upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-03 20:39:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
haproxy/src/proxy.c

3370 lines
104 KiB
C
Raw Permalink Normal View History

[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* Proxy variables and functions.
*
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
* Copyright 2000-2009 Willy Tarreau <w@1wt.eu>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
*/
#include <unistd.h>
[BUILD] fix 2 minor issues on AIX AIX does not know about MSG_DONTWAIT. Fortunately, nearly all sockets are already set to O_NONBLOCK, so it's not even required to change the code. It was only necessary to add this fcntl to the log socket which lacked it. The MSG_DONTWAIT value has been defined to zero when unset in order to make the code cleaner and more portable. Also, on AIX, "hz" is defined, which causes a problem with one function parameter in time.c. It's enough to rename the parameter there. Last, fix a missing #include <string.h> in proxy.c.
2007-11-30 12:38:35 -05:00
#include <string.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <import/eb32tree.h>
#include <import/ebistree.h>
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
#include <haproxy/acl.h>
REORG: include: update all files to use haproxy/api.h or api-t.h if needed All files that were including one of the following include files have been updated to only include haproxy/api.h or haproxy/api-t.h once instead: - common/config.h - common/compat.h - common/compiler.h - common/defaults.h - common/initcall.h - common/tools.h The choice is simple: if the file only requires type definitions, it includes api-t.h, otherwise it includes the full api.h. In addition, in these files, explicit includes for inttypes.h and limits.h were dropped since these are now covered by api.h and api-t.h. No other change was performed, given that this patch is large and affects 201 files. At least one (tools.h) was already freestanding and didn't get the new one added.
2020-05-27 06:58:42 -04:00
#include <haproxy/api.h>
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
#include <haproxy/applet.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/capture-t.h>
REORG: include: move cfgparse.h to haproxy/cfgparse.h There's no point splitting the file in two since only cfgparse uses the types defined there. A few call places were updated and cleaned up. All of them were in C files which register keywords. There is nothing left in common/ now so this directory must not be used anymore.
2020-06-04 18:00:29 -04:00
#include <haproxy/cfgparse.h>
REORG: include: move cli.h to haproxy/cli{,-t}.h Almost no change except moving the cli_kw struct definition after the defines. Almost all users had both types&proto included, which is not surprizing since this code is old and it used to be the norm a decade ago. These places were cleaned.
2020-06-04 14:19:54 -04:00
#include <haproxy/cli.h>
REORG: include: move base64.h, errors.h and hash.h from common to to haproxy/ These ones do not depend on any other file. One used to include haproxy/api.h but that was solely for stddef.h.
2020-05-27 10:10:29 -04:00
#include <haproxy/errors.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/fd.h>
REORG: include: move filters.h to haproxy/filters{,-t}.h Just a minor change, moved the macro definitions upwards. A few caller files were updated since they didn't need to include it.
2020-06-04 15:29:29 -04:00
#include <haproxy/filters.h>
REORG: include: split global.h into haproxy/global{,-t}.h global.h was one of the messiest files, it has accumulated tons of implicit dependencies and declares many globals that make almost all other file include it. It managed to silence a dependency loop between server.h and proxy.h by being well placed to pre-define the required structs, forcing struct proxy and struct server to be forward-declared in a significant number of files. It was split in to, one which is the global struct definition and the few macros and flags, and the rest containing the functions prototypes. The UNIX_MAX_PATH definition was moved to compat.h.
2020-06-04 11:05:57 -04:00
#include <haproxy/global.h>
REORG: include: move http_ana.h to haproxy/http_ana{,-t}.h It was moved without any change, however many callers didn't need it at all. This was a consequence of the split of proto_http.c into several parts that resulted in many locations to still reference it.
2020-06-04 15:21:03 -04:00
#include <haproxy/http_ana.h>
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
#include <haproxy/http_htx.h>
MINOR: proxy/http_ext: introduce proxy forwarded option Introducing http_ext class for http extension related work that doesn't fit into existing http classes. HTTP extension "forwarded", introduced with 7239 RFC is now supported by haproxy. The option supports various modes from simple to complex usages involving custom sample expressions. Examples : # Those servers want the ip address and protocol of the client request # Resulting header would look like this: # forwarded: proto=http;for=127.0.0.1 backend www_default mode http option forwarded #equivalent to: option forwarded proto for # Those servers want the requested host and hashed client ip address # as well as client source port (you should use seed for xxh32 if ensuring # ip privacy is a concern) # Resulting header would look like this: # forwarded: host="haproxy.org";for="_000000007F2F367E:60138" backend www_host mode http option forwarded host for-expr src,xxh32,hex for_port # Those servers want custom data in host, for and by parameters # Resulting header would look like this: # forwarded: host="host.com";by=_haproxy;for="[::1]:10" backend www_custom mode http option forwarded host-expr str(host.com) by-expr str(_haproxy) for for_port-expr int(10) # Those servers want random 'for' obfuscated identifiers for request # tracing purposes while protecting sensitive IP information # Resulting header would look like this: # forwarded: for=_000000002B1F4D63 backend www_for_hide mode http option forwarded for-expr rand,hex By default (no argument provided), forwarded option will try to mimic x-forward-for common setups (source client ip address + source protocol) The option is not available for frontends. no option forwarded is supported. More info about 7239 RFC here: https://www.rfc-editor.org/rfc/rfc7239.html More info about the feature in doc/configuration.txt This should address feature request GH #575 Depends on: - "MINOR: http_htx: add http_append_header() to append value to header" - "MINOR: sample: add ARGC_OPT" - "MINOR: proxy: introduce http only options"
2022-12-28 09:37:57 -05:00
#include <haproxy/http_ext.h>
MINOR: proxy: add http_free_redirect_rule() function Adding http_free_redirect_rule() function to free a single redirect rule since it may be required to free rules outside of free_proxy() function. This patch is required for an upcoming bugfix. [for 2.2, free_proxy function did not exist (first seen in 2.4), thus http_free_redirect_rule() needs to be deducted from haproxy.c deinit() function if the patch is required]
2023-05-11 04:30:27 -04:00
#include <haproxy/http_rules.h>
REORG: include: move listener.h to haproxy/listener{,-t}.h stdlib and list were missing from listener.h, otherwise it was OK.
2020-06-04 08:58:24 -04:00
#include <haproxy/listener.h>
REORG: include: move log.h to haproxy/log{,-t}.h The current state of the logging is a real mess. The main problem is that almost all files include log.h just in order to have access to the alert/warning functions like ha_alert() etc, and don't care about logs. But log.h also deals with real logging as well as log-format and depends on stream.h and various other things. As such it forces a few heavy files like stream.h to be loaded early and to hide missing dependencies depending where it's loaded. Among the missing ones is syslog.h which was often automatically included resulting in no less than 3 users missing it. Among 76 users, only 5 could be removed, and probably 70 don't need the full set of dependencies. A good approach would consist in splitting that file in 3 parts: - one for error output ("errors" ?). - one for log_format processing - and one for actual logging.
2020-06-04 16:01:04 -04:00
#include <haproxy/log.h>
REORG: include: move obj_type.h to haproxy/obj_type{,-t}.h No change was necessary. It still includes lots of types/* files.
2020-06-04 05:29:21 -04:00
#include <haproxy/obj_type-t.h>
REORG: include: move peers.h to haproxy/peers{,-t}.h The cfg_peers external declaration was moved to the main file instead of the type one. A few types were still missing from the proto, causing warnings in the functions prototypes (proxy, stick_table).
2020-06-04 12:38:21 -04:00
#include <haproxy/peers.h>
REORG: include: move common/memory.h to haproxy/pool.h Now the file is ready to be stored into its final destination. A few minor reorderings were performed to keep the file properly organized, making the various sections more visible (cache & lockless). In addition and to stay consistent, memory.c was renamed to pool.c.
2020-06-02 03:38:52 -04:00
#include <haproxy/pool.h>
MEDIUM: proxy: make soft_stop() stop most listeners using protocol_stop_now() One difficulty in soft-stopping is to make sure not to forget unlisted listeners. By first doing a pass using protocol_stop_now() we catch the vast majority of them. The few remaining ones are the ones belonging to a proxy having a grace period. For these ones, the proxy will arm its stop_time timer and emit a log message. Since neither UDP listeners nor peers use the grace period, we can already get rid of the special cases there since we know they will have been stopped by the protocols.
2020-10-07 10:52:43 -04:00
#include <haproxy/protocol.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/proto_tcp.h>
REORG: include: move proxy.h to haproxy/proxy{,-t}.h This one is particularly difficult to split because it provides all the functions used to manipulate a proxy state and to retrieve names or IDs for error reporting, and as such, it was included in 73 files (down to 68 after cleanup). It would deserve a small cleanup though the cut points are not obvious at the moment given the number of structs involved in the struct proxy itself.
2020-06-04 16:29:18 -04:00
#include <haproxy/proxy.h>
REORG: rename cs_utils.h to sc_strm.h This file contains all the stream-connector functions that are specific to application layers of type stream. So let's name it accordingly so that it's easier to figure what's located there. The alphabetical ordering of include files was preserved.
2022-05-27 03:25:10 -04:00
#include <haproxy/sc_strm.h>
MINOR: quic: QUIC transport parameters split. Make the transport parameters be standlone as much as possible as it consists only in encoding/decoding data into/from buffers. Reduce the size of xprt_quic.h. Unfortunalety, I think we will have to continue to include <xprt_quic-t.h> to use the trace API into this module.
2022-05-21 17:58:40 -04:00
#include <haproxy/quic_tp.h>
REORG: include: move server.h to haproxy/server{,-t}.h extern struct dict server_name_dict was moved from the type file to the main file. A handful of inlined functions were moved at the bottom of the file. Call places were updated to use server-t.h when relevant, or to simply drop the entry when not needed.
2020-06-04 17:20:13 -04:00
#include <haproxy/server-t.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/signal.h>
REORG: include: move stats.h to haproxy/stats{,-t}.h Just some minor reordering, and the usual cleanup of call places for those which didn't need it. We don't include the whole tools.h into stats-t anymore but just tools-t.h.
2020-06-04 13:58:55 -04:00
#include <haproxy/stats-t.h>
REORG: stconn: rename conn_stream.{c,h} to stconn.{c,h} There's no more reason for keepin the code and definitions in conn_stream, let's move all that to stconn. The alphabetical ordering of include files was adjusted.
2022-05-27 03:47:12 -04:00
#include <haproxy/stconn.h>
REORG: include: move stream.h to haproxy/stream{,-t}.h This one was not easy because it was embarking many includes with it, which other files would automatically find. At least global.h, arg.h and tools.h were identified. 93 total locations were identified, 8 additional includes had to be added. In the rare files where it was possible to finalize the sorting of includes by adjusting only one or two extra lines, it was done. But all files would need to be rechecked and cleaned up now. It was the last set of files in types/ and proto/ and these directories must not be reused anymore.
2020-06-04 17:46:14 -04:00
#include <haproxy/stream.h>
REORG: include: move task.h to haproxy/task{,-t}.h The TASK_IS_TASKLET() macro was moved to the proto file instead of the type one. The proto part was a bit reordered to remove a number of ugly forward declaration of static inline functions. About a tens of C and H files had their dependency dropped since they were not using anything from task.h.
2020-06-04 11:25:40 -04:00
#include <haproxy/task.h>
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
#include <haproxy/tcpcheck.h>
REORG: include: move time.h from common/ to haproxy/ This one is included almost everywhere and used to rely on a few other .h that are not needed (unistd, stdlib, standard.h). It could possibly make sense to split it into multiple parts to distinguish operations performed on timers and the internal time accounting, but at this point it does not appear much important.
2020-06-01 05:05:15 -04:00
#include <haproxy/time.h>
BUILD: proxy: include tools.h in proxy.c Many functions are used from tools.h but the file wasn't included and was inherited through others.
2021-05-08 07:02:07 -04:00
#include <haproxy/tools.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
int listeners; /* # of proxy listeners, set by cfgparse */
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
struct proxy *proxies_list = NULL; /* list of all existing proxies */
[MEDIUM] config: automatically find unused IDs for proxies, servers and listeners Until now it was required that every custom ID was above 1000 in order to avoid conflicts. Now we have the list of all assigned IDs and can automatically pick the first unused one. This means that it is perfectly possible to interleave automatic IDs with persistent IDs and the parser will automatically allocate unused values starting with 1.
2009-10-04 17:04:08 -04:00
struct eb_root used_proxy_id = EB_ROOT; /* list of proxy IDs in use */
MEDIUM: proxy: create a tree to store proxies by name Large configurations can take time to parse when thousands of backends are in use. Let's store all the proxies in trees. findproxy_mode() has been modified to use the tree for lookups, which has divided the parsing time by about 2.5. But many lookups are still present at many places and need to be dealt with.
2014-03-15 02:22:35 -04:00
struct eb_root proxy_by_name = EB_ROOT; /* tree of proxies sorted by name */
MINOR: proxy: support storing defaults sections into their own tree Now we'll have a tree of named defaults sections. The regular insertion and lookup functions take care of the capability in order to select the appropriate tree. A new function proxy_destroy_defaults() removes a proxy from this tree and frees it entirely.
2021-02-12 07:52:11 -05:00
struct eb_root defproxy_by_name = EB_ROOT; /* tree of default proxies sorted by name (dups possible) */
[MINOR] stats: add global event ID and count This counter will help quickly spot whether there are new errors or not. It is also assigned to each capture so that a script can keep trace of which capture was taken when.
2010-12-12 08:00:34 -05:00
unsigned int error_snapshot_id = 0; /* global ID assigned to each error then incremented */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
/* CLI context used during "show servers {state|conn}" */
struct show_srv_ctx {
struct proxy *px; /* current proxy to dump or NULL */
struct server *sv; /* current server to dump or NULL */
uint only_pxid; /* dump only this proxy ID when explicit */
int show_conn; /* non-zero = "conn" otherwise "state" */
CLEANUP: proxy/cli: get rid of appctx->st2 in "show servers" Now that we have the show_srv_ctx, let's store a state in it. We only need two states here, header and list.
2022-05-05 13:26:18 -04:00
enum {
SHOW_SRV_HEAD = 0,
SHOW_SRV_LIST,
} state;
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
};
REORG: config: extract the proxy parser into cfgparse-listen.c This was the largest function of the whole file, taking a rough second to build alone. Let's move it to a distinct file along with a few dependencies. Doing so saved about 2 seconds on the total build time.
2018-11-11 09:40:36 -05:00
/* proxy->options */
const struct cfg_opt cfg_opts[] =
{
{ "abortonclose", PR_O_ABRT_CLOSE, PR_CAP_BE, 0, 0 },
{ "allbackups", PR_O_USE_ALL_BK, PR_CAP_BE, 0, 0 },
{ "checkcache", PR_O_CHK_CACHE, PR_CAP_BE, 0, PR_MODE_HTTP },
{ "clitcpka", PR_O_TCP_CLI_KA, PR_CAP_FE, 0, 0 },
{ "contstats", PR_O_CONTSTATS, PR_CAP_FE, 0, 0 },
{ "dontlognull", PR_O_NULLNOLOG, PR_CAP_FE, 0, 0 },
{ "http-buffer-request", PR_O_WREQ_BODY, PR_CAP_FE | PR_CAP_BE, 0, PR_MODE_HTTP },
{ "http-ignore-probes", PR_O_IGNORE_PRB, PR_CAP_FE, 0, PR_MODE_HTTP },
MINOR: proxy: add option idle-close-on-response Avoid closing idle connections if a soft stop is in progress. By default, idle connections will be closed during a soft stop. In some environments, a client talking to the proxy may have prepared some idle connections in order to send requests later. If there is no proper retry on write errors, this can result in errors while haproxy is reloading. Even though a proper implementation should retry on connection/write errors, this option was introduced to support back compat with haproxy < v2.4. Indeed before v2.4, we were waiting for a last request to be able to add a "connection: close" header and advice the client to close the connection. In a real life example, this behavior was seen in AWS using the ALB in front of a haproxy. The end result was ALB sending 502 during haproxy reloads. This patch was tested on haproxy v2.4, with a regular reload on the process, and a constant trend of requests coming in. Before the patch, we see regular 502 returned to the client; when activating the option, the 502 disappear. This patch should help fixing github issue #1506. In order to unblock some v2.3 to v2.4 migraton, this patch should be backported up to v2.4 branch. Signed-off-by: William Dauchy <wdauchy@gmail.com> [wt: minor edits to the doc to mention other options to care about] Signed-off-by: Willy Tarreau <w@1wt.eu>
2022-01-05 16:53:24 -05:00
{ "idle-close-on-response", PR_O_IDLE_CLOSE_RESP, PR_CAP_FE, 0, PR_MODE_HTTP },
REORG: config: extract the proxy parser into cfgparse-listen.c This was the largest function of the whole file, taking a rough second to build alone. Let's move it to a distinct file along with a few dependencies. Doing so saved about 2 seconds on the total build time.
2018-11-11 09:40:36 -05:00
{ "prefer-last-server", PR_O_PREF_LAST, PR_CAP_BE, 0, PR_MODE_HTTP },
{ "logasap", PR_O_LOGASAP, PR_CAP_FE, 0, 0 },
{ "nolinger", PR_O_TCP_NOLING, PR_CAP_FE | PR_CAP_BE, 0, 0 },
{ "persist", PR_O_PERSIST, PR_CAP_BE, 0, 0 },
{ "srvtcpka", PR_O_TCP_SRV_KA, PR_CAP_BE, 0, 0 },
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#ifdef USE_TPROXY
REORG: config: extract the proxy parser into cfgparse-listen.c This was the largest function of the whole file, taking a rough second to build alone. Let's move it to a distinct file along with a few dependencies. Doing so saved about 2 seconds on the total build time.
2018-11-11 09:40:36 -05:00
{ "transparent", PR_O_TRANSP, PR_CAP_BE, 0, 0 },
#else
{ "transparent", 0, 0, 0, 0 },
#endif
{ NULL, 0, 0, 0, 0 }
};
/* proxy->options2 */
const struct cfg_opt cfg_opts2[] =
{
CLEANUP: build: rename some build macros to use the USE_* ones We still have quite a number of build macros which are mapped 1:1 to a USE_something setting in the makefile but which have a different name. This patch cleans this up by renaming them to use the USE_something one, allowing to clean up the makefile and make it more obvious when reading the code what build option needs to be added. The following renames were done : ENABLE_POLL -> USE_POLL ENABLE_EPOLL -> USE_EPOLL ENABLE_KQUEUE -> USE_KQUEUE ENABLE_EVPORTS -> USE_EVPORTS TPROXY -> USE_TPROXY NETFILTER -> USE_NETFILTER NEED_CRYPT_H -> USE_CRYPT_H CONFIG_HAP_CRYPT -> USE_LIBCRYPT CONFIG_HAP_NS -> DUSE_NS CONFIG_HAP_LINUX_SPLICE -> USE_LINUX_SPLICE CONFIG_HAP_LINUX_TPROXY -> USE_LINUX_TPROXY CONFIG_HAP_LINUX_VSYSCALL -> USE_LINUX_VSYSCALL
2019-05-22 13:24:06 -04:00
#ifdef USE_LINUX_SPLICE
REORG: config: extract the proxy parser into cfgparse-listen.c This was the largest function of the whole file, taking a rough second to build alone. Let's move it to a distinct file along with a few dependencies. Doing so saved about 2 seconds on the total build time.
2018-11-11 09:40:36 -05:00
{ "splice-request", PR_O2_SPLIC_REQ, PR_CAP_FE|PR_CAP_BE, 0, 0 },
{ "splice-response", PR_O2_SPLIC_RTR, PR_CAP_FE|PR_CAP_BE, 0, 0 },
{ "splice-auto", PR_O2_SPLIC_AUT, PR_CAP_FE|PR_CAP_BE, 0, 0 },
#else
{ "splice-request", 0, 0, 0, 0 },
{ "splice-response", 0, 0, 0, 0 },
{ "splice-auto", 0, 0, 0, 0 },
#endif
{ "accept-invalid-http-request", PR_O2_REQBUG_OK, PR_CAP_FE, 0, PR_MODE_HTTP },
{ "accept-invalid-http-response", PR_O2_RSPBUG_OK, PR_CAP_BE, 0, PR_MODE_HTTP },
{ "dontlog-normal", PR_O2_NOLOGNORM, PR_CAP_FE, 0, 0 },
{ "log-separate-errors", PR_O2_LOGERRORS, PR_CAP_FE, 0, 0 },
{ "log-health-checks", PR_O2_LOGHCHKS, PR_CAP_BE, 0, 0 },
{ "socket-stats", PR_O2_SOCKSTAT, PR_CAP_FE, 0, 0 },
{ "tcp-smart-accept", PR_O2_SMARTACC, PR_CAP_FE, 0, 0 },
{ "tcp-smart-connect", PR_O2_SMARTCON, PR_CAP_BE, 0, 0 },
{ "independent-streams", PR_O2_INDEPSTR, PR_CAP_FE|PR_CAP_BE, 0, 0 },
{ "http-use-proxy-header", PR_O2_USE_PXHDR, PR_CAP_FE, 0, PR_MODE_HTTP },
{ "http-pretend-keepalive", PR_O2_FAKE_KA, PR_CAP_BE, 0, PR_MODE_HTTP },
{ "http-no-delay", PR_O2_NODELAY, PR_CAP_FE|PR_CAP_BE, 0, PR_MODE_HTTP },
MEDIUM: mux-h1: Add the support of headers adjustment for bogus HTTP/1 apps There is no standard case for HTTP header names because, as stated in the RFC7230, they are case-insensitive. So applications must handle them in a case-insensitive manner. But some bogus applications erroneously rely on the case used by most browsers. This problem becomes critical with HTTP/2 because all header names must be exchanged in lowercase. And HAProxy uses the same convention. All header names are sent in lowercase to clients and servers, regardless of the HTTP version. This design choice is linked to the HTX implementation. So, for previous versions (2.0 and 1.9), a workaround is to disable the HTX mode to fall back to the legacy HTTP mode. Since the legacy HTTP mode was removed, some users reported interoperability issues because their application was not able anymore to handle HTTP/1 message received from HAProxy. So, we've decided to add a way to change the case of some headers before sending them. It is now possible to define a "mapping" between a lowercase header name and a version supported by the bogus application. To do so, you must use the global directives "h1-case-adjust" and "h1-case-adjust-file". Then options "h1-case-adjust-bogus-client" and "h1-case-adjust-bogus-server" may be used in proxy sections to enable the conversion. See the configuration manual for more info. Of course, our advice is to urgently upgrade these applications for interoperability concerns and because they may be vulnerable to various types of content smuggling attacks. But, if your are really forced to use an unmaintained bogus application, you may use these directive, at your own risks. If it is relevant, this feature may be backported to 2.0.
