash-type consistent Consistent hashing using sdbm with avalanche Additional Examples: (a) hash-type map-based sdbm Same as default for map-based above (b) hash-type map-based sdbm avalanche Map based hashing using sdbm with avalanche (c) hash-type map-based djb2 Map based hashing using djb2 without avalanche (d) hash-type map-based djb2 avalanche Map based hashing using djb2 with avalanche (e) hash-type consistent sdbm avalanche Same as default for consistent above (f) hash-type consistent sdbm Consistent hashing using sdbm without avalanche (g) hash-type consistent djb2 Consistent hashing using djb2 without avalanche (h) hash-type consistent djb2 avalanche Consistent hashing using djb2 with avalanche
2013-11-05 11:54:02 -05:00
}
MEDIUM: backend: add the crc32 hash algorithm for load balancing Since we have it available, let's make it usable for load balancing, it comes at no cost except 3 lines of documentation.
2015-01-20 13:44:50 -05:00
else if (!strcmp(args[2], "crc32")) {
curproxy->lbprm.algo |= BE_LB_HFCN_CRC32;
}
MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. Summary: Avalanche is supported not as a native hashing choice, but a modifier on the hashing function. Note that this means that possible configs written after 1.5-dev4 using "hash-type avalanche" will get an informative error instead. But as discussed on the mailing list it seems nobody ever used it anyway, so let's fix it before the final 1.5 release. The default values were selected for backward compatibility with previous releases, as discussed on the mailing list, which means that the consistent hashing will still apply the avalanche hash by default when no explicit algorithm is specified. Examples (default) hash-type map-based Map based hashing using sdbm without avalanche (default) hash-type consistent Consistent hashing using sdbm with avalanche Additional Examples: (a) hash-type map-based sdbm Same as default for map-based above (b) hash-type map-based sdbm avalanche Map based hashing using sdbm with avalanche (c) hash-type map-based djb2 Map based hashing using djb2 without avalanche (d) hash-type map-based djb2 avalanche Map based hashing using djb2 with avalanche (e) hash-type consistent sdbm avalanche Same as default for consistent above (f) hash-type consistent sdbm Consistent hashing using sdbm without avalanche (g) hash-type consistent djb2 Consistent hashing using djb2 without avalanche (h) hash-type consistent djb2 avalanche Consistent hashing using djb2 with avalanche
2013-11-05 11:54:02 -05:00
else {
MEDIUM: backend: add the crc32 hash algorithm for load balancing Since we have it available, let's make it usable for load balancing, it comes at no cost except 3 lines of documentation.
2015-01-20 13:44:50 -05:00
Alert("parsing [%s:%d] : '%s' only supports 'sdbm', 'djb2', 'crc32', or 'wt6' hash functions.\n", file, linenum, args[0]);
MEDIUM: backend: Implement avalanche as a modifier of the hashing functions. Summary: Avalanche is supported not as a native hashing choice, but a modifier on the hashing function. Note that this means that possible configs written after 1.5-dev4 using "hash-type avalanche" will get an informative error instead. But as discussed on the mailing list it seems nobody ever used it anyway, so let's fix it before the final 1.5 release. The default values were selected for backward compatibility with previous releases, as discussed on the mailing list, which means that the consistent hashing will still apply the avalanche hash by default when no explicit algorithm is specified. Examples (default) hash-type map-based Map based hashing using sdbm without avalanche (default) hash-type consistent Consistent hashing using sdbm with avalanche Additional Examples: (a) hash-type map-based sdbm Same as default for map-based above (b) hash-type map-based sdbm avalanche Map based hashing using sdbm with avalanche (c) hash-type map-based djb2 Map based hashing using djb2 without avalanche (d) hash-type map-based djb2 avalanche Map based hashing using djb2 with avalanche (e) hash-type consistent sdbm avalanche Same as default for consistent above (f) hash-type consistent sdbm Consistent hashing using sdbm without avalanche (g) hash-type consistent djb2 Consistent hashing using djb2 without avalanche (h) hash-type consistent djb2 avalanche Consistent hashing using djb2 with avalanche
2013-11-05 11:54:02 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
/* set the hash modifier */
if (!strcmp(args[3], "avalanche")) {
curproxy->lbprm.algo |= BE_LB_HMOD_AVAL;
}
else if (*args[3]) {
Alert("parsing [%s:%d] : '%s' only supports 'avalanche' as a modifier for hash functions.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MEDIUM] backend: implement consistent hashing variation Consistent hashing provides some interesting advantages over common hashing. It avoids full redistribution in case of a server failure, or when expanding the farm. This has a cost however, the hashing is far from being perfect, as we associate a server to a request by searching the server with the closest key in a tree. Since servers appear multiple times based on their weights, it is recommended to use weights larger than approximately 10-20 in order to smoothen the distribution a bit. In some cases, playing with weights will be the only solution to make a server appear more often and increase chances of being picked, so stats are very important with consistent hashing. In order to indicate the type of hashing, use : hash-type map-based (default, old one) hash-type consistent (new one) Consistent hashing can make sense in a cache farm, in order not to redistribute everyone when a cache changes state. It could also probably be used for long sessions such as terminal sessions, though that has not be attempted yet. More details on this method of hashing here : http://www.spiteful.com/2008/03/17/programmers-toolbox-part-3-consistent-hashing/
2009-10-01 01:52:15 -04:00
}
}
MEDIUM: log: Unique ID The Unique ID, is an ID generated with several informations. You can use a log-format string to customize it, with the "unique-id-format" keyword, and insert it in the request header, with the "unique-id-header" keyword.
2012-03-12 07:48:57 -04:00
else if (strcmp(args[0], "unique-id-format") == 0) {
if (!*(args[1])) {
Alert("parsing [%s:%d] : %s expects an argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: log-format: check number of arguments in cfgparse.c Exit with error if there is a second argument in the 'log-format' and 'unique-id-format' options. It is convenient when we forgot to escape spaces.
2012-11-11 11:30:56 -05:00
if (*(args[2])) {
Alert("parsing [%s:%d] : %s expects only one argument, don't forget to escape spaces!\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
free(curproxy->conf.uniqueid_format_string);
curproxy->conf.uniqueid_format_string = strdup(args[1]);
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
free(curproxy->conf.uif_file);
curproxy->conf.uif_file = strdup(curproxy->conf.args.file);
curproxy->conf.uif_line = curproxy->conf.args.line;
MEDIUM: log: Unique ID The Unique ID, is an ID generated with several informations. You can use a log-format string to customize it, with the "unique-id-format" keyword, and insert it in the request header, with the "unique-id-header" keyword.
2012-03-12 07:48:57 -04:00
}
else if (strcmp(args[0], "unique-id-header") == 0) {
if (!*(args[1])) {
Alert("parsing [%s:%d] : %s expects an argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(curproxy->header_unique_id);
curproxy->header_unique_id = strdup(args[1]);
}
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
else if (strcmp(args[0], "log-format") == 0) {
if (!*(args[1])) {
Alert("parsing [%s:%d] : %s expects an argument.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
MINOR: log-format: check number of arguments in cfgparse.c Exit with error if there is a second argument in the 'log-format' and 'unique-id-format' options. It is convenient when we forgot to escape spaces.
2012-11-11 11:30:56 -05:00
}
if (*(args[2])) {
Alert("parsing [%s:%d] : %s expects only one argument, don't forget to escape spaces!\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
}
BUG/MINOR: fix option httplog validation with TCP frontends Option httplog needs to be checked only once the proxy has been validated, so that its final mode (tcp/http) can be used. Also we need to check for httplog before checking the log format, so that we can report a warning about this specific option and not about the format it implies.
2012-05-31 13:30:26 -04:00
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (curproxy->conf.logformat_string != default_http_log_format &&
curproxy->conf.logformat_string != default_tcp_log_format &&
curproxy->conf.logformat_string != clf_http_log_format)
free(curproxy->conf.logformat_string);
curproxy->conf.logformat_string = strdup(args[1]);
free(curproxy->conf.lfs_file);
curproxy->conf.lfs_file = strdup(curproxy->conf.args.file);
curproxy->conf.lfs_line = curproxy->conf.args.line;
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
/* get a chance to improve log-format error reporting by
* reporting the correct line-number when possible.
*/
if (curproxy != &defproxy && !(curproxy->cap & PR_CAP_FE)) {
Warning("parsing [%s:%d] : backend '%s' : 'log-format' directive is ignored in backends.\n",
file, linenum, curproxy->id);
err_code |= ERR_WARN;
}
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
}
MINOR: logs: add a new per-proxy "log-tag" directive This is equivalent to what was done in commit 48936af ("[MINOR] log: ability to override the syslog tag") but this time instead of doing this globally, it does it per proxy. The purpose is to be able to use a separate log tag for various proxies (eg: make it easier to route log messages depending on the customer).
2015-01-07 09:03:42 -05:00
else if (!strcmp(args[0], "log-tag")) { /* tag to report to syslog */
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects a tag for use in syslog.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
free(curproxy->log_tag);
curproxy->log_tag = strdup(args[1]);
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
else if (!strcmp(args[0], "log") && kwm == KWM_NO) {
/* delete previous herited or defined syslog servers */
struct logsrv *back;
if (*(args[1]) != 0) {
Alert("parsing [%s:%d]:%s : 'no log' does not expect arguments.\n", file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
list_for_each_entry_safe(tmplogsrv, back, &curproxy->logsrvs, list) {
LIST_DEL(&tmplogsrv->list);
free(tmplogsrv);
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "log")) { /* syslog server address */
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
struct logsrv *logsrv;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[1]) && *(args[2]) == 0 && !strcmp(args[1], "global")) {
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
/* copy global.logrsvs linked list to the end of curproxy->logsrvs */
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
list_for_each_entry(tmplogsrv, &global.logsrvs, list) {
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
struct logsrv *node = malloc(sizeof(struct logsrv));
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
memcpy(node, tmplogsrv, sizeof(struct logsrv));
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
LIST_INIT(&node->list);
LIST_ADDQ(&curproxy->logsrvs, &node->list);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (*(args[1]) && *(args[2])) {
MEDIUM: config: use str2sa_range() to parse log addresses str2sa_range() is now used to parse log addresses, both INET and UNIX. str2sun() is not used anymore.
2013-03-06 09:02:49 -05:00
struct sockaddr_storage *sk;
int port1, port2;
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
int arg = 0;
int len = 0;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
logsrv = calloc(1, sizeof(struct logsrv));
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
/* just after the address, a length may be specified */
if (strcmp(args[arg+2], "len") == 0) {
len = atoi(args[arg+3]);
if (len < 80 || len > 65535) {
Alert("parsing [%s:%d] : invalid log length '%s', must be between 80 and 65535.\n",
file, linenum, args[arg+3]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
logsrv->maxlen = len;
/* skip these two args */
arg += 2;
}
else
logsrv->maxlen = MAX_SYSLOG_LEN;
if (logsrv->maxlen > global.max_syslog_len) {
global.max_syslog_len = logsrv->maxlen;
logline = realloc(logline, global.max_syslog_len + 1);
}
MEDIUM: cfgparse: check max arguments in the proxies sections Add checks on the maximum number of arguments in proxies sections.
2015-04-28 14:17:49 -04:00
if (alertif_too_many_args_idx(3, arg + 1, file, linenum, args, &err_code))
goto out;
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
logsrv->facility = get_log_facility(args[arg+2]);
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
if (logsrv->facility < 0) {
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
Alert("parsing [%s:%d] : unknown log facility '%s'\n", file, linenum, args[arg+2]);
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
logsrv->level = 7; /* max syslog level = debug */
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
if (*(args[arg+3])) {
logsrv->level = get_log_level(args[arg+3]);
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
if (logsrv->level < 0) {
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
Alert("parsing [%s:%d] : unknown optional log level '%s'\n", file, linenum, args[arg+3]);
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
logsrv->minlvl = 0; /* limit syslog level to this level (emerg) */
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
if (*(args[arg+4])) {
logsrv->minlvl = get_log_level(args[arg+4]);
BUG/MINOR: config: check the proper variable when parsing log minlvl logsrv->minlvl gets the numeric log level from the equivalent string. Upon error, ->level was checked due to a wrong copy-paste. The effect is that a wrong name will silently be ignored and due to minlvl=-1, will act as if the option was not set. No backport is needed, this is 1.5-specific. Reported-by: Dinko Korunic <dkorunic@reflected.net>
2013-01-23 18:31:24 -05:00
if (logsrv->minlvl < 0) {
MEDIUM: log: support a user-configurable max log line length With all the goodies supported by logformat, people find that the limit of 1024 chars for log lines is too short. Some servers do not support larger lines and can simply drop them, so changing the default value is not always the best choice. This patch takes a different approach. Log line length is specified per log server on the "log" line, with a value between 80 and 65535. That way it's possibly to satisfy all needs, even with some fat local servers and small remote ones.
2014-06-27 12:10:07 -04:00
Alert("parsing [%s:%d] : unknown optional minimum log level '%s'\n", file, linenum, args[arg+4]);
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] implement per-logger log level limitation Some people are using haproxy in a shared environment where the system logger by default sends alert and emerg messages to all consoles, which happens when all servers go down on a backend for instance. These people can not always change the system configuration and would like to limit the outgoing messages level in order not to disturb the local users. The addition of an optional 4th field on the "log" line permits exactly this. The minimal log level ensures that all outgoing logs will have at least this level. So the logs are not filtered out, just set to this level.
2009-05-10 11:20:05 -04:00
}
}
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
sk = str2sa_range(args[1], &port1, &port2, &errmsg, NULL);
MEDIUM: config: use str2sa_range() to parse log addresses str2sa_range() is now used to parse log addresses, both INET and UNIX. str2sun() is not used anymore.
2013-03-06 09:02:49 -05:00
if (!sk) {
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
Alert("parsing [%s:%d] : '%s': %s\n", file, linenum, args[0], errmsg);
MEDIUM: config: use str2sa_range() to parse log addresses str2sa_range() is now used to parse log addresses, both INET and UNIX. str2sun() is not used anymore.
2013-03-06 09:02:49 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
MEDIUM: config: use str2sa_range() to parse log addresses str2sa_range() is now used to parse log addresses, both INET and UNIX. str2sun() is not used anymore.
2013-03-06 09:02:49 -05:00
logsrv->addr = *sk;
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
MEDIUM: config: use str2sa_range() to parse log addresses str2sa_range() is now used to parse log addresses, both INET and UNIX. str2sun() is not used anymore.
2013-03-06 09:02:49 -05:00
if (sk->ss_family == AF_INET || sk->ss_family == AF_INET6) {
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
if (port1 != port2) {
Alert("parsing [%s:%d] : '%s' : port ranges and offsets are not allowed in '%s'\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (!port1)
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
set_host_port(&logsrv->addr, SYSLOG_PORT);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
LIST_ADDQ(&curproxy->logsrvs, &logsrv->list);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else {
Alert("parsing [%s:%d] : 'log' expects either <address[:port]> and <facility> or 'global' as arguments.\n",
file, linenum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
else if (!strcmp(args[0], "source")) { /* address to which we bind when connecting */
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
int cur_arg;
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
int port1, port2;
[MEDIUM] add internal support for IPv6 server addresses This patch turns internal server addresses to sockaddr_storage to store IPv6 addresses, and makes the connect() function use it. This code already works but some caveats with getaddrinfo/gethostbyname still need to be sorted out while the changes had to be merged at this stage of internal architecture changes. So for now the config parser will not emit an IPv6 address yet so that user experience remains unchanged. This change should have absolutely zero user-visible effect, otherwise it's a bug introduced during the merge, that should be reported ASAP.
2011-03-10 16:26:24 -05:00
struct sockaddr_storage *sk;
MEDIUM: config: add complete support for str2sa_range() in 'source' and 'usesrc' The 'source' and 'usesrc' statements now completely rely on str2sa_range() to parse an address. A test is made to ensure that the address family supports connect().
2013-03-10 13:51:54 -04:00
struct protocol *proto;
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (!*args[1]) {
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
Alert("parsing [%s:%d] : '%s' expects <addr>[:<port>], and optionally '%s' <addr>, and '%s' <name>.\n",
file, linenum, "source", "usesrc", "interface");
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[BUG] the "source" keyword must first clear optional settings Problem reported by John Lauro. When "source ... usesrc ..." is set in the defaults section, it is not possible anymore to remove the "usesrc" part when declaring a more precise "source" in a backend. The only workaround was to declare it by server. We need to clear optional settings when declaring a new "source". The problem was the same with the "interface" declaration.
2009-03-01 02:27:21 -05:00
/* we must first clear any optional default setting */
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
curproxy->conn_src.opts &= ~CO_SRC_TPROXY_MASK;
free(curproxy->conn_src.iface_name);
curproxy->conn_src.iface_name = NULL;
curproxy->conn_src.iface_len = 0;
[BUG] the "source" keyword must first clear optional settings Problem reported by John Lauro. When "source ... usesrc ..." is set in the defaults section, it is not possible anymore to remove the "usesrc" part when declaring a more precise "source" in a backend. The only workaround was to declare it by server. We need to clear optional settings when declaring a new "source". The problem was the same with the "interface" declaration.
2009-03-01 02:27:21 -05:00
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
sk = str2sa_range(args[1], &port1, &port2, &errmsg, NULL);
[BUG] config: report unresolvable host names as errors When a host name could not be resolved, an alert was emitted but the service used to start with 0.0.0.0 for the IP address, because the address parsing functions could not report an error. This is now changed. This fix must be backported to 1.3 as it was first discovered there.
2010-02-09 14:50:45 -05:00
if (!sk) {
MEDIUM: config: add complete support for str2sa_range() in 'source' and 'usesrc' The 'source' and 'usesrc' statements now completely rely on str2sa_range() to parse an address. A test is made to ensure that the address family supports connect().
2013-03-10 13:51:54 -04:00
Alert("parsing [%s:%d] : '%s %s' : %s\n",
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
file, linenum, args[0], args[1], errmsg);
MEDIUM: config: add complete support for str2sa_range() in 'source' and 'usesrc' The 'source' and 'usesrc' statements now completely rely on str2sa_range() to parse an address. A test is made to ensure that the address family supports connect().
2013-03-10 13:51:54 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
proto = protocol_by_family(sk->ss_family);
if (!proto || !proto->connect) {
Alert("parsing [%s:%d] : '%s %s' : connect() not supported for this address family.\n",
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
file, linenum, args[0], args[1]);
[BUG] config: report unresolvable host names as errors When a host name could not be resolved, an alert was emitted but the service used to start with 0.0.0.0 for the IP address, because the address parsing functions could not report an error. This is now changed. This fix must be backported to 1.3 as it was first discovered there.
2010-02-09 14:50:45 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
if (port1 != port2) {
Alert("parsing [%s:%d] : '%s' : port ranges and offsets are not allowed in '%s'\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
curproxy->conn_src.source_addr = *sk;
curproxy->conn_src.opts |= CO_SRC_BIND;
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
cur_arg = 2;
while (*(args[cur_arg])) {
if (!strcmp(args[cur_arg], "usesrc")) { /* address to use outside */
REORG: tproxy: prepare the transparent proxy defines for accepting other OSes This patch does not change the logic of the code, it only changes the way OS-specific defines are tested. At the moment the transparent proxy code heavily depends on Linux-specific defines. This first patch introduces a new define "CONFIG_HAP_TRANSPARENT" which is set every time the defines used by transparent proxy are present. This also means that with an up-to-date libc, it should not be necessary anymore to force CONFIG_HAP_LINUX_TPROXY during the build, as the flags will automatically be detected. The CTTPROXY flags still remain separate because this older API doesn't work the same way. A new line has been added in the version output for haproxy -vv to indicate what transparent proxy support is available.
2013-05-08 16:49:23 -04:00
#if defined(CONFIG_HAP_CTTPROXY) || defined(CONFIG_HAP_TRANSPARENT)
#if !defined(CONFIG_HAP_TRANSPARENT)
MINOR: protocols: use is_inet_addr() when only INET addresses are desired We used to have is_addr() in place to validate sometimes the existence of an address, sometimes a valid IPv4 or IPv6 address. Replace them carefully so that is_inet_addr() is used wherever we can only use an IPv4/IPv6 address.
2014-05-09 16:56:10 -04:00
if (!is_inet_addr(&curproxy->conn_src.source_addr)) {
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
Alert("parsing [%s:%d] : '%s' requires an explicit 'source' address.\n",
file, linenum, "usesrc");
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
}
#endif
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d] : '%s' expects <addr>[:<port>], 'client', or 'clientip' as argument.\n",
file, linenum, "usesrc");
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
}
if (!strcmp(args[cur_arg + 1], "client")) {
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
curproxy->conn_src.opts &= ~CO_SRC_TPROXY_MASK;
curproxy->conn_src.opts |= CO_SRC_TPROXY_CLI;
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
} else if (!strcmp(args[cur_arg + 1], "clientip")) {
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
curproxy->conn_src.opts &= ~CO_SRC_TPROXY_MASK;
curproxy->conn_src.opts |= CO_SRC_TPROXY_CIP;
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
} else if (!strncmp(args[cur_arg + 1], "hdr_ip(", 7)) {
char *name, *end;
name = args[cur_arg+1] + 7;
while (isspace(*name))
name++;
end = name;
while (*end && !isspace(*end) && *end != ',' && *end != ')')
end++;
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
curproxy->conn_src.opts &= ~CO_SRC_TPROXY_MASK;
curproxy->conn_src.opts |= CO_SRC_TPROXY_DYN;
curproxy->conn_src.bind_hdr_name = calloc(1, end - name + 1);
curproxy->conn_src.bind_hdr_len = end - name;
memcpy(curproxy->conn_src.bind_hdr_name, name, end - name);
curproxy->conn_src.bind_hdr_name[end-name] = '\0';
curproxy->conn_src.bind_hdr_occ = -1;
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
/* now look for an occurrence number */
while (isspace(*end))
end++;
if (*end == ',') {
end++;
name = end;
if (*end == '-')
end++;
BUILD: silence a warning on Solaris about usage of isdigit() On Solaris, isdigit() is a macro and it complains about the use of a char instead of the int for the argument. Let's cast it to an int to silence it.
2012-11-21 19:04:31 -05:00
while (isdigit((int)*end))
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
end++;
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
curproxy->conn_src.bind_hdr_occ = strl2ic(name, end-name);
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
}
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
if (curproxy->conn_src.bind_hdr_occ < -MAX_HDR_HISTORY) {
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
Alert("parsing [%s:%d] : usesrc hdr_ip(name,num) does not support negative"
" occurrences values smaller than %d.\n",
file, linenum, MAX_HDR_HISTORY);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
} else {
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
struct sockaddr_storage *sk;
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
sk = str2sa_range(args[cur_arg + 1], &port1, &port2, &errmsg, NULL);
[BUG] config: report unresolvable host names as errors When a host name could not be resolved, an alert was emitted but the service used to start with 0.0.0.0 for the IP address, because the address parsing functions could not report an error. This is now changed. This fix must be backported to 1.3 as it was first discovered there.
2010-02-09 14:50:45 -05:00
if (!sk) {
MEDIUM: config: add complete support for str2sa_range() in 'source' and 'usesrc' The 'source' and 'usesrc' statements now completely rely on str2sa_range() to parse an address. A test is made to ensure that the address family supports connect().
2013-03-10 13:51:54 -04:00
Alert("parsing [%s:%d] : '%s %s' : %s\n",
CLEANUP: config: do not use multiple errmsg at once Several of the parsing functions made use of multiple errmsg/err_msg variables which had to be freed, while there is already one in each function that is freed upon exit. Adapt the code to use the existing variable exclusively.
2013-03-10 14:44:48 -04:00
file, linenum, args[cur_arg], args[cur_arg+1], errmsg);
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: config: add complete support for str2sa_range() in 'source' and 'usesrc' The 'source' and 'usesrc' statements now completely rely on str2sa_range() to parse an address. A test is made to ensure that the address family supports connect().
2013-03-10 13:51:54 -04:00
proto = protocol_by_family(sk->ss_family);
if (!proto || !proto->connect) {
Alert("parsing [%s:%d] : '%s %s' : connect() not supported for this address family.\n",
file, linenum, args[cur_arg], args[cur_arg+1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: config: make use of str2sa_range() instead of str2sa() When parsing the config, we now use str2sa_range() to detect when ranges or port offsets were improperly used. Among the new checks are "log", "source", "addr", "usesrc" which previously didn't check for extra parameters.
2013-02-20 11:26:02 -05:00
if (port1 != port2) {
Alert("parsing [%s:%d] : '%s' : port ranges and offsets are not allowed in '%s'\n",
file, linenum, args[cur_arg], args[cur_arg + 1]);
[BUG] config: report unresolvable host names as errors When a host name could not be resolved, an alert was emitted but the service used to start with 0.0.0.0 for the IP address, because the address parsing functions could not report an error. This is now changed. This fix must be backported to 1.3 as it was first discovered there.
2010-02-09 14:50:45 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
curproxy->conn_src.tproxy_addr = *sk;
curproxy->conn_src.opts |= CO_SRC_TPROXY_ADDR;
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
}
global.last_checks |= LSTCHK_NETADM;
REORG: tproxy: prepare the transparent proxy defines for accepting other OSes This patch does not change the logic of the code, it only changes the way OS-specific defines are tested. At the moment the transparent proxy code heavily depends on Linux-specific defines. This first patch introduces a new define "CONFIG_HAP_TRANSPARENT" which is set every time the defines used by transparent proxy are present. This also means that with an up-to-date libc, it should not be necessary anymore to force CONFIG_HAP_LINUX_TPROXY during the build, as the flags will automatically be detected. The CTTPROXY flags still remain separate because this older API doesn't work the same way. A new line has been added in the version output for haproxy -vv to indicate what transparent proxy support is available.
2013-05-08 16:49:23 -04:00
#if !defined(CONFIG_HAP_TRANSPARENT)
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
global.last_checks |= LSTCHK_CTTPROXY;
[MEDIUM] add non-local bind to connect() on Linux Using some Linux kernel patches which add the IP_TRANSPARENT SOL_IP option , it is possible to bind to a non-local address on without having resort to any sort of NAT, thus causing no performance degradation. This is by far faster and cleaner than the previous CTTPROXY method. The code has been slightly changed in order to remain compatible with CTTPROXY as a fallback for the new method when it does not work. It is not needed anymore to specify the outgoing source address for connect, it can remain 0.0.0.0.
2008-01-13 10:31:17 -05:00
#endif
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
#else /* no TPROXY support */
Alert("parsing [%s:%d] : '%s' not allowed here because support for TPROXY was not compiled in.\n",
[MAJOR] support for source binding via cttproxy Using the cttproxy kernel patch, it's possible to bind to any source address. It is highly recommended to use the 03-natdel patch with the other ones. A new keyword appears as a complement to the "source" keyword : "usesrc". The source address is mandatory and must be valid on the interface which will see the packets. The "usesrc" option supports "client" (for full client_ip:client_port spoofing), "client_ip" (for client_ip spoofing) and any 'IP[:port]' combination to pretend to be another machine. Right now, the source binding is missing from server health-checks if set to another address. It must be implemented (think restricted firewalls). The doc is still missing too.
2006-11-12 17:57:19 -05:00
file, linenum, "usesrc");
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
#endif
cur_arg += 2;
continue;
[MAJOR] support for source binding via cttproxy Using the cttproxy kernel patch, it's possible to bind to any source address. It is highly recommended to use the 03-natdel patch with the other ones. A new keyword appears as a complement to the "source" keyword : "usesrc". The source address is mandatory and must be valid on the interface which will see the packets. The "usesrc" option supports "client" (for full client_ip:client_port spoofing), "client_ip" (for client_ip spoofing) and any 'IP[:port]' combination to pretend to be another machine. Right now, the source binding is missing from server health-checks if set to another address. It must be implemented (think restricted firewalls). The doc is still missing too.
2006-11-12 17:57:19 -05:00
}
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
if (!strcmp(args[cur_arg], "interface")) { /* specifically bind to this interface */
#ifdef SO_BINDTODEVICE
if (!*args[cur_arg + 1]) {
Alert("parsing [%s:%d] : '%s' : missing interface name.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
}
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
free(curproxy->conn_src.iface_name);
curproxy->conn_src.iface_name = strdup(args[cur_arg + 1]);
curproxy->conn_src.iface_len = strlen(curproxy->conn_src.iface_name);
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
global.last_checks |= LSTCHK_NETADM;
#else
Alert("parsing [%s:%d] : '%s' : '%s' option not implemented.\n",
file, linenum, args[0], args[cur_arg]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add non-local bind to connect() on Linux Using some Linux kernel patches which add the IP_TRANSPARENT SOL_IP option , it is possible to bind to a non-local address on without having resort to any sort of NAT, thus causing no performance degradation. This is by far faster and cleaner than the previous CTTPROXY method. The code has been slightly changed in order to remain compatible with CTTPROXY as a fallback for the new method when it does not work. It is not needed anymore to specify the outgoing source address for connect, it can remain 0.0.0.0.
2008-01-13 10:31:17 -05:00
#endif
[MEDIUM] add support for source interface binding Specifying "interface <name>" after the "source" statement allows one to bind to a specific interface for proxy<->server traffic. This makes it possible to use multiple links to reach multiple servers, and to force traffic to pass via an interface different from the one the system would have chosen based on the routing table.
2009-02-04 12:46:54 -05:00
cur_arg += 2;
continue;
}
Alert("parsing [%s:%d] : '%s' only supports optional keywords '%s' and '%s'.\n",
CLEANUP: config: fix typo inteface => interface This was in an error message.
2012-09-25 10:31:00 -04:00
file, linenum, args[0], "interface", "usesrc");
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MINOR] more friendly reports of wrong uses of the usesrc keyword It was difficult to find how to enter the "usesrc" keyword. Now the configuration checker is a bit more friendly and tries to identify most mistakes and gives some hints back.
2007-03-24 07:47:24 -04:00
}
}
else if (!strcmp(args[0], "usesrc")) { /* address to use outside: needs "source" first */
Alert("parsing [%s:%d] : '%s' only allowed after a '%s' statement.\n",
file, linenum, "usesrc", "source");
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "cliexp") || !strcmp(args[0], "reqrep")) { /* replace request header from a regex */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (*(args[2]) == 0) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
Alert("parsing [%s:%d] : '%s' expects <search> and <replace> as arguments.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_REPLACE, 0,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], args[2], (const char **)args+3);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "reqdel")) { /* delete request header from a regex */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_REMOVE, 0,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "reqdeny")) { /* deny a request if a header matches this regex */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_DENY, 0,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "reqpass")) { /* pass this header without allowing or denying the request */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_PASS, 0,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "reqallow")) { /* allow a request if a header matches this regex */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_ALLOW, 0,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] added the "reqtarpit" and "reqitarpit" features It is now possible to tarpit connections based on regex matches. The tarpit timeout is equal to the contimeout. A 500 server error response is faked, and the logs show the status flags as "PT" which indicate the connection has been tarpitted.
2006-09-03 03:56:00 -04:00
else if (!strcmp(args[0], "reqtarpit")) { /* tarpit a request if a header matches this regex */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_TARPIT, 0,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[MEDIUM] added the "reqtarpit" and "reqitarpit" features It is now possible to tarpit connections based on regex matches. The tarpit timeout is equal to the contimeout. A 500 server error response is faked, and the logs show the status flags as "PT" which indicate the connection has been tarpitted.
2006-09-03 03:56:00 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "reqirep")) { /* replace request header from a regex, ignoring case */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (*(args[2]) == 0) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
Alert("parsing [%s:%d] : '%s' expects <search> and <replace> as arguments.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_REPLACE, REG_ICASE,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], args[2], (const char **)args+3);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "reqidel")) { /* delete request header from a regex ignoring case */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_REMOVE, REG_ICASE,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "reqideny")) { /* deny a request if a header matches this regex ignoring case */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_DENY, REG_ICASE,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "reqipass")) { /* pass this header without allowing or denying the request */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_PASS, REG_ICASE,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "reqiallow")) { /* allow a request if a header matches this regex ignoring case */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_ALLOW, REG_ICASE,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] added the "reqtarpit" and "reqitarpit" features It is now possible to tarpit connections based on regex matches. The tarpit timeout is equal to the contimeout. A 500 server error response is faked, and the logs show the status flags as "PT" which indicate the connection has been tarpitted.
2006-09-03 03:56:00 -04:00
else if (!strcmp(args[0], "reqitarpit")) { /* tarpit a request if a header matches this regex ignoring case */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_REQ, ACT_TARPIT, REG_ICASE,
[MEDIUM] http: add support for conditional request filter execution All the req* rules except the reqadd rules can now be specified with an if/unless condition. If a condition is specified and does not match, the filter is ignored. This is particularly useful with reqidel, reqirep and reqtarpit.
2010-01-28 14:35:13 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[MEDIUM] added the "reqtarpit" and "reqitarpit" features It is now possible to tarpit connections based on regex matches. The tarpit timeout is equal to the contimeout. A 500 server error response is faked, and the logs show the status flags as "PT" which indicate the connection has been tarpitted.
2006-09-03 03:56:00 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (!strcmp(args[0], "reqadd")) { /* add request header */
[MINOR] prepare req_*/rsp_* to receive a condition It will be very handy to be able to pass conditions to req_* and rsp_*. For now, we just add the pointer to the condition in the affected structs.
2010-01-28 12:10:50 -05:00
struct cond_wordlist *wl;
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
else if (warnifnotcap(curproxy, PR_CAP_RS, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects <header> as an argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
[MEDIUM] http: add support for conditional request header addition Now the reqadd rules also support ACLs. All req* rules are converted now.
2010-01-31 08:30:44 -05:00
if ((strcmp(args[2], "if") == 0 || strcmp(args[2], "unless") == 0)) {
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
if ((cond = build_acl_cond(file, linenum, curproxy, (const char **)args+2, &errmsg)) == NULL) {
Alert("parsing [%s:%d] : error detected while parsing a '%s' condition : %s.\n",
file, linenum, args[0], errmsg);
[MEDIUM] http: add support for conditional request header addition Now the reqadd rules also support ACLs. All req* rules are converted now.
2010-01-31 08:30:44 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
err_code |= warnif_cond_conflicts(cond,
(curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
file, linenum);
[MEDIUM] http: add support for conditional request header addition Now the reqadd rules also support ACLs. All req* rules are converted now.
2010-01-31 08:30:44 -05:00
}
else if (*args[2]) {
Alert("parsing [%s:%d] : '%s' : Expecting nothing, 'if', or 'unless', got '%s'.\n",
file, linenum, args[0], args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
wl = calloc(1, sizeof(*wl));
[MEDIUM] http: add support for conditional request header addition Now the reqadd rules also support ACLs. All req* rules are converted now.
2010-01-31 08:30:44 -05:00
wl->cond = cond;
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
wl->s = strdup(args[1]);
LIST_ADDQ(&curproxy->req_add, &wl->list);
[MINOR] improve reporting of misplaced acl/reqxxx rules Now we can detect improper ordering of "block", "reqxxx", "reqadd", "redirect" and "use_backend", and warn the user accordingly.