2019-07-22 10:18:24 -04:00
BUG/MINOR: h1: Support headers case adjustment for TCP proxies On frontend side, "h1-case-adjust-bogus-client" option is now supported in TCP mode. It is important to be able to adjust the case of response headers when a connection is routed to an HTTP backend. In this case, the client connection is upgraded to H1. On backend side, "h1-case-adjust-bogus-server" option is now also supported in TCP mode to be able to perform HTTP health-checks with a case adjustment of the request headers. This patch should be backported as far as 2.0.
2022-09-06 04:09:40 -04:00
{"h1-case-adjust-bogus-client", PR_O2_H1_ADJ_BUGCLI, PR_CAP_FE, 0, 0 },
{"h1-case-adjust-bogus-server", PR_O2_H1_ADJ_BUGSRV, PR_CAP_BE, 0, 0 },
MINOR: mux-h1/proxy: Add a proxy option to disable clear h2 upgrade By default, HAProxy is able to implicitly upgrade an H1 client connection to an H2 connection if the first request it receives from a given HTTP connection matches the HTTP/2 connection preface. This way, it is possible to support H1 and H2 clients on a non-SSL connections. It could be a problem if for any reason, the H2 upgrade is not acceptable. "option disable-h2-upgrade" may now be used to disable it, per proxy. The main puprose of this option is to let an admin to totally disable the H2 support for security reasons. Recently, a critical issue in the HPACK decoder was fixed, forcing everyone to upgrade their HAProxy version to fix the bug. It is possible to disable H2 for SSL connections, but not on clear ones. This option would have been a viable workaround.
2020-06-02 11:33:56 -04:00
{"disable-h2-upgrade", PR_O2_NO_H2_UPGRADE, PR_CAP_FE, 0, PR_MODE_HTTP },
REORG: config: extract the proxy parser into cfgparse-listen.c This was the largest function of the whole file, taking a rough second to build alone. Let's move it to a distinct file along with a few dependencies. Doing so saved about 2 seconds on the total build time.
2018-11-11 09:40:36 -05:00
{ NULL, 0, 0, 0 }
};
MINOR: proxy/stktable: add resolve_stick_rule helper function Simplify stick and store sticktable proxy rules postparsing by adding a sticking rule entry resolve (postparsing) function. This will ease code maintenance.
2023-08-08 05:37:59 -04:00
/* Helper function to resolve a single sticking rule after config parsing.
* Returns 1 for success and 0 for failure
*/
int resolve_stick_rule(struct proxy *curproxy, struct sticking_rule *mrule)
{
struct stktable *target;
if (mrule->table.name)
target = stktable_find_by_name(mrule->table.name);
else
target = curproxy->table;
if (!target) {
ha_alert("Proxy '%s': unable to find stick-table '%s'.\n",
curproxy->id, mrule->table.name ? mrule->table.name : curproxy->id);
return 0;
}
else if (!stktable_compatible_sample(mrule->expr, target->type)) {
ha_alert("Proxy '%s': type of fetch not usable with type of stick-table '%s'.\n",
curproxy->id, mrule->table.name ? mrule->table.name : curproxy->id);
return 0;
}
/* success */
ha_free(&mrule->table.name);
mrule->table.t = target;
stktable_alloc_data_type(target, STKTABLE_DT_SERVER_ID, NULL, NULL);
stktable_alloc_data_type(target, STKTABLE_DT_SERVER_KEY, NULL, NULL);
if (!in_proxies_list(target->proxies_list, curproxy)) {
curproxy->next_stkt_ref = target->proxies_list;
target->proxies_list = curproxy;
}
return 1;
}
MINOR: log/backend: prevent stick table and stick rules with LOG mode Report a warning and prevent errors if user tries to declare a stick table or use stick rules within a log backend.
2023-11-16 05:29:58 -05:00
void free_stick_rules(struct list *rules)
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
{
struct sticking_rule *rule, *ruleb;
list_for_each_entry_safe(rule, ruleb, rules, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&rule->list);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
free_acl_cond(rule->cond);
release_sample_expr(rule->expr);
free(rule);
}
}
MINOR: proxy: add free_server_rules() helper function Take the px->server_rules freeing part out of free_proxy() and make it a dedicated helper function so that it becomes possible to use it from anywhere.
2023-11-23 10:27:45 -05:00
void free_server_rules(struct list *srules)
{
struct server_rule *srule, *sruleb;
list_for_each_entry_safe(srule, sruleb, srules, list) {
LIST_DELETE(&srule->list);
free_acl_cond(srule->cond);
free_logformat_list(&srule->expr);
free(srule->file);
free(srule);
}
}
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
void free_proxy(struct proxy *p)
{
MINOR: server: return the next srv instance on free_server As a convenience, return the next server instance from servers list on free_server. This is particularily useful when using this function on the servers list without having to save of the next pointer before calling it.
2021-08-25 09:03:46 -04:00
struct server *s;
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
struct cap_hdr *h,*h_next;
struct listener *l,*l_next;
struct bind_conf *bind_conf, *bind_back;
struct acl_cond *cond, *condb;
struct acl *acl, *aclb;
struct switching_rule *rule, *ruleb;
struct redirect_rule *rdr, *rdrb;
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
struct logger *log, *logb;
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
struct proxy_deinit_fct *pxdf;
struct server_deinit_fct *srvdf;
MINOR: proxy: check if p is NULL in free_proxy() Check if p is NULL before trying to do anything in free_proxy(), like most free()-like function do.
2021-08-20 04:16:37 -04:00
if (!p)
return;
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
free(p->conf.file);
free(p->id);
free(p->cookie_name);
free(p->cookie_domain);
free(p->cookie_attrs);
free(p->lbprm.arg_str);
MEDIUM: backend: add new "balance hash <expr>" algorithm Almost all of our hash-based LB algorithms are implemented as special cases of something that can now be achieved using sample expressions, and some of them have adopted some options to adapt their behavior in ways that could also be achieved using converters. There are users who want to hash other parameters that are combined into variables, and who set headers from these values and use "balance hdr(name)" for this. Instead of constantly implementing specific options and having users hack around when they want a real hash, let's implement a native hash mode that applies to a standard sample expression. This way, any fetchable element (including variables) may be used to construct the hash, even modified by any converter if desired.
2022-04-25 04:25:34 -04:00
release_sample_expr(p->lbprm.expr);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
free(p->server_state_file_name);
free(p->capture_name);
MINOR: proxy: Store monitor_uri as a `struct ist` The monitor_uri is already processed as an ist in `http_wait_for_request`, lets also just store it as such. see 0643b0e7e ("MINOR: proxy: Make `header_unique_id` a `struct ist`") for a very similar past commit.
2022-03-04 18:52:40 -05:00
istfree(&p->monitor_uri);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
free(p->rdp_cookie_name);
free(p->invalid_rep);
free(p->invalid_req);
#if defined(CONFIG_HAP_TRANSPARENT)
free(p->conn_src.bind_hdr_name);
#endif
if (p->conf.logformat_string != default_http_log_format &&
p->conf.logformat_string != default_tcp_log_format &&
MINOR: ssl: Define a default https log format This patch adds a new httpslog option and a new HTTP over SSL log-format that expands the default HTTP format and adds SSL specific information.
2021-07-29 03:45:52 -04:00
p->conf.logformat_string != clf_http_log_format &&
BUG/MINOR: httpclient/log: free of invalid ptr with httpclient_log_format free_proxy() must check if the ptr is not httpclient_log_format before trying to free p->conf.logformat_string. No backport needed.
2022-12-22 09:37:01 -05:00
p->conf.logformat_string != default_https_log_format &&
p->conf.logformat_string != httpclient_log_format)
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
free(p->conf.logformat_string);
free(p->conf.lfs_file);
free(p->conf.uniqueid_format_string);
istfree(&p->header_unique_id);
free(p->conf.uif_file);
if ((p->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_MAP)
free(p->lbprm.map.srv);
MAJOR: log: introduce log backends Using "mode log" in a backend section turns the proxy in a log backend which can be used to log-balance logs between multiple log targets (udp or tcp servers) log backends can be used as regular log targets using the log directive with "backend@be_name" prefix, like so: | log backend@mybackend local0 A log backend will distribute log messages to servers according to the log load-balancing algorithm that can be set using the "log-balance" option from the log backend section. For now, only the roundrobin algorithm is supported and set by default.
2023-09-13 05:52:31 -04:00
if (p->mode == PR_MODE_SYSLOG)
free(p->lbprm.log.srv);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
if (p->conf.logformat_sd_string != default_rfc5424_sd_log_format)
free(p->conf.logformat_sd_string);
free(p->conf.lfsd_file);
MINOR: log: Add new "error-log-format" option This option can be used to define a specific log format that will be used in case of error, timeout, connection failure on a frontend... It will be used for any log line concerned by the log-separate-errors option. It will also replace the format of specific error messages decribed in section 8.2.6. If no "error-log-format" is defined, the legacy error messages are still emitted and the other error logs keep using the regular log-format.
2021-08-31 06:08:52 -04:00
free(p->conf.error_logformat_string);
free(p->conf.elfs_file);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
list_for_each_entry_safe(cond, condb, &p->mon_fail_cond, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&cond->list);
MINOR: tree-wide: use free_acl_cond() where relevant Now that we have free_acl_cond(cond) function that does cond prune then frees cond, replace all occurences of this pattern: | prune_acl_cond(cond) | free(cond) with: | free_acl_cond(cond)
2023-05-11 06:29:51 -04:00
free_acl_cond(cond);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
}
EXTRA_COUNTERS_FREE(p->extra_counters_fe);
EXTRA_COUNTERS_FREE(p->extra_counters_be);
list_for_each_entry_safe(acl, aclb, &p->acl, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&acl->list);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
prune_acl(acl);
free(acl);
}
MINOR: proxy: add free_server_rules() helper function Take the px->server_rules freeing part out of free_proxy() and make it a dedicated helper function so that it becomes possible to use it from anywhere.
2023-11-23 10:27:45 -05:00
free_server_rules(&p->server_rules);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
list_for_each_entry_safe(rule, ruleb, &p->switching_rules, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&rule->list);
MINOR: tree-wide: use free_acl_cond() where relevant Now that we have free_acl_cond(cond) function that does cond prune then frees cond, replace all occurences of this pattern: | prune_acl_cond(cond) | free(cond) with: | free_acl_cond(cond)
2023-05-11 06:29:51 -04:00
free_acl_cond(rule->cond);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
free(rule->file);
free(rule);
}
list_for_each_entry_safe(rdr, rdrb, &p->redirect_rules, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&rdr->list);
MINOR: proxy: add http_free_redirect_rule() function Adding http_free_redirect_rule() function to free a single redirect rule since it may be required to free rules outside of free_proxy() function. This patch is required for an upcoming bugfix. [for 2.2, free_proxy function did not exist (first seen in 2.4), thus http_free_redirect_rule() needs to be deducted from haproxy.c deinit() function if the patch is required]
2023-05-11 04:30:27 -04:00
http_free_redirect_rule(rdr);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
}
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
list_for_each_entry_safe(log, logb, &p->loggers, list) {
BUG/MINOR: logs: fix logsrv leaks on clean exit Log servers are a real mess because: - entries are duplicated using memcpy() without their strings being reallocated, which results in these ones not being freeable every time. - a new field, ring_name, was added in 2.2 by commit 99c453df9 ("MEDIUM: ring: new section ring to declare custom ring buffers.") but it's never initialized during copies, causing the same issue - no attempt is made at freeing all that. Of course, running "haproxy -c" under ASAN quickly notices that and dumps a core. This patch adds the missing strdup() and initialization where required, adds a new free_logsrv() function to cleanly free() such a structure, calls it from the proxy when iterating over logsrvs instead of silently leaking their file names and ring names, and adds the same logsrv loop to the proxy_free_defaults() function so that we don't leak defaults sections on exit. It looks a bit entangled, but it comes as a whole because all this stuff is inter-dependent and was missing. It's probably preferable not to backport this in the foreseable future as it may reveal other jokes if some obscure parts continue to memcpy() the logsrv struct.
2022-03-17 14:47:33 -04:00
LIST_DEL_INIT(&log->list);
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
free_logger(log);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
}
MINOR: proxy: add free_logformat_list() helper function There are multiple places inside free_proxy() where we need to perform the exact same operation: freeing a logformat list which includes freeing every member. To prevent code duplication, we add the free_logformat_list() function that takes such list as parameter and does all the freeing job on its own.
2023-11-23 11:30:10 -05:00
free_logformat_list(&p->logformat);
free_logformat_list(&p->logformat_sd);
free_logformat_list(&p->format_unique_id);
free_logformat_list(&p->logformat_error);
MINOR: log: Add new "error-log-format" option This option can be used to define a specific log format that will be used in case of error, timeout, connection failure on a frontend... It will be used for any log line concerned by the log-separate-errors option. It will also replace the format of specific error messages decribed in section 8.2.6. If no "error-log-format" is defined, the legacy error messages are still emitted and the other error logs keep using the regular log-format.
2021-08-31 06:08:52 -04:00
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
free_act_rules(&p->tcp_req.inspect_rules);
free_act_rules(&p->tcp_rep.inspect_rules);
free_act_rules(&p->tcp_req.l4_rules);
free_act_rules(&p->tcp_req.l5_rules);
free_act_rules(&p->http_req_rules);
free_act_rules(&p->http_res_rules);
free_act_rules(&p->http_after_res_rules);
free_stick_rules(&p->storersp_rules);
free_stick_rules(&p->sticking_rules);
h = p->req_cap;
while (h) {
BUG/MEDIUM: rules: Be able to use captures defined in defaults section Since the 2.5, it is possible to define TCP/HTTP ruleset in defaults sections. However, rules defining a capture in defaults sections was not properly handled because they was not shared with the proxies inheriting from the defaults section. This led to crash when haproxy tried to store a new capture. So now, to fix the issue, when a new proxy is created, the list of captures points to the list of its defaults section. It may be NULL or not. All new caputres are prepended to this list. It is not a problem to share the same defaults section between several proxies, because it is not altered and we take care to not release it when corresponding proxies are freed but only when defaults proxies are freed. To do so, defaults proxies are now unreferenced at the end of free_proxy() function instead of the beginning. This patch should fix the issue #1674. It must be backported to 2.5.
2022-04-25 08:30:58 -04:00
if (p->defpx && h == p->defpx->req_cap)
break;
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
h_next = h->next;
free(h->name);
pool_destroy(h->pool);
free(h);
h = h_next;
}/* end while(h) */
h = p->rsp_cap;
while (h) {
BUG/MEDIUM: rules: Be able to use captures defined in defaults section Since the 2.5, it is possible to define TCP/HTTP ruleset in defaults sections. However, rules defining a capture in defaults sections was not properly handled because they was not shared with the proxies inheriting from the defaults section. This led to crash when haproxy tried to store a new capture. So now, to fix the issue, when a new proxy is created, the list of captures points to the list of its defaults section. It may be NULL or not. All new caputres are prepended to this list. It is not a problem to share the same defaults section between several proxies, because it is not altered and we take care to not release it when corresponding proxies are freed but only when defaults proxies are freed. To do so, defaults proxies are now unreferenced at the end of free_proxy() function instead of the beginning. This patch should fix the issue #1674. It must be backported to 2.5.
2022-04-25 08:30:58 -04:00
if (p->defpx && h == p->defpx->rsp_cap)
break;
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
h_next = h->next;
free(h->name);
pool_destroy(h->pool);
free(h);
h = h_next;
}/* end while(h) */
s = p->srv;
while (s) {
list_for_each_entry(srvdf, &server_deinit_list, list)
srvdf->fct(s);
MEDIUM: server: extend refcount for all servers In a future patch, it will be possible to remove at runtime every servers, both static and dynamic. This requires to extend the server refcount for all instances. First, refcount manipulation functions have been renamed to better express the API usage. * srv_refcount_use -> srv_take The refcount is always initialize to 1 on the server creation in new_server. It's also incremented for each check/agent configured on a server instance. * free_server -> srv_drop This decrements the refcount and if null, the server is freed, so code calling it must not use the server reference after it. As a bonus, this function now returns the next server instance. This is useful when calling on the server loop without having to save the next pointer before each invocation. In these functions, remove the checks that prevent refcount on non-dynamic servers. Each reference to "dynamic" in variable/function naming have been eliminated as well.
2021-08-25 09:34:53 -04:00
s = srv_drop(s);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
}/* end while(s) */
BUG/MINOR: proxy/server: free default-server on deinit proxy default-server is a specific type of server that is not allocated using new_server(): it is directly stored within the parent proxy structure. However, since it may contain some default config options that may be inherited by regular servers, it is also subject to dynamic members (strings, structures..) that needs to be deallocated when the parent proxy is cleaned up. Unfortunately, srv_drop() may not be used directly from p->defsrv since this function is meant to be used on regular servers only (those created using new_server()). To circumvent this, we're splitting srv_drop() to make a new function called srv_free_params() that takes care of the member cleaning which originally takes place in srv_drop(). This function is exposed through server.h, so it may be called from outside server.c. Thanks to this, calling srv_free_params(&p->defsrv) from free_proxy() prevents any memory leaks due to dynamic parameters allocated when parsing a default-server line from a proxy section. This partially fixes GH #2173 and may be backported to 2.8. [While it could also be relevant for other stable versions, the patch won't apply due to architectural changes / name changes between 2.4 => 2.6 and then 2.6 => 2.8. Considering this is a minor fix that only makes memory analyzers happy during deinit paths (at least for <= 2.8), it might not be worth the trouble to backport them any further?]
2023-06-01 06:07:43 -04:00
/* also free default-server parameters since some of them might have
* been dynamically allocated (e.g.: config hints, cookies, ssl..)
*/
srv_free_params(&p->defsrv);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
list_for_each_entry_safe(l, l_next, &p->conf.listeners, by_fe) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&l->by_fe);
LIST_DELETE(&l->by_bind);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
free(l->name);
MINOR: listener: define per-thr struct Create a new structure li_per_thread. This is uses as an array in the listener structure, with an entry allocated per thread. The new function li_init_per_thr is responsible of the allocation. For now, li_per_thread contains fields only useful for QUIC listeners. As such, it is only allocated for QUIC listeners.
2022-01-25 10:21:47 -05:00
free(l->per_thr);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
free(l->counters);
MINOR: rhttp: large renaming to use rhttp prefix Previous commit renames 'proto_reverse_connect' module to 'proto_rhttp'. This commits follows this by replacing various custom prefix by 'rhttp_' to make the code uniform. Note that 'reverse_' prefix was kept in connection module. This is because if a new reversable protocol not based on HTTP is implemented, it may be necessary to reused the same connection function which are protocol agnostic.
2023-11-21 05:10:34 -05:00
task_destroy(l->rx.rhttp.task);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
EXTRA_COUNTERS_FREE(l->extra_counters);
free(l);
}
/* Release unused SSL configs. */
list_for_each_entry_safe(bind_conf, bind_back, &p->conf.bind, by_fe) {
if (bind_conf->xprt->destroy_bind_conf)
bind_conf->xprt->destroy_bind_conf(bind_conf);
free(bind_conf->file);
free(bind_conf->arg);
BUG/MINOR: proxy: add missing interface bind free in free_proxy bind->settings.interface hint is allocated when "interface" keyword is specified on a bind line, but the string isn't explicitly freed in proxy_free, resulting in minor memory leak on deinit paths when the keyword is being used. It partially fixes GH #2173 and may be backported to all stable versions. [in 2.2 free_proxy did not exist so the patch must be applied directly in deinit() function from haproxy.c]
2023-06-01 04:58:44 -04:00
free(bind_conf->settings.interface);
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&bind_conf->by_fe);
MINOR: rhttp: large renaming to use rhttp prefix Previous commit renames 'proto_reverse_connect' module to 'proto_rhttp'. This commits follows this by replacing various custom prefix by 'rhttp_' to make the code uniform. Note that 'reverse_' prefix was kept in connection module. This is because if a new reversable protocol not based on HTTP is implemented, it may be necessary to reused the same connection function which are protocol agnostic.
2023-11-21 05:10:34 -05:00
free(bind_conf->rhttp_srvname);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
free(bind_conf);
}
flt_deinit(p);
list_for_each_entry(pxdf, &proxy_deinit_list, list)
pxdf->fct(p);
free(p->desc);
MEDIUM: proxy/http_ext: implement dynamic http_ext proxy http-only options implemented in http_ext were statically stored within proxy struct. We're making some changes so that http_ext are now stored in a dynamically allocated structs. http_ext related structs are only allocated when needed to save some space whenever possible, and they are automatically freed upon proxy deletion. Related PX_O_HTTP{7239,XFF,XOT) option flags were removed because we're now considering an http_ext option as 'active' if it is allocated (ptr is not NULL) A few checks (and BUG_ON) were added to make these changes safe because it adds some (acceptable) complexity to the previous design. Also, proxy.http was renamed to proxy.http_ext to make things more explicit.