2009-03-31 04:49:21 -04:00
warnif_misplaced_reqadd(curproxy, file, linenum, args[0]);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "srvexp") || !strcmp(args[0], "rsprep")) { /* replace response header from a regex */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (*(args[2]) == 0) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
Alert("parsing [%s:%d] : '%s' expects <search> and <replace> as arguments.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_RES, ACT_REPLACE, 0,
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
args[0], args[1], args[2], (const char **)args+3);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "rspdel")) { /* delete response header from a regex */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_RES, ACT_REMOVE, 0,
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "rspdeny")) { /* block response header from a regex */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_RES, ACT_DENY, 0,
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "rspirep")) { /* replace response header from a regex ignoring case */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (*(args[2]) == 0) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
Alert("parsing [%s:%d] : '%s' expects <search> and <replace> as arguments.\n",
file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_RES, ACT_REPLACE, REG_ICASE,
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
args[0], args[1], args[2], (const char **)args+3);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "rspidel")) { /* delete response header from a regex ignoring case */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_RES, ACT_REMOVE, REG_ICASE,
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "rspideny")) { /* block response header from a regex ignoring case */
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
err_code |= create_cond_regex_rule(file, linenum, curproxy,
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 04:13:36 -04:00
SMP_OPT_DIR_RES, ACT_DENY, REG_ICASE,
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
args[0], args[1], NULL, (const char **)args+2);
[MEDIUM] config: factor out the parsing of 20 req*/rsp* keywords A new function was added to take care of the common code between all those keywords. This has saved 8 kB of object code and about 500 lines of source code. This has also permitted to spot and fix minor bugs (allocated args that were never used). The code could be factored even more but that would make it a bit more complex which is not interesting at this stage. Various tests have been performed, and the warnings and errors are still correctly reported and everything seems to work as expected.
2010-01-28 13:33:49 -05:00
if (err_code & ERR_FATAL)
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "rspadd")) { /* add response header */
[MINOR] prepare req_*/rsp_* to receive a condition It will be very handy to be able to pass conditions to req_* and rsp_*. For now, we just add the pointer to the condition in the affected structs.
2010-01-28 12:10:50 -05:00
struct cond_wordlist *wl;
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
else if (warnifnotcap(curproxy, PR_CAP_RS, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects <header> as an argument.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
if ((strcmp(args[2], "if") == 0 || strcmp(args[2], "unless") == 0)) {
MEDIUM: acl: report parsing errors to the caller All parsing errors were known but impossible to return. Now by making use of memprintf(), we're able to build meaningful error messages that the caller can display.
2012-04-27 06:38:15 -04:00
if ((cond = build_acl_cond(file, linenum, curproxy, (const char **)args+2, &errmsg)) == NULL) {
Alert("parsing [%s:%d] : error detected while parsing a '%s' condition : %s.\n",
file, linenum, args[0], errmsg);
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires The ACLs now use the fetch's ->use and ->val to decide upon compatibility between the place where they are used and where the information are fetched. The code is capable of reporting warnings about very fine incompatibilities between certain fetches and an exact usage location, so it is expected that some new warnings will be emitted on some existing configurations. Two degrees of detection are provided : - detecting ACLs that never match - detecting keywords that are ignored All tests show that this seems to work well, though bugs are still possible.
2013-03-25 03:12:18 -04:00
err_code |= warnif_cond_conflicts(cond,
(curproxy->cap & PR_CAP_BE) ? SMP_VAL_BE_HRS_HDR : SMP_VAL_FE_HRS_HDR,
file, linenum);
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
}
else if (*args[2]) {
Alert("parsing [%s:%d] : '%s' : Expecting nothing, 'if', or 'unless', got '%s'.\n",
file, linenum, args[0], args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
wl = calloc(1, sizeof(*wl));
[MEDIUM] http: add support for conditional response header rewriting Just as for the req* rules, we can now condition rsp* rules with ACLs. ACLs match on response, so volatile request information cannot be used. A warning is emitted if a configuration contains such an anomaly.
2010-01-31 09:43:27 -05:00
wl->cond = cond;
[MEDIUM] config: remove the limitation of 10 reqadd/rspadd statements Now we use a linked list, there is no limit anymore.
2010-01-03 15:03:22 -05:00
wl->s = strdup(args[1]);
LIST_ADDQ(&curproxy->rsp_add, &wl->list);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
else if (!strcmp(args[0], "errorloc") ||
!strcmp(args[0], "errorloc302") ||
!strcmp(args[0], "errorloc303")) { /* error location */
int errnum, errlen;
char *err;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
if (warnifnotcap(curproxy, PR_CAP_FE | PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (*(args[2]) == 0) {
[MINOR] fix several printf formats and missing arguments Last patch revealed a number of mistakes in printf-like calls, mostly int/long mismatches, and a few missing arguments.
2009-04-03 08:49:12 -04:00
Alert("parsing [%s:%d] : <%s> expects <status_code> and <url> as arguments.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
errnum = atol(args[1]);
if (!strcmp(args[0], "errorloc303")) {
BUILD/MEDIUM: cfgparse: get rid of sprintf() A few occurrences of sprintf() were causing harmless warnings on OpenBSD : src/cfgparse.o(.text+0x259e): In function `cfg_parse_global': src/cfgparse.c:1044: warning: sprintf() is often misused, please use snprintf() These ones were easy to get rid of, so better do it.
2014-04-14 09:00:39 -04:00
errlen = strlen(HTTP_303) + strlen(args[2]) + 5;
err = malloc(errlen);
errlen = snprintf(err, errlen, "%s%s\r\n\r\n", HTTP_303, args[2]);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
} else {
BUILD/MEDIUM: cfgparse: get rid of sprintf() A few occurrences of sprintf() were causing harmless warnings on OpenBSD : src/cfgparse.o(.text+0x259e): In function `cfg_parse_global': src/cfgparse.c:1044: warning: sprintf() is often misused, please use snprintf() These ones were easy to get rid of, so better do it.
2014-04-14 09:00:39 -04:00
errlen = strlen(HTTP_302) + strlen(args[2]) + 5;
err = malloc(errlen);
errlen = snprintf(err, errlen, "%s%s\r\n\r\n", HTTP_302, args[2]);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] store HTTP error messages into a chunk array HTTP error messages were all specific cases handled by an IF. Now they are all in an array so that it will be easier to add new ones. Also, the return functions now use chunks as inputs so that it should be easier to provide alternative return messages if needed.
2006-12-23 14:51:41 -05:00
for (rc = 0; rc < HTTP_ERR_SIZE; rc++) {
if (http_err_codes[rc] == errnum) {
[MAJOR] struct chunk rework Add size to struct chunk and simplify the code as there is no longer required to pass sizeof in chunk_printf().
2009-09-27 07:23:20 -04:00
chunk_destroy(&curproxy->errmsg[rc]);
chunk_initlen(&curproxy->errmsg[rc], err, errlen, errlen);
[MINOR] store HTTP error messages into a chunk array HTTP error messages were all specific cases handled by an IF. Now they are all in an array so that it will be easier to add new ones. Also, the return functions now use chunks as inputs so that it should be easier to provide alternative return messages if needed.
2006-12-23 14:51:41 -05:00
break;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
[MINOR] store HTTP error messages into a chunk array HTTP error messages were all specific cases handled by an IF. Now they are all in an array so that it will be easier to add new ones. Also, the return functions now use chunks as inputs so that it should be easier to provide alternative return messages if needed.
2006-12-23 14:51:41 -05:00
if (rc >= HTTP_ERR_SIZE) {
Warning("parsing [%s:%d] : status code %d not handled, error relocation will be ignored.\n",
file, linenum, errnum);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
free(err);
}
}
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
else if (!strcmp(args[0], "errorfile")) { /* error message from a file */
int errnum, errlen, fd;
char *err;
struct stat stat;
if (warnifnotcap(curproxy, PR_CAP_FE | PR_CAP_BE, file, linenum, args[0], NULL))
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
if (*(args[2]) == 0) {
[MINOR] fix several printf formats and missing arguments Last patch revealed a number of mistakes in printf-like calls, mostly int/long mismatches, and a few missing arguments.
2009-04-03 08:49:12 -04:00
Alert("parsing [%s:%d] : <%s> expects <status_code> and <file> as arguments.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
}
fd = open(args[2], O_RDONLY);
if ((fd < 0) || (fstat(fd, &stat) < 0)) {
Alert("parsing [%s:%d] : error opening file <%s> for custom error message <%s>.\n",
file, linenum, args[2], args[1]);
if (fd >= 0)
close(fd);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
}
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
if (stat.st_size <= global.tune.bufsize) {
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
errlen = stat.st_size;
} else {
Warning("parsing [%s:%d] : custom error message file <%s> larger than %d bytes. Truncating.\n",
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
file, linenum, args[2], global.tune.bufsize);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MEDIUM] make it possible to change the buffer size in the configuration The new tune.bufsize and tune.maxrewrite global directives allow one to change the buffer size and the maxrewrite size. Right now, setting bufsize too low will block stats sockets which will not be able to write at all. An error checking must be added to buffer_write_chunk() so that if it cannot write its message to an empty buffer, it causes the caller to abort.
2009-08-17 01:23:33 -04:00
errlen = global.tune.bufsize;
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
}
err = malloc(errlen); /* malloc() must succeed during parsing */
errnum = read(fd, err, errlen);
if (errnum != errlen) {
Alert("parsing [%s:%d] : error reading file <%s> for custom error message <%s>.\n",
file, linenum, args[2], args[1]);
close(fd);
free(err);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
}
close(fd);
errnum = atol(args[1]);
for (rc = 0; rc < HTTP_ERR_SIZE; rc++) {
if (http_err_codes[rc] == errnum) {
[MAJOR] struct chunk rework Add size to struct chunk and simplify the code as there is no longer required to pass sizeof in chunk_printf().
2009-09-27 07:23:20 -04:00
chunk_destroy(&curproxy->errmsg[rc]);
chunk_initlen(&curproxy->errmsg[rc], err, errlen, errlen);
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
break;
}
}
if (rc >= HTTP_ERR_SIZE) {
Warning("parsing [%s:%d] : status code %d not handled, error customization will be ignored.\n",
file, linenum, errnum);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
[MEDIUM] errorfile: use a local file to feed error messages It is now possible to read error messages from local files, using the 'errorfile' keyword. Those files are read during parsing, so there's no I/O involved. They make it possible to return custom error messages with custom status and headers.
2007-06-10 18:29:26 -04:00
free(err);
}
}
MEDIUM: HTTP compression (zlib library support) This commit introduces HTTP compression using the zlib library. http_response_forward_body has been modified to call the compression functions. This feature includes 3 algorithms: identity, gzip and deflate: * identity: this is mostly for debugging, and it was useful for developping the compression feature. With Content-Length in input, it is making each chunk with the data available in the current buffer. With chunks in input, it is rechunking, the output chunks will be bigger or smaller depending of the size of the input chunk and the size of the buffer. Identity does not apply any change on data. * gzip: same as identity, but applying a gzip compression. The data are deflated using the Z_NO_FLUSH flag in zlib. When there is no more data in the input buffer, it flushes the data in the output buffer (Z_SYNC_FLUSH). At the end of data, when it receives the last chunk in input, or when there is no more data to read, it writes the end of data with Z_FINISH and the ending chunk. * deflate: same as gzip, but with deflate algorithm and zlib format. Note that this algorithm has ambiguous support on many browsers and no support at all from recent ones. It is strongly recommended not to use it for anything else than experimentation. You can't choose the compression ratio at the moment, it will be set to Z_BEST_SPEED (1), as tests have shown very little benefit in terms of compression ration when going above for HTML contents, at the cost of a massive CPU impact. Compression will be activated depending of the Accept-Encoding request header. With identity, it does not take care of that header. To build HAProxy with zlib support, use USE_ZLIB=1 in the make parameters. This work was initially started by David Du Colombier at Exceliance.
2012-10-23 04:25:10 -04:00
else if (!strcmp(args[0], "compression")) {
struct comp *comp;
if (curproxy->comp == NULL) {
comp = calloc(1, sizeof(struct comp));
curproxy->comp = comp;
} else {
comp = curproxy->comp;
}
if (!strcmp(args[1], "algo")) {
int cur_arg;
MEDIUM: compression: use pool for comp_ctx Use pool for comp_ctx, it is allocated during the comp_algo->init(). The allocation of comp_ctx is accounted for in the zlib_memory_available.
2012-11-16 12:06:41 -05:00
struct comp_ctx *ctx;
MINOR: compression: try init in cfgparse.c Try to init and deinit the algorithm in the configuration parser and exit with error if it doesn't work.
2012-11-07 07:21:47 -05:00
MEDIUM: HTTP compression (zlib library support) This commit introduces HTTP compression using the zlib library. http_response_forward_body has been modified to call the compression functions. This feature includes 3 algorithms: identity, gzip and deflate: * identity: this is mostly for debugging, and it was useful for developping the compression feature. With Content-Length in input, it is making each chunk with the data available in the current buffer. With chunks in input, it is rechunking, the output chunks will be bigger or smaller depending of the size of the input chunk and the size of the buffer. Identity does not apply any change on data. * gzip: same as identity, but applying a gzip compression. The data are deflated using the Z_NO_FLUSH flag in zlib. When there is no more data in the input buffer, it flushes the data in the output buffer (Z_SYNC_FLUSH). At the end of data, when it receives the last chunk in input, or when there is no more data to read, it writes the end of data with Z_FINISH and the ending chunk. * deflate: same as gzip, but with deflate algorithm and zlib format. Note that this algorithm has ambiguous support on many browsers and no support at all from recent ones. It is strongly recommended not to use it for anything else than experimentation. You can't choose the compression ratio at the moment, it will be set to Z_BEST_SPEED (1), as tests have shown very little benefit in terms of compression ration when going above for HTML contents, at the cost of a massive CPU impact. Compression will be activated depending of the Accept-Encoding request header. With identity, it does not take care of that header. To build HAProxy with zlib support, use USE_ZLIB=1 in the make parameters. This work was initially started by David Du Colombier at Exceliance.
2012-10-23 04:25:10 -04:00
cur_arg = 2;
if (!*args[cur_arg]) {
Alert("parsing [%s:%d] : '%s' expects <algorithm>\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
while (*(args[cur_arg])) {
if (comp_append_algo(comp, args[cur_arg]) < 0) {
Alert("parsing [%s:%d] : '%s' : '%s' is not a supported algorithm.\n",
file, linenum, args[0], args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: compression: try init in cfgparse.c Try to init and deinit the algorithm in the configuration parser and exit with error if it doesn't work.
2012-11-07 07:21:47 -05:00
if (curproxy->comp->algos->init(&ctx, 9) == 0) {
curproxy->comp->algos->end(&ctx);
} else {
Alert("parsing [%s:%d] : '%s' : Can't init '%s' algorithm.\n",
file, linenum, args[0], args[cur_arg]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: HTTP compression (zlib library support) This commit introduces HTTP compression using the zlib library. http_response_forward_body has been modified to call the compression functions. This feature includes 3 algorithms: identity, gzip and deflate: * identity: this is mostly for debugging, and it was useful for developping the compression feature. With Content-Length in input, it is making each chunk with the data available in the current buffer. With chunks in input, it is rechunking, the output chunks will be bigger or smaller depending of the size of the input chunk and the size of the buffer. Identity does not apply any change on data. * gzip: same as identity, but applying a gzip compression. The data are deflated using the Z_NO_FLUSH flag in zlib. When there is no more data in the input buffer, it flushes the data in the output buffer (Z_SYNC_FLUSH). At the end of data, when it receives the last chunk in input, or when there is no more data to read, it writes the end of data with Z_FINISH and the ending chunk. * deflate: same as gzip, but with deflate algorithm and zlib format. Note that this algorithm has ambiguous support on many browsers and no support at all from recent ones. It is strongly recommended not to use it for anything else than experimentation. You can't choose the compression ratio at the moment, it will be set to Z_BEST_SPEED (1), as tests have shown very little benefit in terms of compression ration when going above for HTML contents, at the cost of a massive CPU impact. Compression will be activated depending of the Accept-Encoding request header. With identity, it does not take care of that header. To build HAProxy with zlib support, use USE_ZLIB=1 in the make parameters. This work was initially started by David Du Colombier at Exceliance.
2012-10-23 04:25:10 -04:00
cur_arg ++;
continue;
}
}
MINOR: compression: add an offload option to remove the Accept-Encoding header This is used when it is desired that backend servers don't compress (eg: because of buggy implementations).
2012-10-26 18:34:28 -04:00
else if (!strcmp(args[1], "offload")) {
comp->offload = 1;
}
MEDIUM: HTTP compression (zlib library support) This commit introduces HTTP compression using the zlib library. http_response_forward_body has been modified to call the compression functions. This feature includes 3 algorithms: identity, gzip and deflate: * identity: this is mostly for debugging, and it was useful for developping the compression feature. With Content-Length in input, it is making each chunk with the data available in the current buffer. With chunks in input, it is rechunking, the output chunks will be bigger or smaller depending of the size of the input chunk and the size of the buffer. Identity does not apply any change on data. * gzip: same as identity, but applying a gzip compression. The data are deflated using the Z_NO_FLUSH flag in zlib. When there is no more data in the input buffer, it flushes the data in the output buffer (Z_SYNC_FLUSH). At the end of data, when it receives the last chunk in input, or when there is no more data to read, it writes the end of data with Z_FINISH and the ending chunk. * deflate: same as gzip, but with deflate algorithm and zlib format. Note that this algorithm has ambiguous support on many browsers and no support at all from recent ones. It is strongly recommended not to use it for anything else than experimentation. You can't choose the compression ratio at the moment, it will be set to Z_BEST_SPEED (1), as tests have shown very little benefit in terms of compression ration when going above for HTML contents, at the cost of a massive CPU impact. Compression will be activated depending of the Accept-Encoding request header. With identity, it does not take care of that header. To build HAProxy with zlib support, use USE_ZLIB=1 in the make parameters. This work was initially started by David Du Colombier at Exceliance.
2012-10-23 04:25:10 -04:00
else if (!strcmp(args[1], "type")) {
int cur_arg;
cur_arg = 2;
if (!*args[cur_arg]) {
Alert("parsing [%s:%d] : '%s' expects <type>\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
while (*(args[cur_arg])) {
comp_append_type(comp, args[cur_arg]);
cur_arg ++;
continue;
}
}
else {
MINOR: compression: add an offload option to remove the Accept-Encoding header This is used when it is desired that backend servers don't compress (eg: because of buggy implementations).
2012-10-26 18:34:28 -04:00
Alert("parsing [%s:%d] : '%s' expects 'algo', 'type' or 'offload'\n",
MEDIUM: HTTP compression (zlib library support) This commit introduces HTTP compression using the zlib library. http_response_forward_body has been modified to call the compression functions. This feature includes 3 algorithms: identity, gzip and deflate: * identity: this is mostly for debugging, and it was useful for developping the compression feature. With Content-Length in input, it is making each chunk with the data available in the current buffer. With chunks in input, it is rechunking, the output chunks will be bigger or smaller depending of the size of the input chunk and the size of the buffer. Identity does not apply any change on data. * gzip: same as identity, but applying a gzip compression. The data are deflated using the Z_NO_FLUSH flag in zlib. When there is no more data in the input buffer, it flushes the data in the output buffer (Z_SYNC_FLUSH). At the end of data, when it receives the last chunk in input, or when there is no more data to read, it writes the end of data with Z_FINISH and the ending chunk. * deflate: same as gzip, but with deflate algorithm and zlib format. Note that this algorithm has ambiguous support on many browsers and no support at all from recent ones. It is strongly recommended not to use it for anything else than experimentation. You can't choose the compression ratio at the moment, it will be set to Z_BEST_SPEED (1), as tests have shown very little benefit in terms of compression ration when going above for HTML contents, at the cost of a massive CPU impact. Compression will be activated depending of the Accept-Encoding request header. With identity, it does not take care of that header. To build HAProxy with zlib support, use USE_ZLIB=1 in the make parameters. This work was initially started by David Du Colombier at Exceliance.
2012-10-23 04:25:10 -04:00
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else {
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
struct cfg_kw_list *kwl;
int index;
list_for_each_entry(kwl, &cfg_keywords.list, list) {
for (index = 0; kwl->kw[index].kw != NULL; index++) {
if (kwl->kw[index].section != CFG_LISTEN)
continue;
if (strcmp(kwl->kw[index].kw, args[0]) == 0) {
/* prepare error message just in case */
MINOR: config: pass the file and line to config keyword parsers This will be needed when we need to create bind config settings.
2012-09-18 14:02:48 -04:00
rc = kwl->kw[index].parse(args, CFG_LISTEN, curproxy, &defproxy, file, linenum, &errmsg);
[MINOR] cfgparse: add support for warnings in external functions Some parsers will need to report warnings in some cases. Let's use positive values for that.
2008-07-09 14:22:56 -04:00
if (rc < 0) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
Alert("parsing [%s:%d] : %s\n", file, linenum, errmsg);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
}
[MINOR] cfgparse: add support for warnings in external functions Some parsers will need to report warnings in some cases. Let's use positive values for that.
2008-07-09 14:22:56 -04:00
else if (rc > 0) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
Warning("parsing [%s:%d] : %s\n", file, linenum, errmsg);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_WARN;
goto out;
[MINOR] cfgparse: add support for warnings in external functions Some parsers will need to report warnings in some cases. Let's use positive values for that.
2008-07-09 14:22:56 -04:00
}
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
goto out;
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
}
}
}
MEDIUM: HTTP compression (zlib library support) This commit introduces HTTP compression using the zlib library. http_response_forward_body has been modified to call the compression functions. This feature includes 3 algorithms: identity, gzip and deflate: * identity: this is mostly for debugging, and it was useful for developping the compression feature. With Content-Length in input, it is making each chunk with the data available in the current buffer. With chunks in input, it is rechunking, the output chunks will be bigger or smaller depending of the size of the input chunk and the size of the buffer. Identity does not apply any change on data. * gzip: same as identity, but applying a gzip compression. The data are deflated using the Z_NO_FLUSH flag in zlib. When there is no more data in the input buffer, it flushes the data in the output buffer (Z_SYNC_FLUSH). At the end of data, when it receives the last chunk in input, or when there is no more data to read, it writes the end of data with Z_FINISH and the ending chunk. * deflate: same as gzip, but with deflate algorithm and zlib format. Note that this algorithm has ambiguous support on many browsers and no support at all from recent ones. It is strongly recommended not to use it for anything else than experimentation. You can't choose the compression ratio at the moment, it will be set to Z_BEST_SPEED (1), as tests have shown very little benefit in terms of compression ration when going above for HTML contents, at the cost of a massive CPU impact. Compression will be activated depending of the Accept-Encoding request header. With identity, it does not take care of that header. To build HAProxy with zlib support, use USE_ZLIB=1 in the make parameters. This work was initially started by David Du Colombier at Exceliance.
2012-10-23 04:25:10 -04:00
[MINOR] report correct section type for unknown keywords. An unknown keyword was always reported in section "listen" for any section type (defaults, listen, frontend, backend, ...).
2008-01-22 10:44:08 -05:00
Alert("parsing [%s:%d] : unknown keyword '%s' in '%s' section\n", file, linenum, args[0], cursection);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
out:
MINOR: cfgparse: use a common errmsg pointer for all parsers In order to generalize the simplified error reporting mechanism, let's centralize the error pointer.
2012-05-08 11:37:49 -04:00
free(errmsg);
[MINOR] config: improve error reporting in listen sections Try not to immediately exit on non-fatal errors while parsing a listen section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument.
2009-07-23 07:19:11 -04:00
return err_code;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MAJOR: namespace: add Linux network namespace support This patch makes it possible to create binds and servers in separate namespaces. This can be used to proxy between multiple completely independent virtual networks (with possibly overlapping IP addresses) and a non-namespace-aware proxy implementation that supports the proxy protocol (v2). The setup is something like this: net1 on VLAN 1 (namespace 1) -\ net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0) net3 on VLAN 3 (namespace 3) -/ The proxy is configured to make server connections through haproxy and sending the expected source/target addresses to haproxy using the proxy protocol. The network namespace setup on the haproxy node is something like this: = 8< = $ cat setup.sh ip netns add 1 ip link add link eth1 type vlan id 1 ip link set eth1.1 netns 1 ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1 ip netns exec 1 ip link set eth1.$id up ... = 8< = = 8< = $ cat haproxy.cfg frontend clients bind 127.0.0.1:50022 namespace 1 transparent default_backend scb backend server mode tcp server server1 192.168.122.4:2222 namespace 2 send-proxy-v2 = 8< = A bind line creates the listener in the specified namespace, and connections originating from that listener also have their network namespace set to that of the listener. A server line either forces the connection to be made in a specified namespace or may use the namespace from the client-side connection if that was set. For more documentation please read the documentation included in the patch itself. Signed-off-by: KOVACS Tamas <ktamas@balabit.com> Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com> Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-17 09:11:45 -05:00
int
cfg_parse_netns(const char *file, int linenum, char **args, int kwm)
{
#ifdef CONFIG_HAP_NS
const char *err;
const char *item = args[0];
if (!strcmp(item, "namespace_list")) {
return 0;
}
else if (!strcmp(item, "namespace")) {
size_t idx = 1;
const char *current;
while (*(current = args[idx++])) {
err = invalid_char(current);
if (err) {
Alert("parsing [%s:%d]: character '%c' is not permitted in '%s' name '%s'.\n",
file, linenum, *err, item, current);
return ERR_ALERT | ERR_FATAL;
}
if (netns_store_lookup(current, strlen(current))) {
Alert("parsing [%s:%d]: Namespace '%s' is already added.\n",
file, linenum, current);
return ERR_ALERT | ERR_FATAL;
}
if (!netns_store_insert(current)) {
Alert("parsing [%s:%d]: Cannot open namespace '%s'.\n",
file, linenum, current);
return ERR_ALERT | ERR_FATAL;
}
}
}
return 0;
#else
Alert("parsing [%s:%d]: namespace support is not compiled in.",
file, linenum);
return ERR_ALERT | ERR_FATAL;
#endif
}
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
int
cfg_parse_users(const char *file, int linenum, char **args, int kwm)
{
int err_code = 0;
const char *err;
if (!strcmp(args[0], "userlist")) { /* new userlist */
struct userlist *newul;
if (!*args[1]) {
Alert("parsing [%s:%d]: '%s' expects <name> as arguments.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: cfgparse: check section maximum number of arguments This patch checks the number of arguments of the keywords: 'global', 'defaults', 'listen', 'backend', 'frontend', 'peers' and 'userlist' The 'global' section does not take any arguments. Proxy sections does not support bind address as argument anymore. Those sections supports only an <id> argument. The 'defaults' section didn't had any check on its arguments. It takes an optional <name> argument. 'peers' section takes a <peersect> argument. 'userlist' section takes a <listname> argument.
2015-04-28 10:55:23 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d]: character '%c' is not permitted in '%s' name '%s'.\n",
file, linenum, *err, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
for (newul = userlist; newul; newul = newul->next)
if (!strcmp(newul->name, args[1])) {
Warning("parsing [%s:%d]: ignoring duplicated userlist '%s'.\n",
file, linenum, args[1]);
err_code |= ERR_WARN;
goto out;
}
newul = (struct userlist *)calloc(1, sizeof(struct userlist));
if (!newul) {
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
newul->name = strdup(args[1]);
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
if (!newul->name) {
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
newul->next = userlist;
userlist = newul;
} else if (!strcmp(args[0], "group")) { /* new group */
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
int cur_arg;
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
const char *err;
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
struct auth_groups *ag;
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
if (!*args[1]) {
Alert("parsing [%s:%d]: '%s' expects <name> as arguments.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d]: character '%c' is not permitted in '%s' name '%s'.\n",
file, linenum, *err, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
BUG/MEDIUM: cfgparse: segfault when userlist is misused If the 'userlist' keyword parsing returns an error and no userlist were previously created. The parsing of 'user' and 'group' leads to NULL derefence. The userlist pointer is now tested to prevent this issue.
2015-05-28 12:03:51 -04:00
if (!userlist)
goto out;
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
for (ag = userlist->groups; ag; ag = ag->next)
if (!strcmp(ag->name, args[1])) {
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
Warning("parsing [%s:%d]: ignoring duplicated group '%s' in userlist '%s'.\n",
file, linenum, args[1], userlist->name);
err_code |= ERR_ALERT;
goto out;
}
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
ag = calloc(1, sizeof(*ag));
if (!ag) {
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
ag->name = strdup(args[1]);
if (!ag) {
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
goto out;
}
cur_arg = 2;
while (*args[cur_arg]) {
if (!strcmp(args[cur_arg], "users")) {
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
ag->groupusers = strdup(args[cur_arg + 1]);
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
cur_arg += 2;
continue;
} else {
Alert("parsing [%s:%d]: '%s' only supports 'users' option.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
ag->next = userlist->groups;
userlist->groups = ag;
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
} else if (!strcmp(args[0], "user")) { /* new user */
struct auth_users *newuser;
int cur_arg;
if (!*args[1]) {
Alert("parsing [%s:%d]: '%s' expects <name> as arguments.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
BUG/MEDIUM: cfgparse: segfault when userlist is misused If the 'userlist' keyword parsing returns an error and no userlist were previously created. The parsing of 'user' and 'group' leads to NULL derefence. The userlist pointer is now tested to prevent this issue.
2015-05-28 12:03:51 -04:00
if (!userlist)
goto out;
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
for (newuser = userlist->users; newuser; newuser = newuser->next)
if (!strcmp(newuser->user, args[1])) {
Warning("parsing [%s:%d]: ignoring duplicated user '%s' in userlist '%s'.\n",
file, linenum, args[1], userlist->name);
err_code |= ERR_ALERT;
goto out;
}
newuser = (struct auth_users *)calloc(1, sizeof(struct auth_users));
if (!newuser) {
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
newuser->user = strdup(args[1]);
newuser->next = userlist->users;
userlist->users = newuser;
cur_arg = 2;
while (*args[cur_arg]) {
if (!strcmp(args[cur_arg], "password")) {
BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported When an unknown encryption algorithm is used in userlists or the password is not pasted correctly in the configuration, http authentication silently fails. An initial check is now performed during the configuration parsing, in order to verify that the encrypted password is supported. An unsupported password will fail with a fatal error. This patch should be backported to 1.4 and 1.5.
2014-08-29 14:20:02 -04:00
#ifdef CONFIG_HAP_CRYPT
if (!crypt("", args[cur_arg + 1])) {
Alert("parsing [%s:%d]: the encrypted password used for user '%s' is not supported by crypt(3).\n",
file, linenum, newuser->user);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
#else
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
Warning("parsing [%s:%d]: no crypt(3) support compiled, encrypted passwords will not work.\n",
file, linenum);
err_code |= ERR_ALERT;
#endif
newuser->pass = strdup(args[cur_arg + 1]);
cur_arg += 2;
continue;
} else if (!strcmp(args[cur_arg], "insecure-password")) {
newuser->pass = strdup(args[cur_arg + 1]);
newuser->flags |= AU_O_INSECURE;
cur_arg += 2;
continue;
} else if (!strcmp(args[cur_arg], "groups")) {
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
newuser->u.groups_names = strdup(args[cur_arg + 1]);
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
cur_arg += 2;
continue;
} else {
Alert("parsing [%s:%d]: '%s' only supports 'password', 'insecure-password' and 'groups' options.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
} else {
Alert("parsing [%s:%d]: unknown keyword '%s' in '%s' section\n", file, linenum, args[0], "users");
err_code |= ERR_ALERT | ERR_FATAL;
}
out:
return err_code;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* This function reads and parses the configuration file given in the argument.
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
* Returns the error code, 0 if OK, or any combination of :
* - ERR_ABORT: must abort ASAP
* - ERR_FATAL: we can continue parsing but not start the service
* - ERR_WARN: a warning has been emitted
* - ERR_ALERT: an alert has been emitted
* Only the two first ones can stop processing, the two others are just
* indicators.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
[CLEANUP] add a few "const char *" where appropriate As suggested by Markus Elfring, a few "const char *" have replaced some "char *" declarations where a function is not expected to modify a value. It does not change the code but it helps detecting coding errors.
2006-10-15 09:17:57 -04:00
int readcfgfile(const char *file)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
MINOR: cfgparse: remove line size limitation Remove the line size limitation of the configuration parser. The buffer is now allocated dynamically and grows when the line is too long.
2015-05-12 08:25:37 -04:00
char *thisline;
int linesize = LINESIZE;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
FILE *f;
int linenum = 0;
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
int err_code = 0;
MEDIUM: config: Dynamic sections. This patch permit to register new sections in the haproxy's configuration file. This run like all the "keyword" registration, it is used during the haproxy initialization, typically with the "__attribute__((constructor))" functions.
2014-03-18 08:54:18 -04:00
struct cfg_section *cs = NULL;
struct cfg_section *ics;
MINOR: cfgparse: remove line size limitation Remove the line size limitation of the configuration parser. The buffer is now allocated dynamically and grows when the line is too long.
2015-05-12 08:25:37 -04:00
int readbytes = 0;
if ((thisline = malloc(sizeof(*thisline) * linesize)) == NULL) {
MEDIUM: cfgparse: expand environment variables Environment variables were expandables only in adresses. Now there are expandables everywhere in the configuration file within double quotes. This patch breaks compatibility with the previous behavior of environment variables in adresses, you must enclose adresses with double quotes to make it work.
2015-05-12 08:27:13 -04:00
Alert("parsing [%s] : out of memory.\n", file);
MINOR: cfgparse: remove line size limitation Remove the line size limitation of the configuration parser. The buffer is now allocated dynamically and grows when the line is too long.
2015-05-12 08:25:37 -04:00
return -1;
}
MEDIUM: config: Dynamic sections. This patch permit to register new sections in the haproxy's configuration file. This run like all the "keyword" registration, it is used during the haproxy initialization, typically with the "__attribute__((constructor))" functions.
2014-03-18 08:54:18 -04:00
/* Register internal sections */
if (!cfg_register_section("listen", cfg_parse_listen) ||
!cfg_register_section("frontend", cfg_parse_listen) ||
!cfg_register_section("backend", cfg_parse_listen) ||
!cfg_register_section("defaults", cfg_parse_listen) ||
!cfg_register_section("global", cfg_parse_global) ||
!cfg_register_section("userlist", cfg_parse_users) ||
MAJOR: namespace: add Linux network namespace support This patch makes it possible to create binds and servers in separate namespaces. This can be used to proxy between multiple completely independent virtual networks (with possibly overlapping IP addresses) and a non-namespace-aware proxy implementation that supports the proxy protocol (v2). The setup is something like this: net1 on VLAN 1 (namespace 1) -\ net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0) net3 on VLAN 3 (namespace 3) -/ The proxy is configured to make server connections through haproxy and sending the expected source/target addresses to haproxy using the proxy protocol. The network namespace setup on the haproxy node is something like this: = 8< = $ cat setup.sh ip netns add 1 ip link add link eth1 type vlan id 1 ip link set eth1.1 netns 1 ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1 ip netns exec 1 ip link set eth1.$id up ... = 8< = = 8< = $ cat haproxy.cfg frontend clients bind 127.0.0.1:50022 namespace 1 transparent default_backend scb backend server mode tcp server server1 192.168.122.4:2222 namespace 2 send-proxy-v2 = 8< = A bind line creates the listener in the specified namespace, and connections originating from that listener also have their network namespace set to that of the listener. A server line either forces the connection to be made in a specified namespace or may use the namespace from the client-side connection if that was set. For more documentation please read the documentation included in the patch itself. Signed-off-by: KOVACS Tamas <ktamas@balabit.com> Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com> Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-17 09:11:45 -05:00
!cfg_register_section("peers", cfg_parse_peers) ||
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
!cfg_register_section("mailers", cfg_parse_mailers) ||
MEDIUM: dns: implement a DNS resolver Implementation of a DNS client in HAProxy to perform name resolution to IP addresses. It relies on the freshly created UDP client to perform the DNS resolution. For now, all UDP socket calls are performed in the DNS layer, but this might change later when the protocols are extended to be more suited to datagram mode. A new section called 'resolvers' is introduced thanks to this patch. It is used to describe DNS servers IP address and also many parameters.
2015-04-13 17:40:55 -04:00
!cfg_register_section("namespace_list", cfg_parse_netns) ||
!cfg_register_section("resolvers", cfg_parse_resolvers))
MEDIUM: config: Dynamic sections. This patch permit to register new sections in the haproxy's configuration file. This run like all the "keyword" registration, it is used during the haproxy initialization, typically with the "__attribute__((constructor))" functions.
2014-03-18 08:54:18 -04:00
return -1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if ((f=fopen(file,"r")) == NULL)
return -1;
MEDIUM: cfgparse: expand environment variables Environment variables were expandables only in adresses. Now there are expandables everywhere in the configuration file within double quotes. This patch breaks compatibility with the previous behavior of environment variables in adresses, you must enclose adresses with double quotes to make it work.
2015-05-12 08:27:13 -04:00
next_line:
MINOR: cfgparse: remove line size limitation Remove the line size limitation of the configuration parser. The buffer is now allocated dynamically and grows when the line is too long.
2015-05-12 08:25:37 -04:00
while (fgets(thisline + readbytes, linesize - readbytes, f) != NULL) {
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
int arg, kwm = KWM_STD;
[MEDIUM] Handle long lines properly Currently, there is a hidden line length limit in the haproxy, set to 256-1 chars. With large acls (for example many hdr(host) matches) it may be not enough and which is even worse, error message may be totally confusing as everything above this limit is treated as a next line: echo -ne "frontend aqq 1.2.3.4:80\nmode http\nacl e hdr(host) -i X X X X X X X www.xx.example.com stats\n"| sed s/X/www.some-host-name.example.com/g > ha.cfg && haproxy -c -f ./ha.cfg [WARNING] 300/163906 (11342) : parsing [./ha.cfg:4] : 'stats' ignored because frontend 'aqq' has no backend capability. Recently I hit simmilar problem and it took me a while to find why requests for "stats" are not handled properly. This patch: - makes the limit configurable (LINESIZE) - increases default line length limit from 256 to 2048 - increases MAX_LINE_ARGS from 40 to 64 - fixes hidden assignment in fgets() - moves arg/end/args/line inside the loop, making code auditing easier - adds a check that shows error if the limit is reached - changes "*line++ = 0;" to "*line++ = '\0';" (cosmetics) With this patch, when LINESIZE is defined to 256, above example produces: [ALERT] 300/164724 (27364) : parsing [/tmp/ha.cfg:3]: line too long, limit: 255. [ALERT] 300/164724 (27364) : Error reading configuration file : /tmp/ha.cfg
2007-10-31 19:33:12 -04:00
char *end;
char *args[MAX_LINE_ARGS + 1];
char *line = thisline;
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
int dquote = 0; /* double quote */
int squote = 0; /* simple quote */
[MEDIUM] Handle long lines properly Currently, there is a hidden line length limit in the haproxy, set to 256-1 chars. With large acls (for example many hdr(host) matches) it may be not enough and which is even worse, error message may be totally confusing as everything above this limit is treated as a next line: echo -ne "frontend aqq 1.2.3.4:80\nmode http\nacl e hdr(host) -i X X X X X X X www.xx.example.com stats\n"| sed s/X/www.some-host-name.example.com/g > ha.cfg && haproxy -c -f ./ha.cfg [WARNING] 300/163906 (11342) : parsing [./ha.cfg:4] : 'stats' ignored because frontend 'aqq' has no backend capability. Recently I hit simmilar problem and it took me a while to find why requests for "stats" are not handled properly. This patch: - makes the limit configurable (LINESIZE) - increases default line length limit from 256 to 2048 - increases MAX_LINE_ARGS from 40 to 64 - fixes hidden assignment in fgets() - moves arg/end/args/line inside the loop, making code auditing easier - adds a check that shows error if the limit is reached - changes "*line++ = 0;" to "*line++ = '\0';" (cosmetics) With this patch, when LINESIZE is defined to 256, above example produces: [ALERT] 300/164724 (27364) : parsing [/tmp/ha.cfg:3]: line too long, limit: 255. [ALERT] 300/164724 (27364) : Error reading configuration file : /tmp/ha.cfg
2007-10-31 19:33:12 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
linenum++;
end = line + strlen(line);
MINOR: cfgparse: remove line size limitation Remove the line size limitation of the configuration parser. The buffer is now allocated dynamically and grows when the line is too long.
2015-05-12 08:25:37 -04:00
if (end-line == linesize-1 && *(end-1) != '\n') {
[MEDIUM] Handle long lines properly Currently, there is a hidden line length limit in the haproxy, set to 256-1 chars. With large acls (for example many hdr(host) matches) it may be not enough and which is even worse, error message may be totally confusing as everything above this limit is treated as a next line: echo -ne "frontend aqq 1.2.3.4:80\nmode http\nacl e hdr(host) -i X X X X X X X www.xx.example.com stats\n"| sed s/X/www.some-host-name.example.com/g > ha.cfg && haproxy -c -f ./ha.cfg [WARNING] 300/163906 (11342) : parsing [./ha.cfg:4] : 'stats' ignored because frontend 'aqq' has no backend capability. Recently I hit simmilar problem and it took me a while to find why requests for "stats" are not handled properly. This patch: - makes the limit configurable (LINESIZE) - increases default line length limit from 256 to 2048 - increases MAX_LINE_ARGS from 40 to 64 - fixes hidden assignment in fgets() - moves arg/end/args/line inside the loop, making code auditing easier - adds a check that shows error if the limit is reached - changes "*line++ = 0;" to "*line++ = '\0';" (cosmetics) With this patch, when LINESIZE is defined to 256, above example produces: [ALERT] 300/164724 (27364) : parsing [/tmp/ha.cfg:3]: line too long, limit: 255. [ALERT] 300/164724 (27364) : Error reading configuration file : /tmp/ha.cfg
2007-10-31 19:33:12 -04:00
/* Check if we reached the limit and the last char is not \n.
* Watch out for the last line without the terminating '\n'!
*/
MINOR: cfgparse: remove line size limitation Remove the line size limitation of the configuration parser. The buffer is now allocated dynamically and grows when the line is too long.
2015-05-12 08:25:37 -04:00
char *newline;
int newlinesize = linesize * 2;
newline = realloc(thisline, sizeof(*thisline) * newlinesize);
if (newline == NULL) {
Alert("parsing [%s:%d]: line too long, cannot allocate memory.\n",
file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
continue;
}
readbytes = linesize - 1;
linesize = newlinesize;
thisline = newline;
continue;
[MEDIUM] Handle long lines properly Currently, there is a hidden line length limit in the haproxy, set to 256-1 chars. With large acls (for example many hdr(host) matches) it may be not enough and which is even worse, error message may be totally confusing as everything above this limit is treated as a next line: echo -ne "frontend aqq 1.2.3.4:80\nmode http\nacl e hdr(host) -i X X X X X X X www.xx.example.com stats\n"| sed s/X/www.some-host-name.example.com/g > ha.cfg && haproxy -c -f ./ha.cfg [WARNING] 300/163906 (11342) : parsing [./ha.cfg:4] : 'stats' ignored because frontend 'aqq' has no backend capability. Recently I hit simmilar problem and it took me a while to find why requests for "stats" are not handled properly. This patch: - makes the limit configurable (LINESIZE) - increases default line length limit from 256 to 2048 - increases MAX_LINE_ARGS from 40 to 64 - fixes hidden assignment in fgets() - moves arg/end/args/line inside the loop, making code auditing easier - adds a check that shows error if the limit is reached - changes "*line++ = 0;" to "*line++ = '\0';" (cosmetics) With this patch, when LINESIZE is defined to 256, above example produces: [ALERT] 300/164724 (27364) : parsing [/tmp/ha.cfg:3]: line too long, limit: 255. [ALERT] 300/164724 (27364) : Error reading configuration file : /tmp/ha.cfg
2007-10-31 19:33:12 -04:00
}
MINOR: cfgparse: remove line size limitation Remove the line size limitation of the configuration parser. The buffer is now allocated dynamically and grows when the line is too long.
2015-05-12 08:25:37 -04:00
readbytes = 0;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* skip leading spaces */
[CLEANUP] shut warnings 'is*' macros from ctype.h on solaris Solaris visibly uses an array for is*, which returns warnings about the use of signed chars as indexes. Good opportunity to put casts everywhere.
2007-06-17 15:51:38 -04:00
while (isspace((unsigned char)*line))
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
line++;
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
arg = 0;
args[arg] = line;
while (*line && arg < MAX_LINE_ARGS) {
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
if (*line == '"' && !squote) { /* double quote outside single quotes */
if (dquote)
dquote = 0;
else
dquote = 1;
BUG/MEDIUM: cfgparse: incorrect memmove in quotes management The size of the memmove was incorrect (one byte too far) in the quotes parser and can lead to segfault during configuration parsing.
2015-05-12 08:01:09 -04:00
memmove(line, line + 1, end - line);
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
end--;
}
else if (*line == '\'' && !dquote) { /* single quote outside double quotes */
if (squote)
squote = 0;
else
squote = 1;
BUG/MEDIUM: cfgparse: incorrect memmove in quotes management The size of the memmove was incorrect (one byte too far) in the quotes parser and can lead to segfault during configuration parsing.
2015-05-12 08:01:09 -04:00
memmove(line, line + 1, end - line);
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
end--;
}
else if (*line == '\\' && !squote) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* first, we'll replace \\, \<space>, \#, \r, \n, \t, \xXX with their
* C equivalent value. Other combinations left unchanged (eg: \1).
*/
int skip = 0;
if (line[1] == ' ' || line[1] == '\\' || line[1] == '#') {
*line = line[1];
skip = 1;
}
else if (line[1] == 'r') {
*line = '\r';
skip = 1;
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else if (line[1] == 'n') {
*line = '\n';
skip = 1;
}
else if (line[1] == 't') {
*line = '\t';
skip = 1;
}
else if (line[1] == 'x') {
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
if ((line + 3 < end) && ishex(line[2]) && ishex(line[3])) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
unsigned char hex1, hex2;
hex1 = toupper(line[2]) - '0';
hex2 = toupper(line[3]) - '0';
if (hex1 > 9) hex1 -= 'A' - '9' - 1;
if (hex2 > 9) hex2 -= 'A' - '9' - 1;
*line = (hex1<<4) + hex2;
skip = 3;
}
else {
Alert("parsing [%s:%d] : invalid or incomplete '\\x' sequence in '%s'.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
} else if (line[1] == '"') {
*line = '"';
skip = 1;
} else if (line[1] == '\'') {
*line = '\'';
skip = 1;
MEDIUM: cfgparse: expand environment variables Environment variables were expandables only in adresses. Now there are expandables everywhere in the configuration file within double quotes. This patch breaks compatibility with the previous behavior of environment variables in adresses, you must enclose adresses with double quotes to make it work.
2015-05-12 08:27:13 -04:00
} else if (line[1] == '$' && dquote) { /* escaping of $ only inside double quotes */
*line = '$';
skip = 1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
if (skip) {
[BUG] Configuration parser bug when escaping characters Today I was testing headers manipulation but I met a bug with my first test. To reproduce it, add for example this line : rspadd Cache-Control:\ max-age=1500 Check the response header, it will provide : Cache-Control: max-age=15000 <= the last character is duplicated This only happens when we use backslashes on the last line of the configuration file, without returning to the line. Also if the last line is like : rspadd Cache-Control:\ max-age=1500\ the last backslash causes a segfault. This is not due to rspadd but to a more general bug in cfgparse.c : ... if (skip) { memmove(line + 1, line + 1 + skip, end - (line + skip + 1)); end -= skip; } ... should be : ... if (skip) { memmove(line + 1, line + 1 + skip, end - (line + skip)); end -= skip; } ... I've reproduced it with haproxy 1.3.22 and the last 1.4 snapshot.
2009-12-06 07:43:42 -05:00
memmove(line + 1, line + 1 + skip, end - (line + skip));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
end -= skip;
}
line++;
}
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
else if ((!squote && !dquote && *line == '#') || *line == '\n' || *line == '\r') {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* end of string, end of loop */
*line = 0;
break;
}
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
else if (!squote && !dquote && isspace((unsigned char)*line)) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* a non-escaped space is an argument separator */
[MEDIUM] Handle long lines properly Currently, there is a hidden line length limit in the haproxy, set to 256-1 chars. With large acls (for example many hdr(host) matches) it may be not enough and which is even worse, error message may be totally confusing as everything above this limit is treated as a next line: echo -ne "frontend aqq 1.2.3.4:80\nmode http\nacl e hdr(host) -i X X X X X X X www.xx.example.com stats\n"| sed s/X/www.some-host-name.example.com/g > ha.cfg && haproxy -c -f ./ha.cfg [WARNING] 300/163906 (11342) : parsing [./ha.cfg:4] : 'stats' ignored because frontend 'aqq' has no backend capability. Recently I hit simmilar problem and it took me a while to find why requests for "stats" are not handled properly. This patch: - makes the limit configurable (LINESIZE) - increases default line length limit from 256 to 2048 - increases MAX_LINE_ARGS from 40 to 64 - fixes hidden assignment in fgets() - moves arg/end/args/line inside the loop, making code auditing easier - adds a check that shows error if the limit is reached - changes "*line++ = 0;" to "*line++ = '\0';" (cosmetics) With this patch, when LINESIZE is defined to 256, above example produces: [ALERT] 300/164724 (27364) : parsing [/tmp/ha.cfg:3]: line too long, limit: 255. [ALERT] 300/164724 (27364) : Error reading configuration file : /tmp/ha.cfg
2007-10-31 19:33:12 -04:00
*line++ = '\0';
[CLEANUP] shut warnings 'is*' macros from ctype.h on solaris Solaris visibly uses an array for is*, which returns warnings about the use of signed chars as indexes. Good opportunity to put casts everywhere.
2007-06-17 15:51:38 -04:00
while (isspace((unsigned char)*line))
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
line++;
args[++arg] = line;
}
MEDIUM: cfgparse: expand environment variables Environment variables were expandables only in adresses. Now there are expandables everywhere in the configuration file within double quotes. This patch breaks compatibility with the previous behavior of environment variables in adresses, you must enclose adresses with double quotes to make it work.
2015-05-12 08:27:13 -04:00
else if (dquote && *line == '$') {
/* environment variables are evaluated inside double quotes */
char *var_beg;
char *var_end;
char save_char;
char *value;
int val_len;
int newlinesize;
int braces = 0;
var_beg = line + 1;
var_end = var_beg;
if (*var_beg == '{') {
var_beg++;
var_end++;
braces = 1;
}
if (!isalpha((int)(unsigned char)*var_beg) && *var_beg != '_') {
Alert("parsing [%s:%d] : Variable expansion: Unrecognized character '%c' in variable name.\n", file, linenum, *var_beg);
err_code |= ERR_ALERT | ERR_FATAL;
goto next_line; /* skip current line */
}
while (isalnum((int)(unsigned char)*var_end) || *var_end == '_')
var_end++;
save_char = *var_end;
*var_end = '\0';
value = getenv(var_beg);
*var_end = save_char;
val_len = value ? strlen(value) : 0;
if (braces) {
if (*var_end == '}') {
var_end++;
braces = 0;
} else {
Alert("parsing [%s:%d] : Variable expansion: Mismatched braces.\n", file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
goto next_line; /* skip current line */
}
}
newlinesize = (end - thisline) - (var_end - line) + val_len + 1;
/* if not enough space in thisline */
if (newlinesize > linesize) {
char *newline;
newline = realloc(thisline, newlinesize * sizeof(*thisline));
if (newline == NULL) {
Alert("parsing [%s:%d] : Variable expansion: Not enough memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
goto next_line; /* slip current line */
}
/* recompute pointers if realloc returns a new pointer */
if (newline != thisline) {
int i;
int diff;
for (i = 0; i <= arg; i++) {
diff = args[i] - thisline;
args[i] = newline + diff;
}
diff = var_end - thisline;
var_end = newline + diff;
diff = end - thisline;
end = newline + diff;
diff = line - thisline;
line = newline + diff;
thisline = newline;
}
linesize = newlinesize;
}
/* insert value inside the line */
memmove(line + val_len, var_end, end - var_end + 1);
memcpy(line, value, val_len);
end += val_len - (var_end - line);
line += val_len;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
else {
line++;
}
}
MEDIUM: cfgparse: expand environment variables Environment variables were expandables only in adresses. Now there are expandables everywhere in the configuration file within double quotes. This patch breaks compatibility with the previous behavior of environment variables in adresses, you must enclose adresses with double quotes to make it work.
2015-05-12 08:27:13 -04:00
MEDIUM: cfgparse: introduce weak and strong quoting This patch introduces quoting which allows to write configuration string including spaces without escaping them. Strong (with single quotes) and weak (with double quotes) quoting are supported. Weak quoting supports escaping and special characters when strong quoting does not interpret anything. This patch could break configuration files where ' and " where used.
2015-05-05 11:37:14 -04:00
if (dquote) {
Alert("parsing [%s:%d] : Mismatched double quotes.\n", file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
}
if (squote) {
Alert("parsing [%s:%d] : Mismatched simple quotes.\n", file, linenum);
err_code |= ERR_ALERT | ERR_FATAL;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* empty line */
if (!**args)
continue;
[BUG] config: fix wrong handling of too large argument count Holger Just reported that running ACLs with too many args caused a segfault during config parsing. This is caused by a wrong test on argument count. In case of too many arguments on a config line, the last one was not correctly zeroed. This is now done and we report the error indicating what part had been truncated. (cherry picked from commit 3b39c1446b9bd842324e87782a836948a07c25a2)
2009-11-09 15:16:53 -05:00
if (*line) {
/* we had to stop due to too many args.
* Let's terminate the string, print the offending part then cut the
* last arg.
*/
while (*line && *line != '#' && *line != '\n' && *line != '\r')
line++;
*line = '\0';
[BUG] format '%d' expects type 'int', but argument 5 has type 'long int' src/cfgparse.c: In function 'readcfgfile': src/cfgparse.c:4087: warning: format '%d' expects type 'int', but argument 5 has type 'long int'
2009-12-15 16:34:51 -05:00
Alert("parsing [%s:%d]: line too long, truncating at word %d, position %ld: <%s>.\n",
[BUG] second fix for the printf format warning Fix 500b8f0349fb52678f5143c49f5a8be5c033a988 fixed the patch for the 64 bit case but caused the opposite type issue to appear on 32 bit platforms. Cast the difference and be done with it since gcc does not agree on type carrying the difference between two pointers on 32 and 64 bit platforms.
2009-12-17 15:12:16 -05:00
file, linenum, arg + 1, (long)(args[arg] - thisline + 1), args[arg]);
[BUG] config: fix wrong handling of too large argument count Holger Just reported that running ACLs with too many args caused a segfault during config parsing. This is caused by a wrong test on argument count. In case of too many arguments on a config line, the last one was not correctly zeroed. This is now done and we report the error indicating what part had been truncated. (cherry picked from commit 3b39c1446b9bd842324e87782a836948a07c25a2)
2009-11-09 15:16:53 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
args[arg] = line;
}
[MEDIUM] ensure that we always have a null word in config It is important when parsing configuration file to ensure that at least one word is empty to mark the end of the line. This will be required with ACLs in order to avoid reading past the end of line.
2007-05-02 14:50:16 -04:00
/* zero out remaining args and ensure that at least one entry
* is zeroed out.
*/
while (++arg <= MAX_LINE_ARGS) {
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
args[arg] = line;
}
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
/* check for keyword modifiers "no" and "default" */
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
if (!strcmp(args[0], "no")) {
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
char *tmp;
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
kwm = KWM_NO;
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
tmp = args[0];
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
for (arg=0; *args[arg+1]; arg++)
args[arg] = args[arg+1]; // shift args after inversion
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
*tmp = '\0'; // fix the next arg to \0
args[arg] = tmp;
[MINOR] config: support resetting options do default values A new keyword prefix "default" has been introduced in order to reset some options to their default values. This can be needed for instance when an option is forced disabled or enabled in a defaults section and when later sections want to use automatic settings regardless of what was specified there. Right now it is only supported by options, just like the "no" prefix.
2009-06-14 05:39:52 -04:00
}
else if (!strcmp(args[0], "default")) {
kwm = KWM_DEF;
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
for (arg=0; *args[arg+1]; arg++)
args[arg] = args[arg+1]; // shift args after inversion
}
MEDIUM: log: Use linked lists for loggers This patch settles the 2 loggers limitation. Loggers are now stored in linked lists. Using "global log", the global loggers list content is added at the end of the current proxy list. Each "log" entries are added at the end of the proxy list. "no log" flush a logger list.
2011-10-12 11:50:54 -04:00
if (kwm != KWM_STD && strcmp(args[0], "option") != 0 && \
strcmp(args[0], "log") != 0) {
Alert("parsing [%s:%d]: negation/default currently supported only for options and log.\n", file, linenum);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
}
MEDIUM: config: Dynamic sections. This patch permit to register new sections in the haproxy's configuration file. This run like all the "keyword" registration, it is used during the haproxy initialization, typically with the "__attribute__((constructor))" functions.
2014-03-18 08:54:18 -04:00
/* detect section start */
list_for_each_entry(ics, &sections, list) {
if (strcmp(args[0], ics->section_name) == 0) {
cursection = ics->section_name;
cs = ics;
break;
}
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* else it's a section keyword */
MEDIUM: config: Dynamic sections. This patch permit to register new sections in the haproxy's configuration file. This run like all the "keyword" registration, it is used during the haproxy initialization, typically with the "__attribute__((constructor))" functions.
2014-03-18 08:54:18 -04:00
if (cs)
err_code |= cs->section_parser(file, linenum, args, kwm);
else {
[MINOR] generic auth support with groups and encrypted passwords Add generic authentication & authorization support. Groups are implemented as bitmaps so the count is limited to sizeof(int)*8 == 32. Encrypted passwords are supported with libcrypt and crypt(3), so it is possible to use any method supported by your system. For example modern Linux/glibc instalations support MD5/SHA-256/SHA-512 and of course classic, DES-based encryption.
2010-01-29 11:50:44 -05:00
Alert("parsing [%s:%d]: unknown keyword '%s' out of section.\n", file, linenum, args[0]);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
if (err_code & ERR_ABORT)
break;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MINOR] report correct section type for unknown keywords. An unknown keyword was always reported in section "listen" for any section type (defaults, listen, frontend, backend, ...).
2008-01-22 10:44:08 -05:00
cursection = NULL;
MINOR: cfgparse: remove line size limitation Remove the line size limitation of the configuration parser. The buffer is now allocated dynamically and grows when the line is too long.
2015-05-12 08:25:37 -04:00
free(thisline);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
fclose(f);
[MINOR] config: improve error reporting in global section Try not to immediately exit on non-fatal errors while parsing the global section, so that the user has a chance to get most of the errors at once, which is quite convenient especially during config checks with the -c argument. Some other errors such as unresolved server names also don't make the parser exit too early.
2009-07-20 03:30:05 -04:00
return err_code;
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
}
MEDIUM: config: properly propagate process binding between proxies We now recursively propagate the bind-process values between frontends and backends instead of doing it during name resolving. This ensures that we're able to properly propagate all the bind-process directives even across "listen" instances, which are not perfectly covered at the moment, depending on the declaration order.
2014-09-16 06:17:36 -04:00
/* This function propagates processes from frontend <from> to backend <to> so
* that it is always guaranteed that a backend pointed to by a frontend is
* bound to all of its processes. After that, if the target is a "listen"
* instance, the function recursively descends the target's own targets along
MAJOR: config: remove the deprecated reqsetbe / reqisetbe actions These ones were already obsoleted in 1.4, marked for removal in 1.5, and not documented anymore. They used to emit warnings, and do still require quite some code to stay in place. Let's remove them now.
2015-05-26 06:18:29 -04:00
* default_backend and use_backend rules. Since the bits are
MEDIUM: config: properly propagate process binding between proxies We now recursively propagate the bind-process values between frontends and backends instead of doing it during name resolving. This ensures that we're able to properly propagate all the bind-process directives even across "listen" instances, which are not perfectly covered at the moment, depending on the declaration order.
2014-09-16 06:17:36 -04:00
* checked first to ensure that <to> is already bound to all processes of
* <from>, there is no risk of looping and we ensure to follow the shortest
* path to the destination.
*
* It is possible to set <to> to NULL for the first call so that the function
* takes care of visiting the initial frontend in <from>.
*
* It is important to note that the function relies on the fact that all names
* have already been resolved.
*/
void propagate_processes(struct proxy *from, struct proxy *to)
{
struct switching_rule *rule;
if (to) {
/* check whether we need to go down */
if (from->bind_proc &&
(from->bind_proc & to->bind_proc) == from->bind_proc)
return;
if (!from->bind_proc && !to->bind_proc)
return;
to->bind_proc = from->bind_proc ?
(to->bind_proc | from->bind_proc) : 0;
/* now propagate down */
from = to;
}
BUG/MINOR: config: fix typo in condition when propagating process binding propagate_processes() has a typo in a condition : if (!from->cap & PR_CAP_FE) return; The return is never taken because each proxy has at least one capability so !from->cap always evaluates to zero. Most of the time the caller already checks that <from> is a frontend. In the cases where it's not tested (use_backend, reqsetbe), the rules have been checked for the context to be a frontend as well, so in the end it had no nasty side effect. This should be backported to 1.5.
2014-12-18 07:56:26 -05:00
if (!(from->cap & PR_CAP_FE))
MEDIUM: config: properly propagate process binding between proxies We now recursively propagate the bind-process values between frontends and backends instead of doing it during name resolving. This ensures that we're able to properly propagate all the bind-process directives even across "listen" instances, which are not perfectly covered at the moment, depending on the declaration order.
2014-09-16 06:17:36 -04:00
return;
BUG/MEDIUM: config: do not propagate processes between stopped processes Immo Goltz reported a case of segfault while parsing the config where we try to propagate processes across stopped frontends (those with a "disabled" statement). The fix is trivial. The workaround consists in commenting out these frontends, although not always easy. This fix must be backported to 1.5.
2014-12-18 08:00:43 -05:00
if (from->state == PR_STSTOPPED)
return;
MEDIUM: config: properly propagate process binding between proxies We now recursively propagate the bind-process values between frontends and backends instead of doing it during name resolving. This ensures that we're able to properly propagate all the bind-process directives even across "listen" instances, which are not perfectly covered at the moment, depending on the declaration order.
2014-09-16 06:17:36 -04:00
/* default_backend */
if (from->defbe.be)
propagate_processes(from, from->defbe.be);
/* use_backend */
list_for_each_entry(rule, &from->switching_rules, list) {
BUG/MINOR: config: don't propagate process binding for dynamic use_backend A segfault was reported with the introduction of the propagate_processes() function. It was caused when a use_backend rule was declared with a dynamic name, using a log-format string. The backend is not resolved during the configuration, which lead to the segfault. The patch prevents the process binding propagation for such dynamic rules, it should also be backported to 1.5.
2014-10-02 13:56:25 -04:00
if (rule->dynamic)
continue;
MEDIUM: config: properly propagate process binding between proxies We now recursively propagate the bind-process values between frontends and backends instead of doing it during name resolving. This ensures that we're able to properly propagate all the bind-process directives even across "listen" instances, which are not perfectly covered at the moment, depending on the declaration order.
2014-09-16 06:17:36 -04:00
to = rule->be.backend;
propagate_processes(from, to);
}
}
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
/*
* Returns the error code, 0 if OK, or any combination of :
* - ERR_ABORT: must abort ASAP
* - ERR_FATAL: we can continue parsing but not start the service
* - ERR_WARN: a warning has been emitted
* - ERR_ALERT: an alert has been emitted
* Only the two first ones can stop processing, the two others are just
* indicators.
*/
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
int check_config_validity()
{
int cfgerr = 0;
struct proxy *curproxy = NULL;
struct server *newsrv = NULL;
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
int err_code = 0;
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
unsigned int next_pxid = 1;
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
struct bind_conf *bind_conf;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
bind_conf = NULL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* Now, check for the integrity of all that we have collected.
*/
/* will be needed further to delay some tasks */
[MEDIUM] further improve monotonic clock by check forward jumps The first implementation of the monotonic clock did not verify forward jumps. The consequence is that a fast changing time may expire a lot of tasks. While it does seem minor, in fact it is problematic because most machines which boot with a wrong date are in the past and suddenly see their time jump by several years in the future. The solution is to check if we spent more apparent time in a poller than allowed (with a margin applied). The margin is currently set to 1000 ms. It should be large enough for any poll() to complete. Tests with randomly jumping clock show that the result is quite accurate (error less than 1 second at every change of more than one second).
2008-06-23 08:00:57 -04:00
tv_update_date(0,1);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: http: allow the cookie capture size to be changed Some users need more than 64 characters to log large cookies. The limit was set to 63 characters (and not 64 as previously documented). Now it is possible to change this using the global "tune.http.cookielen" setting if required.
2012-11-21 18:17:38 -05:00
if (!global.tune.max_http_hdr)
global.tune.max_http_hdr = MAX_HTTP_HDR;
if (!global.tune.cookie_len)
global.tune.cookie_len = CAPTURE_LEN;
pool2_capture = create_pool("capture", global.tune.cookie_len, MEM_F_SHARED);
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
/* Post initialisation of the users and groups lists. */
err_code = userlist_postinit();
if (err_code != ERR_NONE)
goto out;
[MEDIUM] reverse internal proxy declaration order to match configuration People are regularly complaining that proxies are linked in reverse order when reading the stats. This is now definitely fixed because the proxy order is now fixed to match configuration order.
2009-03-15 09:51:53 -04:00
/* first, we will invert the proxy list order */
curproxy = NULL;
while (proxy) {
struct proxy *next;
next = proxy->next;
proxy->next = curproxy;
curproxy = proxy;
if (!next)
break;
proxy = next;
}
MEDIUM: config: compute the exact bind-process before listener's maxaccept This is a continuation of previous patch, the listener's maxaccept is divided by the number of processes, so it's best if we can swap the two blocks so that the number of processes is already known when computing the maxaccept value.
2014-09-16 07:41:21 -04:00
for (curproxy = proxy; curproxy; curproxy = curproxy->next) {
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
struct switching_rule *rule;
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
struct server_rule *srule;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
struct sticking_rule *mrule;
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
struct act_rule *trule;
struct act_rule *hrqrule;
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
unsigned int next_id;
MEDIUM: adjust the maxaccept per listener depending on the number of processes global.tune.maxaccept was used for all listeners. This becomes really not convenient when some listeners are bound to a single process and other ones are bound to many processes. Now we change the principle : we count the number of processes a listener is bound to, and apply the maxaccept either entirely if there is a single process, or divided by twice the number of processes in order to maintain fairness. The default limit has also been increased from 32 to 64 as it appeared that on small machines, 32 was too low to achieve high connection rates.
2012-11-19 06:39:59 -05:00
int nbproc;
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
MEDIUM: proxy: add the global frontend to the list of normal proxies Since recent changes on the global frontend, it was not possible anymore to soft-reload a process which had a stats socket because the socket would not be disabled upon reload. The only solution to this endless madness is to have the global frontend part of normal proxies. Since we don't want to get an ID that shifts all other proxies and causes trouble in deployed environments, we assign it ID #0 which other proxies can't grab, and we don't report it in the stats pages.
2012-10-04 02:47:34 -04:00
if (curproxy->uuid < 0) {
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
/* proxy ID not set, use automatic numbering with first
* spare entry starting with next_pxid.
*/
next_pxid = get_next_id(&used_proxy_id, next_pxid);
curproxy->conf.id.key = curproxy->uuid = next_pxid;
eb32_insert(&used_proxy_id, &curproxy->conf.id);
}
[BUG] pxid/puid/luid: don't shift IDs when some of them are forced [WT: it was not a bug, I did it on purpose to leave no hole between IDs, though it's not very practical when admins want to force some entries after they have been used, because they'd rather leave a hole than renumber everything ] Forcing some of IDs should not shift others. Regression introduced in 53fb4ae261b6e0e33e618f5cabbacc1657c19cc5 ---cut here--- global stats socket /home/ole/haproxy.stat user ole group ole mode 660 frontend F1 bind 127.0.0.1:9999 mode http backend B1 mode http backend B2 mode http id 9999 backend B3 mode http backend B4 mode http ---cut here--- Before 53fb4ae261b6e0e33e618f5cabbacc1657c19cc5: $ echo "show stat" | socat unix-connect:/home/ole/haproxy.stat stdio|cut -d , -f 28 iid 1 2 9999 4 5 After 53fb4ae261b6e0e33e618f5cabbacc1657c19cc5: $ echo "show stat" | socat unix-connect:/home/ole/haproxy.stat stdio|cut -d , -f 28 iid 1 2 9999 3 4 With this patch: $ echo "show stat" | socat unix-connect:/home/ole/haproxy.stat stdio|cut -d , -f 28 iid 1 2 9999 4 5
2010-02-05 14:58:27 -05:00
next_pxid++;
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (curproxy->state == PR_STSTOPPED) {
[BUG] ensure that listeners from disabled proxies are correctly unbound. There is a problem when an instance is marked "disabled". Its ports are still bound but will not be unbound upon termination. This causes processes to accumulate during soft restarts, and might even cause failures to restart new ones due to the inability to bind to the same port. The ideal solution would be to bind all ports at the end of the configuration parsing. An acceptable workaround is to unbind all listeners of disabled proxies. This is what the current patch does. (cherry picked from commit a944218e9c1d5ff1aca34609146389dc680335b7) (cherry picked from commit 8cfebbb82b87345bade831920177077e7d25840a)
2008-10-12 06:07:48 -04:00
/* ensure we don't keep listeners uselessly bound */
stop_proxy(curproxy);
BUG/MINOR: config: clear proxy->table.peers.p for disabled proxies If a table in a disabled proxy references a peers section, the peers name is not resolved to a pointer to a table, but since it belongs to a union, it can later be dereferenced. Right now it seems it cannot happen, but it definitely will after the pending changes. It doesn't cost anything to backport this into 1.5, it will make gdb sessions less head-scratching.
2015-05-01 13:59:56 -04:00
free((void *)curproxy->table.peers.name);
curproxy->table.peers.p = NULL;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
continue;
}
MEDIUM: config: check the bind-process settings according to nbproc When a bind-process setting is present in a frontend or backend, we now verify that the specified process range at least shares one common process with those defined globally by nbproc. Then if the value is set, it is reduced to the one enforced by nbproc. A warning is emitted if process count does not match, and the fix is done the following way : - if a single process was specified in the range, it's remapped to process #1 - if more than one process was specified, the binding is removed and all processes are usable. Note that since backends may inherit their settings from frontends, depending on the declaration order, they may or may not be reported as warnings.