2023-01-09 05:09:03 -05:00
http_ext_clean(p);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
task_destroy(p->task);
pool_destroy(p->req_cap_pool);
pool_destroy(p->rsp_cap_pool);
BUG/MINOR: proxy/stktable: missing frees on proxy cleanup In 1b8e68e ("MEDIUM: stick-table: Stop handling stick-tables as proxies.") we forgot to free the table pointer which is now dynamically allocated. Let's take this opportunity to also fix a missing free in the table itself (the table expire task wasn't properly destroyed) This patch depends on: - "MINOR: stktable: add sktable_deinit function" It should be backported in every stable versions.
2023-11-16 10:18:14 -05:00
MINOR: stktable: add stktable_deinit function Adding sktable_deinit() helper function to properly cleanup a sticktable that was initialized using stktable_init().
2023-11-16 10:17:12 -05:00
stktable_deinit(p->table);
BUG/MINOR: proxy/stktable: missing frees on proxy cleanup In 1b8e68e ("MEDIUM: stick-table: Stop handling stick-tables as proxies.") we forgot to free the table pointer which is now dynamically allocated. Let's take this opportunity to also fix a missing free in the table itself (the table expire task wasn't properly destroyed) This patch depends on: - "MINOR: stktable: add sktable_deinit function" It should be backported in every stable versions.
2023-11-16 10:18:14 -05:00
ha_free(&p->table);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
HA_RWLOCK_DESTROY(&p->lbprm.lock);
HA_RWLOCK_DESTROY(&p->lock);
BUG/MEDIUM: rules: Be able to use captures defined in defaults section Since the 2.5, it is possible to define TCP/HTTP ruleset in defaults sections. However, rules defining a capture in defaults sections was not properly handled because they was not shared with the proxies inheriting from the defaults section. This led to crash when haproxy tried to store a new capture. So now, to fix the issue, when a new proxy is created, the list of captures points to the list of its defaults section. It may be NULL or not. All new caputres are prepended to this list. It is not a problem to share the same defaults section between several proxies, because it is not altered and we take care to not release it when corresponding proxies are freed but only when defaults proxies are freed. To do so, defaults proxies are now unreferenced at the end of free_proxy() function instead of the beginning. This patch should fix the issue #1674. It must be backported to 2.5.
2022-04-25 08:30:58 -04:00
proxy_unref_defaults(p);
MINOR: proxy: implement a free_proxy function Move all liberation code related to a proxy in a dedicated function free_proxy in proxy.c. For now, this function is only called in haproxy.c. In the future, it will be used to free the lua proxy. This helps to clean up haproxy.c.
2021-03-24 11:13:20 -04:00
ha_free(&p);
}
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
/*
[MINOR] adjust error messages about conflicting proxies It's not easy to report useful information to help the user quickly fix a configuration. This patch : - removes the word "listener" in favor of "proxy" as it has been used since the beginning ; - ensures that the same function (hence the same words) will be used to report capabilities of a proxy being declared and an existing proxy ; - avoid the term "conflicting capabilities" in favor of "overlapping capabilities" which is more exact. - just report that the same name is reused in case of warnings
2007-11-04 01:04:43 -05:00
* This function returns a string containing a name describing capabilities to
* report comprehensible error messages. Specifically, it will return the words
MINOR: proxy: add a new capability PR_CAP_DEF In order to more easily distinguish a default proxy from a standard one, let's introduce a new capability PR_CAP_DEF.
2021-02-12 03:43:33 -05:00
* "frontend", "backend" when appropriate, "defaults" if it corresponds to a
* defaults section, or "proxy" for all other cases including the proxies
* declared in "listen" mode.
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
*/
[MINOR] adjust error messages about conflicting proxies It's not easy to report useful information to help the user quickly fix a configuration. This patch : - removes the word "listener" in favor of "proxy" as it has been used since the beginning ; - ensures that the same function (hence the same words) will be used to report capabilities of a proxy being declared and an existing proxy ; - avoid the term "conflicting capabilities" in favor of "overlapping capabilities" which is more exact. - just report that the same name is reused in case of warnings
2007-11-04 01:04:43 -05:00
const char *proxy_cap_str(int cap)
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
{
MINOR: proxy: add a new capability PR_CAP_DEF In order to more easily distinguish a default proxy from a standard one, let's introduce a new capability PR_CAP_DEF.
2021-02-12 03:43:33 -05:00
if (cap & PR_CAP_DEF)
return "defaults";
[MINOR] adjust error messages about conflicting proxies It's not easy to report useful information to help the user quickly fix a configuration. This patch : - removes the word "listener" in favor of "proxy" as it has been used since the beginning ; - ensures that the same function (hence the same words) will be used to report capabilities of a proxy being declared and an existing proxy ; - avoid the term "conflicting capabilities" in favor of "overlapping capabilities" which is more exact. - just report that the same name is reused in case of warnings
2007-11-04 01:04:43 -05:00
if ((cap & PR_CAP_LISTEN) != PR_CAP_LISTEN) {
if (cap & PR_CAP_FE)
return "frontend";
else if (cap & PR_CAP_BE)
return "backend";
}
return "proxy";
[MAJOR] distinguish between frontend, backend, ruleset and listen The notion of capabilities has been added to the proxy so that we know whether a proxy supports frontend, backend, or rulesets. Given this, some parameters are optionnal, some are ignored with a warning and others are forbidden. It is now possible to write valid two level configs without binding to dummy address/ports.
2006-12-29 08:19:17 -05:00
}
[MEDIUM] Implement and use generic findproxy and relax duplicated proxy check This patch: - adds proxy_mode_str() similar to proxy_type_str() - adds a generic findproxy function used with default_backend/setbe/use_backed - rewrite default_backend/senbe/use_backed to use introduced findproxy() - relaxes duplicated proxy check - changes capabilities displaying from "%X" to "%s" with a call to proxy_type_str()
2007-11-03 18:41:58 -04:00
/*
* This function returns a string containing the mode of the proxy in a format
* suitable for error messages.
*/
const char *proxy_mode_str(int mode) {
if (mode == PR_MODE_TCP)
return "tcp";
else if (mode == PR_MODE_HTTP)
return "http";
MEDIUM: cli: implement 'mode cli' proxy analyzers This patch implements analysers for parsing the CLI and extra features for the master's CLI. For each command (sent alone, or separated by ; or \n) the request analyser will determine to which server it should send the request. The 'mode cli' proxy is able to parse a prefix for each command which is used to select the apropriate server. The prefix start by @ and is followed by "master", the PID preceded by ! or the relative PID. (e.g. @master, @1, @!1234). The servers are not round-robined anymore. The command is sent with a SHUTW which force the server to close the connection after sending its response. However the proxy allows a keepalive connection on the client side and does not close. The response analyser does not do much stuff, it only reinits the connection when it received a close from the server, and forward the response. It does not analyze the response data. The only guarantee of the end of the response is the close of the server, we can't rely on the double \n since it's not send by every command. This could be reimplemented later as a filter.
2018-10-26 08:47:40 -04:00
else if (mode == PR_MODE_CLI)
return "cli";
BUG/MINOR: add missing modes in proxy_mode_str() Add the missing PR_MODE_SYSLOG and PR_MODE_PEERS in proxy_mode_str(). Could be backported in every maintained versions.
2022-03-08 05:50:59 -05:00
else if (mode == PR_MODE_SYSLOG)
return "syslog";
else if (mode == PR_MODE_PEERS)
return "peers";
[MEDIUM] Implement and use generic findproxy and relax duplicated proxy check This patch: - adds proxy_mode_str() similar to proxy_type_str() - adds a generic findproxy function used with default_backend/setbe/use_backed - rewrite default_backend/senbe/use_backed to use introduced findproxy() - relaxes duplicated proxy check - changes capabilities displaying from "%X" to "%s" with a call to proxy_type_str()
2007-11-03 18:41:58 -04:00
else
return "unknown";
}
MINOR: cfgparse/proxy: also support spelling fixes on options Some are not always easy to spot with "chk" vs "check" or hyphens at some places and not at others. Now entering "option http-close" properly suggests "httpclose" and "option tcp-chk" suggests "tcp-check". There's no need to consider the proxy's capabilities, what matters is to figure what related word the user tried to spell, and there are not that many options anyway.
2021-03-15 06:11:55 -04:00
/* try to find among known options the one that looks closest to <word> by
* counting transitions between letters, digits and other characters. Will
* return the best matching word if found, otherwise NULL. An optional array
* of extra words to compare may be passed in <extra>, but it must then be
* terminated by a NULL entry. If unused it may be NULL.
*/
const char *proxy_find_best_option(const char *word, const char **extra)
{
uint8_t word_sig[1024];
uint8_t list_sig[1024];
const char *best_ptr = NULL;
int dist, best_dist = INT_MAX;
int index;
make_word_fingerprint(word_sig, word);
for (index = 0; cfg_opts[index].name; index++) {
make_word_fingerprint(list_sig, cfg_opts[index].name);
dist = word_fingerprint_distance(word_sig, list_sig);
if (dist < best_dist) {
best_dist = dist;
best_ptr = cfg_opts[index].name;
}
}
for (index = 0; cfg_opts2[index].name; index++) {
make_word_fingerprint(list_sig, cfg_opts2[index].name);
dist = word_fingerprint_distance(word_sig, list_sig);
if (dist < best_dist) {
best_dist = dist;
best_ptr = cfg_opts2[index].name;
}
}
while (extra && *extra) {
make_word_fingerprint(list_sig, *extra);
dist = word_fingerprint_distance(word_sig, list_sig);
if (dist < best_dist) {
best_dist = dist;
best_ptr = *extra;
}
extra++;
}
if (best_dist > 2 * strlen(word) || (best_ptr && best_dist > 2 * strlen(best_ptr)))
best_ptr = NULL;
return best_ptr;
}
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
/* This function parses a "timeout" statement in a proxy section. It returns
* -1 if there is any error, 1 for a warning, otherwise zero. If it does not
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
* return zero, it will write an error or warning message into a preallocated
* buffer returned at <err>. The trailing is not be written. The function must
* be called with <args> pointing to the first command line word, with <proxy>
* pointing to the proxy being parsed, and <defpx> to the default proxy or NULL.
* As a special case for compatibility with older configs, it also accepts
* "{cli|srv|con}timeout" in args[0].
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
*/
[MEDIUM] modularize the "timeout" keyword configuration parser The "timeout" keyword already relied on an external parser, let's make use of the new keyword registration mechanism.
2008-07-09 14:34:27 -04:00
static int proxy_parse_timeout(char **args, int section, struct proxy *proxy,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MINOR: config: pass the file and line to config keyword parsers This will be needed when we need to create bind config settings.
2012-09-18 14:02:48 -04:00
char **err)
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
{
unsigned timeout;
int retval, cap;
const char *res, *name;
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
int *tv = NULL;
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const int *td = NULL;
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
retval = 0;
[MEDIUM] modularize the "timeout" keyword configuration parser The "timeout" keyword already relied on an external parser, let's make use of the new keyword registration mechanism.
2008-07-09 14:34:27 -04:00
/* simply skip "timeout" but remain compatible with old form */
if (strcmp(args[0], "timeout") == 0)
args++;
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
name = args[0];
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(args[0], "client") == 0) {
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
name = "client";
[CLEANUP] grouped all timeouts in one structure All known timeouts in a proxy have been grouped into a "timeout" sub-structure.
2007-12-02 19:38:36 -05:00
tv = &proxy->timeout.client;
td = &defpx->timeout.client;
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
cap = PR_CAP_FE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "tarpit") == 0) {
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
tv = &proxy->timeout.tarpit;
td = &defpx->timeout.tarpit;
[MINOR] tarpit timeout is also allowed in backends Since the tarpit action may be set in backends too, its timeout must be configurable there.
2008-01-06 07:40:03 -05:00
cap = PR_CAP_FE | PR_CAP_BE;
MINOR: quic: Rename "handshake" timeout to "client-hs" Use a more specific name for this timeout to distinguish it from a possible future one on the server side. Also update the documentation.
2023-11-17 12:03:20 -05:00
} else if (strcmp(args[0], "client-hs") == 0) {
tv = &proxy->timeout.client_hs;
td = &defpx->timeout.client_hs;
MINOR: proxy: Add "handshake" new timeout (frontend side) Add a new timeout for the handshake, on the frontend side only. Such a hanshake will be typically used for TLS hanshakes during client connections to TLS/TCP or QUIC frontends.
2023-11-14 12:31:38 -05:00
cap = PR_CAP_FE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "http-keep-alive") == 0) {
[MINOR] http: add a separate "http-keep-alive" timeout This one is used to wait for next request after a response was sent to the client.
2010-01-10 08:46:16 -05:00
tv = &proxy->timeout.httpka;
td = &defpx->timeout.httpka;
cap = PR_CAP_FE | PR_CAP_BE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "http-request") == 0) {
[MEDIUM] introduce "timeout http-request" in frontends In order to offer DoS protection, it may be required to lower the maximum accepted time to receive a complete HTTP request without affecting the client timeout. This helps protecting against established connections on which nothing is sent. The client timeout cannot offer a good protection against this abuse because it is an inactivity timeout, which means that if the attacker sends one character every now and then, the timeout will not trigger. With the HTTP request timeout, no matter what speed the client types, the request will be aborted if it does not complete in time.
2008-01-06 07:24:40 -05:00
tv = &proxy->timeout.httpreq;
td = &defpx->timeout.httpreq;
[MINOR] http: take http request timeout from the backend Since we can now switch from TCP to HTTP, we need to be able to apply the HTTP request timeout after switching. That means we need to take it from the backend and not from the frontend. Since the backend points to the frontend before switching, that changes nothing for the normal case.
2009-07-12 04:03:17 -04:00
cap = PR_CAP_FE | PR_CAP_BE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "server") == 0) {
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
name = "server";
[CLEANUP] grouped all timeouts in one structure All known timeouts in a proxy have been grouped into a "timeout" sub-structure.
2007-12-02 19:38:36 -05:00
tv = &proxy->timeout.server;
td = &defpx->timeout.server;
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
cap = PR_CAP_BE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "connect") == 0) {
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
name = "connect";
[CLEANUP] grouped all timeouts in one structure All known timeouts in a proxy have been grouped into a "timeout" sub-structure.
2007-12-02 19:38:36 -05:00
tv = &proxy->timeout.connect;
td = &defpx->timeout.connect;
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
cap = PR_CAP_BE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "check") == 0) {
[MEDIUM]: rework checks handling This patch adds two new variables: fastinter and downinter. When server state is: - non-transitionally UP -> inter (no change) - transitionally UP (going down), unchecked or transitionally DOWN (going up) -> fastinter - down -> downinter It allows to set something like: server sr6 127.0.51.61:80 cookie s6 check inter 10000 downinter 20000 fastinter 500 fall 3 weight 40 In the above example haproxy uses 10000ms between checks but as soon as one check fails fastinter (500ms) is used. If server is down downinter (20000) is used or fastinter (500ms) if one check pass. Fastinter is also used when haproxy starts. New "timeout.check" variable was added, if set haproxy uses it as an additional read timeout, but only after a connection has been already established. I was thinking about using "timeout.server" here but most people set this with an addition reserve but still want checks to kick out laggy servers. Please also note that in most cases check request is much simpler and faster to handle than normal requests so this timeout should be smaller. I also changed the timeout used for check connections establishing. Changes from the previous version: - use tv_isset() to check if the timeout is set, - use min("timeout connect", "inter") but only if "timeout check" is set as this min alone may be to short for full (connect + read) check, - debug code (fprintf) commented/removed - documentation Compile tested only (sorry!) as I'm currently traveling but changes are rather small and trivial.
2008-01-20 19:54:06 -05:00
tv = &proxy->timeout.check;
td = &defpx->timeout.check;
cap = PR_CAP_BE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "queue") == 0) {
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
tv = &proxy->timeout.queue;
td = &defpx->timeout.queue;
cap = PR_CAP_BE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "tunnel") == 0) {
MEDIUM: session: add support for tunnel timeouts Tunnel timeouts are used when TCP connections are forwarded, or when forwarding upgraded HTTP connections (WebSocket) as well as CONNECT requests to proxies. This timeout allows long-lived sessions to be supported without having to set large timeouts to normal requests.
2012-05-12 06:50:00 -04:00
tv = &proxy->timeout.tunnel;
td = &defpx->timeout.tunnel;
cap = PR_CAP_BE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "client-fin") == 0) {
MEDIUM: session: implement half-closed timeouts (client-fin and server-fin) Long-lived sessions are often subject to half-closed sessions resulting in a lot of sessions appearing in FIN_WAIT state in the system tables, and no way for haproxy to get rid of them. This typically happens because clients suddenly disconnect without sending any packet (eg: FIN or RST was lost in the path), and while the server detects this using an applicative heart beat, haproxy does not close the connection. This patch adds two new timeouts : "timeout client-fin" and "timeout server-fin". The former allows one to override the client-facing timeout when a FIN has been received or sent. The latter does the same for server-facing connections, which is less useful.
2014-05-10 08:30:07 -04:00
tv = &proxy->timeout.clientfin;
td = &defpx->timeout.clientfin;
cap = PR_CAP_FE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "server-fin") == 0) {
MEDIUM: session: implement half-closed timeouts (client-fin and server-fin) Long-lived sessions are often subject to half-closed sessions resulting in a lot of sessions appearing in FIN_WAIT state in the system tables, and no way for haproxy to get rid of them. This typically happens because clients suddenly disconnect without sending any packet (eg: FIN or RST was lost in the path), and while the server detects this using an applicative heart beat, haproxy does not close the connection. This patch adds two new timeouts : "timeout client-fin" and "timeout server-fin". The former allows one to override the client-facing timeout when a FIN has been received or sent. The latter does the same for server-facing connections, which is less useful.
2014-05-10 08:30:07 -04:00
tv = &proxy->timeout.serverfin;
td = &defpx->timeout.serverfin;
cap = PR_CAP_BE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "clitimeout") == 0) {
MEDIUM: Make '(cli|con|srv)timeout' directive fatal They were deprecated with HAProxy 1.5. Time to remove them.
2019-05-14 14:57:59 -04:00
memprintf(err, "the '%s' directive is not supported anymore since HAProxy 2.1. Use 'timeout client'.", args[0]);
return -1;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "srvtimeout") == 0) {
MEDIUM: Make '(cli|con|srv)timeout' directive fatal They were deprecated with HAProxy 1.5. Time to remove them.
2019-05-14 14:57:59 -04:00
memprintf(err, "the '%s' directive is not supported anymore since HAProxy 2.1. Use 'timeout server'.", args[0]);
return -1;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "contimeout") == 0) {
MEDIUM: Make '(cli|con|srv)timeout' directive fatal They were deprecated with HAProxy 1.5. Time to remove them.
2019-05-14 14:57:59 -04:00
memprintf(err, "the '%s' directive is not supported anymore since HAProxy 2.1. Use 'timeout connect'.", args[0]);
return -1;
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
} else {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
memprintf(err,
"'timeout' supports 'client', 'server', 'connect', 'check', "
MINOR: proxy: Add "handshake" new timeout (frontend side) Add a new timeout for the handshake, on the frontend side only. Such a hanshake will be typically used for TLS hanshakes during client connections to TLS/TCP or QUIC frontends.
2023-11-14 12:31:38 -05:00
"'queue', 'handshake', 'http-keep-alive', 'http-request', 'tunnel', 'tarpit', "
MEDIUM: session: implement half-closed timeouts (client-fin and server-fin) Long-lived sessions are often subject to half-closed sessions resulting in a lot of sessions appearing in FIN_WAIT state in the system tables, and no way for haproxy to get rid of them. This typically happens because clients suddenly disconnect without sending any packet (eg: FIN or RST was lost in the path), and while the server detects this using an applicative heart beat, haproxy does not close the connection. This patch adds two new timeouts : "timeout client-fin" and "timeout server-fin". The former allows one to override the client-facing timeout when a FIN has been received or sent. The latter does the same for server-facing connections, which is less useful.
2014-05-10 08:30:07 -04:00
"'client-fin' and 'server-fin' (got '%s')",
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
args[0]);
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
return -1;
}
if (*args[1] == 0) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
memprintf(err, "'timeout %s' expects an integer value (in milliseconds)", name);
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
return -1;
}
res = parse_time_err(args[1], &timeout, TIME_UNIT_MS);
MEDIUM: tools: improve time format error detection As reported in GH issue #109 and in discourse issue https://discourse.haproxy.org/t/haproxy-returns-408-or-504-error-when-timeout-client-value-is-every-25d the time parser doesn't error on overflows nor underflows. This is a recurring problem which additionally has the bad taste of taking a long time before hitting the user. This patch makes parse_time_err() return special error codes for overflows and underflows, and adds the control in the call places to report suitable errors depending on the requested unit. In practice, underflows are almost never returned as the parsing function takes care of rounding values up, so this might possibly happen on 64-bit overflows returning exactly zero after rounding though. It is not really possible to cut the patch into pieces as it changes the function's API, hence all callers. Tests were run on about every relevant part (cookie maxlife/maxidle, server inter, stats timeout, timeout*, cli's set timeout command, tcp-request/response inspect-delay).