2014-05-07 17:56:38 -04:00
/* Check multi-process mode compatibility for the current proxy */
if (curproxy->bind_proc) {
/* an explicit bind-process was specified, let's check how many
* processes remain.
*/
BUILD/MINOR: tools: rename popcount to my_popcountl This is in order to avoid conflicting with NetBSD popcount* functions since 6.x release, the final l to mentions the argument is a long like NetBSD does. This patch could be backported to 1.5 to fix the build issue there as well.
2015-07-02 03:00:17 -04:00
nbproc = my_popcountl(curproxy->bind_proc);
MEDIUM: config: check the bind-process settings according to nbproc When a bind-process setting is present in a frontend or backend, we now verify that the specified process range at least shares one common process with those defined globally by nbproc. Then if the value is set, it is reduced to the one enforced by nbproc. A warning is emitted if process count does not match, and the fix is done the following way : - if a single process was specified in the range, it's remapped to process #1 - if more than one process was specified, the binding is removed and all processes are usable. Note that since backends may inherit their settings from frontends, depending on the declaration order, they may or may not be reported as warnings.
2014-05-07 17:56:38 -04:00
curproxy->bind_proc &= nbits(global.nbproc);
if (!curproxy->bind_proc && nbproc == 1) {
Warning("Proxy '%s': the process specified on the 'bind-process' directive refers to a process number that is higher than global.nbproc. The proxy has been forced to run on process 1 only.\n", curproxy->id);
curproxy->bind_proc = 1;
}
else if (!curproxy->bind_proc && nbproc > 1) {
Warning("Proxy '%s': all processes specified on the 'bind-process' directive refer to numbers that are all higher than global.nbproc. The directive was ignored and the proxy will run on all processes.\n", curproxy->id);
curproxy->bind_proc = 0;
}
}
MEDIUM: listener: inherit the process mask from the proxy When a process list is specified on either the proxy or the bind lines, the latter is refined to the intersection of the two. A warning is emitted if no intersection is found, and the situation is fixed by either falling back to the first process of the proxy or to all processes.
2014-05-09 11:06:11 -04:00
/* check and reduce the bind-proc of each listener */
list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
unsigned long mask;
if (!bind_conf->bind_proc)
continue;
mask = nbits(global.nbproc);
if (curproxy->bind_proc)
mask &= curproxy->bind_proc;
/* mask cannot be null here thanks to the previous checks */
BUILD/MINOR: tools: rename popcount to my_popcountl This is in order to avoid conflicting with NetBSD popcount* functions since 6.x release, the final l to mentions the argument is a long like NetBSD does. This patch could be backported to 1.5 to fix the build issue there as well.
2015-07-02 03:00:17 -04:00
nbproc = my_popcountl(bind_conf->bind_proc);
MEDIUM: listener: inherit the process mask from the proxy When a process list is specified on either the proxy or the bind lines, the latter is refined to the intersection of the two. A warning is emitted if no intersection is found, and the situation is fixed by either falling back to the first process of the proxy or to all processes.
2014-05-09 11:06:11 -04:00
bind_conf->bind_proc &= mask;
if (!bind_conf->bind_proc && nbproc == 1) {
Warning("Proxy '%s': the process number specified on the 'process' directive of 'bind %s' at [%s:%d] refers to a process not covered by the proxy. This has been fixed by forcing it to run on the proxy's first process only.\n",
curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
bind_conf->bind_proc = mask & ~(mask - 1);
}
else if (!bind_conf->bind_proc && nbproc > 1) {
Warning("Proxy '%s': the process range specified on the 'process' directive of 'bind %s' at [%s:%d] only refers to processes not covered by the proxy. The directive was ignored so that all of the proxy's processes are used.\n",
curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
bind_conf->bind_proc = 0;
}
}
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
switch (curproxy->mode) {
case PR_MODE_HEALTH:
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
cfgerr += proxy_cfg_ensure_no_http(curproxy);
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
if (!(curproxy->cap & PR_CAP_FE)) {
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
Alert("config : %s '%s' cannot be in health mode as it has no frontend capability.\n",
proxy_type_str(curproxy), curproxy->id);
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
cfgerr++;
}
if (curproxy->srv != NULL)
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
Warning("config : servers will be ignored for %s '%s'.\n",
proxy_type_str(curproxy), curproxy->id);
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
break;
case PR_MODE_TCP:
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
cfgerr += proxy_cfg_ensure_no_http(curproxy);
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
break;
case PR_MODE_HTTP:
MEDIUM: proxy: remove acl_requires and just keep a flag "http_needed" Proxy's acl_requires was a copy of all bits taken from ACLs, but we'll get rid of ACL flags and only rely on sample fetches soon. The proxy's acl_requires was only used to allocate an HTTP context when needed, and was even forced in HTTP mode. So better have a flag which exactly says what it's supposed to be used for.
2013-03-24 02:22:08 -04:00
curproxy->http_needed = 1;
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
break;
}
MEDIUM: config: emit a warning on a frontend without listener Commit c6678e2 ("MEDIUM: config: authorize frontend and listen without bind") completely removed the test for bind lines in frontends in order to make it easier for automated tools to generate configs (eg: replacing a bind with another one passing via a temporary config without any bind line). The problem is that some common mistakes are totally hidden now. For example, this apparently valid entry is silently ignored : listen 1.2.3.4:8000 server s1 127.0.0.1:8000 Hint: 1.2.3.4:8000 is mistakenly the proxy name here. Thus instead we now emit a warning to indicate that a frontend was found with no listener. This should be backported to 1.5 to help spot abnormal configurations.
2015-08-11 05:36:45 -04:00
if ((curproxy->cap & PR_CAP_FE) && LIST_ISEMPTY(&curproxy->conf.listeners)) {
Warning("config : %s '%s' has no 'bind' directive. Please declare it as a backend if this was intended.\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
}
[MINOR] cfgparse: set backends to "balance roundrobin" by default When a backend has no LB algo specified and is not in dispatch, proxy nor transparent mode, use "balance roundrobin" by default instead of complaining. This will be particularly useful with stats and redirects.
2009-03-15 09:06:41 -04:00
if ((curproxy->cap & PR_CAP_BE) && (curproxy->mode != PR_MODE_HEALTH)) {
[MINOR] backend: separate declarations of LB algos from their lookup method LB algo macros were composed of the LB algo by itself without any indication of the method to use to look up a server (the lb function itself). This method was implied by the LB algo, which was not very convenient to add more algorithms. Now we have several fields in the LB macros, some to describe what to look for in the requests, some to describe how to transform that (kind of algo) and some to describe what lookup function to use. The next patch will make it possible to factor out some code for all algos which rely on a map.
2009-10-03 06:21:20 -04:00
if (curproxy->lbprm.algo & BE_LB_KIND) {
[MINOR] cfgparse: set backends to "balance roundrobin" by default When a backend has no LB algo specified and is not in dispatch, proxy nor transparent mode, use "balance roundrobin" by default instead of complaining. This will be particularly useful with stats and redirects.
2009-03-15 09:06:41 -04:00
if (curproxy->options & PR_O_TRANSP) {
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
Alert("config : %s '%s' cannot use both transparent and balance mode.\n",
proxy_type_str(curproxy), curproxy->id);
[MINOR] cfgparse: set backends to "balance roundrobin" by default When a backend has no LB algo specified and is not in dispatch, proxy nor transparent mode, use "balance roundrobin" by default instead of complaining. This will be particularly useful with stats and redirects.
2009-03-15 09:06:41 -04:00
cfgerr++;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#ifdef WE_DONT_SUPPORT_SERVERLESS_LISTENERS
[MINOR] cfgparse: set backends to "balance roundrobin" by default When a backend has no LB algo specified and is not in dispatch, proxy nor transparent mode, use "balance roundrobin" by default instead of complaining. This will be particularly useful with stats and redirects.
2009-03-15 09:06:41 -04:00
else if (curproxy->srv == NULL) {
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
Alert("config : %s '%s' needs at least 1 server in balance mode.\n",
proxy_type_str(curproxy), curproxy->id);
[MINOR] cfgparse: set backends to "balance roundrobin" by default When a backend has no LB algo specified and is not in dispatch, proxy nor transparent mode, use "balance roundrobin" by default instead of complaining. This will be particularly useful with stats and redirects.
2009-03-15 09:06:41 -04:00
cfgerr++;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#endif
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
else if (curproxy->options & PR_O_DISPATCH) {
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
Warning("config : dispatch address of %s '%s' will be ignored in balance mode.\n",
proxy_type_str(curproxy), curproxy->id);
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
err_code |= ERR_WARN;
[MINOR] cfgparse: set backends to "balance roundrobin" by default When a backend has no LB algo specified and is not in dispatch, proxy nor transparent mode, use "balance roundrobin" by default instead of complaining. This will be particularly useful with stats and redirects.
2009-03-15 09:06:41 -04:00
}
}
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
else if (!(curproxy->options & (PR_O_TRANSP | PR_O_DISPATCH | PR_O_HTTP_PROXY))) {
[MINOR] cfgparse: set backends to "balance roundrobin" by default When a backend has no LB algo specified and is not in dispatch, proxy nor transparent mode, use "balance roundrobin" by default instead of complaining. This will be particularly useful with stats and redirects.
2009-03-15 09:06:41 -04:00
/* If no LB algo is set in a backend, and we're not in
* transparent mode, dispatch mode nor proxy mode, we
* want to use balance roundrobin by default.
*/
curproxy->lbprm.algo &= ~BE_LB_ALGO;
curproxy->lbprm.algo |= BE_LB_ALGO_RR;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
}
[MEDIUM] fix configuration sanity checks for TCP listeners A log chain of if/else prevented many sanity checks from being performed on TCP listeners, resulting in dangerous configs being accepted. Removed the offending 'else'.
2007-09-17 04:17:23 -04:00
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
if (curproxy->options & PR_O_DISPATCH)
curproxy->options &= ~(PR_O_TRANSP | PR_O_HTTP_PROXY);
else if (curproxy->options & PR_O_HTTP_PROXY)
curproxy->options &= ~(PR_O_DISPATCH | PR_O_TRANSP);
else if (curproxy->options & PR_O_TRANSP)
curproxy->options &= ~(PR_O_DISPATCH | PR_O_HTTP_PROXY);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
if ((curproxy->options2 & PR_O2_CHK_ANY) != PR_O2_HTTP_CHK) {
if (curproxy->options & PR_O_DISABLE404) {
Warning("config : '%s' will be ignored for %s '%s' (requires 'option httpchk').\n",
"disable-on-404", proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
curproxy->options &= ~PR_O_DISABLE404;
}
if (curproxy->options2 & PR_O2_CHK_SNDST) {
Warning("config : '%s' will be ignored for %s '%s' (requires 'option httpchk').\n",
"send-state", proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
curproxy->options &= ~PR_O2_CHK_SNDST;
}
[MINOR] checks: add the server's status in the checks Now a server can check the contents of the header X-Haproxy-Server-State to know how haproxy sees it. The same values as those reported in the stats are provided : - up/down status + check counts - throttle - weight vs backend weight - active sessions vs backend sessions - queue length - haproxy node name
2010-01-27 05:53:01 -05:00
}
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
if ((curproxy->options2 & PR_O2_CHK_ANY) == PR_O2_EXT_CHK) {
if (!global.external_check) {
Alert("Proxy '%s' : '%s' unable to find required 'global.external-check'.\n",
curproxy->id, "option external-check");
cfgerr++;
}
if (!curproxy->check_command) {
Alert("Proxy '%s' : '%s' unable to find required 'external-check command'.\n",
curproxy->id, "option external-check");
cfgerr++;
}
}
MEDIUM: Allow suppression of email alerts by log level This patch adds a new option which allows configuration of the maximum log level of messages for which email alerts will be sent. The default is alert which is more restrictive than the current code which sends email alerts for all priorities. That behaviour may be configured using the new configuration option to set the maximum level to notice or greater. email-alert level notice Signed-off-by: Simon Horman <horms@verge.net.au>
2015-02-05 21:11:57 -05:00
if (curproxy->email_alert.set) {
MEDIUM: Support sending email alerts Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:23:00 -05:00
if (!(curproxy->email_alert.mailers.name && curproxy->email_alert.from && curproxy->email_alert.to)) {
Warning("config : 'email-alert' will be ignored for %s '%s' (the presence any of "
MEDIUM: Allow suppression of email alerts by log level This patch adds a new option which allows configuration of the maximum log level of messages for which email alerts will be sent. The default is alert which is more restrictive than the current code which sends email alerts for all priorities. That behaviour may be configured using the new configuration option to set the maximum level to notice or greater. email-alert level notice Signed-off-by: Simon Horman <horms@verge.net.au>
2015-02-05 21:11:57 -05:00
"'email-alert from', 'email-alert level' 'email-alert mailer', "
"'email-alert hostname', or 'email-alert to' "
MEDIUM: Support sending email alerts Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:23:00 -05:00
"requrires each of 'email-alert from', 'email-alert mailer' and 'email-alert' "
"to be present).\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
free_email_alert(curproxy);
}
if (!curproxy->email_alert.myhostname)
curproxy->email_alert.myhostname = hostname;
MEDIUM: Allow configuration of email alerts This currently does nothing beyond parsing the configuration and storing in the proxy as there is no implementation of email alerts. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:59 -05:00
}
MEDIUM: Add external check Add an external check which makes use of an external process to check the status of a server.
2014-06-19 23:30:16 -04:00
if (curproxy->check_command) {
int clear = 0;
if ((curproxy->options2 & PR_O2_CHK_ANY) != PR_O2_EXT_CHK) {
Warning("config : '%s' will be ignored for %s '%s' (requires 'option external-check').\n",
"external-check command", proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
clear = 1;
}
if (curproxy->check_command[0] != '/' && !curproxy->check_path) {
Alert("Proxy '%s': '%s' does not have a leading '/' and 'external-command path' is not set.\n",
curproxy->id, "external-check command");
cfgerr++;
}
if (clear) {
free(curproxy->check_command);
curproxy->check_command = NULL;
}
}
if (curproxy->check_path) {
if ((curproxy->options2 & PR_O2_CHK_ANY) != PR_O2_EXT_CHK) {
Warning("config : '%s' will be ignored for %s '%s' (requires 'option external-check').\n",
"external-check path", proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
free(curproxy->check_path);
curproxy->check_path = NULL;
}
}
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
/* if a default backend was specified, let's find it */
if (curproxy->defbe.name) {
struct proxy *target;
MEDIUM: config: clarify the conflicting modes detection for backend rules We don't use findproxy_mode() anymore so we can check the conflicting modes and report the anomalies accordingly with line numbers and more explicit details.
2015-05-26 06:04:09 -04:00
target = proxy_be_by_name(curproxy->defbe.name);
[MEDIUM] Implement and use generic findproxy and relax duplicated proxy check This patch: - adds proxy_mode_str() similar to proxy_type_str() - adds a generic findproxy function used with default_backend/setbe/use_backed - rewrite default_backend/senbe/use_backed to use introduced findproxy() - relaxes duplicated proxy check - changes capabilities displaying from "%X" to "%s" with a call to proxy_type_str()
2007-11-03 18:41:58 -04:00
if (!target) {
Alert("Proxy '%s': unable to find required default_backend: '%s'.\n",
curproxy->id, curproxy->defbe.name);
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
cfgerr++;
} else if (target == curproxy) {
[MEDIUM] Implement and use generic findproxy and relax duplicated proxy check This patch: - adds proxy_mode_str() similar to proxy_type_str() - adds a generic findproxy function used with default_backend/setbe/use_backed - rewrite default_backend/senbe/use_backed to use introduced findproxy() - relaxes duplicated proxy check - changes capabilities displaying from "%X" to "%s" with a call to proxy_type_str()
2007-11-03 18:41:58 -04:00
Alert("Proxy '%s': loop detected for default_backend: '%s'.\n",
curproxy->id, curproxy->defbe.name);
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
cfgerr++;
MEDIUM: config: clarify the conflicting modes detection for backend rules We don't use findproxy_mode() anymore so we can check the conflicting modes and report the anomalies accordingly with line numbers and more explicit details.
2015-05-26 06:04:09 -04:00
} else if (target->mode != curproxy->mode &&
!(curproxy->mode == PR_MODE_TCP && target->mode == PR_MODE_HTTP)) {
Alert("%s %s '%s' (%s:%d) tries to use incompatible %s %s '%s' (%s:%d) as its default backend (see 'mode').\n",
proxy_mode_str(curproxy->mode), proxy_type_str(curproxy), curproxy->id,
curproxy->conf.file, curproxy->conf.line,
proxy_mode_str(target->mode), proxy_type_str(target), target->id,
target->conf.file, target->conf.line);
cfgerr++;
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
} else {
free(curproxy->defbe.name);
curproxy->defbe.be = target;
MINOR: config: emit a warning when 'default_backend' masks servers When a "listen" instance uses a "default_backned" rule and has servers, the servers will never be used. Report it so that users don't get trapped.
2012-02-13 08:32:34 -05:00
/* Emit a warning if this proxy also has some servers */
if (curproxy->srv) {
Warning("In proxy '%s', the 'default_backend' rule always has precedence over the servers, which will never be used.\n",
curproxy->id);
err_code |= ERR_WARN;
}
[MEDIUM] implemented the "default_backend" keyword The "default_backend" keyword used in a frontend sets the default backend which will be used if no setbe rule matches.
2007-01-01 17:11:07 -05:00
}
}
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
/* find the target proxy for 'use_backend' rules */
list_for_each_entry(rule, &curproxy->switching_rules, list) {
struct proxy *target;
MEDIUM: proxy: support use_backend with dynamic names We have a use case where we look up a customer ID in an HTTP header and direct it to the corresponding server. This can easily be done using ACLs and use_backend rules, but the configuration becomes painful to maintain when the number of customers grows to a few tens or even a several hundreds. We realized it would be nice if we could make the use_backend resolve its name at run time instead of config parsing time, and use a similar expression as http-request add-header to decide on the proper backend to use. This permits the use of prefixes or even complex names in backend expressions. If no name matches, then the default backend is used. Doing so allowed us to get rid of all the use_backend rules. Since there are some config checks on the use_backend rules to see if the referenced backend exists, we want to keep them to detect config errors in normal config. So this patch does not modify the default behaviour and proceeds this way : - if the backend name in the use_backend directive parses as a log format rule, it's used as-is and is resolved at run time ; - otherwise it's a static name which must be valid at config time. There was the possibility of doing this with the use-server directive instead of use_backend, but it seems like use_backend is more suited to this task, as it can be used for other purposes. For example, it becomes easy to serve a customer-specific proxy.pac file based on the customer ID by abusing the errorfile primitive : use_backend bk_cust_%[hdr(X-Cust-Id)] if { hdr(X-Cust-Id) -m found } default_backend bk_err_404 backend bk_cust_1 errorfile 200 /etc/haproxy/static/proxy.pac.cust1 Signed-off-by: Bertrand Jacquin <bjacquin@exosec.fr>
2013-11-19 05:43:06 -05:00
struct logformat_node *node;
char *pxname;
/* Try to parse the string as a log format expression. If the result
* of the parsing is only one entry containing a simple string, then
* it's a standard string corresponding to a static rule, thus the
* parsing is cancelled and be.name is restored to be resolved.
*/
pxname = rule->be.name;
LIST_INIT(&rule->be.expr);
parse_logformat_string(pxname, curproxy, &rule->be.expr, 0, SMP_VAL_FE_HRQ_HDR,
curproxy->conf.args.file, curproxy->conf.args.line);
node = LIST_NEXT(&rule->be.expr, struct logformat_node *, list);
if (!LIST_ISEMPTY(&rule->be.expr)) {
if (node->type != LOG_FMT_TEXT || node->list.n != &rule->be.expr) {
rule->dynamic = 1;
free(pxname);
continue;
}
/* simple string: free the expression and fall back to static rule */
free(node->arg);
free(node);
}
rule->dynamic = 0;
rule->be.name = pxname;
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
MEDIUM: config: clarify the conflicting modes detection for backend rules We don't use findproxy_mode() anymore so we can check the conflicting modes and report the anomalies accordingly with line numbers and more explicit details.
2015-05-26 06:04:09 -04:00
target = proxy_be_by_name(rule->be.name);
[MEDIUM] Implement and use generic findproxy and relax duplicated proxy check This patch: - adds proxy_mode_str() similar to proxy_type_str() - adds a generic findproxy function used with default_backend/setbe/use_backed - rewrite default_backend/senbe/use_backed to use introduced findproxy() - relaxes duplicated proxy check - changes capabilities displaying from "%X" to "%s" with a call to proxy_type_str()
2007-11-03 18:41:58 -04:00
if (!target) {
Alert("Proxy '%s': unable to find required use_backend: '%s'.\n",
curproxy->id, rule->be.name);
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
cfgerr++;
} else if (target == curproxy) {
[MEDIUM] Implement and use generic findproxy and relax duplicated proxy check This patch: - adds proxy_mode_str() similar to proxy_type_str() - adds a generic findproxy function used with default_backend/setbe/use_backed - rewrite default_backend/senbe/use_backed to use introduced findproxy() - relaxes duplicated proxy check - changes capabilities displaying from "%X" to "%s" with a call to proxy_type_str()
2007-11-03 18:41:58 -04:00
Alert("Proxy '%s': loop detected for use_backend: '%s'.\n",
curproxy->id, rule->be.name);
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
cfgerr++;
MEDIUM: config: clarify the conflicting modes detection for backend rules We don't use findproxy_mode() anymore so we can check the conflicting modes and report the anomalies accordingly with line numbers and more explicit details.
2015-05-26 06:04:09 -04:00
} else if (target->mode != curproxy->mode &&
!(curproxy->mode == PR_MODE_TCP && target->mode == PR_MODE_HTTP)) {
Alert("%s %s '%s' (%s:%d) tries to use incompatible %s %s '%s' (%s:%d) in a 'use_backend' rule (see 'mode').\n",
proxy_mode_str(curproxy->mode), proxy_type_str(curproxy), curproxy->id,
curproxy->conf.file, curproxy->conf.line,
proxy_mode_str(target->mode), proxy_type_str(target), target->id,
target->conf.file, target->conf.line);
cfgerr++;
[MAJOR] added the 'use_backend' keyword for full content-switching The new "use_backend" keyword permits full content switching by the use of ACLs. Its usage is simple : use_backend <backend_name> {if|unless} <acl_cond>
2007-06-17 13:56:27 -04:00
} else {
free((void *)rule->be.name);
rule->be.backend = target;
}
}
MEDIUM: config: properly propagate process binding between proxies We now recursively propagate the bind-process values between frontends and backends instead of doing it during name resolving. This ensures that we're able to properly propagate all the bind-process directives even across "listen" instances, which are not perfectly covered at the moment, depending on the declaration order.
2014-09-16 06:17:36 -04:00
/* find the target server for 'use_server' rules */
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
list_for_each_entry(srule, &curproxy->server_rules, list) {
struct server *target = findserver(curproxy, srule->srv.name);
if (!target) {
Alert("config : %s '%s' : unable to find server '%s' referenced in a 'use-server' rule.\n",
proxy_type_str(curproxy), curproxy->id, srule->srv.name);
cfgerr++;
continue;
}
free((void *)srule->srv.name);
srule->srv.ptr = target;
}
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
/* find the target table for 'stick' rules */
list_for_each_entry(mrule, &curproxy->sticking_rules, list) {
struct proxy *target;
[MEDIUM] Add stick and store rules analysers.
2010-01-04 09:47:17 -05:00
curproxy->be_req_ana |= AN_REQ_STICKING_RULES;
if (mrule->flags & STK_IS_STORE)
curproxy->be_rsp_ana |= AN_RES_STORE_RULES;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
if (mrule->table.name)
CLEANUP: proxy: make the proxy lookup functions more user-friendly First, findproxy() was renamed proxy_find_by_name() so that its explicit that a name is required for the lookup. Second, we give this function the ability to search for tables if needed. Third we now provide inline wrappers to pass the appropriate PR_CAP_* flags and to explicitly look up a frontend, backend or table.
2015-05-26 05:24:42 -04:00
target = proxy_tbl_by_name(mrule->table.name);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
else
target = curproxy;
if (!target) {
Alert("Proxy '%s': unable to find stick-table '%s'.\n",
curproxy->id, mrule->table.name);
cfgerr++;
}
else if (target->table.size == 0) {
Alert("Proxy '%s': stick-table '%s' used but not configured.\n",
curproxy->id, mrule->table.name ? mrule->table.name : curproxy->id);
cfgerr++;
}
REORG: use the name "sample" instead of "pattern" to designate extracted data This is mainly a massive renaming in the code to get it in line with the calling convention. Next patch will rename a few files to complete this operation.
2012-04-27 15:37:17 -04:00
else if (!stktable_compatible_sample(mrule->expr, target->table.type)) {
Alert("Proxy '%s': type of fetch not usable with type of stick-table '%s'.\n",
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
curproxy->id, mrule->table.name ? mrule->table.name : curproxy->id);
cfgerr++;
}
else {
free((void *)mrule->table.name);
mrule->table.t = &(target->table);
[MEDIUM] stick-tables: add support for arguments to data_types Some data types will require arguments (eg: period for a rate counter). This patch adds support for such arguments between parenthesis in the "store" directive of the stick-table statement. Right now only integers are supported.
2010-06-20 03:11:39 -04:00
stktable_alloc_data_type(&target->table, STKTABLE_DT_SERVER_ID, NULL);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
}
}
/* find the target table for 'store response' rules */
list_for_each_entry(mrule, &curproxy->storersp_rules, list) {
struct proxy *target;
[MEDIUM] Add stick and store rules analysers.
2010-01-04 09:47:17 -05:00
curproxy->be_rsp_ana |= AN_RES_STORE_RULES;
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
if (mrule->table.name)
CLEANUP: proxy: make the proxy lookup functions more user-friendly First, findproxy() was renamed proxy_find_by_name() so that its explicit that a name is required for the lookup. Second, we give this function the ability to search for tables if needed. Third we now provide inline wrappers to pass the appropriate PR_CAP_* flags and to explicitly look up a frontend, backend or table.
2015-05-26 05:24:42 -04:00
target = proxy_tbl_by_name(mrule->table.name);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
else
target = curproxy;
if (!target) {
Alert("Proxy '%s': unable to find store table '%s'.\n",
curproxy->id, mrule->table.name);
cfgerr++;
}
else if (target->table.size == 0) {
Alert("Proxy '%s': stick-table '%s' used but not configured.\n",
curproxy->id, mrule->table.name ? mrule->table.name : curproxy->id);
cfgerr++;
}
REORG: use the name "sample" instead of "pattern" to designate extracted data This is mainly a massive renaming in the code to get it in line with the calling convention. Next patch will rename a few files to complete this operation.
2012-04-27 15:37:17 -04:00
else if (!stktable_compatible_sample(mrule->expr, target->table.type)) {
Alert("Proxy '%s': type of fetch not usable with type of stick-table '%s'.\n",
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
curproxy->id, mrule->table.name ? mrule->table.name : curproxy->id);
cfgerr++;
}
else {
free((void *)mrule->table.name);
mrule->table.t = &(target->table);
[MEDIUM] stick-tables: add support for arguments to data_types Some data types will require arguments (eg: period for a rate counter). This patch adds support for such arguments between parenthesis in the "store" directive of the stick-table statement. Right now only integers are supported.
2010-06-20 03:11:39 -04:00
stktable_alloc_data_type(&target->table, STKTABLE_DT_SERVER_ID, NULL);
[MEDIUM] Add stick table configuration and init.
2010-01-04 09:45:53 -05:00
}
}
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 15:04:55 -04:00
/* find the target table for 'tcp-request' layer 4 rules */
list_for_each_entry(trule, &curproxy->tcp_req.l4_rules, list) {
struct proxy *target;
MINOR: actions: change actions names For performances considerations, some actions are not processed by remote function. They are directly processed by the function. Some of these actions does the same things but for different processing part (request / response). This patch give the same name for the same actions, and change the normalization of the other actions names. This patch is ONLY a rename, it doesn't modify the code.
2015-08-05 13:05:19 -04:00
if (trule->action < ACT_ACTION_TRK_SC0 || trule->action > ACT_ACTION_TRK_SCMAX)
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 15:04:55 -04:00
continue;
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
if (trule->arg.trk_ctr.table.n)
target = proxy_tbl_by_name(trule->arg.trk_ctr.table.n);
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 15:04:55 -04:00
else
target = curproxy;
[MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules Doing so allows us to track counters from backends or depending on contents. For instance, it now becomes possible to decide to track a connection based on a Host header if enough time is granted to parse the HTTP request. It is also possible to just track frontend counters in the frontend and unconditionally track backend counters in the backend without having to write complex rules. The first track-fe-counters rule executed is used to track counters for the frontend, and the first track-be-counters rule executed is used to track counters for the backend. Nothing prevents a frontend from setting a track-be rule nor a backend from setting a track-fe rule. In fact these rules are arbitrarily split between FE and BE with no dependencies.
2010-08-03 13:34:32 -04:00
if (!target) {
[MINOR] session-counters: use "track-sc{1,2}" instead of "track-{fe,be}-counters" The assumption that there was a 1:1 relation between tracked counters and the frontend/backend role was wrong. It is perfectly possible to track the track-fe-counters from the backend and the track-be-counters from the frontend. Thus, in order to reduce confusion, let's remove this useless {fe,be} reference and simply use {1,2} instead. The keywords have also been renamed in order to limit confusion. The ACL rule action now becomes "track-sc{1,2}". The ACLs are now "sc{1,2}_*" instead of "trk{fe,be}_*". That means that we can reasonably document "sc1" and "sc2" (sticky counters 1 and 2) as sort of patterns that are available during the whole session's life and use them just like any other pattern.
2010-08-06 13:06:56 -04:00
Alert("Proxy '%s': unable to find table '%s' referenced by track-sc%d.\n",
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
curproxy->id, trule->arg.trk_ctr.table.n,
BUG/MINOR: config: report the correct track-sc number in tcp-rules When parsing track-sc* actions in tcp-request rules, we now automatically compute the track-sc identifier number using %d when displaying an error message. But the ID has become wrong since we introduced sc0, we continue to report id+1 in error messages causing some confusion. No backport is needed.
2013-12-02 17:29:05 -05:00
tcp_trk_idx(trule->action));
[MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules Doing so allows us to track counters from backends or depending on contents. For instance, it now becomes possible to decide to track a connection based on a Host header if enough time is granted to parse the HTTP request. It is also possible to just track frontend counters in the frontend and unconditionally track backend counters in the backend without having to write complex rules. The first track-fe-counters rule executed is used to track counters for the frontend, and the first track-be-counters rule executed is used to track counters for the backend. Nothing prevents a frontend from setting a track-be rule nor a backend from setting a track-fe rule. In fact these rules are arbitrarily split between FE and BE with no dependencies.
2010-08-03 13:34:32 -04:00
cfgerr++;
}
else if (target->table.size == 0) {
Alert("Proxy '%s': table '%s' used but not configured.\n",
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
curproxy->id, trule->arg.trk_ctr.table.n ? trule->arg.trk_ctr.table.n : curproxy->id);
[MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules Doing so allows us to track counters from backends or depending on contents. For instance, it now becomes possible to decide to track a connection based on a Host header if enough time is granted to parse the HTTP request. It is also possible to just track frontend counters in the frontend and unconditionally track backend counters in the backend without having to write complex rules. The first track-fe-counters rule executed is used to track counters for the frontend, and the first track-be-counters rule executed is used to track counters for the backend. Nothing prevents a frontend from setting a track-be rule nor a backend from setting a track-fe rule. In fact these rules are arbitrarily split between FE and BE with no dependencies.
2010-08-03 13:34:32 -04:00
cfgerr++;
}
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
else if (!stktable_compatible_sample(trule->arg.trk_ctr.expr, target->table.type)) {
MINOR: config: improve error checking on TCP stick-table tracking Commit 5d5b5d added support for multiple types to track-sc* but forgot to check that the types are compatible with the stick-tables.
2012-12-11 18:25:44 -05:00
Alert("Proxy '%s': stick-table '%s' uses a type incompatible with the 'track-sc%d' rule.\n",
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
curproxy->id, trule->arg.trk_ctr.table.n ? trule->arg.trk_ctr.table.n : curproxy->id,
BUG/MINOR: config: report the correct track-sc number in tcp-rules When parsing track-sc* actions in tcp-request rules, we now automatically compute the track-sc identifier number using %d when displaying an error message. But the ID has become wrong since we introduced sc0, we continue to report id+1 in error messages causing some confusion. No backport is needed.
2013-12-02 17:29:05 -05:00
tcp_trk_idx(trule->action));
MINOR: config: improve error checking on TCP stick-table tracking Commit 5d5b5d added support for multiple types to track-sc* but forgot to check that the types are compatible with the stick-tables.
2012-12-11 18:25:44 -05:00
cfgerr++;
}
[MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules Doing so allows us to track counters from backends or depending on contents. For instance, it now becomes possible to decide to track a connection based on a Host header if enough time is granted to parse the HTTP request. It is also possible to just track frontend counters in the frontend and unconditionally track backend counters in the backend without having to write complex rules. The first track-fe-counters rule executed is used to track counters for the frontend, and the first track-be-counters rule executed is used to track counters for the backend. Nothing prevents a frontend from setting a track-be rule nor a backend from setting a track-fe rule. In fact these rules are arbitrarily split between FE and BE with no dependencies.
2010-08-03 13:34:32 -04:00
else {
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
free(trule->arg.trk_ctr.table.n);
trule->arg.trk_ctr.table.t = &target->table;
[MINOR] session-counters: use "track-sc{1,2}" instead of "track-{fe,be}-counters" The assumption that there was a 1:1 relation between tracked counters and the frontend/backend role was wrong. It is perfectly possible to track the track-fe-counters from the backend and the track-be-counters from the frontend. Thus, in order to reduce confusion, let's remove this useless {fe,be} reference and simply use {1,2} instead. The keywords have also been renamed in order to limit confusion. The ACL rule action now becomes "track-sc{1,2}". The ACLs are now "sc{1,2}_*" instead of "trk{fe,be}_*". That means that we can reasonably document "sc1" and "sc2" (sticky counters 1 and 2) as sort of patterns that are available during the whole session's life and use them just like any other pattern.
2010-08-06 13:06:56 -04:00
/* Note: if we decide to enhance the track-sc syntax, we may be able
[MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules Doing so allows us to track counters from backends or depending on contents. For instance, it now becomes possible to decide to track a connection based on a Host header if enough time is granted to parse the HTTP request. It is also possible to just track frontend counters in the frontend and unconditionally track backend counters in the backend without having to write complex rules. The first track-fe-counters rule executed is used to track counters for the frontend, and the first track-be-counters rule executed is used to track counters for the backend. Nothing prevents a frontend from setting a track-be rule nor a backend from setting a track-fe rule. In fact these rules are arbitrarily split between FE and BE with no dependencies.
2010-08-03 13:34:32 -04:00
* to pass a list of counters to track and allocate them right here using
* stktable_alloc_data_type().
*/
}
}
/* find the target table for 'tcp-request' layer 6 rules */
list_for_each_entry(trule, &curproxy->tcp_req.inspect_rules, list) {
struct proxy *target;
MINOR: actions: change actions names For performances considerations, some actions are not processed by remote function. They are directly processed by the function. Some of these actions does the same things but for different processing part (request / response). This patch give the same name for the same actions, and change the normalization of the other actions names. This patch is ONLY a rename, it doesn't modify the code.
2015-08-05 13:05:19 -04:00
if (trule->action < ACT_ACTION_TRK_SC0 || trule->action > ACT_ACTION_TRK_SCMAX)
[MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules Doing so allows us to track counters from backends or depending on contents. For instance, it now becomes possible to decide to track a connection based on a Host header if enough time is granted to parse the HTTP request. It is also possible to just track frontend counters in the frontend and unconditionally track backend counters in the backend without having to write complex rules. The first track-fe-counters rule executed is used to track counters for the frontend, and the first track-be-counters rule executed is used to track counters for the backend. Nothing prevents a frontend from setting a track-be rule nor a backend from setting a track-fe rule. In fact these rules are arbitrarily split between FE and BE with no dependencies.
2010-08-03 13:34:32 -04:00
continue;
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
if (trule->arg.trk_ctr.table.n)
target = proxy_tbl_by_name(trule->arg.trk_ctr.table.n);
[MEDIUM] tcp: accept the "track-counters" in "tcp-request content" rules Doing so allows us to track counters from backends or depending on contents. For instance, it now becomes possible to decide to track a connection based on a Host header if enough time is granted to parse the HTTP request. It is also possible to just track frontend counters in the frontend and unconditionally track backend counters in the backend without having to write complex rules. The first track-fe-counters rule executed is used to track counters for the frontend, and the first track-be-counters rule executed is used to track counters for the backend. Nothing prevents a frontend from setting a track-be rule nor a backend from setting a track-fe rule. In fact these rules are arbitrarily split between FE and BE with no dependencies.
2010-08-03 13:34:32 -04:00
else
target = curproxy;
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 15:04:55 -04:00
if (!target) {
[MINOR] session-counters: use "track-sc{1,2}" instead of "track-{fe,be}-counters" The assumption that there was a 1:1 relation between tracked counters and the frontend/backend role was wrong. It is perfectly possible to track the track-fe-counters from the backend and the track-be-counters from the frontend. Thus, in order to reduce confusion, let's remove this useless {fe,be} reference and simply use {1,2} instead. The keywords have also been renamed in order to limit confusion. The ACL rule action now becomes "track-sc{1,2}". The ACLs are now "sc{1,2}_*" instead of "trk{fe,be}_*". That means that we can reasonably document "sc1" and "sc2" (sticky counters 1 and 2) as sort of patterns that are available during the whole session's life and use them just like any other pattern.
2010-08-06 13:06:56 -04:00
Alert("Proxy '%s': unable to find table '%s' referenced by track-sc%d.\n",
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
curproxy->id, trule->arg.trk_ctr.table.n,
BUG/MINOR: config: report the correct track-sc number in tcp-rules When parsing track-sc* actions in tcp-request rules, we now automatically compute the track-sc identifier number using %d when displaying an error message. But the ID has become wrong since we introduced sc0, we continue to report id+1 in error messages causing some confusion. No backport is needed.
2013-12-02 17:29:05 -05:00
tcp_trk_idx(trule->action));
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 15:04:55 -04:00
cfgerr++;
}
else if (target->table.size == 0) {
Alert("Proxy '%s': table '%s' used but not configured.\n",
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
curproxy->id, trule->arg.trk_ctr.table.n ? trule->arg.trk_ctr.table.n : curproxy->id);
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 15:04:55 -04:00
cfgerr++;
}
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
else if (!stktable_compatible_sample(trule->arg.trk_ctr.expr, target->table.type)) {
MINOR: config: improve error checking on TCP stick-table tracking Commit 5d5b5d added support for multiple types to track-sc* but forgot to check that the types are compatible with the stick-tables.
2012-12-11 18:25:44 -05:00
Alert("Proxy '%s': stick-table '%s' uses a type incompatible with the 'track-sc%d' rule.\n",
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
curproxy->id, trule->arg.trk_ctr.table.n ? trule->arg.trk_ctr.table.n : curproxy->id,
BUG/MINOR: config: report the correct track-sc number in tcp-rules When parsing track-sc* actions in tcp-request rules, we now automatically compute the track-sc identifier number using %d when displaying an error message. But the ID has become wrong since we introduced sc0, we continue to report id+1 in error messages causing some confusion. No backport is needed.
2013-12-02 17:29:05 -05:00
tcp_trk_idx(trule->action));
MINOR: config: improve error checking on TCP stick-table tracking Commit 5d5b5d added support for multiple types to track-sc* but forgot to check that the types are compatible with the stick-tables.
2012-12-11 18:25:44 -05:00
cfgerr++;
}
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 15:04:55 -04:00
else {
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
free(trule->arg.trk_ctr.table.n);
trule->arg.trk_ctr.table.t = &target->table;
[MINOR] session-counters: use "track-sc{1,2}" instead of "track-{fe,be}-counters" The assumption that there was a 1:1 relation between tracked counters and the frontend/backend role was wrong. It is perfectly possible to track the track-fe-counters from the backend and the track-be-counters from the frontend. Thus, in order to reduce confusion, let's remove this useless {fe,be} reference and simply use {1,2} instead. The keywords have also been renamed in order to limit confusion. The ACL rule action now becomes "track-sc{1,2}". The ACLs are now "sc{1,2}_*" instead of "trk{fe,be}_*". That means that we can reasonably document "sc1" and "sc2" (sticky counters 1 and 2) as sort of patterns that are available during the whole session's life and use them just like any other pattern.
2010-08-06 13:06:56 -04:00
/* Note: if we decide to enhance the track-sc syntax, we may be able
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 15:04:55 -04:00
* to pass a list of counters to track and allocate them right here using
* stktable_alloc_data_type().
*/
}
}
MEDIUM: http: add the track-sc* actions to http-request rules Add support for http-request track-sc, similar to what is done in tcp-request for backends. A new act_prm field was added to HTTP request rules to store the track params (table, counter). Just like for TCP rules, the table is resolved while checking for config validity. The code was mostly copied from the TCP code with the exception that here we also count the HTTP request count and rate by hand. Probably that something could be factored out in the future. It seems like tracking flags should be improved to mark each hook which tracks a key so that we can have some check points where to increase counters of the past if not done yet, a bit like is done for TRACK_BACKEND.
2014-06-25 12:12:15 -04:00
/* find the target table for 'http-request' layer 7 rules */
list_for_each_entry(hrqrule, &curproxy->http_req_rules, list) {
struct proxy *target;
MINOR: actions: change actions names For performances considerations, some actions are not processed by remote function. They are directly processed by the function. Some of these actions does the same things but for different processing part (request / response). This patch give the same name for the same actions, and change the normalization of the other actions names. This patch is ONLY a rename, it doesn't modify the code.
2015-08-05 13:05:19 -04:00
if (hrqrule->action < ACT_ACTION_TRK_SC0 || hrqrule->action > ACT_ACTION_TRK_SCMAX)
MEDIUM: http: add the track-sc* actions to http-request rules Add support for http-request track-sc, similar to what is done in tcp-request for backends. A new act_prm field was added to HTTP request rules to store the track params (table, counter). Just like for TCP rules, the table is resolved while checking for config validity. The code was mostly copied from the TCP code with the exception that here we also count the HTTP request count and rate by hand. Probably that something could be factored out in the future. It seems like tracking flags should be improved to mark each hook which tracks a key so that we can have some check points where to increase counters of the past if not done yet, a bit like is done for TRACK_BACKEND.
2014-06-25 12:12:15 -04:00
continue;
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
if (hrqrule->arg.trk_ctr.table.n)
target = proxy_tbl_by_name(hrqrule->arg.trk_ctr.table.n);
MEDIUM: http: add the track-sc* actions to http-request rules Add support for http-request track-sc, similar to what is done in tcp-request for backends. A new act_prm field was added to HTTP request rules to store the track params (table, counter). Just like for TCP rules, the table is resolved while checking for config validity. The code was mostly copied from the TCP code with the exception that here we also count the HTTP request count and rate by hand. Probably that something could be factored out in the future. It seems like tracking flags should be improved to mark each hook which tracks a key so that we can have some check points where to increase counters of the past if not done yet, a bit like is done for TRACK_BACKEND.
2014-06-25 12:12:15 -04:00
else
target = curproxy;
if (!target) {
Alert("Proxy '%s': unable to find table '%s' referenced by track-sc%d.\n",
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
curproxy->id, hrqrule->arg.trk_ctr.table.n,
MEDIUM: http: add the track-sc* actions to http-request rules Add support for http-request track-sc, similar to what is done in tcp-request for backends. A new act_prm field was added to HTTP request rules to store the track params (table, counter). Just like for TCP rules, the table is resolved while checking for config validity. The code was mostly copied from the TCP code with the exception that here we also count the HTTP request count and rate by hand. Probably that something could be factored out in the future. It seems like tracking flags should be improved to mark each hook which tracks a key so that we can have some check points where to increase counters of the past if not done yet, a bit like is done for TRACK_BACKEND.
2014-06-25 12:12:15 -04:00
http_req_trk_idx(hrqrule->action));
cfgerr++;
}
else if (target->table.size == 0) {
Alert("Proxy '%s': table '%s' used but not configured.\n",
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
curproxy->id, hrqrule->arg.trk_ctr.table.n ? hrqrule->arg.trk_ctr.table.n : curproxy->id);
MEDIUM: http: add the track-sc* actions to http-request rules Add support for http-request track-sc, similar to what is done in tcp-request for backends. A new act_prm field was added to HTTP request rules to store the track params (table, counter). Just like for TCP rules, the table is resolved while checking for config validity. The code was mostly copied from the TCP code with the exception that here we also count the HTTP request count and rate by hand. Probably that something could be factored out in the future. It seems like tracking flags should be improved to mark each hook which tracks a key so that we can have some check points where to increase counters of the past if not done yet, a bit like is done for TRACK_BACKEND.
2014-06-25 12:12:15 -04:00
cfgerr++;
}
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
else if (!stktable_compatible_sample(hrqrule->arg.trk_ctr.expr, target->table.type)) {
MEDIUM: http: add the track-sc* actions to http-request rules Add support for http-request track-sc, similar to what is done in tcp-request for backends. A new act_prm field was added to HTTP request rules to store the track params (table, counter). Just like for TCP rules, the table is resolved while checking for config validity. The code was mostly copied from the TCP code with the exception that here we also count the HTTP request count and rate by hand. Probably that something could be factored out in the future. It seems like tracking flags should be improved to mark each hook which tracks a key so that we can have some check points where to increase counters of the past if not done yet, a bit like is done for TRACK_BACKEND.
2014-06-25 12:12:15 -04:00
Alert("Proxy '%s': stick-table '%s' uses a type incompatible with the 'track-sc%d' rule.\n",
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
curproxy->id, hrqrule->arg.trk_ctr.table.n ? hrqrule->arg.trk_ctr.table.n : curproxy->id,
MEDIUM: http: add the track-sc* actions to http-request rules Add support for http-request track-sc, similar to what is done in tcp-request for backends. A new act_prm field was added to HTTP request rules to store the track params (table, counter). Just like for TCP rules, the table is resolved while checking for config validity. The code was mostly copied from the TCP code with the exception that here we also count the HTTP request count and rate by hand. Probably that something could be factored out in the future. It seems like tracking flags should be improved to mark each hook which tracks a key so that we can have some check points where to increase counters of the past if not done yet, a bit like is done for TRACK_BACKEND.
2014-06-25 12:12:15 -04:00
http_req_trk_idx(hrqrule->action));
cfgerr++;
}
else {
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
free(hrqrule->arg.trk_ctr.table.n);
hrqrule->arg.trk_ctr.table.t = &target->table;
MEDIUM: http: add the track-sc* actions to http-request rules Add support for http-request track-sc, similar to what is done in tcp-request for backends. A new act_prm field was added to HTTP request rules to store the track params (table, counter). Just like for TCP rules, the table is resolved while checking for config validity. The code was mostly copied from the TCP code with the exception that here we also count the HTTP request count and rate by hand. Probably that something could be factored out in the future. It seems like tracking flags should be improved to mark each hook which tracks a key so that we can have some check points where to increase counters of the past if not done yet, a bit like is done for TRACK_BACKEND.
2014-06-25 12:12:15 -04:00
/* Note: if we decide to enhance the track-sc syntax, we may be able
* to pass a list of counters to track and allocate them right here using
* stktable_alloc_data_type().
*/
}
}
MEDIUM: http: emulate "block" rules using "http-request" rules The "block" rules are redundant with http-request rules because they are performed immediately before and do exactly the same thing as "http-request deny". Moreover, this duplication has led to a few minor stats accounting issues fixed lately. Instead of keeping the two rule sets, we now build a list of "block" rules that we compile as "http-request block" and that we later insert at the beginning of the "http-request" rules. The only user-visible change is that in case of a parsing error, the config parser will now report "http-request block rule" instead of "blocking condition".
2014-04-28 16:06:57 -04:00
/* move any "block" rules at the beginning of the http-request rules */
if (!LIST_ISEMPTY(&curproxy->block_rules)) {
/* insert block_rules into http_req_rules at the beginning */
curproxy->block_rules.p->n = curproxy->http_req_rules.n;
curproxy->http_req_rules.n->p = curproxy->block_rules.p;
curproxy->block_rules.n->p = &curproxy->http_req_rules;
curproxy->http_req_rules.n = curproxy->block_rules.n;
LIST_INIT(&curproxy->block_rules);
}
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
if (curproxy->table.peers.name) {
struct peers *curpeers = peers;
for (curpeers = peers; curpeers; curpeers = curpeers->next) {
if (strcmp(curpeers->id, curproxy->table.peers.name) == 0) {
free((void *)curproxy->table.peers.name);
BUG/MEDIUM: peers: only the last peers section was used by tables Due to a typo in the peers section lookup code, the last declared peers section was used instead of the one matching the requested name. This bug has been there since the very first commit on peers section (1.5-dev2).
2013-01-17 15:34:52 -05:00
curproxy->table.peers.p = curpeers;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
break;
}
}
if (!curpeers) {
Alert("Proxy '%s': unable to find sync peers '%s'.\n",
curproxy->id, curproxy->table.peers.name);
BUG/MINOR: fix a segfault when parsing a config with undeclared peers Baptiste Assmann reported that a config where a non-existing peers section is referenced by a stick-table causes a segfault after displaying the error. This is caused by the freeing of the peers. Setting it to NULL after displaying the error fixes the issue.
2011-10-28 08:16:49 -04:00
free((void *)curproxy->table.peers.name);
curproxy->table.peers.p = NULL;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
cfgerr++;
}
MEDIUM: peers: add the ability to disable a peers section Sometimes it's very hard to disable the use of peers because an empty section is not valid, so it is necessary to comment out all references to the section, and not to forget to restore them in the same state after the operation. Let's add a "disabled" keyword just like for proxies. A ->state member in the peers struct is even present for this purpose but was never used at all. Maybe it would make sense to backport this to 1.5 as it's really cumbersome there.
2015-05-01 14:02:17 -04:00
else if (curpeers->state == PR_STSTOPPED) {
/* silently disable this peers section */
curproxy->table.peers.p = NULL;
}
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
else if (!curpeers->peers_fe) {
[BUG] peers: don't keep a peers section which has a NULL frontend If a peers section has no peer named as the local peer, we must destroy it, otherwise a NULL peer frontend remains in the lists and a segfault can happen upon a soft restart. We also now report the missing peer name in order to help troubleshooting.
2011-09-07 15:24:49 -04:00
Alert("Proxy '%s': unable to find local peer '%s' in peers section '%s'.\n",
curproxy->id, localpeer, curpeers->id);
BUG/MINOR: fix a segfault when parsing a config with undeclared peers Baptiste Assmann reported that a config where a non-existing peers section is referenced by a stick-table causes a segfault after displaying the error. This is caused by the freeing of the peers. Setting it to NULL after displaying the error fixes the issue.
2011-10-28 08:16:49 -04:00
curproxy->table.peers.p = NULL;
[MEDIUM] Manage peers section parsing and stick table registration on peers.
2010-09-23 12:39:19 -04:00
cfgerr++;
}
}
MEDIUM: Allow configuration of email alerts This currently does nothing beyond parsing the configuration and storing in the proxy as there is no implementation of email alerts. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:59 -05:00
if (curproxy->email_alert.mailers.name) {
struct mailers *curmailers = mailers;
for (curmailers = mailers; curmailers; curmailers = curmailers->next) {
if (strcmp(curmailers->id, curproxy->email_alert.mailers.name) == 0) {
free(curproxy->email_alert.mailers.name);
curproxy->email_alert.mailers.m = curmailers;
curmailers->users++;
break;
}
}
if (!curmailers) {
Alert("Proxy '%s': unable to find mailers '%s'.\n",
curproxy->id, curproxy->email_alert.mailers.name);
free_email_alert(curproxy);
cfgerr++;
}
}
[BUG] uri_auth: do not attemp to convert uri_auth -> http-request more than once Bug reported by Laurent Dolosor.
2010-02-22 14:27:23 -05:00
if (curproxy->uri_auth && !(curproxy->uri_auth->flags & ST_CONVDONE) &&
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
!LIST_ISEMPTY(&curproxy->uri_auth->http_req_rules) &&
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
(curproxy->uri_auth->userlist || curproxy->uri_auth->auth_realm )) {
Alert("%s '%s': stats 'auth'/'realm' and 'http-request' can't be used at the same time.\n",
"proxy", curproxy->id);
cfgerr++;
goto out_uri_auth_compat;
}
[BUG] uri_auth: do not attemp to convert uri_auth -> http-request more than once Bug reported by Laurent Dolosor.
2010-02-22 14:27:23 -05:00
if (curproxy->uri_auth && curproxy->uri_auth->userlist && !(curproxy->uri_auth->flags & ST_CONVDONE)) {
[MEDIUM] add support for anonymous ACLs Anonymous ACLs allow the declaration of rules which rely directly on ACL expressions without passing via the declaration of an ACL. Example : With named ACLs : acl site_dead nbsrv(dynamic) lt 2 acl site_dead nbsrv(static) lt 2 monitor fail if site_dead With anonymous ACLs : monitor fail if { nbsrv(dynamic) lt 2 } || { nbsrv(static) lt 2 }
2010-02-01 07:05:50 -05:00
const char *uri_auth_compat_req[10];
MEDIUM: actions: Merge (http|tcp)-(request|reponse) action structs This patch is the first of a serie which merge all the action structs. The function "tcp-request content", "tcp-response-content", "http-request" and "http-response" have the same values and the same process for some defined actions, but the struct and the prototype of the declared function are different. This patch try to unify all of these entries.
2015-08-04 13:35:46 -04:00
struct act_rule *rule;
[MEDIUM] add support for anonymous ACLs Anonymous ACLs allow the declaration of rules which rely directly on ACL expressions without passing via the declaration of an ACL. Example : With named ACLs : acl site_dead nbsrv(dynamic) lt 2 acl site_dead nbsrv(static) lt 2 monitor fail if site_dead With anonymous ACLs : monitor fail if { nbsrv(dynamic) lt 2 } || { nbsrv(static) lt 2 }
2010-02-01 07:05:50 -05:00
int i = 0;
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
[MEDIUM] add support for anonymous ACLs Anonymous ACLs allow the declaration of rules which rely directly on ACL expressions without passing via the declaration of an ACL. Example : With named ACLs : acl site_dead nbsrv(dynamic) lt 2 acl site_dead nbsrv(static) lt 2 monitor fail if site_dead With anonymous ACLs : monitor fail if { nbsrv(dynamic) lt 2 } || { nbsrv(static) lt 2 }
2010-02-01 07:05:50 -05:00
/* build the ACL condition from scratch. We're relying on anonymous ACLs for that */
uri_auth_compat_req[i++] = "auth";
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
if (curproxy->uri_auth->auth_realm) {
[MEDIUM] add support for anonymous ACLs Anonymous ACLs allow the declaration of rules which rely directly on ACL expressions without passing via the declaration of an ACL. Example : With named ACLs : acl site_dead nbsrv(dynamic) lt 2 acl site_dead nbsrv(static) lt 2 monitor fail if site_dead With anonymous ACLs : monitor fail if { nbsrv(dynamic) lt 2 } || { nbsrv(static) lt 2 }
2010-02-01 07:05:50 -05:00
uri_auth_compat_req[i++] = "realm";
uri_auth_compat_req[i++] = curproxy->uri_auth->auth_realm;
}
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
[MEDIUM] add support for anonymous ACLs Anonymous ACLs allow the declaration of rules which rely directly on ACL expressions without passing via the declaration of an ACL. Example : With named ACLs : acl site_dead nbsrv(dynamic) lt 2 acl site_dead nbsrv(static) lt 2 monitor fail if site_dead With anonymous ACLs : monitor fail if { nbsrv(dynamic) lt 2 } || { nbsrv(static) lt 2 }
2010-02-01 07:05:50 -05:00
uri_auth_compat_req[i++] = "unless";
uri_auth_compat_req[i++] = "{";
uri_auth_compat_req[i++] = "http_auth(.internal-stats-userlist)";
uri_auth_compat_req[i++] = "}";
uri_auth_compat_req[i++] = "";
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
rule = parse_http_req_cond(uri_auth_compat_req, "internal-stats-auth-compat", 0, curproxy);
if (!rule) {
[MEDIUM] add support for anonymous ACLs Anonymous ACLs allow the declaration of rules which rely directly on ACL expressions without passing via the declaration of an ACL. Example : With named ACLs : acl site_dead nbsrv(dynamic) lt 2 acl site_dead nbsrv(static) lt 2 monitor fail if site_dead With anonymous ACLs : monitor fail if { nbsrv(dynamic) lt 2 } || { nbsrv(static) lt 2 }
2010-02-01 07:05:50 -05:00
cfgerr++;
break;
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
}
[REORG] http: move the http-request rules to proto_http And also rename "req_acl_rule" "http_req_rule". At the beginning that was a bit confusing to me, especially the "req_acl" list which in fact holds what we call rules. After some digging, it appeared that some part of the code is 100% HTTP and not just related to authentication anymore, so let's move that part to HTTP and keep the auth-only code in auth.c.
2011-01-06 11:51:27 -05:00
LIST_ADDQ(&curproxy->uri_auth->http_req_rules, &rule->list);
[MEDIUM] add support for anonymous ACLs Anonymous ACLs allow the declaration of rules which rely directly on ACL expressions without passing via the declaration of an ACL. Example : With named ACLs : acl site_dead nbsrv(dynamic) lt 2 acl site_dead nbsrv(static) lt 2 monitor fail if site_dead With anonymous ACLs : monitor fail if { nbsrv(dynamic) lt 2 } || { nbsrv(static) lt 2 }
2010-02-01 07:05:50 -05:00
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
if (curproxy->uri_auth->auth_realm) {
free(curproxy->uri_auth->auth_realm);
curproxy->uri_auth->auth_realm = NULL;
}
[BUG] uri_auth: do not attemp to convert uri_auth -> http-request more than once Bug reported by Laurent Dolosor.
2010-02-22 14:27:23 -05:00
curproxy->uri_auth->flags |= ST_CONVDONE;
[MAJOR] use the new auth framework for http stats Support the new syntax (http-request allow/deny/auth) in http stats. Now it is possible to use the same syntax is the same like in the frontend/backend http-request access control: acl src_nagios src 192.168.66.66 acl stats_auth_ok http_auth(L1) stats http-request allow if src_nagios stats http-request allow if stats_auth_ok stats http-request auth realm LB The old syntax is still supported, but now it is emulated via private acls and an aditional userlist.
2010-01-29 13:29:32 -05:00
}
out_uri_auth_compat:
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
/* compile the log format */
if (!(curproxy->cap & PR_CAP_FE)) {
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (curproxy->conf.logformat_string != default_http_log_format &&
curproxy->conf.logformat_string != default_tcp_log_format &&
curproxy->conf.logformat_string != clf_http_log_format)
free(curproxy->conf.logformat_string);
curproxy->conf.logformat_string = NULL;
free(curproxy->conf.lfs_file);
curproxy->conf.lfs_file = NULL;
curproxy->conf.lfs_line = 0;
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
}
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (curproxy->conf.logformat_string) {
curproxy->conf.args.ctx = ARGC_LOG;
curproxy->conf.args.file = curproxy->conf.lfs_file;
curproxy->conf.args.line = curproxy->conf.lfs_line;
parse_logformat_string(curproxy->conf.logformat_string, curproxy, &curproxy->logformat, LOG_OPT_MANDATORY,
MINOR: configuration: File and line propagation This patch permits to communicate file and line of the configuration file at the configuration parser.
2014-02-11 08:00:19 -05:00
SMP_VAL_FE_LOG_END, curproxy->conf.lfs_file, curproxy->conf.lfs_line);
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
curproxy->conf.args.file = NULL;
curproxy->conf.args.line = 0;
}
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (curproxy->conf.uniqueid_format_string) {
curproxy->conf.args.ctx = ARGC_UIF;
curproxy->conf.args.file = curproxy->conf.uif_file;
curproxy->conf.args.line = curproxy->conf.uif_line;
BUG/MINOR: http: fix encoding of samples used in http headers The binary samples are sometimes copied as is into http headers. A sample can contain bytes unallowed by the http rfc concerning header content, for example if it was extracted from binary data. The resulting http request can thus be invalid. This issue does not yet happen because haproxy currently (mistakenly) hex-encodes binary data, so it is not really possible to retrieve invalid HTTP chars. The solution consists in hex-encoding all non-printable chars prefixed by a '%' sign. No backport is needed since existing code is not affected yet.
2014-03-13 11:46:18 -04:00
parse_logformat_string(curproxy->conf.uniqueid_format_string, curproxy, &curproxy->format_unique_id, LOG_OPT_HTTP,
BUG/MINOR: parse: refer curproxy instead of proxy Since during parsing stage, curproxy always represents a proxy to be operated, it should be a mistake by referring proxy. Signed-off-by: Godbach <nylzhaowei@gmail.com>
2014-12-18 02:44:58 -05:00
(curproxy->cap & PR_CAP_FE) ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
MINOR: configuration: File and line propagation This patch permits to communicate file and line of the configuration file at the configuration parser.
2014-02-11 08:00:19 -05:00
curproxy->conf.uif_file, curproxy->conf.uif_line);
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
curproxy->conf.args.file = NULL;
curproxy->conf.args.line = 0;
}
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
MAJOR: auth: Change the internal authentication system. This patch remove the limit of 32 groups. It also permit to use standard "pat_parse_str()" function in place of "pat_parse_strcat()". The "pat_parse_strcat()" is no longer used and its removed. Before this patch, the groups are stored in a bitfield, now they are stored in a list of strings. The matching is slower, but the number of groups is low and generally the list of allowed groups is short. The fetch function "smp_fetch_http_auth_grp()" used with the name "http_auth_group" return valid username. It can be used as string for displaying the username or with the acl "http_auth_group" for checking the group of the user. Maybe the names of the ACL and fetch methods are no longer suitable, but I keep the current names for conserving the compatibility with existing configurations. The function "userlist_postinit()" is created from verification code stored in the big function "check_config_validity()". The code is adapted to the new authentication storage system and it is moved in the "src/auth.c" file. This function is used to check the validity of the users declared in groups and to check the validity of groups declared on the "user" entries. This resolve function is executed before the check of all proxy because many acl needs solved users and groups.
2014-01-22 12:38:02 -05:00
/* only now we can check if some args remain unresolved.
* This must be done after the users and groups resolution.
*/
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
cfgerr += smp_resolve_args(curproxy);
if (!cfgerr)
cfgerr += acl_find_targets(curproxy);
[MINOR] acl: add http_auth and http_auth_group Add two acls to match http auth data: acl <name> http_auth(userlist) acl <name> http_auth_hroup(userlist) group1 group2 (...)
2010-01-29 13:26:18 -05:00
[MEDIUM] now upon startup, haproxy will warn about missing timeouts. Too many problem reports were caused by missing timeouts. While there has never been any default value since version 1.0, having no timeout is abnormal in networked environments, and will lead to various problems such as CLOSE_WAIT sockets accumulating and nasty things like this. For this reason, it's better to annoy the users until they fix their configs than letting them run buggy configurations.
2006-07-08 11:28:09 -04:00
if ((curproxy->mode == PR_MODE_TCP || curproxy->mode == PR_MODE_HTTP) &&
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
(((curproxy->cap & PR_CAP_FE) && !curproxy->timeout.client) ||
[MAJOR] replaced all timeouts with struct timeval The timeout functions were difficult to manipulate because they were rounding results to the millisecond. Thus, it was difficult to compare and to check what expired and what did not. Also, the comparison functions were heavy with multiplies and divides by 1000. Now, all timeouts are stored in timevals, reducing the number of operations for updates and leading to cleaner and more efficient code.
2007-05-12 16:35:00 -04:00
((curproxy->cap & PR_CAP_BE) && (curproxy->srv) &&
MEDIUM: session: add support for tunnel timeouts Tunnel timeouts are used when TCP connections are forwarded, or when forwarding upgraded HTTP connections (WebSocket) as well as CONNECT requests to proxies. This timeout allows long-lived sessions to be supported without having to set large timeouts to normal requests.
2012-05-12 06:50:00 -04:00
(!curproxy->timeout.connect ||
(!curproxy->timeout.server && (curproxy->mode == PR_MODE_HTTP || !curproxy->timeout.tunnel)))))) {
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
Warning("config : missing timeouts for %s '%s'.\n"
[MEDIUM] now upon startup, haproxy will warn about missing timeouts. Too many problem reports were caused by missing timeouts. While there has never been any default value since version 1.0, having no timeout is abnormal in networked environments, and will lead to various problems such as CLOSE_WAIT sockets accumulating and nasty things like this. For this reason, it's better to annoy the users until they fix their configs than letting them run buggy configurations.
2006-07-08 11:28:09 -04:00
" | While not properly invalid, you will certainly encounter various problems\n"
" | with such a configuration. To fix this, please ensure that all following\n"
[MINOR] fix configuration hint about timeouts Do not talk about "clitimeout", "contimeout" or "srvtimeout" anymore.
2008-01-20 17:25:06 -05:00
" | timeouts are set to a non-zero value: 'client', 'connect', 'server'.\n",
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
proxy_type_str(curproxy), curproxy->id);
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
err_code |= ERR_WARN;
[MEDIUM] now upon startup, haproxy will warn about missing timeouts. Too many problem reports were caused by missing timeouts. While there has never been any default value since version 1.0, having no timeout is abnormal in networked environments, and will lead to various problems such as CLOSE_WAIT sockets accumulating and nasty things like this. For this reason, it's better to annoy the users until they fix their configs than letting them run buggy configurations.
2006-07-08 11:28:09 -04:00
}
[MEDIUM] implement 'option ssl-hello-chk' to use CLIENT HELLO health checks. This makes it possible to relay SSL connections in pure TCP instances while ensuring the remote end really receives our data eventhough intermediate agents (firewalls, proxies, ...) might acknowledge the connection.
2006-07-09 10:42:34 -04:00
[MEDIUM] introduce separation between contimeout, and tarpit + queue Now the connect timeout, tarpit timeout and queue timeout are distinct. In order to retain compatibility with older versions, if either queue or tarpit is left unset both in the proxy and in the default proxy, then it is inherited from the connect timeout as before.
2007-12-02 18:36:16 -05:00
/* Historically, the tarpit and queue timeouts were inherited from contimeout.
* We must still support older configurations, so let's find out whether those
* parameters have been set or must be copied from contimeouts.
*/
if (curproxy != &defproxy) {
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
if (!curproxy->timeout.tarpit ||
curproxy->timeout.tarpit == defproxy.timeout.tarpit) {
[MEDIUM] introduce separation between contimeout, and tarpit + queue Now the connect timeout, tarpit timeout and queue timeout are distinct. In order to retain compatibility with older versions, if either queue or tarpit is left unset both in the proxy and in the default proxy, then it is inherited from the connect timeout as before.
2007-12-02 18:36:16 -05:00
/* tarpit timeout not set. We search in the following order:
* default.tarpit, curr.connect, default.connect.
*/
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
if (defproxy.timeout.tarpit)
[MEDIUM] introduce separation between contimeout, and tarpit + queue Now the connect timeout, tarpit timeout and queue timeout are distinct. In order to retain compatibility with older versions, if either queue or tarpit is left unset both in the proxy and in the default proxy, then it is inherited from the connect timeout as before.
2007-12-02 18:36:16 -05:00
curproxy->timeout.tarpit = defproxy.timeout.tarpit;
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
else if (curproxy->timeout.connect)
[CLEANUP] grouped all timeouts in one structure All known timeouts in a proxy have been grouped into a "timeout" sub-structure.
2007-12-02 19:38:36 -05:00
curproxy->timeout.tarpit = curproxy->timeout.connect;
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
else if (defproxy.timeout.connect)
[CLEANUP] grouped all timeouts in one structure All known timeouts in a proxy have been grouped into a "timeout" sub-structure.
2007-12-02 19:38:36 -05:00
curproxy->timeout.tarpit = defproxy.timeout.connect;
[MEDIUM] introduce separation between contimeout, and tarpit + queue Now the connect timeout, tarpit timeout and queue timeout are distinct. In order to retain compatibility with older versions, if either queue or tarpit is left unset both in the proxy and in the default proxy, then it is inherited from the connect timeout as before.
2007-12-02 18:36:16 -05:00
}
if ((curproxy->cap & PR_CAP_BE) &&
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
(!curproxy->timeout.queue ||
curproxy->timeout.queue == defproxy.timeout.queue)) {
[MEDIUM] introduce separation between contimeout, and tarpit + queue Now the connect timeout, tarpit timeout and queue timeout are distinct. In order to retain compatibility with older versions, if either queue or tarpit is left unset both in the proxy and in the default proxy, then it is inherited from the connect timeout as before.
2007-12-02 18:36:16 -05:00
/* queue timeout not set. We search in the following order:
* default.queue, curr.connect, default.connect.
*/
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
if (defproxy.timeout.queue)
[MEDIUM] introduce separation between contimeout, and tarpit + queue Now the connect timeout, tarpit timeout and queue timeout are distinct. In order to retain compatibility with older versions, if either queue or tarpit is left unset both in the proxy and in the default proxy, then it is inherited from the connect timeout as before.
2007-12-02 18:36:16 -05:00
curproxy->timeout.queue = defproxy.timeout.queue;
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
else if (curproxy->timeout.connect)
[CLEANUP] grouped all timeouts in one structure All known timeouts in a proxy have been grouped into a "timeout" sub-structure.
2007-12-02 19:38:36 -05:00
curproxy->timeout.queue = curproxy->timeout.connect;
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
else if (defproxy.timeout.connect)
[CLEANUP] grouped all timeouts in one structure All known timeouts in a proxy have been grouped into a "timeout" sub-structure.
2007-12-02 19:38:36 -05:00
curproxy->timeout.queue = defproxy.timeout.connect;
[MEDIUM] introduce separation between contimeout, and tarpit + queue Now the connect timeout, tarpit timeout and queue timeout are distinct. In order to retain compatibility with older versions, if either queue or tarpit is left unset both in the proxy and in the default proxy, then it is inherited from the connect timeout as before.