2019-06-07 13:00:37 -04:00
if (res == PARSE_TIME_OVER) {
memprintf(err, "timer overflow in argument '%s' to 'timeout %s' (maximum value is 2147483647 ms or ~24.8 days)",
args[1], name);
return -1;
}
else if (res == PARSE_TIME_UNDER) {
memprintf(err, "timer underflow in argument '%s' to 'timeout %s' (minimum non-null value is 1 ms)",
args[1], name);
return -1;
}
else if (res) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
memprintf(err, "unexpected character '%c' in 'timeout %s'", *res, name);
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
return -1;
}
if (!(proxy->cap & cap)) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
memprintf(err, "'timeout %s' will be ignored because %s '%s' has no %s capability",
name, proxy_type_str(proxy), proxy->id,
(cap & PR_CAP_BE) ? "backend" : "frontend");
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
retval = 1;
}
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
else if (defpx && *tv != *td) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
memprintf(err, "overwriting 'timeout %s' which was already specified", name);
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
retval = 1;
}
MEDIUM: proxy: make timeout parser a bit stricter Twice in a week I found people were surprized by a "conditional timeout" not being respected, because they add "if <cond>" after a timeout, and since they don't see any error nor read the doc, the expect it to work. Let's make the timeout parser reject extra arguments to avoid these situations.
2014-05-22 02:24:46 -04:00
if (*args[2] != 0) {
memprintf(err, "'timeout %s' : unexpected extra argument '%s' after value '%s'.", name, args[2], args[1]);
retval = -1;
}
[MAJOR] convert all expiration timers from timeval to ticks This is the first attempt at moving all internal parts from using struct timeval to integer ticks. Those provides simpler and faster code due to simplified operations, and this change also saved about 64 bytes per session. A new header file has been added : include/common/ticks.h. It is possible that some functions should finally not be inlined because they're used quite a lot (eg: tick_first, tick_add_ifset and tick_is_expired). More measurements are required in order to decide whether this is interesting or not. Some function and variable names are still subject to change for a better overall logics.
2008-07-06 18:09:58 -04:00
*tv = MS_TO_TICKS(timeout);
[MEDIUM] introduce the "timeout" keyword A new "timeout" keyword replaces old "{con|cli|srv}timeout", and provides the ability to independantly set the following timeouts : - client - tarpit - queue - connect - server - appsession Additionally, the "clitimeout", "contimeout" and "srvtimeout" values are supported but deprecated. No warning is emitted yet when they are used since the option is very new. Other timeouts should follow soon now.
2007-12-02 19:30:13 -05:00
return retval;
}
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
/* This function parses a "rate-limit" statement in a proxy section. It returns
* -1 if there is any error, 1 for a warning, otherwise zero. If it does not
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
* return zero, it will write an error or warning message into a preallocated
* buffer returned at <err>. The function must be called with <args> pointing
* to the first command line word, with <proxy> pointing to the proxy being
* parsed, and <defpx> to the default proxy or NULL.
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
*/
static int proxy_parse_rate_limit(char **args, int section, struct proxy *proxy,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MINOR: config: pass the file and line to config keyword parsers This will be needed when we need to create bind config settings.
2012-09-18 14:02:48 -04:00
char **err)
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
{
CLEANUP: proxy: simplify proxy_parse_rate_limit proxy checks rate-limits are valid for both frontend and listen, but not backend; so we can simplify this check in a similar manner as it is done in e.g max-keep-alive-queue. this should fix github issue #449 Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2020-01-15 19:34:27 -05:00
int retval;
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
char *res;
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
unsigned int *tv = NULL;
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const unsigned int *td = NULL;
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
unsigned int val;
retval = 0;
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
if (strcmp(args[1], "sessions") == 0) {
[MINOR] compute the max of sessions/s on fe/be/srv Some users want to keep the max sessions/s seen on servers, frontends and backends for capacity planning. It's easy to grab it while the session count is updated, so let's keep it.
2009-05-10 12:52:49 -04:00
tv = &proxy->fe_sps_lim;
td = &defpx->fe_sps_lim;
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
}
else {
memprintf(err, "'%s' only supports 'sessions' (got '%s')", args[0], args[1]);
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
return -1;
}
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
if (*args[2] == 0) {
memprintf(err, "'%s %s' expects expects an integer value (in sessions/second)", args[0], args[1]);
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
return -1;
}
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
val = strtoul(args[2], &res, 0);
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
if (*res) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
memprintf(err, "'%s %s' : unexpected character '%c' in integer value '%s'", args[0], args[1], *res, args[2]);
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
return -1;
}
CLEANUP: proxy: simplify proxy_parse_rate_limit proxy checks rate-limits are valid for both frontend and listen, but not backend; so we can simplify this check in a similar manner as it is done in e.g max-keep-alive-queue. this should fix github issue #449 Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2020-01-15 19:34:27 -05:00
if (!(proxy->cap & PR_CAP_FE)) {
memprintf(err, "%s %s will be ignored because %s '%s' has no frontend capability",
args[0], args[1], proxy_type_str(proxy), proxy->id);
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
retval = 1;
}
else if (defpx && *tv != *td) {
MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords All keywords registered using a cfg_kw_list now make use of the new error reporting framework. This allows easier and more precise error reporting without having to deal with complex buffer allocation issues.
2012-05-08 13:47:01 -04:00
memprintf(err, "overwriting %s %s which was already specified", args[0], args[1]);
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
retval = 1;
}
*tv = val;
return retval;
}
MINOR: http: implement the max-keep-alive-queue setting Finn Arne Gangstad suggested that we should have the ability to break keep-alive when the target server has reached its maxconn and that a number of connections are present in the queue. After some discussion around his proposed patch, the following solution was suggested : have a per-proxy setting to fix a limit to the number of queued connections on a server after which we break keep-alive. This ensures that even in high latency networks where keep-alive is beneficial, we try to find a different server. This patch is partially based on his original proposal and implements this configurable threshold.
2014-04-25 07:58:37 -04:00
/* This function parses a "max-keep-alive-queue" statement in a proxy section.
* It returns -1 if there is any error, 1 for a warning, otherwise zero. If it
* does not return zero, it will write an error or warning message into a
* preallocated buffer returned at <err>. The function must be called with
* <args> pointing to the first command line word, with <proxy> pointing to
* the proxy being parsed, and <defpx> to the default proxy or NULL.
*/
static int proxy_parse_max_ka_queue(char **args, int section, struct proxy *proxy,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MINOR: http: implement the max-keep-alive-queue setting Finn Arne Gangstad suggested that we should have the ability to break keep-alive when the target server has reached its maxconn and that a number of connections are present in the queue. After some discussion around his proposed patch, the following solution was suggested : have a per-proxy setting to fix a limit to the number of queued connections on a server after which we break keep-alive. This ensures that even in high latency networks where keep-alive is beneficial, we try to find a different server. This patch is partially based on his original proposal and implements this configurable threshold.
2014-04-25 07:58:37 -04:00
char **err)
{
int retval;
char *res;
unsigned int val;
retval = 0;
if (*args[1] == 0) {
memprintf(err, "'%s' expects expects an integer value (or -1 to disable)", args[0]);
return -1;
}
val = strtol(args[1], &res, 0);
if (*res) {
memprintf(err, "'%s' : unexpected character '%c' in integer value '%s'", args[0], *res, args[1]);
return -1;
}
if (!(proxy->cap & PR_CAP_BE)) {
memprintf(err, "%s will be ignored because %s '%s' has no backend capability",
args[0], proxy_type_str(proxy), proxy->id);
retval = 1;
}
/* we store <val+1> so that a user-facing value of -1 is stored as zero (default) */
proxy->max_ka_queue = val + 1;
return retval;
}
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
/* This function parses a "declare" statement in a proxy section. It returns -1
* if there is any error, 1 for warning, otherwise 0. If it does not return zero,
* it will write an error or warning message into a preallocated buffer returned
* at <err>. The function must be called with <args> pointing to the first command
* line word, with <proxy> pointing to the proxy being parsed, and <defpx> to the
* default proxy or NULL.
*/
static int proxy_parse_declare(char **args, int section, struct proxy *curpx,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
char **err)
{
/* Capture keyword wannot be declared in a default proxy. */
if (curpx == defpx) {
MINOR: Fix typos in error messages in the proxy subsystem Fix typos in error messages that will be user-visible in the proxy subsystem.
2018-11-15 14:50:44 -05:00
memprintf(err, "'%s' not available in default section", args[0]);
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
return -1;
}
CLEANUP: Fix spelling errors in comments This is from the output of codespell. It's done at once over a bunch of files and only affects comments, so there is nothing user-visible. No backport needed.
2021-01-07 23:35:52 -05:00
/* Capture keyword is only available in frontend. */
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
if (!(curpx->cap & PR_CAP_FE)) {
MINOR: Fix typos in error messages in the proxy subsystem Fix typos in error messages that will be user-visible in the proxy subsystem.
2018-11-15 14:50:44 -05:00
memprintf(err, "'%s' only available in frontend or listen section", args[0]);
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
return -1;
}
/* Check mandatory second keyword. */
if (!args[1] || !*args[1]) {
memprintf(err, "'%s' needs a second keyword that specify the type of declaration ('capture')", args[0]);
return -1;
}
CLEANUP: fix typos in the proxy subsystem Fix typos in the code comments of the proxy subsystem.
2018-11-15 14:46:55 -05:00
/* Actually, declare is only available for declaring capture
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
* slot, but in the future it can declare maps or variables.
CLEANUP: fix typos in the proxy subsystem Fix typos in the code comments of the proxy subsystem.
2018-11-15 14:46:55 -05:00
* So, this section permits to check and switch according with
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
* the second keyword.
*/
if (strcmp(args[1], "capture") == 0) {
char *error = NULL;
long len;
struct cap_hdr *hdr;
/* Check the next keyword. */
if (!args[2] || !*args[2] ||
(strcmp(args[2], "response") != 0 &&
strcmp(args[2], "request") != 0)) {
memprintf(err, "'%s %s' requires a direction ('request' or 'response')", args[0], args[1]);
return -1;
}
/* Check the 'len' keyword. */
if (!args[3] || !*args[3] || strcmp(args[3], "len") != 0) {
memprintf(err, "'%s %s' requires a capture length ('len')", args[0], args[1]);
return -1;
}
/* Check the length value. */
if (!args[4] || !*args[4]) {
memprintf(err, "'%s %s': 'len' requires a numeric value that represents the "
"capture length",
args[0], args[1]);
return -1;
}
/* convert the length value. */
len = strtol(args[4], &error, 10);
if (*error != '\0') {
memprintf(err, "'%s %s': cannot parse the length '%s'.",
args[0], args[1], args[3]);
return -1;
}
/* check length. */
if (len <= 0) {
memprintf(err, "length must be > 0");
return -1;
}
/* register the capture. */
CLEANUP: uniformize last argument of malloc/calloc Instead of repeating the type of the LHS argument (sizeof(struct ...)) in calls to malloc/calloc, we directly use the pointer name (sizeof(*...)). The following Coccinelle patch was used: @@ type T; T *x; @@ x = malloc( - sizeof(T) + sizeof(*x) ) @@ type T; T *x; @@ x = calloc(1, - sizeof(T) + sizeof(*x) ) When the LHS is not just a variable name, no change is made. Moreover, the following patch was used to ensure that "1" is consistently used as a first argument of calloc, not the last one: @@ @@ calloc( + 1, ... - ,1 )
2016-04-03 07:48:43 -04:00
hdr = calloc(1, sizeof(*hdr));
BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare A memory allocation failure happening during proxy_parse_declare while processing the "capture" keyword and allocating a cap_hdr structure would have resulted in a crash. This function is only called during configuration parsing. It was raised in GitHub issue #1233. It could be backported to all stable branches.
2021-05-12 12:04:46 -04:00
if (!hdr) {
memprintf(err, "proxy '%s': out of memory while registering a capture", curpx->id);
return -1;
}
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
hdr->name = NULL; /* not a header capture */
hdr->namelen = 0;
hdr->len = len;
hdr->pool = create_pool("caphdr", hdr->len + 1, MEM_F_SHARED);
if (strcmp(args[2], "request") == 0) {
hdr->next = curpx->req_cap;
hdr->index = curpx->nb_req_cap++;
curpx->req_cap = hdr;
}
if (strcmp(args[2], "response") == 0) {
hdr->next = curpx->rsp_cap;
hdr->index = curpx->nb_rsp_cap++;
curpx->rsp_cap = hdr;
}
return 0;
}
else {
memprintf(err, "unknown declaration type '%s' (supports 'capture')", args[1]);
return -1;
}
}
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
/* This function parses a "retry-on" statement */
static int
proxy_parse_retry_on(char **args, int section, struct proxy *curpx,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
char **err)
{
int i;
if (!(*args[1])) {
memprintf(err, "'%s' needs at least one keyword to specify when to retry", args[0]);
return -1;
}
if (!(curpx->cap & PR_CAP_BE)) {
memprintf(err, "'%s' only available in backend or listen section", args[0]);
return -1;
}
curpx->retry_type = 0;
for (i = 1; *(args[i]); i++) {
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(args[i], "conn-failure") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_CONN_FAILED;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "empty-response") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_DISCONNECTED;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "response-timeout") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_TIMEOUT;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "401") == 0)
MINOR: stream: Add level 7 retries on http error 401, 403 Level-7 retries are only possible with a restricted number of HTTP return codes. While it is usually not safe to retry on 401 and 403, I came up with an authentication backend which was not synchronizing authentication of users. While not perfect, being allowed to also retry on those return codes is really helpful and acts as a hotfix until we can fix the backend. Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
2020-11-12 05:14:05 -05:00
curpx->retry_type |= PR_RE_401;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "403") == 0)
MINOR: stream: Add level 7 retries on http error 401, 403 Level-7 retries are only possible with a restricted number of HTTP return codes. While it is usually not safe to retry on 401 and 403, I came up with an authentication backend which was not synchronizing authentication of users. While not perfect, being allowed to also retry on those return codes is really helpful and acts as a hotfix until we can fix the backend. Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
2020-11-12 05:14:05 -05:00
curpx->retry_type |= PR_RE_403;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "404") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_404;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "408") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_408;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "425") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_425;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "500") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_500;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "501") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_501;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "502") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_502;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "503") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_503;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "504") == 0)
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
curpx->retry_type |= PR_RE_504;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "0rtt-rejected") == 0)
MEDIUM: streams: Add a way to replay failed 0rtt requests. Add a new keyword for retry-on, 0rtt-rejected. If set, we will try to replay requests for which we sent early data that got rejected by the server. If that option is set, we will attempt to use 0rtt if "allow-0rtt" is set on the server line even if the client didn't send early data.
2019-05-03 16:46:27 -04:00
curpx->retry_type |= PR_RE_EARLY_ERROR;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "junk-response") == 0)
MEDIUM: streams: Add a new keyword for retry-on, "junk-response" Add a way to retry requests if we got a junk response from the server, ie an incomplete response, or something that is not valid HTTP. To do so, one can use the new "junk-response" keyword for retry-on.
2019-05-03 17:01:47 -04:00
curpx->retry_type |= PR_RE_JUNK_REQUEST;
MINOR: streams: Introduce a new retry-on keyword, all-retryable-errors. Add a new retry-on keyword, "all-retryable-errors", that activates retry for all errors that are considered retryable. This currently activates retry for "conn-failure", "empty-response", "junk-respones", "response-timeout", "0rtt-rejected", "500", "502", "503" and "504".
2019-05-10 12:05:40 -04:00
else if (!(strcmp(args[i], "all-retryable-errors")))
curpx->retry_type |= PR_RE_CONN_FAILED | PR_RE_DISCONNECTED |
PR_RE_TIMEOUT | PR_RE_500 | PR_RE_502 |
PR_RE_503 | PR_RE_504 | PR_RE_EARLY_ERROR |
PR_RE_JUNK_REQUEST;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[i], "none") == 0) {
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
if (i != 1 || *args[i + 1]) {
memprintf(err, "'%s' 'none' keyworld only usable alone", args[0]);
return -1;
}
} else {
memprintf(err, "'%s': unknown keyword '%s'", args[0], args[i]);
return -1;
}
}
return 0;
}
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#ifdef TCP_KEEPCNT
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
/* This function parses "{cli|srv}tcpka-cnt" statements */
static int proxy_parse_tcpka_cnt(char **args, int section, struct proxy *proxy,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
char **err)
{
int retval;
char *res;
unsigned int tcpka_cnt;
retval = 0;
if (*args[1] == 0) {
memprintf(err, "'%s' expects an integer value", args[0]);
return -1;
}
tcpka_cnt = strtol(args[1], &res, 0);
if (*res) {
memprintf(err, "'%s' : unexpected character '%c' in integer value '%s'", args[0], *res, args[1]);
return -1;
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(args[0], "clitcpka-cnt") == 0) {
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
if (!(proxy->cap & PR_CAP_FE)) {
memprintf(err, "%s will be ignored because %s '%s' has no frontend capability",
args[0], proxy_type_str(proxy), proxy->id);
retval = 1;
}
proxy->clitcpka_cnt = tcpka_cnt;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "srvtcpka-cnt") == 0) {
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
if (!(proxy->cap & PR_CAP_BE)) {
memprintf(err, "%s will be ignored because %s '%s' has no backend capability",
args[0], proxy_type_str(proxy), proxy->id);
retval = 1;
}
proxy->srvtcpka_cnt = tcpka_cnt;
} else {
/* unreachable */
memprintf(err, "'%s': unknown keyword", args[0]);
return -1;
}
return retval;
}
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#endif
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#ifdef TCP_KEEPIDLE
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
/* This function parses "{cli|srv}tcpka-idle" statements */
static int proxy_parse_tcpka_idle(char **args, int section, struct proxy *proxy,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
char **err)
{
int retval;
const char *res;
unsigned int tcpka_idle;
retval = 0;
if (*args[1] == 0) {
memprintf(err, "'%s' expects an integer value", args[0]);
return -1;
}
res = parse_time_err(args[1], &tcpka_idle, TIME_UNIT_S);
if (res == PARSE_TIME_OVER) {
memprintf(err, "timer overflow in argument '%s' to '%s' (maximum value is 2147483647 ms or ~24.8 days)",
args[1], args[0]);
return -1;
}
else if (res == PARSE_TIME_UNDER) {
memprintf(err, "timer underflow in argument '%s' to '%s' (minimum non-null value is 1 ms)",
args[1], args[0]);
return -1;
}
else if (res) {
memprintf(err, "unexpected character '%c' in argument to <%s>.\n", *res, args[0]);
return -1;
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(args[0], "clitcpka-idle") == 0) {
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
if (!(proxy->cap & PR_CAP_FE)) {
memprintf(err, "%s will be ignored because %s '%s' has no frontend capability",
args[0], proxy_type_str(proxy), proxy->id);
retval = 1;
}
proxy->clitcpka_idle = tcpka_idle;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "srvtcpka-idle") == 0) {
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
if (!(proxy->cap & PR_CAP_BE)) {
memprintf(err, "%s will be ignored because %s '%s' has no backend capability",
args[0], proxy_type_str(proxy), proxy->id);
retval = 1;
}
proxy->srvtcpka_idle = tcpka_idle;
} else {
/* unreachable */
memprintf(err, "'%s': unknown keyword", args[0]);
return -1;
}
return retval;
}
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#endif
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#ifdef TCP_KEEPINTVL
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
/* This function parses "{cli|srv}tcpka-intvl" statements */
static int proxy_parse_tcpka_intvl(char **args, int section, struct proxy *proxy,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
char **err)
{
int retval;
const char *res;
unsigned int tcpka_intvl;
retval = 0;
if (*args[1] == 0) {
memprintf(err, "'%s' expects an integer value", args[0]);
return -1;
}
res = parse_time_err(args[1], &tcpka_intvl, TIME_UNIT_S);
if (res == PARSE_TIME_OVER) {
memprintf(err, "timer overflow in argument '%s' to '%s' (maximum value is 2147483647 ms or ~24.8 days)",
args[1], args[0]);
return -1;
}
else if (res == PARSE_TIME_UNDER) {
memprintf(err, "timer underflow in argument '%s' to '%s' (minimum non-null value is 1 ms)",
args[1], args[0]);
return -1;
}
else if (res) {
memprintf(err, "unexpected character '%c' in argument to <%s>.\n", *res, args[0]);
return -1;
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(args[0], "clitcpka-intvl") == 0) {
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
if (!(proxy->cap & PR_CAP_FE)) {
memprintf(err, "%s will be ignored because %s '%s' has no frontend capability",
args[0], proxy_type_str(proxy), proxy->id);
retval = 1;
}
proxy->clitcpka_intvl = tcpka_intvl;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
} else if (strcmp(args[0], "srvtcpka-intvl") == 0) {
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
if (!(proxy->cap & PR_CAP_BE)) {
memprintf(err, "%s will be ignored because %s '%s' has no backend capability",
args[0], proxy_type_str(proxy), proxy->id);
retval = 1;
}
proxy->srvtcpka_intvl = tcpka_intvl;
} else {
/* unreachable */
memprintf(err, "'%s': unknown keyword", args[0]);
return -1;
}
return retval;
}
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#endif
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
MINOR: proxy: support storing defaults sections into their own tree Now we'll have a tree of named defaults sections. The regular insertion and lookup functions take care of the capability in order to select the appropriate tree. A new function proxy_destroy_defaults() removes a proxy from this tree and frees it entirely.
2021-02-12 07:52:11 -05:00
/* This function inserts proxy <px> into the tree of known proxies (regular
* ones or defaults depending on px->cap & PR_CAP_DEF). The proxy's name is
* used as the storing key so it must already have been initialized.
MEDIUM: proxy: create a tree to store proxies by name Large configurations can take time to parse when thousands of backends are in use. Let's store all the proxies in trees. findproxy_mode() has been modified to use the tree for lookups, which has divided the parsing time by about 2.5. But many lookups are still present at many places and need to be dealt with.
2014-03-15 02:22:35 -04:00
*/
void proxy_store_name(struct proxy *px)
{
MINOR: proxy: support storing defaults sections into their own tree Now we'll have a tree of named defaults sections. The regular insertion and lookup functions take care of the capability in order to select the appropriate tree. A new function proxy_destroy_defaults() removes a proxy from this tree and frees it entirely.
2021-02-12 07:52:11 -05:00
struct eb_root *root = (px->cap & PR_CAP_DEF) ? &defproxy_by_name : &proxy_by_name;
MEDIUM: proxy: create a tree to store proxies by name Large configurations can take time to parse when thousands of backends are in use. Let's store all the proxies in trees. findproxy_mode() has been modified to use the tree for lookups, which has divided the parsing time by about 2.5. But many lookups are still present at many places and need to be dealt with.
2014-03-15 02:22:35 -04:00
px->conf.by_name.key = px->id;
MINOR: proxy: support storing defaults sections into their own tree Now we'll have a tree of named defaults sections. The regular insertion and lookup functions take care of the capability in order to select the appropriate tree. A new function proxy_destroy_defaults() removes a proxy from this tree and frees it entirely.
2021-02-12 07:52:11 -05:00
ebis_insert(root, &px->conf.by_name);
MEDIUM: proxy: create a tree to store proxies by name Large configurations can take time to parse when thousands of backends are in use. Let's store all the proxies in trees. findproxy_mode() has been modified to use the tree for lookups, which has divided the parsing time by about 2.5. But many lookups are still present at many places and need to be dealt with.
2014-03-15 02:22:35 -04:00
}
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
/* Returns a pointer to the first proxy matching capabilities <cap> and id
* <id>. NULL is returned if no match is found. If <table> is non-zero, it
* only considers proxies having a table.
[MINOR] proxy: make findproxy() return proxies from numeric IDs too Sometimes it's useful to be able to search a proxy by its numeric ID, so let's add support for names such as #<id>.
2011-08-02 05:25:54 -04:00
*/
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
struct proxy *proxy_find_by_id(int id, int cap, int table)
CLEANUP: proxy: make the proxy lookup functions more user-friendly First, findproxy() was renamed proxy_find_by_name() so that its explicit that a name is required for the lookup. Second, we give this function the ability to search for tables if needed. Third we now provide inline wrappers to pass the appropriate PR_CAP_* flags and to explicitly look up a frontend, backend or table.
2015-05-26 05:24:42 -04:00
{
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
struct eb32_node *n;
[MINOR] proxy: make findproxy() return proxies from numeric IDs too Sometimes it's useful to be able to search a proxy by its numeric ID, so let's add support for names such as #<id>.
2011-08-02 05:25:54 -04:00
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
for (n = eb32_lookup(&used_proxy_id, id); n; n = eb32_next(n)) {
struct proxy *px = container_of(n, struct proxy, conf.id);
MEDIUM: proxy: make findproxy() use trees to look up proxies Both proxy IDs and names are now looked up from the trees.
2014-03-15 02:43:51 -04:00
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
if (px->uuid != id)
break;
[MINOR] server tracking: don't care about the tracked server's mode Right now, an HTTP server cannot track a TCP server and vice-versa. This patch enables proxy tracking without relying on the proxy's mode (tcp/http/health). It only requires a matching proxy name to exist. The original function was renamed to findproxy_mode().
2009-11-01 21:27:13 -05:00
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
if ((px->cap & cap) != cap)
continue;
MEDIUM: proxy: make findproxy() use trees to look up proxies Both proxy IDs and names are now looked up from the trees.
2014-03-15 02:43:51 -04:00
MEDIUM: stick-table: Stop handling stick-tables as proxies. This patch adds the support for the "table" line parsing in "peers" sections to declare stick-table in such sections. This also prevents the user from having to declare dummy backends sections with a unique stick-table inside. Even if still supported, this usage will become deprecated. To do so, the ->table member of proxy struct which is a stktable struct is replaced by a pointer to a stktable struct allocated at parsing time in src/cfgparse-listen.c for the dummy stick-table backends and in src/cfgparse.c for "peers" sections. This has an impact on the code for stick-table sample converters and on the stickiness rules parsers which first store the name of the dummy before resolving the rules. This patch replaces proxy_tbl_by_name() calls by stktable_find_by_name() calls to lookup for stick-tables stored in "stktable_by_name" ebtree at parsing time. There is only one remaining place where proxy_tbl_by_name() is used: src/hlua.c. At several places in the code we relied on the fact that ->size member of stick-table was equal to zero to consider the stick-table was present by not configured, this do not make sense anymore as ->table member of struct proxyis fow now on a pointer. These tests are replaced by a test on ->table value itself. In "peers" section we do not have to temporary store the name of the section the stick-table are attached to because this name is obviously already known just after having entered this "peers" section. About the CLI stick-table I/O handler, the pointer to proxy struct is replaced by a pointer to a stktable struct.
2019-03-14 02:07:41 -04:00
if (table && (!px->table || !px->table->size))
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
continue;
MEDIUM: proxy: make findproxy() use trees to look up proxies Both proxy IDs and names are now looked up from the trees.
2014-03-15 02:43:51 -04:00
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
return px;
}
return NULL;
}
MEDIUM: proxy: make findproxy() use trees to look up proxies Both proxy IDs and names are now looked up from the trees.
2014-03-15 02:43:51 -04:00
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
/* Returns a pointer to the first proxy matching either name <name>, or id
* <name> if <name> begins with a '#'. NULL is returned if no match is found.
MINOR: proxy: support storing defaults sections into their own tree Now we'll have a tree of named defaults sections. The regular insertion and lookup functions take care of the capability in order to select the appropriate tree. A new function proxy_destroy_defaults() removes a proxy from this tree and frees it entirely.
2021-02-12 07:52:11 -05:00
* If <table> is non-zero, it only considers proxies having a table. The search
* is made into the regular proxies, unless <cap> has PR_CAP_DEF set in which
* case it's searched into the defproxy tree.
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
*/
struct proxy *proxy_find_by_name(const char *name, int cap, int table)
{
struct proxy *curproxy;
CLEANUP: proxy: make the proxy lookup functions more user-friendly First, findproxy() was renamed proxy_find_by_name() so that its explicit that a name is required for the lookup. Second, we give this function the ability to search for tables if needed. Third we now provide inline wrappers to pass the appropriate PR_CAP_* flags and to explicitly look up a frontend, backend or table.
2015-05-26 05:24:42 -04:00
MINOR: proxy: support storing defaults sections into their own tree Now we'll have a tree of named defaults sections. The regular insertion and lookup functions take care of the capability in order to select the appropriate tree. A new function proxy_destroy_defaults() removes a proxy from this tree and frees it entirely.
2021-02-12 07:52:11 -05:00
if (*name == '#' && !(cap & PR_CAP_DEF)) {
MINOR: proxy: add a new function proxy_find_by_id() It does the same as the other one except that it only focuses on the numeric ID and the capabilities. It's used by proxy_find_by_name() for numeric names.
2015-05-26 09:25:32 -04:00
curproxy = proxy_find_by_id(atoi(name + 1), cap, table);
if (curproxy)
MINOR: proxy: simply ignore duplicates in proxy name lookups Now that we can't have duplicate proxies with similar capabilities, we can remove some painful check. The first one is the check that made the lookup function return NULL when a duplicate is found, as it prevented it from being used in the config parser to detect duplicates.
2015-05-26 05:35:41 -04:00
return curproxy;
[MINOR] server tracking: don't care about the tracked server's mode Right now, an HTTP server cannot track a TCP server and vice-versa. This patch enables proxy tracking without relying on the proxy's mode (tcp/http/health). It only requires a matching proxy name to exist. The original function was renamed to findproxy_mode().
2009-11-01 21:27:13 -05:00
}
MEDIUM: proxy: make findproxy() use trees to look up proxies Both proxy IDs and names are now looked up from the trees.
2014-03-15 02:43:51 -04:00
else {
MINOR: proxy: support storing defaults sections into their own tree Now we'll have a tree of named defaults sections. The regular insertion and lookup functions take care of the capability in order to select the appropriate tree. A new function proxy_destroy_defaults() removes a proxy from this tree and frees it entirely.
2021-02-12 07:52:11 -05:00
struct eb_root *root;
MEDIUM: proxy: make findproxy() use trees to look up proxies Both proxy IDs and names are now looked up from the trees.
2014-03-15 02:43:51 -04:00
struct ebpt_node *node;
MINOR: proxy: support storing defaults sections into their own tree Now we'll have a tree of named defaults sections. The regular insertion and lookup functions take care of the capability in order to select the appropriate tree. A new function proxy_destroy_defaults() removes a proxy from this tree and frees it entirely.
2021-02-12 07:52:11 -05:00
root = (cap & PR_CAP_DEF) ? &defproxy_by_name : &proxy_by_name;
for (node = ebis_lookup(root, name); node; node = ebpt_next(node)) {
MEDIUM: proxy: make findproxy() use trees to look up proxies Both proxy IDs and names are now looked up from the trees.
2014-03-15 02:43:51 -04:00
curproxy = container_of(node, struct proxy, conf.by_name);
if (strcmp(curproxy->id, name) != 0)
break;
if ((curproxy->cap & cap) != cap)
continue;
[MINOR] server tracking: don't care about the tracked server's mode Right now, an HTTP server cannot track a TCP server and vice-versa. This patch enables proxy tracking without relying on the proxy's mode (tcp/http/health). It only requires a matching proxy name to exist. The original function was renamed to findproxy_mode().
2009-11-01 21:27:13 -05:00
MEDIUM: stick-table: Stop handling stick-tables as proxies. This patch adds the support for the "table" line parsing in "peers" sections to declare stick-table in such sections. This also prevents the user from having to declare dummy backends sections with a unique stick-table inside. Even if still supported, this usage will become deprecated. To do so, the ->table member of proxy struct which is a stktable struct is replaced by a pointer to a stktable struct allocated at parsing time in src/cfgparse-listen.c for the dummy stick-table backends and in src/cfgparse.c for "peers" sections. This has an impact on the code for stick-table sample converters and on the stickiness rules parsers which first store the name of the dummy before resolving the rules. This patch replaces proxy_tbl_by_name() calls by stktable_find_by_name() calls to lookup for stick-tables stored in "stktable_by_name" ebtree at parsing time. There is only one remaining place where proxy_tbl_by_name() is used: src/hlua.c. At several places in the code we relied on the fact that ->size member of stick-table was equal to zero to consider the stick-table was present by not configured, this do not make sense anymore as ->table member of struct proxyis fow now on a pointer. These tests are replaced by a test on ->table value itself. In "peers" section we do not have to temporary store the name of the section the stick-table are attached to because this name is obviously already known just after having entered this "peers" section. About the CLI stick-table I/O handler, the pointer to proxy struct is replaced by a pointer to a stktable struct.
2019-03-14 02:07:41 -04:00
if (table && (!curproxy->table || !curproxy->table->size))
CLEANUP: proxy: make the proxy lookup functions more user-friendly First, findproxy() was renamed proxy_find_by_name() so that its explicit that a name is required for the lookup. Second, we give this function the ability to search for tables if needed. Third we now provide inline wrappers to pass the appropriate PR_CAP_* flags and to explicitly look up a frontend, backend or table.
2015-05-26 05:24:42 -04:00
continue;
MINOR: proxy: simply ignore duplicates in proxy name lookups Now that we can't have duplicate proxies with similar capabilities, we can remove some painful check. The first one is the check that made the lookup function return NULL when a duplicate is found, as it prevented it from being used in the config parser to detect duplicates.
2015-05-26 05:35:41 -04:00
return curproxy;
MEDIUM: proxy: make findproxy() use trees to look up proxies Both proxy IDs and names are now looked up from the trees.
2014-03-15 02:43:51 -04:00
}
}
MINOR: proxy: simply ignore duplicates in proxy name lookups Now that we can't have duplicate proxies with similar capabilities, we can remove some painful check. The first one is the check that made the lookup function return NULL when a duplicate is found, as it prevented it from being used in the config parser to detect duplicates.
2015-05-26 05:35:41 -04:00
return NULL;
[MINOR] server tracking: don't care about the tracked server's mode Right now, an HTTP server cannot track a TCP server and vice-versa. This patch enables proxy tracking without relying on the proxy's mode (tcp/http/health). It only requires a matching proxy name to exist. The original function was renamed to findproxy_mode().
2009-11-01 21:27:13 -05:00
}
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
/* Finds the best match for a proxy with capabilities <cap>, name <name> and id
* <id>. At most one of <id> or <name> may be different provided that <cap> is
* valid. Either <id> or <name> may be left unspecified (0). The purpose is to
* find a proxy based on some information from a previous configuration, across
* reloads or during information exchange between peers.
*
* Names are looked up first if present, then IDs are compared if present. In
* case of an inexact match whatever is forced in the configuration has
* precedence in the following order :
* - 1) forced ID (proves a renaming / change of proxy type)
* - 2) proxy name+type (may indicate a move if ID differs)
* - 3) automatic ID+type (may indicate a renaming)
*
* Depending on what is found, we can end up in the following situations :
*
* name id cap | possible causes
* -------------+-----------------
* -- -- -- | nothing found
* -- -- ok | nothing found
* -- ok -- | proxy deleted, ID points to next one
* -- ok ok | proxy renamed, or deleted with ID pointing to next one
* ok -- -- | proxy deleted, but other half with same name still here (before)
* ok -- ok | proxy's ID changed (proxy moved in the config file)
* ok ok -- | proxy deleted, but other half with same name still here (after)
* ok ok ok | perfect match
*
* Upon return if <diff> is not NULL, it is zeroed then filled with up to 3 bits :
MINOR: proxy: bit field for proxy_find_best_match diff status function proxy_find_best_match can update the caller by updating an int provided in argument. For now, proxy_find_best_match hardcode bit values 0x01, 0x02 and 0x04, which is not understandable when reading a code exploiting them. This patch defines 3 macros with a more explicit wording, so further reading of a code exploiting the magic bit values will be understandable more easily.
2015-07-03 05:03:33 -04:00
* - PR_FBM_MISMATCH_ID : proxy was found but ID differs
* (and ID was not zero)
* - PR_FBM_MISMATCH_NAME : proxy was found by ID but name differs
* (and name was not NULL)
* - PR_FBM_MISMATCH_PROXYTYPE : a proxy of different type was found with
* the same name and/or id
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
*
* Only a valid proxy is returned. If capabilities do not match, NULL is
* returned. The caller can check <diff> to report detailed warnings / errors,
* and decide whether or not to use what was found.
*/
struct proxy *proxy_find_best_match(int cap, const char *name, int id, int *diff)
{
struct proxy *byname;
struct proxy *byid;
if (!name && !id)
return NULL;
if (diff)
*diff = 0;
byname = byid = NULL;
if (name) {
byname = proxy_find_by_name(name, cap, 0);
if (byname && (!id || byname->uuid == id))
return byname;
}
CLEANUP: fix typos in the proxy subsystem Fix typos in the code comments of the proxy subsystem.
2018-11-15 14:46:55 -05:00
/* remaining possibilities :
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
* - name not set
* - name set but not found
* - name found, but ID doesn't match.
*/
if (id) {
byid = proxy_find_by_id(id, cap, 0);
if (byid) {
if (byname) {
/* id+type found, name+type found, but not all 3.
* ID wins only if forced, otherwise name wins.
*/
if (byid->options & PR_O_FORCED_ID) {
if (diff)
MINOR: proxy: bit field for proxy_find_best_match diff status function proxy_find_best_match can update the caller by updating an int provided in argument. For now, proxy_find_best_match hardcode bit values 0x01, 0x02 and 0x04, which is not understandable when reading a code exploiting them. This patch defines 3 macros with a more explicit wording, so further reading of a code exploiting the magic bit values will be understandable more easily.
2015-07-03 05:03:33 -04:00
*diff |= PR_FBM_MISMATCH_NAME;
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
return byid;
}
else {
if (diff)
MINOR: proxy: bit field for proxy_find_best_match diff status function proxy_find_best_match can update the caller by updating an int provided in argument. For now, proxy_find_best_match hardcode bit values 0x01, 0x02 and 0x04, which is not understandable when reading a code exploiting them. This patch defines 3 macros with a more explicit wording, so further reading of a code exploiting the magic bit values will be understandable more easily.
2015-07-03 05:03:33 -04:00
*diff |= PR_FBM_MISMATCH_ID;
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
return byname;
}
}
CLEANUP: fix typos in the proxy subsystem Fix typos in the code comments of the proxy subsystem.
2018-11-15 14:46:55 -05:00
/* remaining possibilities :
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
* - name not set
* - name set but not found
*/
if (name && diff)
MINOR: proxy: bit field for proxy_find_best_match diff status function proxy_find_best_match can update the caller by updating an int provided in argument. For now, proxy_find_best_match hardcode bit values 0x01, 0x02 and 0x04, which is not understandable when reading a code exploiting them. This patch defines 3 macros with a more explicit wording, so further reading of a code exploiting the magic bit values will be understandable more easily.
2015-07-03 05:03:33 -04:00
*diff |= PR_FBM_MISMATCH_NAME;
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
return byid;
}
/* ID not found */
if (byname) {
if (diff)
MINOR: proxy: bit field for proxy_find_best_match diff status function proxy_find_best_match can update the caller by updating an int provided in argument. For now, proxy_find_best_match hardcode bit values 0x01, 0x02 and 0x04, which is not understandable when reading a code exploiting them. This patch defines 3 macros with a more explicit wording, so further reading of a code exploiting the magic bit values will be understandable more easily.
2015-07-03 05:03:33 -04:00
*diff |= PR_FBM_MISMATCH_ID;
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
return byname;
}
}
CLEANUP: fix typos in the proxy subsystem Fix typos in the code comments of the proxy subsystem.
2018-11-15 14:46:55 -05:00
/* All remaining possibilities will lead to NULL. If we can report more
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
* detailed information to the caller about changed types and/or name,
* we'll do it. For example, we could detect that "listen foo" was
* split into "frontend foo_ft" and "backend foo_bk" if IDs are forced.
* - name not set, ID not found
* - name not found, ID not set
* - name not found, ID not found
*/
if (!diff)
return NULL;
if (name) {
byname = proxy_find_by_name(name, 0, 0);
if (byname && (!id || byname->uuid == id))
MINOR: proxy: bit field for proxy_find_best_match diff status function proxy_find_best_match can update the caller by updating an int provided in argument. For now, proxy_find_best_match hardcode bit values 0x01, 0x02 and 0x04, which is not understandable when reading a code exploiting them. This patch defines 3 macros with a more explicit wording, so further reading of a code exploiting the magic bit values will be understandable more easily.
2015-07-03 05:03:33 -04:00
*diff |= PR_FBM_MISMATCH_PROXYTYPE;
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
}
if (id) {
byid = proxy_find_by_id(id, 0, 0);
if (byid) {
if (!name)
MINOR: proxy: bit field for proxy_find_best_match diff status function proxy_find_best_match can update the caller by updating an int provided in argument. For now, proxy_find_best_match hardcode bit values 0x01, 0x02 and 0x04, which is not understandable when reading a code exploiting them. This patch defines 3 macros with a more explicit wording, so further reading of a code exploiting the magic bit values will be understandable more easily.
2015-07-03 05:03:33 -04:00
*diff |= PR_FBM_MISMATCH_PROXYTYPE; /* only type changed */
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
else if (byid->options & PR_O_FORCED_ID)
MINOR: proxy: bit field for proxy_find_best_match diff status function proxy_find_best_match can update the caller by updating an int provided in argument. For now, proxy_find_best_match hardcode bit values 0x01, 0x02 and 0x04, which is not understandable when reading a code exploiting them. This patch defines 3 macros with a more explicit wording, so further reading of a code exploiting the magic bit values will be understandable more easily.
2015-07-03 05:03:33 -04:00
*diff |= PR_FBM_MISMATCH_NAME | PR_FBM_MISMATCH_PROXYTYPE; /* name and type changed */
MEDIUM: proxy: add a new proxy_find_best_match() function This function tries to spot a proxy by its name, ID and type, and in case some elements don't match, it tries to determine which ones could be ignored and reports which ones were ignored so that the caller can decide whether or not it wants to pick this proxy. This will be used for maintaining the status across reloads where the config might have changed a bit.
2015-05-27 10:46:26 -04:00
/* otherwise it's a different proxy that was returned */
}
}
return NULL;
}
[MEDIUM] Implement "track [<backend>/]<server>" This patch implements ability to set the current state of one server by tracking another one. It: - adds two variables: *tracknext, *tracked to struct server - implements findserver(), similar to findproxy() - adds "track" keyword accepting both "proxy/server" and "server" (assuming current proxy) - verifies if both checks and tracking is not enabled at the same time - changes set_server_down() to notify tracking server - creates set_server_up(), set_server_disabled(), set_server_enabled() by moving the code from process_chk() and adding notifications - changes stats to show a name of tracked server instead of Chk/Dwn/Dwntime(html) or by adding new variable (csv) Changes from the previuos version: - it is possibile to track independently of the declaration order - one extra comma bug is fixed - new condition to check if there is no disable-on-404 inconsistency
2008-02-17 19:26:35 -05:00
/*
* This function finds a server with matching name within selected proxy.
* It also checks if there are more matching servers with
* requested name as this often leads into unexpected situations.