2007-12-02 18:36:16 -05:00
}
}
[MEDIUM] checks: group health checks methods by values and save option bits Adding health checks has become a real pain, with cross-references to all checks everywhere because they're all a single bit. Since they're all exclusive, let's change this to have a check number only. We reserve 4 bits allowing up to 16 checks (15+tcp), only 7 of which are currently used. The code has shrunk by almost 1kB and we saved a few option bits. The "dispatch" option has been moved to px->options, making a few tests a bit cleaner.
2011-08-06 11:05:02 -04:00
if ((curproxy->options2 & PR_O2_CHK_ANY) == PR_O2_SSL3_CHK) {
[MINOR] config: fix too large ssl-hello-check message. As reported by Cyril Bonté and Hervé Commowick, the ssl-hello-check should use sizeof()-1 and not sizeof() for the message length.
2010-02-01 10:38:17 -05:00
curproxy->check_len = sizeof(sslv3_client_hello_pkt) - 1;
curproxy->check_req = (char *)malloc(curproxy->check_len);
memcpy(curproxy->check_req, sslv3_client_hello_pkt, curproxy->check_len);
[MEDIUM] implement 'option ssl-hello-chk' to use CLIENT HELLO health checks. This makes it possible to relay SSL connections in pure TCP instances while ensuring the remote end really receives our data eventhough intermediate agents (firewalls, proxies, ...) might acknowledge the connection.
2006-07-09 10:42:34 -04:00
}
MINOR: config: warn when tcp-check rules are used without option tcp-check Since this case means that the rules will be ignored, better emit a warning.
2014-06-13 12:30:23 -04:00
if (!LIST_ISEMPTY(&curproxy->tcpcheck_rules) &&
(curproxy->options2 & PR_O2_CHK_ANY) != PR_O2_TCPCHK_CHK) {
Warning("config : %s '%s' uses tcp-check rules without 'option tcp-check', so the rules are ignored.\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
}
MINOR: http: allow the cookie capture size to be changed Some users need more than 64 characters to log large cookies. The limit was set to 63 characters (and not 64 as previously documented). Now it is possible to change this using the global "tune.http.cookielen" setting if required.
2012-11-21 18:17:38 -05:00
/* ensure that cookie capture length is not too large */
if (curproxy->capture_len >= global.tune.cookie_len) {
Warning("config : truncating capture length to %d bytes for %s '%s'.\n",
global.tune.cookie_len - 1, proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
curproxy->capture_len = global.tune.cookie_len - 1;
}
[MAJOR] last bunch of capture changes for mempool v2 The header captures had lots of pools. They have all been transformed.
2007-05-13 16:46:04 -04:00
/* The small pools required for the capture lists */
MINOR: config: disable header captures in TCP mode and complain In order to help users fix their configs, report a warning when a capture has been set on a non-HTTP frontend. This should be backported to 1.4.
2012-03-24 03:33:05 -04:00
if (curproxy->nb_req_cap) {
MINOR: logs: don't limit HTTP header captures to HTTP frontends Similar to previous patches, HTTP header captures are performed when a TCP frontend switches to an HTTP backend, but are not possible to report. So let's relax the check to explicitly allow them to be present in TCP frontends.
2014-06-13 06:23:06 -04:00
curproxy->req_cap_pool = create_pool("ptrcap",
curproxy->nb_req_cap * sizeof(char *),
MEM_F_SHARED);
MINOR: config: disable header captures in TCP mode and complain In order to help users fix their configs, report a warning when a capture has been set on a non-HTTP frontend. This should be backported to 1.4.
2012-03-24 03:33:05 -04:00
}
if (curproxy->nb_rsp_cap) {
MINOR: logs: don't limit HTTP header captures to HTTP frontends Similar to previous patches, HTTP header captures are performed when a TCP frontend switches to an HTTP backend, but are not possible to report. So let's relax the check to explicitly allow them to be present in TCP frontends.
2014-06-13 06:23:06 -04:00
curproxy->rsp_cap_pool = create_pool("ptrcap",
curproxy->nb_rsp_cap * sizeof(char *),
MEM_F_SHARED);
MINOR: config: disable header captures in TCP mode and complain In order to help users fix their configs, report a warning when a capture has been set on a non-HTTP frontend. This should be backported to 1.4.
2012-03-24 03:33:05 -04:00
}
[MAJOR] last bunch of capture changes for mempool v2 The header captures had lots of pools. They have all been transformed.
2007-05-13 16:46:04 -04:00
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/* first, we will invert the servers list order */
newsrv = NULL;
while (curproxy->srv) {
struct server *next;
next = curproxy->srv->next;
curproxy->srv->next = newsrv;
newsrv = curproxy->srv;
if (!next)
break;
curproxy->srv = next;
}
MEDIUM: config: report a warning when multiple servers have the same name A config where multiple servers have the same name in the same backend is prone to a number of issues : logs are not really exploitable, stats get really tricky and even harder to change, etc... In fact, it can be safe to have the same name between multiple servers only when their respective IDs are known and used. So now we detect this situation and emit a warning for the first conflict detected per server if any of the servers uses an automatic ID.
2014-01-03 06:14:34 -05:00
/* Check that no server name conflicts. This causes trouble in the stats.
* We only emit a warning for the first conflict affecting each server,
* in order to avoid combinatory explosion if all servers have the same
* name. We do that only for servers which do not have an explicit ID,
* because these IDs were made also for distinguishing them and we don't
* want to annoy people who correctly manage them.
*/
for (newsrv = curproxy->srv; newsrv; newsrv = newsrv->next) {
struct server *other_srv;
if (newsrv->puid)
continue;
for (other_srv = curproxy->srv; other_srv && other_srv != newsrv; other_srv = other_srv->next) {
if (!other_srv->puid && strcmp(other_srv->id, newsrv->id) == 0) {
Warning("parsing [%s:%d] : %s '%s', another server named '%s' was defined without an explicit ID at line %d, this is not recommended.\n",
newsrv->conf.file, newsrv->conf.line,
proxy_type_str(curproxy), curproxy->id,
newsrv->id, other_srv->conf.line);
break;
}
}
}
[BUG] consistent hash: balance on all servers, not only 2 ! It was once reported at least by Dirk Taggesell that the consistent hash had a very poor distribution, making use of only two servers. Jeff Persch analysed the code and found the root cause. Consistent hash makes use of the server IDs, which are completed after the chash array initialization. This implies that each server which does not have an explicit "id" parameter will be merged at the same place in the chash tree and that in the end, only the first or last servers may be used. The now obvious fix (thanks to Jeff) is to assign the missing IDs earlier. However, it should be clearly understood that changing a hash algorithm on live systems will rebalance the whole system. Anyway, the only affected users will be the ones for which the system is quite unbalanced already. The ones who fix their IDs are not affected at all. Kudos to Jeff for spotting that bug which got merged 3 days after the consistent hashing !
2010-05-25 17:03:02 -04:00
/* assign automatic UIDs to servers which don't have one yet */
next_id = 1;
newsrv = curproxy->srv;
while (newsrv != NULL) {
if (!newsrv->puid) {
/* server ID not set, use automatic numbering with first
* spare entry starting with next_svid.
*/
next_id = get_next_id(&curproxy->conf.used_server_id, next_id);
newsrv->conf.id.key = newsrv->puid = next_id;
eb32_insert(&curproxy->conf.used_server_id, &newsrv->conf.id);
}
next_id++;
newsrv = newsrv->next;
}
[MEDIUM] differentiate between generic LB params and map-specific ones Since the introduction of server weights, all load balancing algorithms relied on a pre-computed map. Incidently, quite a bunch of map-specific parameters were used at random places in order to get the number of servers or their total weight. It was not architecturally acceptable that optimizations for the map computation had impact on external parts. For instance, during this cleanup it was found that a backend weight was seen as 1 when only the first backup server is used, whatever its weight. This cleanup consists in differentiating between LB-generic parameters, such as total weights, number of servers, etc... and map-specific ones. The struct proxy has been enhanced in order to make it easier to later support other algorithms. The recount_servers() function now also updates generic values such as total weights so that it's not needed anymore to call recalc_server_map() when weights are needed. This permitted to simplify some code which does not need to know about map internals anymore.
2007-11-15 17:26:18 -05:00
curproxy->lbprm.wmult = 1; /* default weight multiplier */
[MINOR] add a weight divisor to the struct proxy Under some circumstances, it will be useful to be able to have a server's effective weight bigger than the user weight, and this is particularly true for dynamic weight-based algorithms. In order to support this, we add a "wdiv" member to the lbprm structure which will always be used to divide the weights before reporting them.
2007-11-19 13:10:18 -05:00
curproxy->lbprm.wdiv = 1; /* default weight divider */
[MEDIUM] differentiate between generic LB params and map-specific ones Since the introduction of server weights, all load balancing algorithms relied on a pre-computed map. Incidently, quite a bunch of map-specific parameters were used at random places in order to get the number of servers or their total weight. It was not architecturally acceptable that optimizations for the map computation had impact on external parts. For instance, during this cleanup it was found that a backend weight was seen as 1 when only the first backup server is used, whatever its weight. This cleanup consists in differentiating between LB-generic parameters, such as total weights, number of servers, etc... and map-specific ones. The struct proxy has been enhanced in order to make it easier to later support other algorithms. The recount_servers() function now also updates generic values such as total weights so that it's not needed anymore to call recalc_server_map() when weights are needed. This permitted to simplify some code which does not need to know about map internals anymore.
2007-11-15 17:26:18 -05:00
BUG/MEDIUM: correctly disable servers tracking another disabled servers. In a config where server "s1" is marked disabled and "s2" tracks "s1", s2 appears disabled on the stats but is still inserted into the LB farm because the tracking is resolved too late in the configuration process. We now resolve tracked servers before building LB maps and we also mark the tracking server in maintenance mode, which previously was not done, causing half of the issue. Last point is that we also protect srv_is_usable() against electing a server marked for maintenance. This is not absolutely needed but is a safe choice and makes a lot of sense. This fix must be backported to 1.4.
2012-01-20 07:12:32 -05:00
/*
* If this server supports a maxconn parameter, it needs a dedicated
* tasks to fill the emptied slots when a connection leaves.
* Also, resolve deferred tracking dependency if needed.
*/
newsrv = curproxy->srv;
while (newsrv != NULL) {
if (newsrv->minconn > newsrv->maxconn) {
/* Only 'minconn' was specified, or it was higher than or equal
* to 'maxconn'. Let's turn this into maxconn and clean it, as
* this will avoid further useless expensive computations.
*/
newsrv->maxconn = newsrv->minconn;
} else if (newsrv->maxconn && !newsrv->minconn) {
/* minconn was not specified, so we set it to maxconn */
newsrv->minconn = newsrv->maxconn;
}
MEDIUM: config: add support for the 'ssl' option on 'server' lines This option currently takes no option and simply turns SSL on for all connections going to the server. It is likely that more options will be needed in the future.
2012-05-18 10:02:00 -04:00
#ifdef USE_OPENSSL
MINOR: ssl: move ssl context init for servers from cfgparse.c to ssl_sock.c
2012-10-11 08:00:19 -04:00
if (newsrv->use_ssl || newsrv->check.use_ssl)
cfgerr += ssl_sock_prepare_srv_ctx(newsrv, curproxy);
MEDIUM: config: add support for the 'ssl' option on 'server' lines This option currently takes no option and simply turns SSL on for all connections going to the server. It is likely that more options will be needed in the future.
2012-05-18 10:02:00 -04:00
#endif /* USE_OPENSSL */
MINOR: ssl: move ssl context init for servers from cfgparse.c to ssl_sock.c
2012-10-11 08:00:19 -04:00
BUG/MEDIUM: checks: fix health check regression causing them to depend on declaration order Since commit 4a74143 (MEDIUM: Paramatise functions over the check of a server), the check type is inherited from the current proxy's check type at the moment where the server is declared instead of when reviewing server configs. This causes an issue where a health check is disabled when the server is declared before the checks. In fact the server will inherit the last known check type declared before the "server" line : backend foo # this server is not checked at all server s1 1.1.1.1:80 check option tcpchk # this server is tcp-checked : server s2 1.1.1.2:80 check option httpchk # this server is http-checked : server s3 1.1.1.3:80 check The fix consists in assigning the check type during the config review phase where the config is stable. No backport is nedeed.
2013-12-03 05:11:34 -05:00
/* set the check type on the server */
newsrv->check.type = curproxy->options2 & PR_O2_CHK_ANY;
BUG/MEDIUM: correctly disable servers tracking another disabled servers. In a config where server "s1" is marked disabled and "s2" tracks "s1", s2 appears disabled on the stats but is still inserted into the LB farm because the tracking is resolved too late in the configuration process. We now resolve tracked servers before building LB maps and we also mark the tracking server in maintenance mode, which previously was not done, causing half of the issue. Last point is that we also protect srv_is_usable() against electing a server marked for maintenance. This is not absolutely needed but is a safe choice and makes a lot of sense. This fix must be backported to 1.4.
2012-01-20 07:12:32 -05:00
if (newsrv->trackit) {
struct proxy *px;
MEDIUM: server: allow multi-level server tracking Now that it is possible to know whether a server is in forced maintenance or inherits its maintenance status from another one, it is possible to allow server tracking at more than one level. We still provide a loop detection however. Note that for the stats it's a bit trickier since we have to report the check state which corresponds to the state of the server at the end of the chain.
2014-05-16 07:52:00 -04:00
struct server *srv, *loop;
BUG/MEDIUM: correctly disable servers tracking another disabled servers. In a config where server "s1" is marked disabled and "s2" tracks "s1", s2 appears disabled on the stats but is still inserted into the LB farm because the tracking is resolved too late in the configuration process. We now resolve tracked servers before building LB maps and we also mark the tracking server in maintenance mode, which previously was not done, causing half of the issue. Last point is that we also protect srv_is_usable() against electing a server marked for maintenance. This is not absolutely needed but is a safe choice and makes a lot of sense. This fix must be backported to 1.4.
2012-01-20 07:12:32 -05:00
char *pname, *sname;
pname = newsrv->trackit;
sname = strrchr(pname, '/');
if (sname)
*sname++ = '\0';
else {
sname = pname;
pname = NULL;
}
if (pname) {
CLEANUP: proxy: make the proxy lookup functions more user-friendly First, findproxy() was renamed proxy_find_by_name() so that its explicit that a name is required for the lookup. Second, we give this function the ability to search for tables if needed. Third we now provide inline wrappers to pass the appropriate PR_CAP_* flags and to explicitly look up a frontend, backend or table.
2015-05-26 05:24:42 -04:00
px = proxy_be_by_name(pname);
BUG/MEDIUM: correctly disable servers tracking another disabled servers. In a config where server "s1" is marked disabled and "s2" tracks "s1", s2 appears disabled on the stats but is still inserted into the LB farm because the tracking is resolved too late in the configuration process. We now resolve tracked servers before building LB maps and we also mark the tracking server in maintenance mode, which previously was not done, causing half of the issue. Last point is that we also protect srv_is_usable() against electing a server marked for maintenance. This is not absolutely needed but is a safe choice and makes a lot of sense. This fix must be backported to 1.4.
2012-01-20 07:12:32 -05:00
if (!px) {
Alert("config : %s '%s', server '%s': unable to find required proxy '%s' for tracking.\n",
proxy_type_str(curproxy), curproxy->id,
newsrv->id, pname);
cfgerr++;
goto next_srv;
}
} else
px = curproxy;
srv = findserver(px, sname);
if (!srv) {
Alert("config : %s '%s', server '%s': unable to find required server '%s' for tracking.\n",
proxy_type_str(curproxy), curproxy->id,
newsrv->id, sname);
cfgerr++;
goto next_srv;
}
MEDIUM: server: allow multi-level server tracking Now that it is possible to know whether a server is in forced maintenance or inherits its maintenance status from another one, it is possible to allow server tracking at more than one level. We still provide a loop detection however. Note that for the stats it's a bit trickier since we have to report the check state which corresponds to the state of the server at the end of the chain.
2014-05-16 07:52:00 -04:00
if (!(srv->check.state & CHK_ST_CONFIGURED) &&
!(srv->agent.state & CHK_ST_CONFIGURED) &&
!srv->track && !srv->trackit) {
BUG/MEDIUM: correctly disable servers tracking another disabled servers. In a config where server "s1" is marked disabled and "s2" tracks "s1", s2 appears disabled on the stats but is still inserted into the LB farm because the tracking is resolved too late in the configuration process. We now resolve tracked servers before building LB maps and we also mark the tracking server in maintenance mode, which previously was not done, causing half of the issue. Last point is that we also protect srv_is_usable() against electing a server marked for maintenance. This is not absolutely needed but is a safe choice and makes a lot of sense. This fix must be backported to 1.4.
2012-01-20 07:12:32 -05:00
Alert("config : %s '%s', server '%s': unable to use %s/%s for "
MEDIUM: server: allow multi-level server tracking Now that it is possible to know whether a server is in forced maintenance or inherits its maintenance status from another one, it is possible to allow server tracking at more than one level. We still provide a loop detection however. Note that for the stats it's a bit trickier since we have to report the check state which corresponds to the state of the server at the end of the chain.
2014-05-16 07:52:00 -04:00
"tracking as it does not have any check nor agent enabled.\n",
proxy_type_str(curproxy), curproxy->id,
newsrv->id, px->id, srv->id);
cfgerr++;
goto next_srv;
}
for (loop = srv->track; loop && loop != newsrv; loop = loop->track);
if (loop) {
Alert("config : %s '%s', server '%s': unable to track %s/%s as it "
"belongs to a tracking chain looping back to %s/%s.\n",
proxy_type_str(curproxy), curproxy->id,
newsrv->id, px->id, srv->id, px->id, loop->id);
BUG/MEDIUM: correctly disable servers tracking another disabled servers. In a config where server "s1" is marked disabled and "s2" tracks "s1", s2 appears disabled on the stats but is still inserted into the LB farm because the tracking is resolved too late in the configuration process. We now resolve tracked servers before building LB maps and we also mark the tracking server in maintenance mode, which previously was not done, causing half of the issue. Last point is that we also protect srv_is_usable() against electing a server marked for maintenance. This is not absolutely needed but is a safe choice and makes a lot of sense. This fix must be backported to 1.4.
2012-01-20 07:12:32 -05:00
cfgerr++;
goto next_srv;
}
if (curproxy != px &&
(curproxy->options & PR_O_DISABLE404) != (px->options & PR_O_DISABLE404)) {
Alert("config : %s '%s', server '%s': unable to use %s/%s for"
"tracking: disable-on-404 option inconsistency.\n",
proxy_type_str(curproxy), curproxy->id,
newsrv->id, px->id, srv->id);
cfgerr++;
goto next_srv;
}
/* if the other server is forced disabled, we have to do the same here */
REORG/MEDIUM: server: move the maintenance bits out of the server state Now we introduce srv->admin and srv->prev_admin which are bitfields containing one bit per source of administrative status (maintenance only for now). For the sake of backwards compatibility we implement a single source (ADMF_FMAINT) but the code already checks any source (ADMF_MAINT) where the STF_MAINTAIN bit was previously checked. This will later allow us to add ADMF_IMAINT for maintenance mode inherited from tracked servers. Along doing these changes, it appeared that some places will need to be revisited when implementing the inherited bit, this concerns all those modifying the ADMF_FMAINT bit (enable/disable actions on the CLI or stats page), and the checks to report "via" on the stats page. But currently the code is harmless.
2014-05-13 13:44:56 -04:00
if (srv->admin & SRV_ADMF_MAINT) {
MEDIUM: server: properly support and propagate the maintenance status This change now involves a new flag SRV_ADMF_IMAINT to note that the maintenance status of a server is inherited from another server. Thus, we know at each server level in the chain if it's running, in forced maintenance or in a maintenance status because it tracks another server, or even in both states. Disabling a server propagates this flag down to other servers. Enabling a server flushes the flag down. A server becomes up again once both of its flags are cleared. Two new functions "srv_adm_set_maint()" and "srv_adm_set_ready()" are used to manipulate this maintenance status. They're used by the CLI and the stats page. Now the stats page always says "MAINT" instead of "MAINT(via)" and it's only the chk/down field which reports "via x/y" when the status is inherited from another server, but it doesn't say it when a server was forced into maintenance. The CSV output indicates "MAINT (via x/y)" instead of only "MAINT(via)". This is the most accurate representation. One important thing is that now entering/leaving maintenance for a tracking server correctly follows the state of the tracked server.
2014-05-16 05:25:16 -04:00
newsrv->admin |= SRV_ADMF_IMAINT;
MAJOR: server: use states instead of flags to store the server state Servers used to have 3 flags to store a state, now they have 4 states instead. This avoids lots of confusion for the 4 remaining undefined states. The encoding from the previous to the new states can be represented this way : SRV_STF_RUNNING | SRV_STF_GOINGDOWN | | SRV_STF_WARMINGUP | | | 0 x x SRV_ST_STOPPED 1 0 0 SRV_ST_RUNNING 1 0 1 SRV_ST_STARTING 1 1 x SRV_ST_STOPPING Note that the case where all bits were set used to exist and was randomly dealt with. For example, the task was not stopped, the throttle value was still updated and reported in the stats and in the http_server_state header. It was the same if the server was stopped by the agent or for maintenance. It's worth noting that the internal function names are still quite confusing.
2014-05-13 17:41:20 -04:00
newsrv->state = SRV_ST_STOPPED;
MEDIUM: Move health element to struct check This is in preparation for associating a agent check with a server which runs as well as the server's existing check. Signed-off-by: Simon Horman <horms@verge.net.au>
2013-02-24 03:23:38 -05:00
newsrv->check.health = 0;
BUG/MEDIUM: correctly disable servers tracking another disabled servers. In a config where server "s1" is marked disabled and "s2" tracks "s1", s2 appears disabled on the stats but is still inserted into the LB farm because the tracking is resolved too late in the configuration process. We now resolve tracked servers before building LB maps and we also mark the tracking server in maintenance mode, which previously was not done, causing half of the issue. Last point is that we also protect srv_is_usable() against electing a server marked for maintenance. This is not absolutely needed but is a safe choice and makes a lot of sense. This fix must be backported to 1.4.
2012-01-20 07:12:32 -05:00
}
newsrv->track = srv;
MINOR: checks: improve handling of the servers tracking chain Server tracking uses the same "tracknext" list for servers tracking another one and for the servers being tracked. This caused an issue which was fixed by commit f39c71c ([CRITICAL] fix server state tracking: it was O(n!) instead of O(n)), consisting in ensuring that a server is being checked before walking down the list, so that we don't propagate the up/down information via servers being part of the track chain. But the root cause is the fact that all servers share the same list. The correct solution consists in having a list head for the tracked servers and a list of next tracking servers. This simplifies the propagation logic, especially for the case where status changes might be passed to individual servers via the CLI.
2013-12-11 09:27:05 -05:00
newsrv->tracknext = srv->trackers;
srv->trackers = newsrv;
BUG/MEDIUM: correctly disable servers tracking another disabled servers. In a config where server "s1" is marked disabled and "s2" tracks "s1", s2 appears disabled on the stats but is still inserted into the LB farm because the tracking is resolved too late in the configuration process. We now resolve tracked servers before building LB maps and we also mark the tracking server in maintenance mode, which previously was not done, causing half of the issue. Last point is that we also protect srv_is_usable() against electing a server marked for maintenance. This is not absolutely needed but is a safe choice and makes a lot of sense. This fix must be backported to 1.4.
2012-01-20 07:12:32 -05:00
free(newsrv->trackit);
newsrv->trackit = NULL;
}
MAJOR: server: add DNS-based server name resolution Relies on the DNS protocol freshly implemented in HAProxy. It performs a server IP addr resolution based on a server hostname.
2015-04-13 19:15:08 -04:00
/*
* resolve server's resolvers name and update the resolvers pointer
* accordingly
*/
if (newsrv->resolvers_id) {
struct dns_resolvers *curr_resolvers;
int found;
found = 0;
list_for_each_entry(curr_resolvers, &dns_resolvers, list) {
if (!strcmp(curr_resolvers->id, newsrv->resolvers_id)) {
found = 1;
break;
}
}
if (!found) {
Alert("config : %s '%s', server '%s': unable to find required resolvers '%s'\n",
proxy_type_str(curproxy), curproxy->id,
newsrv->id, newsrv->resolvers_id);
cfgerr++;
} else {
free(newsrv->resolvers_id);
newsrv->resolvers_id = NULL;
if (newsrv->resolution)
newsrv->resolution->resolvers = curr_resolvers;
}
}
else {
/* if no resolvers section associated to this server
* we can clean up the associated resolution structure
*/
if (newsrv->resolution) {
free(newsrv->resolution->hostname_dn);
newsrv->resolution->hostname_dn = NULL;
free(newsrv->resolution);
newsrv->resolution = NULL;
}
}
BUG/MEDIUM: correctly disable servers tracking another disabled servers. In a config where server "s1" is marked disabled and "s2" tracks "s1", s2 appears disabled on the stats but is still inserted into the LB farm because the tracking is resolved too late in the configuration process. We now resolve tracked servers before building LB maps and we also mark the tracking server in maintenance mode, which previously was not done, causing half of the issue. Last point is that we also protect srv_is_usable() against electing a server marked for maintenance. This is not absolutely needed but is a safe choice and makes a lot of sense. This fix must be backported to 1.4.
2012-01-20 07:12:32 -05:00
next_srv:
newsrv = newsrv->next;
}
[MINOR] backend: separate declarations of LB algos from their lookup method LB algo macros were composed of the LB algo by itself without any indication of the method to use to look up a server (the lb function itself). This method was implied by the LB algo, which was not very convenient to add more algorithms. Now we have several fields in the LB macros, some to describe what to look for in the requests, some to describe how to transform that (kind of algo) and some to describe what lookup function to use. The next patch will make it possible to factor out some code for all algos which rely on a map.
2009-10-03 06:21:20 -04:00
/* We have to initialize the server lookup mechanism depending
* on what LB algorithm was choosen.
*/
curproxy->lbprm.algo &= ~(BE_LB_LKUP | BE_LB_PROP_DYN);
switch (curproxy->lbprm.algo & BE_LB_KIND) {
case BE_LB_KIND_RR:
[MEDIUM] backend: introduce the "static-rr" LB algorithm The "static-rr" is just the old round-robin algorithm. It is still in use when a hash algorithm is used and the data to hash is not present, but it was impossible to configure it explicitly. This one is cheaper in terms of CPU and supports unlimited numbers of servers, so it makes sense to be able to use it.
2009-10-03 06:56:50 -04:00
if ((curproxy->lbprm.algo & BE_LB_PARM) == BE_LB_RR_STATIC) {
curproxy->lbprm.algo |= BE_LB_LKUP_MAP;
init_server_map(curproxy);
} else {
curproxy->lbprm.algo |= BE_LB_LKUP_RRTREE | BE_LB_PROP_DYN;
fwrr_init_server_groups(curproxy);
}
[MINOR] backend: separate declarations of LB algos from their lookup method LB algo macros were composed of the LB algo by itself without any indication of the method to use to look up a server (the lb function itself). This method was implied by the LB algo, which was not very convenient to add more algorithms. Now we have several fields in the LB macros, some to describe what to look for in the requests, some to describe how to transform that (kind of algo) and some to describe what lookup function to use. The next patch will make it possible to factor out some code for all algos which rely on a map.
2009-10-03 06:21:20 -04:00
break;
[MEDIUM] backend: implement consistent hashing variation Consistent hashing provides some interesting advantages over common hashing. It avoids full redistribution in case of a server failure, or when expanding the farm. This has a cost however, the hashing is far from being perfect, as we associate a server to a request by searching the server with the closest key in a tree. Since servers appear multiple times based on their weights, it is recommended to use weights larger than approximately 10-20 in order to smoothen the distribution a bit. In some cases, playing with weights will be the only solution to make a server appear more often and increase chances of being picked, so stats are very important with consistent hashing. In order to indicate the type of hashing, use : hash-type map-based (default, old one) hash-type consistent (new one) Consistent hashing can make sense in a cache farm, in order not to redistribute everyone when a cache changes state. It could also probably be used for long sessions such as terminal sessions, though that has not be attempted yet. More details on this method of hashing here : http://www.spiteful.com/2008/03/17/programmers-toolbox-part-3-consistent-hashing/
2009-10-01 01:52:15 -04:00
MINOR: backend: rework the LC definition to support other connection-based algos The leastconn algorithm should be of kind "connection-based", not "leastconn" if we want to later support other connection-based LB algos.
2012-02-13 10:57:44 -05:00
case BE_LB_KIND_CB:
MEDIUM: backend: add the 'first' balancing algorithm The principle behind this load balancing algorithm was first imagined and modeled by Steen Larsen then iteratively refined through several work sessions until it would totally address its original goal. The purpose of this algorithm is to always use the smallest number of servers so that extra servers can be powered off during non-intensive hours. Additional tools may be used to do that work, possibly by locally monitoring the servers' activity. The first server with available connection slots receives the connection. The servers are choosen from the lowest numeric identifier to the highest (see server parameter "id"), which defaults to the server's position in the farm. Once a server reaches its maxconn value, the next server is used. It does not make sense to use this algorithm without setting maxconn. Note that it can however make sense to use minconn so that servers are not used at full load before starting new servers, and so that introduction of new servers requires a progressively increasing load (the number of servers would more or less follow the square root of the load until maxconn is reached). This algorithm ignores the server weight, and is more beneficial to long sessions such as RDP or IMAP than HTTP, though it can be useful there too.
2012-02-13 11:12:08 -05:00
if ((curproxy->lbprm.algo & BE_LB_PARM) == BE_LB_CB_LC) {
curproxy->lbprm.algo |= BE_LB_LKUP_LCTREE | BE_LB_PROP_DYN;
fwlc_init_server_tree(curproxy);
} else {
curproxy->lbprm.algo |= BE_LB_LKUP_FSTREE | BE_LB_PROP_DYN;
fas_init_server_tree(curproxy);
}
[MINOR] backend: separate declarations of LB algos from their lookup method LB algo macros were composed of the LB algo by itself without any indication of the method to use to look up a server (the lb function itself). This method was implied by the LB algo, which was not very convenient to add more algorithms. Now we have several fields in the LB macros, some to describe what to look for in the requests, some to describe how to transform that (kind of algo) and some to describe what lookup function to use. The next patch will make it possible to factor out some code for all algos which rely on a map.
2009-10-03 06:21:20 -04:00
break;
[MEDIUM] backend: implement consistent hashing variation Consistent hashing provides some interesting advantages over common hashing. It avoids full redistribution in case of a server failure, or when expanding the farm. This has a cost however, the hashing is far from being perfect, as we associate a server to a request by searching the server with the closest key in a tree. Since servers appear multiple times based on their weights, it is recommended to use weights larger than approximately 10-20 in order to smoothen the distribution a bit. In some cases, playing with weights will be the only solution to make a server appear more often and increase chances of being picked, so stats are very important with consistent hashing. In order to indicate the type of hashing, use : hash-type map-based (default, old one) hash-type consistent (new one) Consistent hashing can make sense in a cache farm, in order not to redistribute everyone when a cache changes state. It could also probably be used for long sessions such as terminal sessions, though that has not be attempted yet. More details on this method of hashing here : http://www.spiteful.com/2008/03/17/programmers-toolbox-part-3-consistent-hashing/
2009-10-01 01:52:15 -04:00
[MINOR] backend: separate declarations of LB algos from their lookup method LB algo macros were composed of the LB algo by itself without any indication of the method to use to look up a server (the lb function itself). This method was implied by the LB algo, which was not very convenient to add more algorithms. Now we have several fields in the LB macros, some to describe what to look for in the requests, some to describe how to transform that (kind of algo) and some to describe what lookup function to use. The next patch will make it possible to factor out some code for all algos which rely on a map.
2009-10-03 06:21:20 -04:00
case BE_LB_KIND_HI:
[MEDIUM] backend: implement consistent hashing variation Consistent hashing provides some interesting advantages over common hashing. It avoids full redistribution in case of a server failure, or when expanding the farm. This has a cost however, the hashing is far from being perfect, as we associate a server to a request by searching the server with the closest key in a tree. Since servers appear multiple times based on their weights, it is recommended to use weights larger than approximately 10-20 in order to smoothen the distribution a bit. In some cases, playing with weights will be the only solution to make a server appear more often and increase chances of being picked, so stats are very important with consistent hashing. In order to indicate the type of hashing, use : hash-type map-based (default, old one) hash-type consistent (new one) Consistent hashing can make sense in a cache farm, in order not to redistribute everyone when a cache changes state. It could also probably be used for long sessions such as terminal sessions, though that has not be attempted yet. More details on this method of hashing here : http://www.spiteful.com/2008/03/17/programmers-toolbox-part-3-consistent-hashing/
2009-10-01 01:52:15 -04:00
if ((curproxy->lbprm.algo & BE_LB_HASH_TYPE) == BE_LB_HASH_CONS) {
curproxy->lbprm.algo |= BE_LB_LKUP_CHTREE | BE_LB_PROP_DYN;
chash_init_server_tree(curproxy);
} else {
curproxy->lbprm.algo |= BE_LB_LKUP_MAP;
init_server_map(curproxy);
}
[MINOR] backend: separate declarations of LB algos from their lookup method LB algo macros were composed of the LB algo by itself without any indication of the method to use to look up a server (the lb function itself). This method was implied by the LB algo, which was not very convenient to add more algorithms. Now we have several fields in the LB macros, some to describe what to look for in the requests, some to describe how to transform that (kind of algo) and some to describe what lookup function to use. The next patch will make it possible to factor out some code for all algos which rely on a map.
2009-10-03 06:21:20 -04:00
break;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
if (curproxy->options & PR_O_LOGASAP)
curproxy->to_log &= ~LW_BYTES;
[BUG] log: option tcplog would log to global if no logger was defined Romuald du Song reported a strange bug causing "option tcplog" to unexpectedly use global log parameters if no log server was declared. Eventhough it can be useful in some circumstances, it only hides configuration bugs and can even cause traffic logs to be sent to the wrong logger, since global settings are just for the process. This has been fixed and a warning has been added for configurations where tcplog or httplog are set without any logger. This fix must be backported to 1.3.20, but not to 1.3.15.X in order not to risk any regression on old configurations.
2009-08-09 04:11:45 -04:00
if ((curproxy->mode == PR_MODE_TCP || curproxy->mode == PR_MODE_HTTP) &&
BUG/MINOR: log: make log-format, unique-id-format and add-header more independant It happens that all of them call parse_logformat_line() which sets proxy->to_log with a number of flags affecting the line format for all three users. For example, having a unique-id specified disables the default log-format since fe->to_log is tested when the session is established. Similarly, having "option logasap" will cause "+" to be inserted in unique-id or headers referencing some of the fields depending on LW_BYTES. This patch first removes most of the dependency on fe->to_log whenever possible. The first possible cleanup is to stop checking fe->to_log for being null, considering that it always contains at least LW_INIT when any such usage is made of the log-format! Also, some checks are wrong. s->logs.logwait cannot be nulled by "logwait &= ~LW_*" since LW_INIT is always there. This results in getting the wrong log at the end of a request or session when a unique-id or add-header is set, because logwait is still not null but the log-format is not checked. Further cleanups are required. Most LW_* flags should be removed or at least replaced with what they really mean (eg: depend on client-side connection, depend on server-side connection, etc...) and this should only affect logging, not other mechanisms. This patch fixes the default log-format and tries to limit interferences between the log formats, but does not pretend to do more for the moment, since it's the most visible breakage.
2012-12-28 03:40:16 -05:00
(curproxy->cap & PR_CAP_FE) && !LIST_ISEMPTY(&curproxy->logformat) && LIST_ISEMPTY(&curproxy->logsrvs)) {
[BUG] log: option tcplog would log to global if no logger was defined Romuald du Song reported a strange bug causing "option tcplog" to unexpectedly use global log parameters if no log server was declared. Eventhough it can be useful in some circumstances, it only hides configuration bugs and can even cause traffic logs to be sent to the wrong logger, since global settings are just for the process. This has been fixed and a warning has been added for configurations where tcplog or httplog are set without any logger. This fix must be backported to 1.3.20, but not to 1.3.15.X in order not to risk any regression on old configurations.
2009-08-09 04:11:45 -04:00
Warning("config : log format ignored for %s '%s' since it has no log address.\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
}
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
if (curproxy->mode != PR_MODE_HTTP) {
int optnum;
if (curproxy->uri_auth) {
Warning("config : 'stats' statement ignored for %s '%s' as it requires HTTP mode.\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
curproxy->uri_auth = NULL;
}
[MEDIUM] http: make x-forwarded-for addition conditional If "option forwardfor" has the "if-none" argument, then the header is only added when the request did not already have one. This option has security implications, and should not be set blindly.
2011-08-19 16:57:24 -04:00
if (curproxy->options & (PR_O_FWDFOR | PR_O_FF_ALWAYS)) {
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
Warning("config : 'option %s' ignored for %s '%s' as it requires HTTP mode.\n",
"forwardfor", proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
[MEDIUM] http: make x-forwarded-for addition conditional If "option forwardfor" has the "if-none" argument, then the header is only added when the request did not already have one. This option has security implications, and should not be set blindly.
2011-08-19 16:57:24 -04:00
curproxy->options &= ~(PR_O_FWDFOR | PR_O_FF_ALWAYS);
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
}
if (curproxy->options & PR_O_ORGTO) {
Warning("config : 'option %s' ignored for %s '%s' as it requires HTTP mode.\n",
"originalto", proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
curproxy->options &= ~PR_O_ORGTO;
}
for (optnum = 0; cfg_opts[optnum].name; optnum++) {
if (cfg_opts[optnum].mode == PR_MODE_HTTP &&
(curproxy->cap & cfg_opts[optnum].cap) &&
(curproxy->options & cfg_opts[optnum].val)) {
Warning("config : 'option %s' ignored for %s '%s' as it requires HTTP mode.\n",
cfg_opts[optnum].name, proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
curproxy->options &= ~cfg_opts[optnum].val;
}
}
for (optnum = 0; cfg_opts2[optnum].name; optnum++) {
if (cfg_opts2[optnum].mode == PR_MODE_HTTP &&
(curproxy->cap & cfg_opts2[optnum].cap) &&
(curproxy->options2 & cfg_opts2[optnum].val)) {
Warning("config : 'option %s' ignored for %s '%s' as it requires HTTP mode.\n",
cfg_opts2[optnum].name, proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
curproxy->options2 &= ~cfg_opts2[optnum].val;
}
}
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
REORG: tproxy: prepare the transparent proxy defines for accepting other OSes This patch does not change the logic of the code, it only changes the way OS-specific defines are tested. At the moment the transparent proxy code heavily depends on Linux-specific defines. This first patch introduces a new define "CONFIG_HAP_TRANSPARENT" which is set every time the defines used by transparent proxy are present. This also means that with an up-to-date libc, it should not be necessary anymore to force CONFIG_HAP_LINUX_TPROXY during the build, as the flags will automatically be detected. The CTTPROXY flags still remain separate because this older API doesn't work the same way. A new line has been added in the version output for haproxy -vv to indicate what transparent proxy support is available.
2013-05-08 16:49:23 -04:00
#if defined(CONFIG_HAP_CTTPROXY) || defined(CONFIG_HAP_TRANSPARENT)
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
if (curproxy->conn_src.bind_hdr_occ) {
curproxy->conn_src.bind_hdr_occ = 0;
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
Warning("config : %s '%s' : ignoring use of header %s as source IP in non-HTTP mode.\n",
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
proxy_type_str(curproxy), curproxy->id, curproxy->conn_src.bind_hdr_name);
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
err_code |= ERR_WARN;
}
[BUILD] config: last patch breaks build without CONFIG_HAP_LINUX_TPROXY A few ifdefs were missing in the config validity check function.
2010-03-30 14:13:29 -04:00
#endif
[MINOR] config: emit warnings when HTTP-only options are used in TCP mode It's very common to see people getting trapped by HTTP-only options which don't work in TCP proxies. To help them definitely get rid of those configs, let's emit warnings for all options and statements which are not supported in their mode. That includes all HTTP-only options, the cookies and the stats. In order to ensure internal config correctness, the options are also disabled.
2010-03-25 02:22:56 -04:00
}
Revert "[BUILD] backend.c and checks.c did not build without tproxy !" This reverts commit 3c3c0122f84d72eae1c4ef4b1826bfdbef7d95e6. This commit was buggy as it also removed previous tproxy changes !
2008-02-14 14:25:24 -05:00
/*
* ensure that we're not cross-dressing a TCP server into HTTP.
*/
newsrv = curproxy->srv;
while (newsrv != NULL) {
MINOR: config: tolerate server "cookie" setting in non-HTTP mode Up to now, if a cookie value was specified on a server when the proxy was in TCP mode, it would cause a fatal error. Now we only report a warning, since the cookie will be ignored. This makes it easier to generate configs from scripts.
2011-10-31 08:49:26 -04:00
if ((curproxy->mode != PR_MODE_HTTP) && newsrv->rdr_len) {
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
Alert("config : %s '%s' : server cannot have cookie or redirect prefix in non-HTTP mode.\n",
proxy_type_str(curproxy), curproxy->id);
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
cfgerr++;
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
}
MINOR: config: tolerate server "cookie" setting in non-HTTP mode Up to now, if a cookie value was specified on a server when the proxy was in TCP mode, it would cause a fatal error. Now we only report a warning, since the cookie will be ignored. This makes it easier to generate configs from scripts.
2011-10-31 08:49:26 -04:00
if ((curproxy->mode != PR_MODE_HTTP) && newsrv->cklen) {
Warning("config : %s '%s' : ignoring cookie for server '%s' as HTTP mode is disabled.\n",
proxy_type_str(curproxy), curproxy->id, newsrv->id);
err_code |= ERR_WARN;
MINOR: config: warn when a server with no specific port uses rdp-cookie Mathew Levett reported an issue which is a bit nasty and hard to track down. RDP cookies contain both the IP and the port, and haproxy matches them exactly. So if a server has no port specified (or a remapped port), it will never match a port specified in a cookie. Better warn the user when this is detected.
2013-08-13 11:19:08 -04:00
}
REORG/MEDIUM: server: split server state and flags in two different variables Till now, the server's state and flags were all saved as a single bit field. It causes some difficulties because we'd like to have an enum for the state and separate flags. This commit starts by splitting them in two distinct fields. The first one is srv->state (with its counter-part srv->prev_state) which are now enums, but which still contain bits (SRV_STF_*). The flags now lie in their own field (srv->flags). The function srv_is_usable() was updated to use the enum as input, since it already used to deal only with the state. Note that currently, the maintenance mode is still in the state for simplicity, but it must move as well.
2014-05-13 09:54:22 -04:00
if ((newsrv->flags & SRV_F_MAPPORTS) && (curproxy->options2 & PR_O2_RDPC_PRST)) {
MINOR: config: warn when a server with no specific port uses rdp-cookie Mathew Levett reported an issue which is a bit nasty and hard to track down. RDP cookies contain both the IP and the port, and haproxy matches them exactly. So if a server has no port specified (or a remapped port), it will never match a port specified in a cookie. Better warn the user when this is detected.
2013-08-13 11:19:08 -04:00
Warning("config : %s '%s' : RDP cookie persistence will not work for server '%s' because it lacks an explicit port number.\n",
proxy_type_str(curproxy), curproxy->id, newsrv->id);
err_code |= ERR_WARN;
MINOR: config: tolerate server "cookie" setting in non-HTTP mode Up to now, if a cookie value was specified on a server when the proxy was in TCP mode, it would cause a fatal error. Now we only report a warning, since the cookie will be ignored. This makes it easier to generate configs from scripts.
2011-10-31 08:49:26 -04:00
}
REORG: tproxy: prepare the transparent proxy defines for accepting other OSes This patch does not change the logic of the code, it only changes the way OS-specific defines are tested. At the moment the transparent proxy code heavily depends on Linux-specific defines. This first patch introduces a new define "CONFIG_HAP_TRANSPARENT" which is set every time the defines used by transparent proxy are present. This also means that with an up-to-date libc, it should not be necessary anymore to force CONFIG_HAP_LINUX_TPROXY during the build, as the flags will automatically be detected. The CTTPROXY flags still remain separate because this older API doesn't work the same way. A new line has been added in the version output for haproxy -vv to indicate what transparent proxy support is available.
2013-05-08 16:49:23 -04:00
#if defined(CONFIG_HAP_CTTPROXY) || defined(CONFIG_HAP_TRANSPARENT)
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
if (curproxy->mode != PR_MODE_HTTP && newsrv->conn_src.bind_hdr_occ) {
newsrv->conn_src.bind_hdr_occ = 0;
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
Warning("config : %s '%s' : server %s cannot use header %s as source IP in non-HTTP mode.\n",
MEDIUM: connection: introduce "struct conn_src" for servers and proxies Both servers and proxies share a common set of parameters for outgoing connections, and since they're not stored in a similar structure, a lot of code is duplicated in the connection setup, which is one sensible area. Let's first define a common struct for these settings and make use of it. Next patches will de-duplicate code. This change also fixes a build breakage that happens when USE_LINUX_TPROXY is not set but USE_CTTPROXY is set, which seem to be very unlikely considering that the issue was introduced almost 2 years ago an never reported.
2012-12-08 16:29:20 -05:00
proxy_type_str(curproxy), curproxy->id, newsrv->id, newsrv->conn_src.bind_hdr_name);
[MEDIUM] add ability to connect to a server from an IP found in a header Using get_ip_from_hdr2() we can look for occurrence #X or #-X and extract the IP it contains. This is typically designed for use with the X-Forwarded-For header. Using "usesrc hdr_ip(name,occ)", it becomes possible to use the IP address found in <name>, and possibly specify occurrence number <occ>, as the source to connect to a server. This is possible both in a server and in a backend's source statement. This is typically used to use the source IP previously set by a upstream proxy.
2009-09-07 05:51:47 -04:00
err_code |= ERR_WARN;
Revert "[BUILD] backend.c and checks.c did not build without tproxy !" This reverts commit 3c3c0122f84d72eae1c4ef4b1826bfdbef7d95e6. This commit was buggy as it also removed previous tproxy changes !
2008-02-14 14:25:24 -05:00
}
[BUILD] config: last patch breaks build without CONFIG_HAP_LINUX_TPROXY A few ifdefs were missing in the config validity check function.
2010-03-30 14:13:29 -04:00
#endif
Revert "[BUILD] backend.c and checks.c did not build without tproxy !" This reverts commit 3c3c0122f84d72eae1c4ef4b1826bfdbef7d95e6. This commit was buggy as it also removed previous tproxy changes !
2008-02-14 14:25:24 -05:00
newsrv = newsrv->next;
}
MINOR: config: detect the case where a tcp-request content rule has no inspect-delay If a frontend has any tcp-request content rule relying on request contents without any inspect delay, we now emit a warning as this will randomly match. This can be backported to 1.5 as it reduces the support effort.
2014-09-16 10:21:19 -04:00
/* check if we have a frontend with "tcp-request content" looking at L7
* with no inspect-delay
*/
if ((curproxy->cap & PR_CAP_FE) && !curproxy->tcp_req.inspect_delay) {
list_for_each_entry(trule, &curproxy->tcp_req.inspect_rules, list) {
MINOR: actions: change actions names For performances considerations, some actions are not processed by remote function. They are directly processed by the function. Some of these actions does the same things but for different processing part (request / response). This patch give the same name for the same actions, and change the normalization of the other actions names. This patch is ONLY a rename, it doesn't modify the code.
2015-08-05 13:05:19 -04:00
if (trule->action == ACT_TCP_CAPTURE &&
MEDIUM: capture: Move the capture configuration storage in the union This patch moves the capture configuration struct (capture_prm) in the main "arg" union. This reduce the size of the struct.
2015-08-04 02:21:12 -04:00
!(trule->arg.cap.expr->fetch->val & SMP_VAL_FE_SES_ACC))
MINOR: config: detect the case where a tcp-request content rule has no inspect-delay If a frontend has any tcp-request content rule relying on request contents without any inspect delay, we now emit a warning as this will randomly match. This can be backported to 1.5 as it reduces the support effort.
2014-09-16 10:21:19 -04:00
break;
MINOR: actions: change actions names For performances considerations, some actions are not processed by remote function. They are directly processed by the function. Some of these actions does the same things but for different processing part (request / response). This patch give the same name for the same actions, and change the normalization of the other actions names. This patch is ONLY a rename, it doesn't modify the code.
2015-08-05 13:05:19 -04:00
if ((trule->action >= ACT_ACTION_TRK_SC0 && trule->action <= ACT_ACTION_TRK_SCMAX) &&
MEDIUM: track-sc: Move the track-sc configuration storage in the union This patch moves the track-sc configuration struct (track_ctr_prm) in the main "arg" union. This reduce the size od the struct.
2015-08-04 03:09:48 -04:00
!(trule->arg.trk_ctr.expr->fetch->val & SMP_VAL_FE_SES_ACC))
MINOR: config: detect the case where a tcp-request content rule has no inspect-delay If a frontend has any tcp-request content rule relying on request contents without any inspect delay, we now emit a warning as this will randomly match. This can be backported to 1.5 as it reduces the support effort.
2014-09-16 10:21:19 -04:00
break;
}
if (&trule->list != &curproxy->tcp_req.inspect_rules) {
Warning("config : %s '%s' : some 'tcp-request content' rules explicitly depending on request"
" contents were found in a frontend without any 'tcp-request inspect-delay' setting."
" This means that these rules will randomly find their contents. This can be fixed by"
" setting the tcp-request inspect-delay.\n",
proxy_type_str(curproxy), curproxy->id);
err_code |= ERR_WARN;
}
}
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
if (curproxy->cap & PR_CAP_FE) {
MEDIUM: proxy: add the global frontend to the list of normal proxies Since recent changes on the global frontend, it was not possible anymore to soft-reload a process which had a stats socket because the socket would not be disabled upon reload. The only solution to this endless madness is to have the global frontend part of normal proxies. Since we don't want to get an ID that shifts all other proxies and causes trouble in deployed environments, we assign it ID #0 which other proxies can't grab, and we don't report it in the stats pages.
2012-10-04 02:47:34 -04:00
if (!curproxy->accept)
curproxy->accept = frontend_accept;
[MAJOR] frontend: split accept() into frontend_accept() and session_accept() A new function session_accept() is now called from the lower layer to instanciate a new session. Once the session is instanciated, the upper layer's frontent_accept() is called. This one can be service-dependant. That way, we have a 3-phase accept() sequence : 1) protocol-specific, session-less accept(), which is pointed to by the listener. It defaults to the generic stream_sock_accept(). 2) session_accept() which relies on a frontend but not necessarily for use in a proxy (eg: stats or any future service). 3) frontend_accept() which performs the accept for the service offerred by the frontend. It defaults to frontend_accept() which is really what is used by a proxy. The TCP/HTTP proxies have been moved to this mode so that we can now rely on frontend_accept() for any type of session initialization relying on a frontend. The next step will be to convert the stats to use the same system for the stats.
2010-06-01 11:45:26 -04:00
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
if (curproxy->tcp_req.inspect_delay ||
!LIST_ISEMPTY(&curproxy->tcp_req.inspect_rules))
[MEDIUM] session: support "tcp-request content" rules in backends Sometimes it's necessary to be able to perform some "layer 6" analysis in the backend. TCP request rules were not available till now, although documented in the diagram. Enable them in backend now.
2010-08-03 08:02:05 -04:00
curproxy->fe_req_ana |= AN_REQ_INSPECT_FE;
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
[MEDIUM] set rep->analysers from fe and be analysers sess_establish() used to resort to protocol-specific guesses in order to set rep->analysers. This is no longer needed as it gets set from the frontend and the backend as a copy of what was defined in the configuration.
2009-08-16 16:57:50 -04:00
if (curproxy->mode == PR_MODE_HTTP) {
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
curproxy->fe_req_ana |= AN_REQ_WAIT_HTTP | AN_REQ_HTTP_PROCESS_FE;
[MAJOR] http: create the analyser which waits for a response The code part which waits for an HTTP response has been extracted from the old function. We now have two analysers and the second one may re-enable the first one when an 1xx response is encountered. This has been tested and works. The calls to stream_int_return() that were remaining in the wait analyser have been converted to stream_int_retnclose().
2009-10-18 16:53:08 -04:00
curproxy->fe_rsp_ana |= AN_RES_WAIT_HTTP | AN_RES_HTTP_PROCESS_FE;
[MEDIUM] set rep->analysers from fe and be analysers sess_establish() used to resort to protocol-specific guesses in order to set rep->analysers. This is no longer needed as it gets set from the frontend and the backend as a copy of what was defined in the configuration.
2009-08-16 16:57:50 -04:00
}
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
/* both TCP and HTTP must check switching rules */
curproxy->fe_req_ana |= AN_REQ_SWITCHING_RULES;
}
if (curproxy->cap & PR_CAP_BE) {
[MEDIUM] session: support "tcp-request content" rules in backends Sometimes it's necessary to be able to perform some "layer 6" analysis in the backend. TCP request rules were not available till now, although documented in the diagram. Enable them in backend now.
2010-08-03 08:02:05 -04:00
if (curproxy->tcp_req.inspect_delay ||
!LIST_ISEMPTY(&curproxy->tcp_req.inspect_rules))
curproxy->be_req_ana |= AN_REQ_INSPECT_BE;
[MEDIUM] Implement tcp inspect response rules
2010-09-23 11:56:44 -04:00
if (!LIST_ISEMPTY(&curproxy->tcp_rep.inspect_rules))
curproxy->be_rsp_ana |= AN_RES_INSPECT;
[MEDIUM] set rep->analysers from fe and be analysers sess_establish() used to resort to protocol-specific guesses in order to set rep->analysers. This is no longer needed as it gets set from the frontend and the backend as a copy of what was defined in the configuration.
2009-08-16 16:57:50 -04:00
if (curproxy->mode == PR_MODE_HTTP) {
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
curproxy->be_req_ana |= AN_REQ_WAIT_HTTP | AN_REQ_HTTP_INNER | AN_REQ_HTTP_PROCESS_BE;
[MAJOR] http: create the analyser which waits for a response The code part which waits for an HTTP response has been extracted from the old function. We now have two analysers and the second one may re-enable the first one when an 1xx response is encountered. This has been tested and works. The calls to stream_int_return() that were remaining in the wait analyser have been converted to stream_int_retnclose().
2009-10-18 16:53:08 -04:00
curproxy->be_rsp_ana |= AN_RES_WAIT_HTTP | AN_RES_HTTP_PROCESS_BE;
[MEDIUM] set rep->analysers from fe and be analysers sess_establish() used to resort to protocol-specific guesses in order to set rep->analysers. This is no longer needed as it gets set from the frontend and the backend as a copy of what was defined in the configuration.
2009-08-16 16:57:50 -04:00
}
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
/* If the backend does requires RDP cookie persistence, we have to
* enable the corresponding analyser.
*/
if (curproxy->options2 & PR_O2_RDPC_PRST)
curproxy->be_req_ana |= AN_REQ_PRST_RDP_COOKIE;
}
MEDIUM: config: compute the exact bind-process before listener's maxaccept This is a continuation of previous patch, the listener's maxaccept is divided by the number of processes, so it's best if we can swap the two blocks so that the number of processes is already known when computing the maxaccept value.
2014-09-16 07:41:21 -04:00
}
/***********************************************************/
/* At this point, target names have already been resolved. */
/***********************************************************/
/* Check multi-process mode compatibility */
if (global.nbproc > 1 && global.stats_fe) {
list_for_each_entry(bind_conf, &global.stats_fe->conf.bind, by_fe) {
unsigned long mask;
mask = nbits(global.nbproc);
if (global.stats_fe->bind_proc)
mask &= global.stats_fe->bind_proc;
if (bind_conf->bind_proc)
mask &= bind_conf->bind_proc;
/* stop here if more than one process is used */
BUILD/MINOR: tools: rename popcount to my_popcountl This is in order to avoid conflicting with NetBSD popcount* functions since 6.x release, the final l to mentions the argument is a long like NetBSD does. This patch could be backported to 1.5 to fix the build issue there as well.
2015-07-02 03:00:17 -04:00
if (my_popcountl(mask) > 1)
MEDIUM: config: compute the exact bind-process before listener's maxaccept This is a continuation of previous patch, the listener's maxaccept is divided by the number of processes, so it's best if we can swap the two blocks so that the number of processes is already known when computing the maxaccept value.
2014-09-16 07:41:21 -04:00
break;
}
if (&bind_conf->by_fe != &global.stats_fe->conf.bind) {
Warning("stats socket will not work as expected in multi-process mode (nbproc > 1), you should force process binding globally using 'stats bind-process' or per socket using the 'process' attribute.\n");
}
}
/* Make each frontend inherit bind-process from its listeners when not specified. */
for (curproxy = proxy; curproxy; curproxy = curproxy->next) {
if (curproxy->bind_proc)
continue;
list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
unsigned long mask;
BUG/MEDIUM: config: properly compute the default number of processes for a proxy Chad Lavoie reported an interesting regression caused by the latest updates to automatically detect the processes a peers section runs on. It turns out that if a config has neither nbproc nor a bind-process statement and depending on the frontend->backend chaining, it is possible to evade all bind_proc propagations, resulting in assigning only ~0UL (all processes, which is 32 or 64) without ever restricting it to nbproc. It was not visible in backends until they started to reference peers sections which saw themselves with 64 processes at once. This patch addresses this by replacing all those ~0UL with nbits(nbproc). That way all "bind-process" settings *default* to the number of processes defined in nbproc instead of 32 or 64. This fix could possibly be backported into 1.5, though there is no indication that this bug could have any effect there.
2015-05-04 15:57:58 -04:00
mask = bind_conf->bind_proc ? bind_conf->bind_proc : nbits(global.nbproc);
MEDIUM: config: compute the exact bind-process before listener's maxaccept This is a continuation of previous patch, the listener's maxaccept is divided by the number of processes, so it's best if we can swap the two blocks so that the number of processes is already known when computing the maxaccept value.
2014-09-16 07:41:21 -04:00
curproxy->bind_proc |= mask;
}
if (!curproxy->bind_proc)
BUG/MEDIUM: config: properly compute the default number of processes for a proxy Chad Lavoie reported an interesting regression caused by the latest updates to automatically detect the processes a peers section runs on. It turns out that if a config has neither nbproc nor a bind-process statement and depending on the frontend->backend chaining, it is possible to evade all bind_proc propagations, resulting in assigning only ~0UL (all processes, which is 32 or 64) without ever restricting it to nbproc. It was not visible in backends until they started to reference peers sections which saw themselves with 64 processes at once. This patch addresses this by replacing all those ~0UL with nbits(nbproc). That way all "bind-process" settings *default* to the number of processes defined in nbproc instead of 32 or 64. This fix could possibly be backported into 1.5, though there is no indication that this bug could have any effect there.
2015-05-04 15:57:58 -04:00
curproxy->bind_proc = nbits(global.nbproc);
MEDIUM: config: compute the exact bind-process before listener's maxaccept This is a continuation of previous patch, the listener's maxaccept is divided by the number of processes, so it's best if we can swap the two blocks so that the number of processes is already known when computing the maxaccept value.
2014-09-16 07:41:21 -04:00
}
if (global.stats_fe) {
list_for_each_entry(bind_conf, &global.stats_fe->conf.bind, by_fe) {
unsigned long mask;
BUG/MEDIUM: config: properly compute the default number of processes for a proxy Chad Lavoie reported an interesting regression caused by the latest updates to automatically detect the processes a peers section runs on. It turns out that if a config has neither nbproc nor a bind-process statement and depending on the frontend->backend chaining, it is possible to evade all bind_proc propagations, resulting in assigning only ~0UL (all processes, which is 32 or 64) without ever restricting it to nbproc. It was not visible in backends until they started to reference peers sections which saw themselves with 64 processes at once. This patch addresses this by replacing all those ~0UL with nbits(nbproc). That way all "bind-process" settings *default* to the number of processes defined in nbproc instead of 32 or 64. This fix could possibly be backported into 1.5, though there is no indication that this bug could have any effect there.
2015-05-04 15:57:58 -04:00
mask = bind_conf->bind_proc ? bind_conf->bind_proc : nbits(global.nbproc);
MEDIUM: config: compute the exact bind-process before listener's maxaccept This is a continuation of previous patch, the listener's maxaccept is divided by the number of processes, so it's best if we can swap the two blocks so that the number of processes is already known when computing the maxaccept value.
2014-09-16 07:41:21 -04:00
global.stats_fe->bind_proc |= mask;
}
if (!global.stats_fe->bind_proc)
BUG/MEDIUM: config: properly compute the default number of processes for a proxy Chad Lavoie reported an interesting regression caused by the latest updates to automatically detect the processes a peers section runs on. It turns out that if a config has neither nbproc nor a bind-process statement and depending on the frontend->backend chaining, it is possible to evade all bind_proc propagations, resulting in assigning only ~0UL (all processes, which is 32 or 64) without ever restricting it to nbproc. It was not visible in backends until they started to reference peers sections which saw themselves with 64 processes at once. This patch addresses this by replacing all those ~0UL with nbits(nbproc). That way all "bind-process" settings *default* to the number of processes defined in nbproc instead of 32 or 64. This fix could possibly be backported into 1.5, though there is no indication that this bug could have any effect there.
2015-05-04 15:57:58 -04:00
global.stats_fe->bind_proc = nbits(global.nbproc);
MEDIUM: config: compute the exact bind-process before listener's maxaccept This is a continuation of previous patch, the listener's maxaccept is divided by the number of processes, so it's best if we can swap the two blocks so that the number of processes is already known when computing the maxaccept value.
2014-09-16 07:41:21 -04:00
}
BUG/MINOR: config: don't propagate process binding on fatal errors. propagate_processes() must not be called with unresolved proxies, but nothing prevents it from being called in check_config_validity(). The resulting effect is that an unresolved proxy can cause a recursion loop if called in such a situation, ending with a segfault after the fatal error report. There's no side effect beyond this. This patch refrains from calling the function when any error was met. This bug also affects 1.5, it should be backported.
2014-10-01 14:50:17 -04:00
/* propagate bindings from frontends to backends. Don't do it if there
* are any fatal errors as we must not call it with unresolved proxies.
*/
if (!cfgerr) {
for (curproxy = proxy; curproxy; curproxy = curproxy->next) {
if (curproxy->cap & PR_CAP_FE)
propagate_processes(curproxy, NULL);
}
MEDIUM: config: compute the exact bind-process before listener's maxaccept This is a continuation of previous patch, the listener's maxaccept is divided by the number of processes, so it's best if we can swap the two blocks so that the number of processes is already known when computing the maxaccept value.
2014-09-16 07:41:21 -04:00
}
/* Bind each unbound backend to all processes when not specified. */
for (curproxy = proxy; curproxy; curproxy = curproxy->next) {
if (curproxy->bind_proc)
continue;
BUG/MEDIUM: config: properly compute the default number of processes for a proxy Chad Lavoie reported an interesting regression caused by the latest updates to automatically detect the processes a peers section runs on. It turns out that if a config has neither nbproc nor a bind-process statement and depending on the frontend->backend chaining, it is possible to evade all bind_proc propagations, resulting in assigning only ~0UL (all processes, which is 32 or 64) without ever restricting it to nbproc. It was not visible in backends until they started to reference peers sections which saw themselves with 64 processes at once. This patch addresses this by replacing all those ~0UL with nbits(nbproc). That way all "bind-process" settings *default* to the number of processes defined in nbproc instead of 32 or 64. This fix could possibly be backported into 1.5, though there is no indication that this bug could have any effect there.
2015-05-04 15:57:58 -04:00
curproxy->bind_proc = nbits(global.nbproc);
MEDIUM: config: compute the exact bind-process before listener's maxaccept This is a continuation of previous patch, the listener's maxaccept is divided by the number of processes, so it's best if we can swap the two blocks so that the number of processes is already known when computing the maxaccept value.
2014-09-16 07:41:21 -04:00
}
/*******************************************************/
/* At this step, all proxies have a non-null bind_proc */
/*******************************************************/
/* perform the final checks before creating tasks */
for (curproxy = proxy; curproxy; curproxy = curproxy->next) {
struct listener *listener;
unsigned int next_id;
int nbproc;
BUILD/MINOR: tools: rename popcount to my_popcountl This is in order to avoid conflicting with NetBSD popcount* functions since 6.x release, the final l to mentions the argument is a long like NetBSD does. This patch could be backported to 1.5 to fix the build issue there as well.
2015-07-02 03:00:17 -04:00
nbproc = my_popcountl(curproxy->bind_proc & nbits(global.nbproc));
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
MINOR: conf: add warning if ssl is not enabled and a certificate is present on bind.
2012-11-15 12:28:02 -05:00
#ifdef USE_OPENSSL
MEDIUM: config: centralize handling of SSL config per bind line SSL config holds many parameters which are per bind line and not per listener. Let's use a per-bind line config instead of having it replicated for each listener. At the moment we only do this for the SSL part but this should probably evolved to handle more of the configuration and maybe even the state per bind line.
2012-09-07 10:58:00 -04:00
/* Configure SSL for each bind line.
* Note: if configuration fails at some point, the ->ctx member
* remains NULL so that listeners can later detach.
*/
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
BUG/MAJOR: ssl: Fallback to private session cache if current lock mode is not supported. Process shared mutex seems not supported on some OSs (FreeBSD). This patch checks errors on mutex lock init to fallback on a private session cache (per process cache) in error cases.
2014-05-07 10:10:18 -04:00
int alloc_ctx;
MINOR: conf: add warning if ssl is not enabled and a certificate is present on bind.
2012-11-15 12:28:02 -05:00
if (!bind_conf->is_ssl) {
if (bind_conf->default_ctx) {
Warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
}
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
continue;
MINOR: conf: add warning if ssl is not enabled and a certificate is present on bind.
2012-11-15 12:28:02 -05:00
}
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
if (!bind_conf->default_ctx) {
MEDIUM: ssl: add support for SNI and wildcard certificates A side effect of this change is that the "ssl" keyword on "bind" lines is now just a boolean and that "crt" is needed to designate certificate files or directories. Note that much refcounting was needed to have the free() work correctly due to the number of cert aliases which can make a context be shared by multiple names.
2012-09-07 11:30:07 -04:00
Alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
MEDIUM: config: centralize handling of SSL config per bind line SSL config holds many parameters which are per bind line and not per listener. Let's use a per-bind line config instead of having it replicated for each listener. At the moment we only do this for the SSL part but this should probably evolved to handle more of the configuration and maybe even the state per bind line.
2012-09-07 10:58:00 -04:00
cfgerr++;
continue;
}
MINOR: ssl: add global statement tune.ssl.force-private-cache. Boolean: used to force a private ssl session cache for each process in case of nbproc > 1.
2014-05-09 07:52:00 -04:00
alloc_ctx = shared_context_init(global.tune.sslcachesize, (!global.tune.sslprivatecache && (global.nbproc > 1)) ? 1 : 0);
BUG/MAJOR: ssl: Fallback to private session cache if current lock mode is not supported. Process shared mutex seems not supported on some OSs (FreeBSD). This patch checks errors on mutex lock init to fallback on a private session cache (per process cache) in error cases.
2014-05-07 10:10:18 -04:00
if (alloc_ctx < 0) {
MINOR: ssl: remove fallback to SSL session private cache if lock init fails. Now, haproxy exit an error saying: Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase the CPU usage due to renegotiation if nbproc > 1.
2014-05-09 08:01:48 -04:00
if (alloc_ctx == SHCTX_E_INIT_LOCK)
Alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
else
BUG/MAJOR: ssl: Fallback to private session cache if current lock mode is not supported. Process shared mutex seems not supported on some OSs (FreeBSD). This patch checks errors on mutex lock init to fallback on a private session cache (per process cache) in error cases.
2014-05-07 10:10:18 -04:00
Alert("Unable to allocate SSL session cache.\n");
MINOR: ssl: remove fallback to SSL session private cache if lock init fails. Now, haproxy exit an error saying: Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase the CPU usage due to renegotiation if nbproc > 1.
2014-05-09 08:01:48 -04:00
cfgerr++;
continue;
MEDIUM: config: centralize handling of SSL config per bind line SSL config holds many parameters which are per bind line and not per listener. Let's use a per-bind line config instead of having it replicated for each listener. At the moment we only do this for the SSL part but this should probably evolved to handle more of the configuration and maybe even the state per bind line.
2012-09-07 10:58:00 -04:00
}
MEDIUM: ssl: add support for SNI and wildcard certificates A side effect of this change is that the "ssl" keyword on "bind" lines is now just a boolean and that "crt" is needed to designate certificate files or directories. Note that much refcounting was needed to have the free() work correctly due to the number of cert aliases which can make a context be shared by multiple names.
2012-09-07 11:30:07 -04:00
/* initialize all certificate contexts */
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
cfgerr += ssl_sock_prepare_all_ctx(bind_conf, curproxy);
MEDIUM: ssl: Add options to forge SSL certificates With this patch, it is possible to configure HAProxy to forge the SSL certificate sent to a client using the SNI servername. We do it in the SNI callback. To enable this feature, you must pass following BIND options: * ca-sign-file <FILE> : This is the PEM file containing the CA certitifacte and the CA private key to create and sign server's certificates. * (optionally) ca-sign-pass <PASS>: This is the CA private key passphrase, if any. * generate-certificates: Enable the dynamic generation of certificates for a listener. Because generating certificates is expensive, there is a LRU cache to store them. Its size can be customized by setting the global parameter 'tune.ssl.ssl-ctx-cache-size'.
2015-06-09 11:29:50 -04:00
/* initialize CA variables if the certificates generation is enabled */
cfgerr += ssl_sock_load_ca(bind_conf, curproxy);
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
}
MINOR: conf: add warning if ssl is not enabled and a certificate is present on bind.
2012-11-15 12:28:02 -05:00
#endif /* USE_OPENSSL */
MEDIUM: config: centralize handling of SSL config per bind line SSL config holds many parameters which are per bind line and not per listener. Let's use a per-bind line config instead of having it replicated for each listener. At the moment we only do this for the SSL part but this should probably evolved to handle more of the configuration and maybe even the state per bind line.