*/
struct server *findserver(const struct proxy *px, const char *name) {
struct server *cursrv, *target = NULL;
if (!px)
return NULL;
for (cursrv = px->srv; cursrv; cursrv = cursrv->next) {
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(cursrv->id, name) != 0)
[MEDIUM] Implement "track [<backend>/]<server>" This patch implements ability to set the current state of one server by tracking another one. It: - adds two variables: *tracknext, *tracked to struct server - implements findserver(), similar to findproxy() - adds "track" keyword accepting both "proxy/server" and "server" (assuming current proxy) - verifies if both checks and tracking is not enabled at the same time - changes set_server_down() to notify tracking server - creates set_server_up(), set_server_disabled(), set_server_enabled() by moving the code from process_chk() and adding notifications - changes stats to show a name of tracked server instead of Chk/Dwn/Dwntime(html) or by adding new variable (csv) Changes from the previuos version: - it is possibile to track independently of the declaration order - one extra comma bug is fixed - new condition to check if there is no disable-on-404 inconsistency
2008-02-17 19:26:35 -05:00
continue;
if (!target) {
target = cursrv;
continue;
}
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Refusing to use duplicated server '%s' found in proxy: %s!\n",
name, px->id);
[MEDIUM] Implement "track [<backend>/]<server>" This patch implements ability to set the current state of one server by tracking another one. It: - adds two variables: *tracknext, *tracked to struct server - implements findserver(), similar to findproxy() - adds "track" keyword accepting both "proxy/server" and "server" (assuming current proxy) - verifies if both checks and tracking is not enabled at the same time - changes set_server_down() to notify tracking server - creates set_server_up(), set_server_disabled(), set_server_enabled() by moving the code from process_chk() and adding notifications - changes stats to show a name of tracked server instead of Chk/Dwn/Dwntime(html) or by adding new variable (csv) Changes from the previuos version: - it is possibile to track independently of the declaration order - one extra comma bug is fixed - new condition to check if there is no disable-on-404 inconsistency
2008-02-17 19:26:35 -05:00
return NULL;
}
return target;
}
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
/* This function checks that the designated proxy has no http directives
* enabled. It will output a warning if there are, and will fix some of them.
* It returns the number of fatal errors encountered. This should be called
* at the end of the configuration parsing if the proxy is not in http mode.
* The <file> argument is used to construct the error message.
*/
[MEDIUM] config: split parser and checker in two functions This is a first step towards support of multiple configuration files. Now readcfgfile() only reads a file in memory and performs very minimal parsing. The checks are performed afterwards.
2009-06-22 09:48:36 -04:00
int proxy_cfg_ensure_no_http(struct proxy *curproxy)
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
{
if (curproxy->cookie_name != NULL) {
MINOR: errors: specify prefix "config" for parsing output Set "config :" as a prefix for the user messages context before starting the configuration parsing. All following stderr output will be prefixed by it. As a consequence, remove extraneous prefix "config" already specified in various ha_alert/warning/notice calls.
2021-06-04 12:22:08 -04:00
ha_warning("cookie will be ignored for %s '%s' (needs 'mode http').\n",
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
proxy_type_str(curproxy), curproxy->id);
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
}
[MINOR] backend: separate declarations of LB algos from their lookup method LB algo macros were composed of the LB algo by itself without any indication of the method to use to look up a server (the lb function itself). This method was implied by the LB algo, which was not very convenient to add more algorithms. Now we have several fields in the LB macros, some to describe what to look for in the requests, some to describe how to transform that (kind of algo) and some to describe what lookup function to use. The next patch will make it possible to factor out some code for all algos which rely on a map.
2009-10-03 06:21:20 -04:00
if (curproxy->lbprm.algo & BE_LB_NEED_HTTP) {
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
curproxy->lbprm.algo &= ~BE_LB_ALGO;
curproxy->lbprm.algo |= BE_LB_ALGO_RR;
MINOR: errors: specify prefix "config" for parsing output Set "config :" as a prefix for the user messages context before starting the configuration parsing. All following stderr output will be prefixed by it. As a consequence, remove extraneous prefix "config" already specified in various ha_alert/warning/notice calls.
2021-06-04 12:22:08 -04:00
ha_warning("Layer 7 hash not possible for %s '%s' (needs 'mode http'). Falling back to round robin.\n",
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
proxy_type_str(curproxy), curproxy->id);
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
}
[BUG] config: disable 'option httplog' on TCP proxies Gabriel Sosa reported that logs were appearing with BADREQ when 'option httplog' was used with a TCP proxy (eg: inherited via a default instance). This patch detects it and falls back to tcplog after emitting a warning. (cherry picked from commit 5f0bd6537f8b56b643ef485d7a3c96d996d9b01a)
2009-11-09 15:27:51 -05:00
if (curproxy->to_log & (LW_REQ | LW_RESP)) {
curproxy->to_log &= ~(LW_REQ | LW_RESP);
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("parsing [%s:%d] : HTTP log/header format not usable with %s '%s' (needs 'mode http').\n",
curproxy->conf.lfs_file, curproxy->conf.lfs_line,
proxy_type_str(curproxy), curproxy->id);
[BUG] config: disable 'option httplog' on TCP proxies Gabriel Sosa reported that logs were appearing with BADREQ when 'option httplog' was used with a TCP proxy (eg: inherited via a default instance). This patch detects it and falls back to tcplog after emitting a warning. (cherry picked from commit 5f0bd6537f8b56b643ef485d7a3c96d996d9b01a)
2009-11-09 15:27:51 -05:00
}
BUG/MEDIUM: log: fix regression on log-format handling Commit a4312fa2 merged into dev18 improved log-format management by processing "log-format" and "unique-id-format" where they were declared, so that the faulty args could be reported with their correct line numbers. Unfortunately, the log-format parser considers the proxy mode (TCP/HTTP) and now if the directive is set before the "mode" statement, it can be rejected and report warnings. So we really need to parse these directives at the end of a section at least. Right now we do not have an "end of section" event, so we need to store the file name and line number for each of these directives, and take care of them at the end. One of the benefits is that now the line numbers can be inherited from the line passing "option httplog" even if it's in a defaults section. Future improvements should be performed to report line numbers in every log-format processed by the parser.
2013-04-12 12:13:46 -04:00
if (curproxy->conf.logformat_string == default_http_log_format ||
curproxy->conf.logformat_string == clf_http_log_format) {
/* Note: we don't change the directive's file:line number */
curproxy->conf.logformat_string = default_tcp_log_format;
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("parsing [%s:%d] : 'option httplog' not usable with %s '%s' (needs 'mode http'). Falling back to 'option tcplog'.\n",
curproxy->conf.lfs_file, curproxy->conf.lfs_line,
proxy_type_str(curproxy), curproxy->id);
BUG/MINOR: fix option httplog validation with TCP frontends Option httplog needs to be checked only once the proxy has been validated, so that its final mode (tcp/http) can be used. Also we need to check for httplog before checking the log format, so that we can report a warning about this specific option and not about the format it implies.
2012-05-31 13:30:26 -04:00
}
MINOR: ssl: Define a default https log format This patch adds a new httpslog option and a new HTTP over SSL log-format that expands the default HTTP format and adds SSL specific information.
2021-07-29 03:45:52 -04:00
else if (curproxy->conf.logformat_string == default_https_log_format) {
/* Note: we don't change the directive's file:line number */
curproxy->conf.logformat_string = default_tcp_log_format;
ha_warning("parsing [%s:%d] : 'option httpslog' not usable with %s '%s' (needs 'mode http'). Falling back to 'option tcplog'.\n",
curproxy->conf.lfs_file, curproxy->conf.lfs_line,
proxy_type_str(curproxy), curproxy->id);
}
BUG/MINOR: fix option httplog validation with TCP frontends Option httplog needs to be checked only once the proxy has been validated, so that its final mode (tcp/http) can be used. Also we need to check for httplog before checking the log format, so that we can report a warning about this specific option and not about the format it implies.
2012-05-31 13:30:26 -04:00
[MINOR] cfgparse: some cleanups in the consistency checks Check for servers in health mode, for health mode in pure-backends. Some code have been refactored for better organization.
2009-03-15 08:46:16 -04:00
return 0;
}
MINOR: log/backend: ensure log exclusive params are not used in other modes add proxy_cfg_ensure_no_log() function (similar to proxy_cfg_ensure_no_http()) to ensure at the end of proxy parsing that no log exclusive options are found if the proxy is not in log mode.
2023-11-15 06:18:52 -05:00
/* This function checks that the designated proxy has no log directives
* enabled. It will output a warning if there are, and will fix some of them.
* It returns the number of fatal errors encountered. This should be called
* at the end of the configuration parsing if the proxy is not in log mode.
* The <file> argument is used to construct the error message.
*/
int proxy_cfg_ensure_no_log(struct proxy *curproxy)
{
if (curproxy->lbprm.algo & BE_LB_NEED_LOG) {
curproxy->lbprm.algo &= ~BE_LB_ALGO;
curproxy->lbprm.algo |= BE_LB_ALGO_RR;
ha_warning("Unusable balance algorithm for %s '%s' (needs 'mode log'). Falling back to round robin.\n",
proxy_type_str(curproxy), curproxy->id);
}
return 0;
}
[BUG] proxy: stats frontend and peers were missing many initializers This was revealed with one of the very latest patches which caused the listener_queue not to be initialized on the stats socket frontend. And in fact a number of other ones were missing too. This is getting so boring that now we'll always make use of the same function to initialize any proxy. Doing so has even saved about 500 bytes on the binary due to the avoided code redundancy. No backport is needed.
2011-07-28 19:49:03 -04:00
/* Perform the most basic initialization of a proxy :
* memset(), list_init(*), reset_timeouts(*).
[BUG] peers: the peer frontend must not emit any log Peers' frontends must have logging disabled by default, which was not the case, so logs were randomly emitted upon restart, sometimes causing a new process to fail to replace the old one.
2011-09-07 12:41:08 -04:00
* Any new proxy or peer should be initialized via this function.
[BUG] proxy: stats frontend and peers were missing many initializers This was revealed with one of the very latest patches which caused the listener_queue not to be initialized on the stats socket frontend. And in fact a number of other ones were missing too. This is getting so boring that now we'll always make use of the same function to initialize any proxy. Doing so has even saved about 500 bytes on the binary due to the avoided code redundancy. No backport is needed.
2011-07-28 19:49:03 -04:00
*/
void init_new_proxy(struct proxy *p)
{
memset(p, 0, sizeof(struct proxy));
MAJOR: connection: replace struct target with a pointer to an enum Instead of storing a couple of (int, ptr) in the struct connection and the struct session, we use a different method : we only store a pointer to an integer which is stored inside the target object and which contains a unique type identifier. That way, the pointer allows us to retrieve the object type (by dereferencing it) and the object's address (by computing the displacement in the target structure). The NULL pointer always corresponds to OBJ_TYPE_NONE. This reduces the size of the connection and session structs. It also simplifies target assignment and compare. In order to improve the generated code, we try to put the obj_type element at the beginning of all the structs (listener, server, proxy, si_applet), so that the original and target pointers are always equal. A lot of code was touched by massive replaces, but the changes are not that important.
2012-11-11 18:42:33 -05:00
p->obj_type = OBJ_TYPE_PROXY;
MINOR: queue: add a pointer to the server and the proxy in the queue A queue is specific to a server or a proxy, so we don't need to place this distinction inside all pendconns, it can be in the queue itself. This commit adds the relevant fields "px" and "sv" into the struct queue, and initializes them accordingly.
2021-06-23 10:11:02 -04:00
queue_init(&p->queue, p, NULL);
[BUG] proxy: stats frontend and peers were missing many initializers This was revealed with one of the very latest patches which caused the listener_queue not to be initialized on the stats socket frontend. And in fact a number of other ones were missing too. This is getting so boring that now we'll always make use of the same function to initialize any proxy. Doing so has even saved about 500 bytes on the binary due to the avoided code redundancy. No backport is needed.
2011-07-28 19:49:03 -04:00
LIST_INIT(&p->acl);
LIST_INIT(&p->http_req_rules);
MEDIUM: http: add a new "http-response" ruleset Some actions were clearly missing to process response headers. This patch adds a new "http-response" ruleset which provides the following actions : - allow : stop evaluating http-response rules - deny : stop and reject the response with a 502 - add-header : add a header in log-format mode - set-header : set a header in log-format mode
2013-06-11 10:06:12 -04:00
LIST_INIT(&p->http_res_rules);
MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding This patch introduces the 'http-after-response' rules. These rules are evaluated at the end of the response analysis, just before the data forwarding, on ALL HTTP responses, the server ones but also all responses generated by HAProxy. Thanks to this ruleset, it is now possible for instance to add some headers to the responses generated by the stats applet. Following actions are supported : * allow * add-header * del-header * replace-header * replace-value * set-header * set-status * set-var * strict-mode * unset-var
2020-01-22 03:26:35 -05:00
LIST_INIT(&p->http_after_res_rules);
[BUG] proxy: stats frontend and peers were missing many initializers This was revealed with one of the very latest patches which caused the listener_queue not to be initialized on the stats socket frontend. And in fact a number of other ones were missing too. This is getting so boring that now we'll always make use of the same function to initialize any proxy. Doing so has even saved about 500 bytes on the binary due to the avoided code redundancy. No backport is needed.
2011-07-28 19:49:03 -04:00
LIST_INIT(&p->redirect_rules);
LIST_INIT(&p->mon_fail_cond);
LIST_INIT(&p->switching_rules);
MEDIUM: session: implement the "use-server" directive Sometimes it is desirable to forward a particular request to a specific server without having to declare a dedicated backend for this server. This can be achieved using the "use-server" rules. These rules are evaluated after the "redirect" rules and before evaluating cookies, and they have precedence on them. There may be as many "use-server" rules as desired. All of these rules are evaluated in their declaration order, and the first one which matches will assign the server.
2012-04-05 15:09:48 -04:00
LIST_INIT(&p->server_rules);
[BUG] proxy: stats frontend and peers were missing many initializers This was revealed with one of the very latest patches which caused the listener_queue not to be initialized on the stats socket frontend. And in fact a number of other ones were missing too. This is getting so boring that now we'll always make use of the same function to initialize any proxy. Doing so has even saved about 500 bytes on the binary due to the avoided code redundancy. No backport is needed.
2011-07-28 19:49:03 -04:00
LIST_INIT(&p->persist_rules);
LIST_INIT(&p->sticking_rules);
LIST_INIT(&p->storersp_rules);
LIST_INIT(&p->tcp_req.inspect_rules);
LIST_INIT(&p->tcp_rep.inspect_rules);
LIST_INIT(&p->tcp_req.l4_rules);
MEDIUM: tcp: add registration and processing of TCP L5 rules This commit introduces "tcp-request session" rules. These are very much like "tcp-request connection" rules except that they're processed after the handshake, so it is possible to consider SSL information and addresses rewritten by the proxy protocol header in actions. This is particularly useful to track proxied sources as this was not possible before, given that tcp-request content rules are processed after each HTTP request. Similarly it is possible to assign the proxied source address or the client's cert to a variable.
2016-10-21 10:37:51 -04:00
LIST_INIT(&p->tcp_req.l5_rules);
MEDIUM: list: Separate "locked" list from regular list. Instead of using the same type for regular linked lists and "autolocked" linked lists, use a separate type, "struct mt_list", for the autolocked one, and introduce a set of macros, similar to the LIST_* macros, with the MT_ prefix. When we use the same entry for both regular list and autolocked list, as is done for the "list" field in struct connection, we know have to explicitely cast it to struct mt_list when using MT_ macros.
2019-08-08 09:47:21 -04:00
MT_LIST_INIT(&p->listener_queue);
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
LIST_INIT(&p->loggers);
MINOR: config: Parse the string of the log-format config keyword parse_logformat_string: parse the string, detect the type: text, separator or variable parse_logformat_var: dectect variable name parse_logformat_var_args: parse arguments and flags add_to_logformat_list: add to the logformat linked list
2012-02-08 10:37:49 -05:00
LIST_INIT(&p->logformat);
MEDIUM: logs: add a new RFC5424 log-format for the structured-data This patch adds a new RFC5424-specific log-format for the structured-data that is automatically send by __send_log() when the sender is in RFC5424 mode. A new statement "log-format-sd" should be used in order to set log-format for the structured-data part in RFC5424 formatted syslog messages. Example: log-format-sd [exampleSDID@1234\ bytes=\"%B\"\ status=\"%ST\"]
2015-09-25 13:17:44 -04:00
LIST_INIT(&p->logformat_sd);
MEDIUM: log: Unique ID The Unique ID, is an ID generated with several informations. You can use a log-format string to customize it, with the "unique-id-format" keyword, and insert it in the request header, with the "unique-id-header" keyword.
2012-03-12 07:48:57 -04:00
LIST_INIT(&p->format_unique_id);
MINOR: log: Add new "error-log-format" option This option can be used to define a specific log format that will be used in case of error, timeout, connection failure on a frontend... It will be used for any log line concerned by the log-separate-errors option. It will also replace the format of specific error messages decribed in section 8.2.6. If no "error-log-format" is defined, the legacy error messages are still emitted and the other error logs keep using the regular log-format.
2021-08-31 06:08:52 -04:00
LIST_INIT(&p->logformat_error);
MEDIUM: config: replace ssl_conf by bind_conf Some settings need to be merged per-bind config line and are not necessarily SSL-specific. It becomes quite inconvenient to have this ssl_conf SSL-specific, so let's replace it with something more generic.
2012-09-13 11:54:29 -04:00
LIST_INIT(&p->conf.bind);
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
LIST_INIT(&p->conf.listeners);
MEDIUM: proxy: Add a directive to reference an http-errors section in a proxy It is now possible to import in a proxy, fully or partially, error files declared in an http-errors section. It may be done using the "errorfiles" directive, followed by a name and optionally a list of status code. If there is no status code specified, all error files of the http-errors section are imported. Otherwise, only error files associated to the listed status code are imported. For instance : http-errors my-errors errorfile 400 ... errorfile 403 ... errorfile 404 ... frontend frt errorfiles my-errors 403 404 # ==> error 400 not imported
2020-01-13 09:52:01 -05:00
LIST_INIT(&p->conf.errors);
MAJOR: sample: maintain a per-proxy list of the fetch args to resolve While ACL args were resolved after all the config was parsed, it was not the case with sample fetch args because they're almost everywhere now. The issue is that ACLs now solely rely on sample fetches, so their args resolving doesn't work anymore. And many fetches involving a server, a proxy or a userlist don't work at all. The real issue is that at the bottom layers we have no information about proxies, line numbers, even ACLs in order to report understandable errors, and that at the top layers we have no visibility over the locations where fetches are referenced (think log node). After failing multiple unsatisfying solutions attempts, we now have a new concept of args list. The principle is that every proxy has a list head which contains a number of indications such as the config keyword, the context where it's used, the file and line number, etc... and a list of arguments. This list head is of the same type as the elements, so it serves as a template for adding new elements. This way, it is filled from top to bottom by the callers with the information they have (eg: line numbers, ACL name, ...) and the lower layers just have to duplicate it and add an element when they face an argument they cannot resolve yet. Then at the end of the configuration parsing, a loop passes over each proxy's list and resolves all the args in sequence. And this way there is all necessary information to report verbose errors. The first immediate benefit is that for the first time we got very precise location of issues (arg number in a keyword in its context, ...). Second, in order to do this we had to parse log-format and unique-id-format a bit earlier, so that was a great opportunity for doing so when the directives are encountered (unless it's a default section). This way, the recorded line numbers for these args are the ones of the place where the log format is declared, not the end of the file. Userlists report slightly more information now. They're the only remaining ones in the ACL resolving function.
2013-04-02 10:34:32 -04:00
LIST_INIT(&p->conf.args.list);
MINOR: filters: Extract proxy stuff from the struct filter Now, filter's configuration (.id, .conf and .ops fields) is stored in the structure 'flt_conf'. So proxies own a flt_conf list instead of a filter list. When a filter is attached to a stream, it gets a pointer on its configuration. This avoids mixing the filter's context (owns by a stream) and its configuration (owns by a proxy). It also saves 2 pointers per filter instance.
2016-02-04 07:40:26 -05:00
LIST_INIT(&p->filter_configs);
MEDIUM: checks: Add a list of vars to set before executing a tpc-check ruleset A list of variables is now associated to each tcp-check ruleset. It is more a less a list of set-var expressions. This list may be filled during the configuration parsing. The listed variables will then be set during each execution of the tcp-check healthcheck, at the begining, before execution of the the first tcp-check rule. This patch is mandatory to convert all protocol checks to tcp-checks. It is a way to customize shared tcp-check rulesets.
2020-04-02 12:05:11 -04:00
LIST_INIT(&p->tcpcheck_rules.preset_vars);
[BUG] proxy: stats frontend and peers were missing many initializers This was revealed with one of the very latest patches which caused the listener_queue not to be initialized on the stats socket frontend. And in fact a number of other ones were missing too. This is getting so boring that now we'll always make use of the same function to initialize any proxy. Doing so has even saved about 500 bytes on the binary due to the avoided code redundancy. No backport is needed.
2011-07-28 19:49:03 -04:00
MEDIUM: proxy: only take defaults when a default proxy is passed. The proxy initialization code relies on three phases, allocation, pre-initialization, and assignments from defaults. This last part is entirely taken from the defaults proxy when arguments are set. This sensibly complexifies the initialization code as it requires to always have a default proxy. This patch instead first applies the original default settings on a proxy, and then uses those from a default proxy only if one such is used. This will allow to initialize a proxy out of any default proxy while still using valid defaults. A careful inspection of the function showed that only 4 fields used to be set regardless of the default proxy, and those were moved to init_new_proxy() where they ought to have been in the first place.
2021-02-12 03:15:16 -05:00
p->defsrv.id = "default-server";
p->conf.used_listener_id = EB_ROOT;
p->conf.used_server_id = EB_ROOT;
p->used_server_addr = EB_ROOT_UNIQUE;
[BUG] proxy: stats frontend and peers were missing many initializers This was revealed with one of the very latest patches which caused the listener_queue not to be initialized on the stats socket frontend. And in fact a number of other ones were missing too. This is getting so boring that now we'll always make use of the same function to initialize any proxy. Doing so has even saved about 500 bytes on the binary due to the avoided code redundancy. No backport is needed.
2011-07-28 19:49:03 -04:00
/* Timeouts are defined as -1 */
proxy_reset_timeouts(p);
p->tcp_rep.inspect_delay = TICK_ETERNITY;
MEDIUM: proxy: add the global frontend to the list of normal proxies Since recent changes on the global frontend, it was not possible anymore to soft-reload a process which had a stats socket because the socket would not be disabled upon reload. The only solution to this endless madness is to have the global frontend part of normal proxies. Since we don't want to get an ID that shifts all other proxies and causes trouble in deployed environments, we assign it ID #0 which other proxies can't grab, and we don't report it in the stats pages.