2012-09-07 10:58:00 -04:00
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-28 20:09:36 -04:00
/* adjust this proxy's listeners */
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
next_id = 1;
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
list_for_each_entry(listener, &curproxy->conf.listeners, by_fe) {
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
if (!listener->luid) {
/* listener ID not set, use automatic numbering with first
* spare entry starting with next_luid.
*/
next_id = get_next_id(&curproxy->conf.used_listener_id, next_id);
listener->conf.id.key = listener->luid = next_id;
eb32_insert(&curproxy->conf.used_listener_id, &listener->conf.id);
}
[BUG] pxid/puid/luid: don't shift IDs when some of them are forced [WT: it was not a bug, I did it on purpose to leave no hole between IDs, though it's not very practical when admins want to force some entries after they have been used, because they'd rather leave a hole than renumber everything ] Forcing some of IDs should not shift others. Regression introduced in 53fb4ae261b6e0e33e618f5cabbacc1657c19cc5 ---cut here--- global stats socket /home/ole/haproxy.stat user ole group ole mode 660 frontend F1 bind 127.0.0.1:9999 mode http backend B1 mode http backend B2 mode http id 9999 backend B3 mode http backend B4 mode http ---cut here--- Before 53fb4ae261b6e0e33e618f5cabbacc1657c19cc5: $ echo "show stat" | socat unix-connect:/home/ole/haproxy.stat stdio|cut -d , -f 28 iid 1 2 9999 4 5 After 53fb4ae261b6e0e33e618f5cabbacc1657c19cc5: $ echo "show stat" | socat unix-connect:/home/ole/haproxy.stat stdio|cut -d , -f 28 iid 1 2 9999 3 4 With this patch: $ echo "show stat" | socat unix-connect:/home/ole/haproxy.stat stdio|cut -d , -f 28 iid 1 2 9999 4 5
2010-02-05 14:58:27 -05:00
next_id++;
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
[MEDIUM] Collect & provide separate statistics for sockets, v2 This patch allows to collect & provide separate statistics for each socket. It can be very useful if you would like to distinguish between traffic generate by local and remote users or between different types of remote clients (peerings, domestic, foreign). Currently no "Session rate" is supported, but adding it should be possible if we found it useful.
2009-10-04 09:43:17 -04:00
/* enable separate counters */
if (curproxy->options2 & PR_O2_SOCKSTAT) {
listener->counters = (struct licounters *)calloc(1, sizeof(struct licounters));
MEDIUM: make the trash be a chunk instead of a char * The trash is used everywhere to store the results of temporary strings built out of s(n)printf, or as a storage for a chunk when chunks are needed. Using global.tune.bufsize is not the most convenient thing either. So let's replace trash with a chunk and directly use it as such. We can then use trash.size as the natural way to get its size, and get rid of many intermediary chunks that were previously used. The patch is huge because it touches many areas but it makes the code a lot more clear and even outlines places where trash was used without being that obvious.
2012-10-29 11:51:55 -04:00
if (!listener->name)
memprintf(&listener->name, "sock-%d", listener->luid);
[MEDIUM] Collect & provide separate statistics for sockets, v2 This patch allows to collect & provide separate statistics for each socket. It can be very useful if you would like to distinguish between traffic generate by local and remote users or between different types of remote clients (peerings, domestic, foreign). Currently no "Session rate" is supported, but adding it should be possible if we found it useful.
2009-10-04 09:43:17 -04:00
}
MINOR: ssl: set the listeners' data layer to ssl during parsing It's better to set all listeners to ssl_sock when seeing the "ssl" keyword that to loop on all of them afterwards just for this. This also removes some #ifdefs.
2012-09-22 13:11:47 -04:00
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-28 20:09:36 -04:00
if (curproxy->options & PR_O_TCP_NOLING)
listener->options |= LI_O_NOLINGER;
MEDIUM: config: support per-listener backlog and maxconn With SSL, connections are much more expensive, so it is important to be able to limit concurrent connections per listener in order to limit the memory usage.
2012-09-06 05:10:55 -04:00
if (!listener->maxconn)
listener->maxconn = curproxy->maxconn;
if (!listener->backlog)
listener->backlog = curproxy->backlog;
MEDIUM: adjust the maxaccept per listener depending on the number of processes global.tune.maxaccept was used for all listeners. This becomes really not convenient when some listeners are bound to a single process and other ones are bound to many processes. Now we change the principle : we count the number of processes a listener is bound to, and apply the maxaccept either entirely if there is a single process, or divided by twice the number of processes in order to maintain fairness. The default limit has also been increased from 32 to 64 as it appeared that on small machines, 32 was too low to achieve high connection rates.
2012-11-19 06:39:59 -05:00
if (!listener->maxaccept)
listener->maxaccept = global.tune.maxaccept ? global.tune.maxaccept : 64;
/* we want to have an optimal behaviour on single process mode to
* maximize the work at once, but in multi-process we want to keep
* some fairness between processes, so we target half of the max
* number of events to be balanced over all the processes the proxy
* is bound to. Rememeber that maxaccept = -1 must be kept as it is
* used to disable the limit.
*/
if (listener->maxaccept > 0) {
if (nbproc > 1)
listener->maxaccept = (listener->maxaccept + 1) / 2;
listener->maxaccept = (listener->maxaccept + nbproc - 1) / nbproc;
}
REORG: session: move the session parts out of stream.c This concerns everythins related to accepting a new session and expiring the embryonic session. There's still a hard-coded call to stream_accept_session() which could be set somewhere in the frontend, but for now it's not a problem.
2015-04-04 12:50:31 -04:00
listener->accept = session_accept_fd;
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
listener->handler = process_stream;
[MINOR] cleanup set_session_backend by using pre-computed analysers Analyser bitmaps are now stored in the frontend and backend, and combined at configuration time. That way, set_session_backend() does not need to perform any protocol-specific combinations.
2009-08-16 16:37:44 -04:00
listener->analysers |= curproxy->fe_req_ana;
MEDIUM: listener: store the default target per listener This will be useful later to state that some listeners have to use certain decoders (typically an HTTP/2 decoder) regardless of the regular processing applied to other listeners. For now it simply defaults to the frontend's default target, and it is used by the session.
2015-03-13 11:43:12 -04:00
listener->default_target = curproxy->default_target;
[MINOR] pre-set analyser flags on the listener at registration time In order to achieve more generic accept() code, we can set the request analysers at the listener registration time. It's better than doing it during accept(), and allows more code reuse.
2008-12-07 05:50:35 -05:00
[MEDIUM] frontend: check for LI_O_TCP_RULES in the listener The new LI_O_TCP_RULES listener option indicates that some TCP rules must be checked upon accept on this listener. It is now checked by the frontend and the L4 rules are evaluated only in this case. The flag is only set when at least one tcp-req rule is present in the frontend. The L4 rules check function has now been moved to proto_tcp.c where it ought to be.
2010-05-31 04:30:33 -04:00
if (!LIST_ISEMPTY(&curproxy->tcp_req.l4_rules))
listener->options |= LI_O_TCP_RULES;
[MINOR] frontend: only check for monitor-net rules if LI_O_CHK_MONNET is set We can disable the monitor-net rules on a listener if this flag is not set in the listener's options. This will be useful when we don't want to check that fe->addr is set or not for non-TCP frontends.
2010-05-31 04:56:17 -04:00
if (curproxy->mon_mask.s_addr)
listener->options |= LI_O_CHK_MONNET;
[MEDIUM] implement option tcp-smart-accept at the frontend This option disables TCP quick ack upon accept. It is also automatically enabled in HTTP mode, unless the option is explicitly disabled with "no option tcp-smart-accept". This saves one packet per connection which can bring reasonable amounts of bandwidth for servers processing small requests.
2009-06-14 06:07:01 -04:00
/* smart accept mode is automatic in HTTP mode */
if ((curproxy->options2 & PR_O2_SMARTACC) ||
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
((curproxy->mode == PR_MODE_HTTP || listener->bind_conf->is_ssl) &&
[MEDIUM] implement option tcp-smart-accept at the frontend This option disables TCP quick ack upon accept. It is also automatically enabled in HTTP mode, unless the option is explicitly disabled with "no option tcp-smart-accept". This saves one packet per connection which can bring reasonable amounts of bandwidth for servers processing small requests.
2009-06-14 06:07:01 -04:00
!(curproxy->no_options2 & PR_O2_SMARTACC)))
listener->options |= LI_O_NOQUICKACK;
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-28 20:09:36 -04:00
}
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
/* Release unused SSL configs */
list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
if (bind_conf->is_ssl)
MEDIUM: config: centralize handling of SSL config per bind line SSL config holds many parameters which are per bind line and not per listener. Let's use a per-bind line config instead of having it replicated for each listener. At the moment we only do this for the SSL part but this should probably evolved to handle more of the configuration and maybe even the state per bind line.
2012-09-07 10:58:00 -04:00
continue;
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
#ifdef USE_OPENSSL
MEDIUM: ssl: Add options to forge SSL certificates With this patch, it is possible to configure HAProxy to forge the SSL certificate sent to a client using the SNI servername. We do it in the SNI callback. To enable this feature, you must pass following BIND options: * ca-sign-file <FILE> : This is the PEM file containing the CA certitifacte and the CA private key to create and sign server's certificates. * (optionally) ca-sign-pass <PASS>: This is the CA private key passphrase, if any. * generate-certificates: Enable the dynamic generation of certificates for a listener. Because generating certificates is expensive, there is a LRU cache to store them. Its size can be customized by setting the global parameter 'tune.ssl.ssl-ctx-cache-size'.
2015-06-09 11:29:50 -04:00
ssl_sock_free_ca(bind_conf);
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
ssl_sock_free_all_ctx(bind_conf);
MEDIUM: conf: rename 'cafile' and 'crlfile' statements 'ca-file' and 'crl-file' These names were not really handy.
2012-10-05 06:00:26 -04:00
free(bind_conf->ca_file);
MEDIUM: ssl: Add options to forge SSL certificates With this patch, it is possible to configure HAProxy to forge the SSL certificate sent to a client using the SNI servername. We do it in the SNI callback. To enable this feature, you must pass following BIND options: * ca-sign-file <FILE> : This is the PEM file containing the CA certitifacte and the CA private key to create and sign server's certificates. * (optionally) ca-sign-pass <PASS>: This is the CA private key passphrase, if any. * generate-certificates: Enable the dynamic generation of certificates for a listener. Because generating certificates is expensive, there is a LRU cache to store them. Its size can be customized by setting the global parameter 'tune.ssl.ssl-ctx-cache-size'.
2015-06-09 11:29:50 -04:00
free(bind_conf->ca_sign_file);
free(bind_conf->ca_sign_pass);
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
free(bind_conf->ciphers);
MINOR: ssl: add elliptic curve Diffie-Hellman support for ssl key generation Add 'ecdhe' on 'bind' statement: to set named curve used to generate ECDHE keys (ex: ecdhe secp521r1)
2012-09-20 11:10:03 -04:00
free(bind_conf->ecdhe);
MEDIUM: conf: rename 'cafile' and 'crlfile' statements 'ca-file' and 'crl-file' These names were not really handy.
2012-10-05 06:00:26 -04:00
free(bind_conf->crl_file);
MINOR: Add TLS ticket keys reference and use it in the listener struct Within the listener struct we need to use a reference to the TLS ticket keys which binds the actual keys with the filename. This will make it possible to update the keys through the socket Signed-off-by: Nenad Merdanovic <nmerdan@anine.io>
2015-05-09 02:46:00 -04:00
if(bind_conf->keys_ref) {
free(bind_conf->keys_ref->filename);
free(bind_conf->keys_ref->tlskeys);
free(bind_conf->keys_ref);
}
MEDIUM: config: centralize handling of SSL config per bind line SSL config holds many parameters which are per bind line and not per listener. Let's use a per-bind line config instead of having it replicated for each listener. At the moment we only do this for the SSL part but this should probably evolved to handle more of the configuration and maybe even the state per bind line.
2012-09-07 10:58:00 -04:00
#endif /* USE_OPENSSL */
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
}
MEDIUM: config: centralize handling of SSL config per bind line SSL config holds many parameters which are per bind line and not per listener. Let's use a per-bind line config instead of having it replicated for each listener. At the moment we only do this for the SSL part but this should probably evolved to handle more of the configuration and maybe even the state per bind line.
2012-09-07 10:58:00 -04:00
MEDIUM: config: check the bind-process settings according to nbproc When a bind-process setting is present in a frontend or backend, we now verify that the specified process range at least shares one common process with those defined globally by nbproc. Then if the value is set, it is reduced to the one enforced by nbproc. A warning is emitted if process count does not match, and the fix is done the following way : - if a single process was specified in the range, it's remapped to process #1 - if more than one process was specified, the binding is removed and all processes are usable. Note that since backends may inherit their settings from frontends, depending on the declaration order, they may or may not be reported as warnings.
2014-05-07 17:56:38 -04:00
if (nbproc > 1) {
if (curproxy->uri_auth) {
MEDIUM: config: only warn if stats are attached to multi-process bind directives Some users want to have a stats frontend with one line per process, but while 100% valid and safe, the config parser emits a warning. Relax this check to ensure that the warning is only emitted if at least one of the listeners is bound to multiple processes, or if the directive is placed in a backend called from multiple processes (since in this case we don't know if it's safe).
2014-09-16 09:11:04 -04:00
int count, maxproc = 0;
list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
BUILD/MINOR: tools: rename popcount to my_popcountl This is in order to avoid conflicting with NetBSD popcount* functions since 6.x release, the final l to mentions the argument is a long like NetBSD does. This patch could be backported to 1.5 to fix the build issue there as well.
2015-07-02 03:00:17 -04:00
count = my_popcountl(bind_conf->bind_proc);
MEDIUM: config: only warn if stats are attached to multi-process bind directives Some users want to have a stats frontend with one line per process, but while 100% valid and safe, the config parser emits a warning. Relax this check to ensure that the warning is only emitted if at least one of the listeners is bound to multiple processes, or if the directive is placed in a backend called from multiple processes (since in this case we don't know if it's safe).
2014-09-16 09:11:04 -04:00
if (count > maxproc)
maxproc = count;
}
/* backends have 0, frontends have 1 or more */
if (maxproc != 1)
Warning("Proxy '%s': in multi-process mode, stats will be"
" limited to process assigned to the current request.\n",
curproxy->id);
MEDIUM: config: check the bind-process settings according to nbproc When a bind-process setting is present in a frontend or backend, we now verify that the specified process range at least shares one common process with those defined globally by nbproc. Then if the value is set, it is reduced to the one enforced by nbproc. A warning is emitted if process count does not match, and the fix is done the following way : - if a single process was specified in the range, it's remapped to process #1 - if more than one process was specified, the binding is removed and all processes are usable. Note that since backends may inherit their settings from frontends, depending on the declaration order, they may or may not be reported as warnings.
2014-05-07 17:56:38 -04:00
if (!LIST_ISEMPTY(&curproxy->uri_auth->admin_rules)) {
Warning("Proxy '%s': stats admin will not work correctly in multi-process mode.\n",
curproxy->id);
[MINOR] add warnings on features not compatible with multi-process mode Using haproxy in multi-process mode (nbproc > 1), some features can be not fully compatible or not work at all. haproxy will now display a warning on startup for : - appsession - sticking rules - stats / stats admin - stats socket - peers (fatal error in that case)
2010-12-14 16:48:49 -05:00
}
}
MEDIUM: config: check the bind-process settings according to nbproc When a bind-process setting is present in a frontend or backend, we now verify that the specified process range at least shares one common process with those defined globally by nbproc. Then if the value is set, it is reduced to the one enforced by nbproc. A warning is emitted if process count does not match, and the fix is done the following way : - if a single process was specified in the range, it's remapped to process #1 - if more than one process was specified, the binding is removed and all processes are usable. Note that since backends may inherit their settings from frontends, depending on the declaration order, they may or may not be reported as warnings.
2014-05-07 17:56:38 -04:00
if (!LIST_ISEMPTY(&curproxy->sticking_rules)) {
Warning("Proxy '%s': sticking rules will not work correctly in multi-process mode.\n",
curproxy->id);
[MINOR] add warnings on features not compatible with multi-process mode Using haproxy in multi-process mode (nbproc > 1), some features can be not fully compatible or not work at all. haproxy will now display a warning on startup for : - appsession - sticking rules - stats / stats admin - stats socket - peers (fatal error in that case)
2010-12-14 16:48:49 -05:00
}
}
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
/* create the task associated with the proxy */
curproxy->task = task_new();
if (curproxy->task) {
curproxy->task->context = curproxy;
curproxy->task->process = manage_proxy;
/* no need to queue, it will be done automatically if some
* listener gets limited.
*/
curproxy->task->expire = TICK_ETERNITY;
} else {
Alert("Proxy '%s': no more memory when trying to allocate the management task\n",
curproxy->id);
cfgerr++;
}
MEDIUM: config: make the frontends automatically bind to the listeners' processes When a frontend does not have any bind-process directive, make it automatically bind to the union of all of its listeners' processes instead of binding to all processes. That will make it possible to have the expected behaviour without having to explicitly specify a bind-process directive. Note that if the listeners are not bound to a specific process, the default is still to bind to all processes. This change could be backported to 1.5 as it simplifies process management, and was planned to be done during the 1.5 development phase.
2014-09-16 07:21:03 -04:00
}
[MINOR] config: automatically compute a default fullconn value The fullconn value is not easy to get right when doing dynamic regulation, as it should depend on the maxconns of the frontends that can reach a backend. Since the parameter is mandatory, many configs are found with an inappropriate default value. Instead of rejecting configs without a fullconn value, we now set it to 10% of the sum of the configured maxconns of all the frontends which are susceptible to branch to the backend. That way if new frontends are added, the backend's fullconn automatically adjusts itself.
2011-06-05 09:38:35 -04:00
/* automatically compute fullconn if not set. We must not do it in the
* loop above because cross-references are not yet fully resolved.
*/
for (curproxy = proxy; curproxy; curproxy = curproxy->next) {
/* If <fullconn> is not set, let's set it to 10% of the sum of
* the possible incoming frontend's maxconns.
*/
if (!curproxy->fullconn && (curproxy->cap & PR_CAP_BE)) {
struct proxy *fe;
int total = 0;
/* sum up the number of maxconns of frontends which
* reference this backend at least once or which are
* the same one ('listen').
*/
for (fe = proxy; fe; fe = fe->next) {
struct switching_rule *rule;
int found = 0;
if (!(fe->cap & PR_CAP_FE))
continue;
if (fe == curproxy) /* we're on a "listen" instance */
found = 1;
if (fe->defbe.be == curproxy) /* "default_backend" */
found = 1;
/* check if a "use_backend" rule matches */
if (!found) {
list_for_each_entry(rule, &fe->switching_rules, list) {
MEDIUM: proxy: support use_backend with dynamic names We have a use case where we look up a customer ID in an HTTP header and direct it to the corresponding server. This can easily be done using ACLs and use_backend rules, but the configuration becomes painful to maintain when the number of customers grows to a few tens or even a several hundreds. We realized it would be nice if we could make the use_backend resolve its name at run time instead of config parsing time, and use a similar expression as http-request add-header to decide on the proper backend to use. This permits the use of prefixes or even complex names in backend expressions. If no name matches, then the default backend is used. Doing so allowed us to get rid of all the use_backend rules. Since there are some config checks on the use_backend rules to see if the referenced backend exists, we want to keep them to detect config errors in normal config. So this patch does not modify the default behaviour and proceeds this way : - if the backend name in the use_backend directive parses as a log format rule, it's used as-is and is resolved at run time ; - otherwise it's a static name which must be valid at config time. There was the possibility of doing this with the use-server directive instead of use_backend, but it seems like use_backend is more suited to this task, as it can be used for other purposes. For example, it becomes easy to serve a customer-specific proxy.pac file based on the customer ID by abusing the errorfile primitive : use_backend bk_cust_%[hdr(X-Cust-Id)] if { hdr(X-Cust-Id) -m found } default_backend bk_err_404 backend bk_cust_1 errorfile 200 /etc/haproxy/static/proxy.pac.cust1 Signed-off-by: Bertrand Jacquin <bjacquin@exosec.fr>
2013-11-19 05:43:06 -05:00
if (!rule->dynamic && rule->be.backend == curproxy) {
[MINOR] config: automatically compute a default fullconn value The fullconn value is not easy to get right when doing dynamic regulation, as it should depend on the maxconns of the frontends that can reach a backend. Since the parameter is mandatory, many configs are found with an inappropriate default value. Instead of rejecting configs without a fullconn value, we now set it to 10% of the sum of the configured maxconns of all the frontends which are susceptible to branch to the backend. That way if new frontends are added, the backend's fullconn automatically adjusts itself.
2011-06-05 09:38:35 -04:00
found = 1;
break;
}
}
}
/* now we've checked all possible ways to reference a backend
* from a frontend.
*/
if (!found)
continue;
total += fe->maxconn;
}
/* we have the sum of the maxconns in <total>. We only
* keep 10% of that sum to set the default fullconn, with
* a hard minimum of 1 (to avoid a divide by zero).
*/
curproxy->fullconn = (total + 9) / 10;
if (!curproxy->fullconn)
curproxy->fullconn = 1;
}
}
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
/*
* Recount currently required checks.
*/
for (curproxy=proxy; curproxy; curproxy=curproxy->next) {
int optnum;
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
for (optnum = 0; cfg_opts[optnum].name; optnum++)
if (curproxy->options & cfg_opts[optnum].val)
global.last_checks |= cfg_opts[optnum].checks;
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
[MEDIUM] splice: add configuration options and set global.maxpipes Three new options have been added when CONFIG_HAP_LINUX_SPLICE is set : - splice-request - splice-response - splice-auto They are used to enable splicing per frontend/backend. They are also supported in defaults sections. The "splice-auto" option is meant to automatically turn splice on for buffers marked as fast streamers. This should save quite a bunch of file descriptors. It was required to add a new "options2" field to the proxy structure because the original "options" is full. When global.maxpipes is not set, it is automatically adjusted to the max of the sums of all frontend's and backend's maxconns for those which have at least one splice option enabled.
2009-01-18 15:44:07 -05:00
for (optnum = 0; cfg_opts2[optnum].name; optnum++)
if (curproxy->options2 & cfg_opts2[optnum].val)
global.last_checks |= cfg_opts2[optnum].checks;
[MEDIUM]: Inversion for options This patch adds a possibility to invert most of available options by introducing the "no" keyword, available as an additional prefix. If it is found arguments are shifted left and an additional flag (inv) is set. It allows to use all options from a current defaults section, except the selected ones, for example: -- cut here -- defaults contimeout 4200 clitimeout 50000 srvtimeout 40000 option contstats listen stats 1.2.3.4:80 no option contstats -- cut here -- Currenly inversion works only with the "option" keyword. The patch also moves last_checks calculation at the end of the readcfgfile() function and changes "PR_O_FORCE_CLO | PR_O_HTTP_CLOSE" into "PR_O_FORCE_CLO" in cfg_opts so it is possible to invert forceclose without breaking httpclose (and vice versa) and to invert tcpsplice in one proxy but to keep a proper last_checks value when tcpsplice is used in another proxy. Now, the code checks for PR_O_FORCE_CLO everywhere it checks for PR_O_HTTP_CLOSE. I also decided to depreciate "redisp" and "redispatch" keywords as it is IMHO better to use "option redispatch" which can be inverted. Some useful documentation were added and at the same time I sorted (alfabetically) all valid options both in the code and the documentation.
2007-12-24 20:40:22 -05:00
}
MEDIUM: config: propagate the table's process list to the peers sections Now a peers section has its bind_proc set to the union of all those of its users.
2015-05-01 13:12:05 -04:00
/* compute the required process bindings for the peers */
for (curproxy = proxy; curproxy; curproxy = curproxy->next)
if (curproxy->table.peers.p)
curproxy->table.peers.p->peers_fe->bind_proc |= curproxy->bind_proc;
[BUG] peers: don't keep a peers section which has a NULL frontend If a peers section has no peer named as the local peer, we must destroy it, otherwise a NULL peer frontend remains in the lists and a segfault can happen upon a soft restart. We also now report the missing peer name in order to help troubleshooting.
2011-09-07 15:24:49 -04:00
if (peers) {
struct peers *curpeers = peers, **last;
struct peer *p, *pb;
MEDIUM: config: validate that peers sections are bound to exactly one process If a peers section is bound to no process, it's silently discarded. If its bound to multiple processes, an error is emitted and the process will not start.
2015-05-01 13:15:17 -04:00
/* Remove all peers sections which don't have a valid listener,
* which are not used by any table, or which are bound to more
* than one process.
[BUG] peers: don't keep a peers section which has a NULL frontend If a peers section has no peer named as the local peer, we must destroy it, otherwise a NULL peer frontend remains in the lists and a segfault can happen upon a soft restart. We also now report the missing peer name in order to help troubleshooting.
2011-09-07 15:24:49 -04:00
*/
last = &peers;
while (*last) {
curpeers = *last;
MEDIUM: peers: add the ability to disable a peers section Sometimes it's very hard to disable the use of peers because an empty section is not valid, so it is necessary to comment out all references to the section, and not to forget to restore them in the same state after the operation. Let's add a "disabled" keyword just like for proxies. A ->state member in the peers struct is even present for this purpose but was never used at all. Maybe it would make sense to backport this to 1.5 as it's really cumbersome there.
2015-05-01 14:02:17 -04:00
if (curpeers->state == PR_STSTOPPED) {
/* the "disabled" keyword was present */
if (curpeers->peers_fe)
stop_proxy(curpeers->peers_fe);
curpeers->peers_fe = NULL;
}
else if (!curpeers->peers_fe) {
Warning("Removing incomplete section 'peers %s' (no peer named '%s').\n",
curpeers->id, localpeer);
}
BUILD/MINOR: tools: rename popcount to my_popcountl This is in order to avoid conflicting with NetBSD popcount* functions since 6.x release, the final l to mentions the argument is a long like NetBSD does. This patch could be backported to 1.5 to fix the build issue there as well.
2015-07-02 03:00:17 -04:00
else if (my_popcountl(curpeers->peers_fe->bind_proc) != 1) {
MEDIUM: config: validate that peers sections are bound to exactly one process If a peers section is bound to no process, it's silently discarded. If its bound to multiple processes, an error is emitted and the process will not start.
2015-05-01 13:15:17 -04:00
/* either it's totally stopped or too much used */
if (curpeers->peers_fe->bind_proc) {
Alert("Peers section '%s': peers referenced by sections "
MINOR: config: report the number of processes using a peers section in the error case It can be helpful to know how many different processes try to use the same peers section when trying to find the culprits.
2015-05-04 15:48:51 -04:00
"running in different processes (%d different ones). "
"Check global.nbproc and all tables' bind-process "
BUILD/MINOR: tools: rename popcount to my_popcountl This is in order to avoid conflicting with NetBSD popcount* functions since 6.x release, the final l to mentions the argument is a long like NetBSD does. This patch could be backported to 1.5 to fix the build issue there as well.
2015-07-02 03:00:17 -04:00
"settings.\n", curpeers->id, my_popcountl(curpeers->peers_fe->bind_proc));
MEDIUM: config: validate that peers sections are bound to exactly one process If a peers section is bound to no process, it's silently discarded. If its bound to multiple processes, an error is emitted and the process will not start.
2015-05-01 13:15:17 -04:00
cfgerr++;
}
stop_proxy(curpeers->peers_fe);
curpeers->peers_fe = NULL;
}
MEDIUM: peers: add the ability to disable a peers section Sometimes it's very hard to disable the use of peers because an empty section is not valid, so it is necessary to comment out all references to the section, and not to forget to restore them in the same state after the operation. Let's add a "disabled" keyword just like for proxies. A ->state member in the peers struct is even present for this purpose but was never used at all. Maybe it would make sense to backport this to 1.5 as it's really cumbersome there.
2015-05-01 14:02:17 -04:00
else {
MAJOR: peers: peers protocol version 2.0 This patch does'nt add any new feature: the functional behavior is the same than version 1.0. Technical differences: In this version all updates on different stick tables are multiplexed on the same tcp session. There is only one established tcp session per peer whereas in first version there was one established tcp session per peer and per stick table. Messages format was reviewed to be more evolutive and to support further types of data exchange such as SSL sessions or other sticktable's data types (currently only the sticktable's server id is supported).
2015-05-12 12:49:09 -04:00
peers_init_sync(curpeers);
[BUG] peers: don't keep a peers section which has a NULL frontend If a peers section has no peer named as the local peer, we must destroy it, otherwise a NULL peer frontend remains in the lists and a segfault can happen upon a soft restart. We also now report the missing peer name in order to help troubleshooting.
2011-09-07 15:24:49 -04:00
last = &curpeers->next;
continue;
}
MEDIUM: peers: add the ability to disable a peers section Sometimes it's very hard to disable the use of peers because an empty section is not valid, so it is necessary to comment out all references to the section, and not to forget to restore them in the same state after the operation. Let's add a "disabled" keyword just like for proxies. A ->state member in the peers struct is even present for this purpose but was never used at all. Maybe it would make sense to backport this to 1.5 as it's really cumbersome there.
2015-05-01 14:02:17 -04:00
/* clean what has been detected above */
[BUG] peers: don't keep a peers section which has a NULL frontend If a peers section has no peer named as the local peer, we must destroy it, otherwise a NULL peer frontend remains in the lists and a segfault can happen upon a soft restart. We also now report the missing peer name in order to help troubleshooting.
2011-09-07 15:24:49 -04:00
p = curpeers->remote;
while (p) {
pb = p->next;
free(p->id);
free(p);
p = pb;
}
/* Destroy and unlink this curpeers section.
* Note: curpeers is backed up into *last.
*/
free(curpeers->id);
curpeers = curpeers->next;
free(*last);
*last = curpeers;
}
}
MEDIUM: config: initialize stick-tables after peers, not before It's dangerous to initialize stick-tables before peers because they start a task that cannot be stopped before we know if the peers need to be disabled and destroyed. Move this after.
2015-05-01 13:09:08 -04:00
/* initialize stick-tables on backend capable proxies. This must not
* be done earlier because the data size may be discovered while parsing
* other proxies.
*/
for (curproxy = proxy; curproxy; curproxy = curproxy->next) {
if (curproxy->state == PR_STSTOPPED)
continue;
if (!stktable_init(&curproxy->table)) {
Alert("Proxy '%s': failed to initialize stick-table.\n", curproxy->id);
cfgerr++;
}
}
MEDIUM: Add parsing of mailers section As mailer and mailers structures and allow parsing of a mailers section into those structures. These structures will subsequently be freed as it is not yet possible to use reference them in the configuration. Signed-off-by: Simon Horman <horms@verge.net.au>
2015-01-29 21:22:58 -05:00
if (mailers) {
struct mailers *curmailers = mailers, **last;
struct mailer *m, *mb;
/* Remove all mailers sections which don't have a valid listener.
* This can happen when a mailers section is never referenced.
*/
last = &mailers;
while (*last) {
curmailers = *last;
if (curmailers->users) {
last = &curmailers->next;
continue;
}
Warning("Removing incomplete section 'mailers %s'.\n",
curmailers->id);
m = curmailers->mailer_list;
while (m) {
mb = m->next;
free(m->id);
free(m);
m = mb;
}
/* Destroy and unlink this curmailers section.
* Note: curmailers is backed up into *last.
*/
free(curmailers->id);
curmailers = curmailers->next;
free(*last);
*last = curmailers;
}
}
OPTIM/MINOR: move the hdr_idx pools out of the proxy struct It makes no sense to have one pointer to the hdr_idx pool in each proxy struct since these pools do not depend on the proxy. Let's have a common pool instead as it is already the case for other types.
2011-10-24 12:15:04 -04:00
pool2_hdr_idx = create_pool("hdr_idx",
MEDIUM: tune.http.maxhdr makes it possible to configure the maximum number of HTTP headers For a long time, the max number of headers was taken as a part of the buffer size. Since the header size can be configured at runtime, it does not make much sense anymore. Nothing was making it necessary to have a static value, so let's turn this into a tunable with a default value of 101 which equals what was previously used.
2011-10-24 13:14:41 -04:00
global.tune.max_http_hdr * sizeof(struct hdr_idx_elem),
OPTIM/MINOR: move the hdr_idx pools out of the proxy struct It makes no sense to have one pointer to the hdr_idx pool in each proxy struct since these pools do not depend on the proxy. Let's have a common pool instead as it is already the case for other types.
2011-10-24 12:15:04 -04:00
MEM_F_SHARED);
[MINOR] config: improve error reporting when checking configuration Do not exit early at the first error found while checking configuration validity. This particularly helps spotting multiple wrong tracked server names at once.
2009-07-23 07:36:36 -04:00
if (cfgerr > 0)
err_code |= ERR_ALERT | ERR_FATAL;
out:
return err_code;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
/*
* Registers the CFG keyword list <kwl> as a list of valid keywords for next
* parsing sessions.
*/
void cfg_register_keywords(struct cfg_kw_list *kwl)
{
LIST_ADDQ(&cfg_keywords.list, &kwl->list);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] add support for configuration keyword registration Any module which needs configuration keywords may now dynamically register a keyword in a given section, and associate it with a configuration parsing function using cfg_register_keywords() from a constructor function. This makes the configuration parser more modular because it is not required anymore to touch cfg_parse.c. Example : static int parse_global_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in global section\n"); return 0; } static int parse_listen_blah(char **args, int section_type, struct proxy *curpx, struct proxy *defpx, char *err, int errlen) { printf("parsing blah in listen section\n"); if (*args[1]) { snprintf(err, errlen, "missing arg for listen_blah!!!"); return -1; } return 0; } static struct cfg_kw_list cfg_kws = {{ },{ { CFG_GLOBAL, "blah", parse_global_blah }, { CFG_LISTEN, "blah", parse_listen_blah }, { 0, NULL, NULL }, }}; __attribute__((constructor)) static void __module_init(void) { cfg_register_keywords(&cfg_kws); }
2008-07-09 13:39:06 -04:00
/*
* Unregisters the CFG keyword list <kwl> from the list of valid keywords.
*/
void cfg_unregister_keywords(struct cfg_kw_list *kwl)
{
LIST_DEL(&kwl->list);
LIST_INIT(&kwl->list);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MEDIUM: config: Dynamic sections. This patch permit to register new sections in the haproxy's configuration file. This run like all the "keyword" registration, it is used during the haproxy initialization, typically with the "__attribute__((constructor))" functions.
2014-03-18 08:54:18 -04:00
/* this function register new section in the haproxy configuration file.
* <section_name> is the name of this new section and <section_parser>
* is the called parser. If two section declaration have the same name,
* only the first declared is used.
*/
int cfg_register_section(char *section_name,
int (*section_parser)(const char *, int, char **, int))
{
struct cfg_section *cs;
cs = calloc(1, sizeof(*cs));
if (!cs) {
Alert("register section '%s': out of memory.\n", section_name);
return 0;
}
cs->section_name = section_name;
cs->section_parser = section_parser;
LIST_ADDQ(&sections, &cs->list);
return 1;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* Local variables:
* c-indent-level: 8
* c-basic-offset: 8
* End:
*/
Reference in a new issue Copy permalink