2012-10-04 02:47:34 -04:00
/* initial uuid is unassigned (-1) */
p->uuid = -1;
MEDIUM: threads/proxy: Add a lock per proxy and atomically update proxy vars Now, each proxy contains a lock that must be used when necessary to protect it. Moreover, all proxy's counters are now updated using atomic operations.
2017-06-02 09:33:24 -04:00
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
/* Default to only allow L4 retries */
p->retry_type = PR_RE_CONN_FAILED;
BUG/MEDIUM: stats: prevent crash if counters not alloc with dummy one Define a per-thread counters allocated with the greatest size of any stat module counters. This variable is named trash_counters. When using a proxy without allocated counters, return the trash counters from EXTRA_COUNTERS_GET instead of a dangling pointer to prevent segfault. This is useful for all the proxies used internally and not belonging to the global proxy list. As these objects does not appears on the stat report, it does not matter to use the dummy counters. For this fix to be functional, the extra counters are explicitly initialized to NULL on proxy/server/listener init functions. Most notably, the crash has already been detected with the following vtc: - reg-tests/lua/txn_get_priv.vtc - reg-tests/peers/tls_basic_sync.vtc - reg-tests/peers/tls_basic_sync_wo_stkt_backend.vtc There is probably other parts that may be impacted (SPOE for example). This bug was introduced in the current release and do not need to be backported. The faulty commits are "MINOR: ssl: count client hello for stats" and "MINOR: ssl: add counters for ssl sessions".
2020-11-10 08:24:31 -05:00
p->extra_counters_fe = NULL;
p->extra_counters_be = NULL;
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_INIT(&p->lock);
BUG/MEDIUM: proxy: always initialize the default settings after init The proxy's initialization is rather odd. First, init_new_proxy() is called to zero all the lists and certain values, except those that can come from defaults, which are initialized by proxy_preset_defaults(). The default server settings are also only set there. This results in these settings not to be set for a number of internal proxies that do not explicitly call proxy_preset_defaults() after allocation, such as sink and log forwarders. This was revealed by last commit 79aa63823 ("MINOR: server: always initialize pp_tlvs for default servers") which crashes in log parsers when applied to certain proxies which did not initialize their default servers. In theory this should be backported, however it would be desirable to wait a bit before backporting it, in case certain parts would rely on these elements not being initialized.
2023-11-13 03:17:05 -05:00
/* initialize the default settings */
proxy_preset_defaults(p);
[BUG] proxy: stats frontend and peers were missing many initializers This was revealed with one of the very latest patches which caused the listener_queue not to be initialized on the stats socket frontend. And in fact a number of other ones were missing too. This is getting so boring that now we'll always make use of the same function to initialize any proxy. Doing so has even saved about 500 bytes on the binary due to the avoided code redundancy. No backport is needed.
2011-07-28 19:49:03 -04:00
}
REORG: move init_default_instance() to proxy.c and pass it the defproxy pointer init_default_instance() was still left in cfgparse.c which is not the best place to pre-initialize a proxy. Let's place it in proxy.c just after init_new_proxy(), take this opportunity for renaming it to proxy_preset_defaults() and taking out init_new_proxy() from it, and let's pass it the pointer to the default proxy to be initialized instead of implicitly assuming defproxy. We'll soon be able to exploit this. Only two call places had to be updated.
2021-02-12 02:19:01 -05:00
/* Preset default settings onto proxy <defproxy>. */
void proxy_preset_defaults(struct proxy *defproxy)
{
defproxy->mode = PR_MODE_TCP;
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
defproxy->flags = 0;
MINOR: proxy: rename PR_CAP_LUA to PR_CAP_INT This patch renames the proxy capability "LUA" to "INT" so it could be used for any internal proxy. Every proxy that are not user defined should use this flag.
2021-07-28 09:48:16 -04:00
if (!(defproxy->cap & PR_CAP_INT)) {
MINOR: proxy: define cap PR_CAP_LUA Define a new cap PR_CAP_LUA. It can be used to allocate the internal proxy for lua Socket class. This cap overrides default settings for preferable values in the lua context.
2021-03-24 05:49:34 -04:00
defproxy->maxconn = cfg_maxpconn;
defproxy->conn_retries = CONN_RETRIES;
}
REORG: move init_default_instance() to proxy.c and pass it the defproxy pointer init_default_instance() was still left in cfgparse.c which is not the best place to pre-initialize a proxy. Let's place it in proxy.c just after init_new_proxy(), take this opportunity for renaming it to proxy_preset_defaults() and taking out init_new_proxy() from it, and let's pass it the pointer to the default proxy to be initialized instead of implicitly assuming defproxy. We'll soon be able to exploit this. Only two call places had to be updated.
2021-02-12 02:19:01 -05:00
defproxy->redispatch_after = 0;
defproxy->options = PR_O_REUSE_SAFE;
MINOR: proxy: rename PR_CAP_LUA to PR_CAP_INT This patch renames the proxy capability "LUA" to "INT" so it could be used for any internal proxy. Every proxy that are not user defined should use this flag.
2021-07-28 09:48:16 -04:00
if (defproxy->cap & PR_CAP_INT)
MINOR: proxy: define cap PR_CAP_LUA Define a new cap PR_CAP_LUA. It can be used to allocate the internal proxy for lua Socket class. This cap overrides default settings for preferable values in the lua context.
2021-03-24 05:49:34 -04:00
defproxy->options2 |= PR_O2_INDEPSTR;
REORG: move init_default_instance() to proxy.c and pass it the defproxy pointer init_default_instance() was still left in cfgparse.c which is not the best place to pre-initialize a proxy. Let's place it in proxy.c just after init_new_proxy(), take this opportunity for renaming it to proxy_preset_defaults() and taking out init_new_proxy() from it, and let's pass it the pointer to the default proxy to be initialized instead of implicitly assuming defproxy. We'll soon be able to exploit this. Only two call places had to be updated.
2021-02-12 02:19:01 -05:00
defproxy->max_out_conns = MAX_SRV_LIST;
BUG/MEDIUM: server: fix dynamic servers initial settings Contrary to static servers, dynamic servers does not initialize their settings from a default server instance. As such, _srv_parse_init() was responsible to set a set of minimal values to have a correct behavior. However, some settings were not properly initialized. This caused dynamic servers to not behave as static ones without explicit parameters. Currently, the main issue detected is connection reuse which was completely impossible. This is due to incorrect pool_purge_delay and max_reuse settings incompatible with srv_add_to_idle_list(). To fix the connection reuse, but also more generally to ensure dynamic servers are aligned with other server instances, define a new function srv_settings_init(). This is used to set initial values for both default servers and dynamic servers. For static servers, srv_settings_cpy() is kept instead, using their default server as reference. This patch could have unexpected effects on dynamic servers behavior as it restored proper initial settings. Previously, they were set to 0 via calloc() invocation from new_server(). This should be backported up to 2.6, after a brief period of observation.
2024-02-27 09:33:59 -05:00
srv_settings_init(&defproxy->defsrv);
REORG: move init_default_instance() to proxy.c and pass it the defproxy pointer init_default_instance() was still left in cfgparse.c which is not the best place to pre-initialize a proxy. Let's place it in proxy.c just after init_new_proxy(), take this opportunity for renaming it to proxy_preset_defaults() and taking out init_new_proxy() from it, and let's pass it the pointer to the default proxy to be initialized instead of implicitly assuming defproxy. We'll soon be able to exploit this. Only two call places had to be updated.
2021-02-12 02:19:01 -05:00
defproxy->email_alert.level = LOG_ALERT;
defproxy->load_server_state_from_file = PR_SRV_STATE_FILE_UNSPEC;
MINOR: proxy: define cap PR_CAP_LUA Define a new cap PR_CAP_LUA. It can be used to allocate the internal proxy for lua Socket class. This cap overrides default settings for preferable values in the lua context.
2021-03-24 05:49:34 -04:00
MINOR: proxy: rename PR_CAP_LUA to PR_CAP_INT This patch renames the proxy capability "LUA" to "INT" so it could be used for any internal proxy. Every proxy that are not user defined should use this flag.
2021-07-28 09:48:16 -04:00
if (defproxy->cap & PR_CAP_INT)
MINOR: proxy: define cap PR_CAP_LUA Define a new cap PR_CAP_LUA. It can be used to allocate the internal proxy for lua Socket class. This cap overrides default settings for preferable values in the lua context.
2021-03-24 05:49:34 -04:00
defproxy->timeout.connect = 5000;
REORG: move init_default_instance() to proxy.c and pass it the defproxy pointer init_default_instance() was still left in cfgparse.c which is not the best place to pre-initialize a proxy. Let's place it in proxy.c just after init_new_proxy(), take this opportunity for renaming it to proxy_preset_defaults() and taking out init_new_proxy() from it, and let's pass it the pointer to the default proxy to be initialized instead of implicitly assuming defproxy. We'll soon be able to exploit this. Only two call places had to be updated.
2021-02-12 02:19:01 -05:00
}
MINOR: proxy: move the defproxy freeing code to proxy.c This used to be open-coded in cfgparse-listen.c when facing a "defaults" keyword. Let's move this into proxy_free_defaults(). This code is ugly and doesn't even reset the just freed pointers. Let's not change this yet. This code should probably be merged with a generic proxy deinit function called from deinit(). However there's a catch on uri_auth which cannot be freed because it might be used by one or several proxies. We definitely need refcounts there!
2021-02-12 04:38:49 -05:00
/* Frees all dynamic settings allocated on a default proxy that's about to be
* destroyed. This is a subset of the complete proxy deinit code, but these
* should probably be merged ultimately. Note that most of the fields are not
* even reset, so extreme care is required here, and calling
* proxy_preset_defaults() afterwards would be safer.
*/
void proxy_free_defaults(struct proxy *defproxy)
{
BUG/MINOR: proxy: Release ACLs and TCP/HTTP rules of default proxies It is now possible to have TCP/HTTP rules and ACLs defined in defaults sections. So we must try to release corresponding lists when a default proxy is destroyed. No backport needed.
2021-10-15 08:33:34 -04:00
struct acl *acl, *aclb;
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
struct logger *log, *logb;
BUG/MEDIUM: rules: Be able to use captures defined in defaults section Since the 2.5, it is possible to define TCP/HTTP ruleset in defaults sections. However, rules defining a capture in defaults sections was not properly handled because they was not shared with the proxies inheriting from the defaults section. This led to crash when haproxy tried to store a new capture. So now, to fix the issue, when a new proxy is created, the list of captures points to the list of its defaults section. It may be NULL or not. All new caputres are prepended to this list. It is not a problem to share the same defaults section between several proxies, because it is not altered and we take care to not release it when corresponding proxies are freed but only when defaults proxies are freed. To do so, defaults proxies are now unreferenced at the end of free_proxy() function instead of the beginning. This patch should fix the issue #1674. It must be backported to 2.5.
2022-04-25 08:30:58 -04:00
struct cap_hdr *h,*h_next;
BUG/MINOR: proxy: Release ACLs and TCP/HTTP rules of default proxies It is now possible to have TCP/HTTP rules and ACLs defined in defaults sections. So we must try to release corresponding lists when a default proxy is destroyed. No backport needed.
2021-10-15 08:33:34 -04:00
CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) This makes the code more readable and less prone to copy-paste errors. In addition, it allows to place some __builtin_constant_p() predicates to trigger a link-time error in case the compiler knows that the freed area is constant. It will also produce compile-time error if trying to free something that is not a regular pointer (e.g. a function). The DEBUG_MEM_STATS macro now also defines an instance for ha_free() so that all these calls can be checked. 178 occurrences were converted. The vast majority of them were handled by the following Coccinelle script, some slightly refined to better deal with "&*x" or with long lines: @ rule @ expression E; @@ - free(E); - E = NULL; + ha_free(&E); It was verified that the resulting code is the same, more or less a handful of cases where the compiler optimized slightly differently the temporary variable that holds the copy of the pointer. A non-negligible amount of {free(str);str=NULL;str_len=0;} are still present in the config part (mostly header names in proxies). These ones should also be cleaned for the same reasons, and probably be turned into ist strings.
2021-02-20 04:46:51 -05:00
ha_free(&defproxy->id);
ha_free(&defproxy->conf.file);
BUG/MINOR: server: do not leak default-server in defaults sections When a default-server directive is used in a defaults section, it's never freed and the "defaults" proxy gets reset without freeing the fields from that default-server. Normally there are no allocation there, except for the config file location stored in srv->conf.file form an strdup() since commit 9394a9444 ("REORG: server: move alert traces in parse_server") that appeared in 2.4. In addition, if a "default-server" directive appears multiple times in a defaults section, one more entry will be leaked per call. This commit addresses this by checking that we don't overwrite the file upon multiple calls, and by clearing it when resetting the default proxy. This should be backported to 2.4.
2023-11-23 08:28:14 -05:00
ha_free((char **)&defproxy->defsrv.conf.file);
CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) This makes the code more readable and less prone to copy-paste errors. In addition, it allows to place some __builtin_constant_p() predicates to trigger a link-time error in case the compiler knows that the freed area is constant. It will also produce compile-time error if trying to free something that is not a regular pointer (e.g. a function). The DEBUG_MEM_STATS macro now also defines an instance for ha_free() so that all these calls can be checked. 178 occurrences were converted. The vast majority of them were handled by the following Coccinelle script, some slightly refined to better deal with "&*x" or with long lines: @ rule @ expression E; @@ - free(E); - E = NULL; + ha_free(&E); It was verified that the resulting code is the same, more or less a handful of cases where the compiler optimized slightly differently the temporary variable that holds the copy of the pointer. A non-negligible amount of {free(str);str=NULL;str_len=0;} are still present in the config part (mostly header names in proxies). These ones should also be cleaned for the same reasons, and probably be turned into ist strings.
2021-02-20 04:46:51 -05:00
ha_free(&defproxy->check_command);
ha_free(&defproxy->check_path);
ha_free(&defproxy->cookie_name);
ha_free(&defproxy->rdp_cookie_name);
ha_free(&defproxy->dyncookie_key);
ha_free(&defproxy->cookie_domain);
ha_free(&defproxy->cookie_attrs);
ha_free(&defproxy->lbprm.arg_str);
ha_free(&defproxy->capture_name);
MINOR: proxy: Store monitor_uri as a `struct ist` The monitor_uri is already processed as an ist in `http_wait_for_request`, lets also just store it as such. see 0643b0e7e ("MINOR: proxy: Make `header_unique_id` a `struct ist`") for a very similar past commit.
2022-03-04 18:52:40 -05:00
istfree(&defproxy->monitor_uri);
CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) This makes the code more readable and less prone to copy-paste errors. In addition, it allows to place some __builtin_constant_p() predicates to trigger a link-time error in case the compiler knows that the freed area is constant. It will also produce compile-time error if trying to free something that is not a regular pointer (e.g. a function). The DEBUG_MEM_STATS macro now also defines an instance for ha_free() so that all these calls can be checked. 178 occurrences were converted. The vast majority of them were handled by the following Coccinelle script, some slightly refined to better deal with "&*x" or with long lines: @ rule @ expression E; @@ - free(E); - E = NULL; + ha_free(&E); It was verified that the resulting code is the same, more or less a handful of cases where the compiler optimized slightly differently the temporary variable that holds the copy of the pointer. A non-negligible amount of {free(str);str=NULL;str_len=0;} are still present in the config part (mostly header names in proxies). These ones should also be cleaned for the same reasons, and probably be turned into ist strings.
2021-02-20 04:46:51 -05:00
ha_free(&defproxy->defbe.name);
ha_free(&defproxy->conn_src.iface_name);
MEDIUM: proxy: Store server_id_hdr_name as a `struct ist` The server_id_hdr_name is already processed as an ist in various locations lets also just store it as such. see 0643b0e7e ("MINOR: proxy: Make `header_unique_id` a `struct ist`") for a very similar past commit.
2022-03-04 18:52:43 -05:00
istfree(&defproxy->server_id_hdr_name);
MINOR: proxy: move the defproxy freeing code to proxy.c This used to be open-coded in cfgparse-listen.c when facing a "defaults" keyword. Let's move this into proxy_free_defaults(). This code is ugly and doesn't even reset the just freed pointers. Let's not change this yet. This code should probably be merged with a generic proxy deinit function called from deinit(). However there's a catch on uri_auth which cannot be freed because it might be used by one or several proxies. We definitely need refcounts there!
2021-02-12 04:38:49 -05:00
MEDIUM: proxy/http_ext: implement dynamic http_ext proxy http-only options implemented in http_ext were statically stored within proxy struct. We're making some changes so that http_ext are now stored in a dynamically allocated structs. http_ext related structs are only allocated when needed to save some space whenever possible, and they are automatically freed upon proxy deletion. Related PX_O_HTTP{7239,XFF,XOT) option flags were removed because we're now considering an http_ext option as 'active' if it is allocated (ptr is not NULL) A few checks (and BUG_ON) were added to make these changes safe because it adds some (acceptable) complexity to the previous design. Also, proxy.http was renamed to proxy.http_ext to make things more explicit.
2023-01-09 05:09:03 -05:00
http_ext_clean(defproxy);
MINOR: proxy/http_ext: introduce proxy forwarded option Introducing http_ext class for http extension related work that doesn't fit into existing http classes. HTTP extension "forwarded", introduced with 7239 RFC is now supported by haproxy. The option supports various modes from simple to complex usages involving custom sample expressions. Examples : # Those servers want the ip address and protocol of the client request # Resulting header would look like this: # forwarded: proto=http;for=127.0.0.1 backend www_default mode http option forwarded #equivalent to: option forwarded proto for # Those servers want the requested host and hashed client ip address # as well as client source port (you should use seed for xxh32 if ensuring # ip privacy is a concern) # Resulting header would look like this: # forwarded: host="haproxy.org";for="_000000007F2F367E:60138" backend www_host mode http option forwarded host for-expr src,xxh32,hex for_port # Those servers want custom data in host, for and by parameters # Resulting header would look like this: # forwarded: host="host.com";by=_haproxy;for="[::1]:10" backend www_custom mode http option forwarded host-expr str(host.com) by-expr str(_haproxy) for for_port-expr int(10) # Those servers want random 'for' obfuscated identifiers for request # tracing purposes while protecting sensitive IP information # Resulting header would look like this: # forwarded: for=_000000002B1F4D63 backend www_for_hide mode http option forwarded for-expr rand,hex By default (no argument provided), forwarded option will try to mimic x-forward-for common setups (source client ip address + source protocol) The option is not available for frontends. no option forwarded is supported. More info about 7239 RFC here: https://www.rfc-editor.org/rfc/rfc7239.html More info about the feature in doc/configuration.txt This should address feature request GH #575 Depends on: - "MINOR: http_htx: add http_append_header() to append value to header" - "MINOR: sample: add ARGC_OPT" - "MINOR: proxy: introduce http only options"
2022-12-28 09:37:57 -05:00
BUG/MINOR: proxy: Release ACLs and TCP/HTTP rules of default proxies It is now possible to have TCP/HTTP rules and ACLs defined in defaults sections. So we must try to release corresponding lists when a default proxy is destroyed. No backport needed.
2021-10-15 08:33:34 -04:00
list_for_each_entry_safe(acl, aclb, &defproxy->acl, list) {
LIST_DELETE(&acl->list);
prune_acl(acl);
free(acl);
}
free_act_rules(&defproxy->tcp_req.inspect_rules);
free_act_rules(&defproxy->tcp_rep.inspect_rules);
free_act_rules(&defproxy->tcp_req.l4_rules);
free_act_rules(&defproxy->tcp_req.l5_rules);
free_act_rules(&defproxy->http_req_rules);
free_act_rules(&defproxy->http_res_rules);
free_act_rules(&defproxy->http_after_res_rules);
BUG/MEDIUM: rules: Be able to use captures defined in defaults section Since the 2.5, it is possible to define TCP/HTTP ruleset in defaults sections. However, rules defining a capture in defaults sections was not properly handled because they was not shared with the proxies inheriting from the defaults section. This led to crash when haproxy tried to store a new capture. So now, to fix the issue, when a new proxy is created, the list of captures points to the list of its defaults section. It may be NULL or not. All new caputres are prepended to this list. It is not a problem to share the same defaults section between several proxies, because it is not altered and we take care to not release it when corresponding proxies are freed but only when defaults proxies are freed. To do so, defaults proxies are now unreferenced at the end of free_proxy() function instead of the beginning. This patch should fix the issue #1674. It must be backported to 2.5.
2022-04-25 08:30:58 -04:00
h = defproxy->req_cap;
while (h) {
h_next = h->next;
free(h->name);
pool_destroy(h->pool);
free(h);
h = h_next;
}
h = defproxy->rsp_cap;
while (h) {
h_next = h->next;
free(h->name);
pool_destroy(h->pool);
free(h);
h = h_next;
}
MINOR: proxy: move the defproxy freeing code to proxy.c This used to be open-coded in cfgparse-listen.c when facing a "defaults" keyword. Let's move this into proxy_free_defaults(). This code is ugly and doesn't even reset the just freed pointers. Let's not change this yet. This code should probably be merged with a generic proxy deinit function called from deinit(). However there's a catch on uri_auth which cannot be freed because it might be used by one or several proxies. We definitely need refcounts there!
2021-02-12 04:38:49 -05:00
if (defproxy->conf.logformat_string != default_http_log_format &&
defproxy->conf.logformat_string != default_tcp_log_format &&
MINOR: ssl: Define a default https log format This patch adds a new httpslog option and a new HTTP over SSL log-format that expands the default HTTP format and adds SSL specific information.
2021-07-29 03:45:52 -04:00
defproxy->conf.logformat_string != clf_http_log_format &&
defproxy->conf.logformat_string != default_https_log_format) {
CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) This makes the code more readable and less prone to copy-paste errors. In addition, it allows to place some __builtin_constant_p() predicates to trigger a link-time error in case the compiler knows that the freed area is constant. It will also produce compile-time error if trying to free something that is not a regular pointer (e.g. a function). The DEBUG_MEM_STATS macro now also defines an instance for ha_free() so that all these calls can be checked. 178 occurrences were converted. The vast majority of them were handled by the following Coccinelle script, some slightly refined to better deal with "&*x" or with long lines: @ rule @ expression E; @@ - free(E); - E = NULL; + ha_free(&E); It was verified that the resulting code is the same, more or less a handful of cases where the compiler optimized slightly differently the temporary variable that holds the copy of the pointer. A non-negligible amount of {free(str);str=NULL;str_len=0;} are still present in the config part (mostly header names in proxies). These ones should also be cleaned for the same reasons, and probably be turned into ist strings.
2021-02-20 04:46:51 -05:00
ha_free(&defproxy->conf.logformat_string);
MINOR: proxy: always properly reset the just freed default instance pointers In proxy_free_defaults(); none of the free() calls was followed by a pointer reset. Not only it's hard to figure if one of them is duplicated, but this code started to call other functions which might or might not rely on such just freed pointers. Let's reset them as they should be to make sure there will never be any case of use-after-free. The 3 functions called there were inspected and are all unaffected by this so this remains safe to do right now.
2021-02-12 04:48:53 -05:00
}
MINOR: proxy: move the defproxy freeing code to proxy.c This used to be open-coded in cfgparse-listen.c when facing a "defaults" keyword. Let's move this into proxy_free_defaults(). This code is ugly and doesn't even reset the just freed pointers. Let's not change this yet. This code should probably be merged with a generic proxy deinit function called from deinit(). However there's a catch on uri_auth which cannot be freed because it might be used by one or several proxies. We definitely need refcounts there!
2021-02-12 04:38:49 -05:00
CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) This makes the code more readable and less prone to copy-paste errors. In addition, it allows to place some __builtin_constant_p() predicates to trigger a link-time error in case the compiler knows that the freed area is constant. It will also produce compile-time error if trying to free something that is not a regular pointer (e.g. a function). The DEBUG_MEM_STATS macro now also defines an instance for ha_free() so that all these calls can be checked. 178 occurrences were converted. The vast majority of them were handled by the following Coccinelle script, some slightly refined to better deal with "&*x" or with long lines: @ rule @ expression E; @@ - free(E); - E = NULL; + ha_free(&E); It was verified that the resulting code is the same, more or less a handful of cases where the compiler optimized slightly differently the temporary variable that holds the copy of the pointer. A non-negligible amount of {free(str);str=NULL;str_len=0;} are still present in the config part (mostly header names in proxies). These ones should also be cleaned for the same reasons, and probably be turned into ist strings.
2021-02-20 04:46:51 -05:00
if (defproxy->conf.logformat_sd_string != default_rfc5424_sd_log_format)
ha_free(&defproxy->conf.logformat_sd_string);
MINOR: proxy: move the defproxy freeing code to proxy.c This used to be open-coded in cfgparse-listen.c when facing a "defaults" keyword. Let's move this into proxy_free_defaults(). This code is ugly and doesn't even reset the just freed pointers. Let's not change this yet. This code should probably be merged with a generic proxy deinit function called from deinit(). However there's a catch on uri_auth which cannot be freed because it might be used by one or several proxies. We definitely need refcounts there!
2021-02-12 04:38:49 -05:00
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
list_for_each_entry_safe(log, logb, &defproxy->loggers, list) {
BUG/MINOR: logs: fix logsrv leaks on clean exit Log servers are a real mess because: - entries are duplicated using memcpy() without their strings being reallocated, which results in these ones not being freeable every time. - a new field, ring_name, was added in 2.2 by commit 99c453df9 ("MEDIUM: ring: new section ring to declare custom ring buffers.") but it's never initialized during copies, causing the same issue - no attempt is made at freeing all that. Of course, running "haproxy -c" under ASAN quickly notices that and dumps a core. This patch adds the missing strdup() and initialization where required, adds a new free_logsrv() function to cleanly free() such a structure, calls it from the proxy when iterating over logsrvs instead of silently leaking their file names and ring names, and adds the same logsrv loop to the proxy_free_defaults() function so that we don't leak defaults sections on exit. It looks a bit entangled, but it comes as a whole because all this stuff is inter-dependent and was missing. It's probably preferable not to backport this in the foreseable future as it may reveal other jokes if some obscure parts continue to memcpy() the logsrv struct.
2022-03-17 14:47:33 -04:00
LIST_DEL_INIT(&log->list);
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
free_logger(log);
BUG/MINOR: logs: fix logsrv leaks on clean exit Log servers are a real mess because: - entries are duplicated using memcpy() without their strings being reallocated, which results in these ones not being freeable every time. - a new field, ring_name, was added in 2.2 by commit 99c453df9 ("MEDIUM: ring: new section ring to declare custom ring buffers.") but it's never initialized during copies, causing the same issue - no attempt is made at freeing all that. Of course, running "haproxy -c" under ASAN quickly notices that and dumps a core. This patch adds the missing strdup() and initialization where required, adds a new free_logsrv() function to cleanly free() such a structure, calls it from the proxy when iterating over logsrvs instead of silently leaking their file names and ring names, and adds the same logsrv loop to the proxy_free_defaults() function so that we don't leak defaults sections on exit. It looks a bit entangled, but it comes as a whole because all this stuff is inter-dependent and was missing. It's probably preferable not to backport this in the foreseable future as it may reveal other jokes if some obscure parts continue to memcpy() the logsrv struct.
2022-03-17 14:47:33 -04:00
}
CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) This makes the code more readable and less prone to copy-paste errors. In addition, it allows to place some __builtin_constant_p() predicates to trigger a link-time error in case the compiler knows that the freed area is constant. It will also produce compile-time error if trying to free something that is not a regular pointer (e.g. a function). The DEBUG_MEM_STATS macro now also defines an instance for ha_free() so that all these calls can be checked. 178 occurrences were converted. The vast majority of them were handled by the following Coccinelle script, some slightly refined to better deal with "&*x" or with long lines: @ rule @ expression E; @@ - free(E); - E = NULL; + ha_free(&E); It was verified that the resulting code is the same, more or less a handful of cases where the compiler optimized slightly differently the temporary variable that holds the copy of the pointer. A non-negligible amount of {free(str);str=NULL;str_len=0;} are still present in the config part (mostly header names in proxies). These ones should also be cleaned for the same reasons, and probably be turned into ist strings.
2021-02-20 04:46:51 -05:00
ha_free(&defproxy->conf.uniqueid_format_string);
MINOR: log: Add new "error-log-format" option This option can be used to define a specific log format that will be used in case of error, timeout, connection failure on a frontend... It will be used for any log line concerned by the log-separate-errors option. It will also replace the format of specific error messages decribed in section 8.2.6. If no "error-log-format" is defined, the legacy error messages are still emitted and the other error logs keep using the regular log-format.
2021-08-31 06:08:52 -04:00
ha_free(&defproxy->conf.error_logformat_string);
CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) This makes the code more readable and less prone to copy-paste errors. In addition, it allows to place some __builtin_constant_p() predicates to trigger a link-time error in case the compiler knows that the freed area is constant. It will also produce compile-time error if trying to free something that is not a regular pointer (e.g. a function). The DEBUG_MEM_STATS macro now also defines an instance for ha_free() so that all these calls can be checked. 178 occurrences were converted. The vast majority of them were handled by the following Coccinelle script, some slightly refined to better deal with "&*x" or with long lines: @ rule @ expression E; @@ - free(E); - E = NULL; + ha_free(&E); It was verified that the resulting code is the same, more or less a handful of cases where the compiler optimized slightly differently the temporary variable that holds the copy of the pointer. A non-negligible amount of {free(str);str=NULL;str_len=0;} are still present in the config part (mostly header names in proxies). These ones should also be cleaned for the same reasons, and probably be turned into ist strings.
2021-02-20 04:46:51 -05:00
ha_free(&defproxy->conf.lfs_file);
ha_free(&defproxy->conf.lfsd_file);
ha_free(&defproxy->conf.uif_file);
MINOR: log: Add new "error-log-format" option This option can be used to define a specific log format that will be used in case of error, timeout, connection failure on a frontend... It will be used for any log line concerned by the log-separate-errors option. It will also replace the format of specific error messages decribed in section 8.2.6. If no "error-log-format" is defined, the legacy error messages are still emitted and the other error logs keep using the regular log-format.
2021-08-31 06:08:52 -04:00
ha_free(&defproxy->conf.elfs_file);
MINOR: proxy: move the defproxy freeing code to proxy.c This used to be open-coded in cfgparse-listen.c when facing a "defaults" keyword. Let's move this into proxy_free_defaults(). This code is ugly and doesn't even reset the just freed pointers. Let's not change this yet. This code should probably be merged with a generic proxy deinit function called from deinit(). However there's a catch on uri_auth which cannot be freed because it might be used by one or several proxies. We definitely need refcounts there!
2021-02-12 04:38:49 -05:00
chunk_destroy(&defproxy->log_tag);
free_email_alert(defproxy);
proxy_release_conf_errors(defproxy);
deinit_proxy_tcpcheck(defproxy);
/* FIXME: we cannot free uri_auth because it might already be used by
* another proxy (legacy code for stats URI ...). Refcount anyone ?
*/
}
MINOR: proxy: support storing defaults sections into their own tree Now we'll have a tree of named defaults sections. The regular insertion and lookup functions take care of the capability in order to select the appropriate tree. A new function proxy_destroy_defaults() removes a proxy from this tree and frees it entirely.
2021-02-12 07:52:11 -05:00
/* delete a defproxy from the tree if still in it, frees its content and its
* storage. Nothing is done if <px> is NULL or if it doesn't have PR_CAP_DEF
* set, allowing to pass it the direct result of a lookup function.
*/
void proxy_destroy_defaults(struct proxy *px)
{
if (!px)
return;
if (!(px->cap & PR_CAP_DEF))
return;
MINOR: proxy: Be able to reference the defaults section used by a proxy A proxy may now references the defaults section it is used. To do so, a pointer on the default proxy was added in the proxy structure. And a refcount must be used to track proxies using a default proxy. A default proxy is destroyed iff its refcount is equal to zero and when it drops to zero. All this stuff must be performed during init/deinit staged for now. All unreferenced default proxies are removed after the configuration parsing. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 03:50:53 -04:00
BUG_ON(px->conf.refcount != 0);
MINOR: proxy: support storing defaults sections into their own tree Now we'll have a tree of named defaults sections. The regular insertion and lookup functions take care of the capability in order to select the appropriate tree. A new function proxy_destroy_defaults() removes a proxy from this tree and frees it entirely.
2021-02-12 07:52:11 -05:00
ebpt_delete(&px->conf.by_name);
proxy_free_defaults(px);
free(px);
}
MINOR: proxy: Be able to reference the defaults section used by a proxy A proxy may now references the defaults section it is used. To do so, a pointer on the default proxy was added in the proxy structure. And a refcount must be used to track proxies using a default proxy. A default proxy is destroyed iff its refcount is equal to zero and when it drops to zero. All this stuff must be performed during init/deinit staged for now. All unreferenced default proxies are removed after the configuration parsing. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 03:50:53 -04:00
/* delete all unreferenced default proxies. A default proxy is unreferenced if
* its refcount is equal to zero.
*/
void proxy_destroy_all_unref_defaults()
MEDIUM: proxy: store the default proxies in a tree by name Now default proxies are stored into a dedicated tree, sorted by name. Only unnamed entries are not kept upon new section creation. The very first call to cfg_parse_listen() will automatically allocate a dummy defaults section which corresponds to the previous static one, since the code requires to have one at a few places. The first immediately visible benefit is that it allows to reuse alloc_new_proxy() to allocate a defaults section instead of doing it by hand. And the secret goal is to allow to keep multiple named defaults section in memory to reuse them from various proxies.
2021-02-12 08:08:31 -05:00
{
struct ebpt_node *n;
MINOR: proxy: Be able to reference the defaults section used by a proxy A proxy may now references the defaults section it is used. To do so, a pointer on the default proxy was added in the proxy structure. And a refcount must be used to track proxies using a default proxy. A default proxy is destroyed iff its refcount is equal to zero and when it drops to zero. All this stuff must be performed during init/deinit staged for now. All unreferenced default proxies are removed after the configuration parsing. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 03:50:53 -04:00
n = ebpt_first(&defproxy_by_name);
while (n) {
MEDIUM: proxy: store the default proxies in a tree by name Now default proxies are stored into a dedicated tree, sorted by name. Only unnamed entries are not kept upon new section creation. The very first call to cfg_parse_listen() will automatically allocate a dummy defaults section which corresponds to the previous static one, since the code requires to have one at a few places. The first immediately visible benefit is that it allows to reuse alloc_new_proxy() to allocate a defaults section instead of doing it by hand. And the secret goal is to allow to keep multiple named defaults section in memory to reuse them from various proxies.
2021-02-12 08:08:31 -05:00
struct proxy *px = container_of(n, struct proxy, conf.by_name);
BUG_ON(!(px->cap & PR_CAP_DEF));
MINOR: proxy: Be able to reference the defaults section used by a proxy A proxy may now references the defaults section it is used. To do so, a pointer on the default proxy was added in the proxy structure. And a refcount must be used to track proxies using a default proxy. A default proxy is destroyed iff its refcount is equal to zero and when it drops to zero. All this stuff must be performed during init/deinit staged for now. All unreferenced default proxies are removed after the configuration parsing. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 03:50:53 -04:00
n = ebpt_next(n);
if (!px->conf.refcount)
proxy_destroy_defaults(px);
MEDIUM: proxy: store the default proxies in a tree by name Now default proxies are stored into a dedicated tree, sorted by name. Only unnamed entries are not kept upon new section creation. The very first call to cfg_parse_listen() will automatically allocate a dummy defaults section which corresponds to the previous static one, since the code requires to have one at a few places. The first immediately visible benefit is that it allows to reuse alloc_new_proxy() to allocate a defaults section instead of doing it by hand. And the secret goal is to allow to keep multiple named defaults section in memory to reuse them from various proxies.
2021-02-12 08:08:31 -05:00
}
}
MINOR: proxy: Be able to reference the defaults section used by a proxy A proxy may now references the defaults section it is used. To do so, a pointer on the default proxy was added in the proxy structure. And a refcount must be used to track proxies using a default proxy. A default proxy is destroyed iff its refcount is equal to zero and when it drops to zero. All this stuff must be performed during init/deinit staged for now. All unreferenced default proxies are removed after the configuration parsing. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 03:50:53 -04:00
/* Add a reference on the default proxy <defpx> for the proxy <px> Nothing is
* done if <px> already references <defpx>. Otherwise, the default proxy
* refcount is incremented by one. For now, this operation is not thread safe
* and is perform during init stage only.
*/
void proxy_ref_defaults(struct proxy *px, struct proxy *defpx)
{
if (px->defpx == defpx)
return;
BUG_ON(px->defpx != NULL);
px->defpx = defpx;
defpx->conf.refcount++;
}
/* proxy <px> removes its reference on its default proxy. The default proxy
* refcount is decremented by one. If it was the last reference, the
* corresponding default proxy is destroyed. For now this operation is not
* thread safe and is performed during deinit staged only.
*/
void proxy_unref_defaults(struct proxy *px)
{
if (px->defpx == NULL)
return;
if (!--px->defpx->conf.refcount)
proxy_destroy_defaults(px->defpx);
px->defpx = NULL;
}
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
/* Allocates a new proxy <name> of type <cap>.
* Returns the proxy instance on success. On error, NULL is returned.
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
*/
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
struct proxy *alloc_new_proxy(const char *name, unsigned int cap, char **errmsg)
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
{
struct proxy *curproxy;
if ((curproxy = calloc(1, sizeof(*curproxy))) == NULL) {
memprintf(errmsg, "proxy '%s': out of memory", name);
goto fail;
}
init_new_proxy(curproxy);
MEDIUM: clock: replace timeval "now" with integer "now_ns" This puts an end to the occasional confusion between the "now" date that is internal, monotonic and not synchronized with the system's date, and "date" which is the system's date and not necessarily monotonic. Variable "now" was removed and replaced with a 64-bit integer "now_ns" which is a counter of nanoseconds. It wraps every 585 years, so if all goes well (i.e. if humanity does not need haproxy anymore in 500 years), it will just never wrap. This implies that now_ns is never nul and that the zero value can reliably be used as "not set yet" for a timestamp if needed. This will also simplify date checks where it becomes possible again to do "date1<date2". All occurrences of "tv_to_ns(&now)" were simply replaced by "now_ns". Due to the intricacies between now, global_now and now_offset, all 3 had to be turned to nanoseconds at once. It's not a problem since all of them were solely used in 3 functions in clock.c, but they make the patch look bigger than it really is. The clock_update_local_date() and clock_update_global_date() functions are now much simpler as there's no need anymore to perform conversions nor to round the timeval up or down. The wrapping continues to happen by presetting the internal offset in the short future so that the 32-bit now_ms continues to wrap 20 seconds after boot. The start_time used to calculate uptime can still be turned to nanoseconds now. One interrogation concerns global_now_ms which is used only for the freq counters. It's unclear whether there's more value in using two variables that need to be synchronized sequentially like today or to just use global_now_ns divided by 1 million. Both approaches will work equally well on modern systems, the difference might come from smaller ones. Better not change anyhting for now. One benefit of the new approach is that we now have an internal date with a resolution of the nanosecond and the precision of the microsecond, which can be useful to extend some measurements given that timestamps also have this resolution.
2023-04-28 03:16:15 -04:00
curproxy->last_change = ns_to_sec(now_ns);
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
curproxy->id = strdup(name);
curproxy->cap = cap;
MINOR: proxy: define cap PR_CAP_LUA Define a new cap PR_CAP_LUA. It can be used to allocate the internal proxy for lua Socket class. This cap overrides default settings for preferable values in the lua context.
2021-03-24 05:49:34 -04:00
MINOR: proxy: rename PR_CAP_LUA to PR_CAP_INT This patch renames the proxy capability "LUA" to "INT" so it could be used for any internal proxy. Every proxy that are not user defined should use this flag.
2021-07-28 09:48:16 -04:00
if (!(cap & PR_CAP_INT))
MINOR: proxy: define cap PR_CAP_LUA Define a new cap PR_CAP_LUA. It can be used to allocate the internal proxy for lua Socket class. This cap overrides default settings for preferable values in the lua context.
2021-03-24 05:49:34 -04:00
proxy_store_name(curproxy);
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
done:
return curproxy;
fail:
/* Note: in case of fatal error here, we WILL make valgrind unhappy,
* but its not worth trying to unroll everything here just before
* quitting.
*/
free(curproxy);
return NULL;
}
/* Copy the proxy settings from <defproxy> to <curproxy>.
* Returns 0 on success.
* Returns 1 on error. <errmsg> will be allocated with an error description.
*/
static int proxy_defproxy_cpy(struct proxy *curproxy, const struct proxy *defproxy,
char **errmsg)
{
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
struct logger *tmplogger;
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
char *tmpmsg = NULL;
MEDIUM: proxy: only take defaults when a default proxy is passed. The proxy initialization code relies on three phases, allocation, pre-initialization, and assignments from defaults. This last part is entirely taken from the defaults proxy when arguments are set. This sensibly complexifies the initialization code as it requires to always have a default proxy. This patch instead first applies the original default settings on a proxy, and then uses those from a default proxy only if one such is used. This will allow to initialize a proxy out of any default proxy while still using valid defaults. A careful inspection of the function showed that only 4 fields used to be set regardless of the default proxy, and those were moved to init_new_proxy() where they ought to have been in the first place.
2021-02-12 03:15:16 -05:00
/* set default values from the specified default proxy */
BUG/MEDIUM: proxy: Perform a custom copy for default server settings When a proxy is initialized with the settings of the default proxy, instead of doing a raw copy of the default server settings, a custom copy is now performed by calling srv_settings_copy(). This way, all settings will be really duplicated. Without this deep copy, some pointers are shared between several servers, leading to UAF, double-free or such bugs. This patch relies on following commits: * b32cb9b51 REORG: server: Export srv_settings_cpy() function * 0b365e3cb MINOR: server: Constify source server to copy its settings This patch should fix the issue #1804. It must be backported as far as 2.0.
2022-08-03 05:31:55 -04:00
srv_settings_cpy(&curproxy->defsrv, &defproxy->defsrv, 0);
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
MINOR: proxy: Add PR_FL_READY flag on fully configured and usable proxies The PR_FL_READY flags must now be set on a proxy at the end of the configuration validity check to notify it is fully configured and may be safely used. For now there is no real usage of this flag. But it will be usefull for referenced default proxies to finish their configuration only once. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 04:10:09 -04:00
curproxy->flags = (defproxy->flags & PR_FL_DISABLED); /* Only inherit from disabled flag */
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
curproxy->options = defproxy->options;
curproxy->options2 = defproxy->options2;
curproxy->no_options = defproxy->no_options;
curproxy->no_options2 = defproxy->no_options2;
curproxy->retry_type = defproxy->retry_type;
MEDIUM: rules/acl: Parse TCP/HTTP rules and acls defined in defaults sections TCP and HTTP rules can now be defined in defaults sections, but only those with a name. Because these rules may use conditions based on ACLs, ACLs can also be defined in defaults sections. However there are some limitations: * A defaults section defining TCP/HTTP rules cannot be used by a defaults section * A defaults section defining TCP/HTTP rules cannot be used bu a listen section * A defaults sections defining TCP/HTTP rules cannot be used by frontends and backends at the same time * A defaults sections defining 'tcp-request connection' or 'tcp-request session' rules cannot be used by backends * A defaults sections defining 'tcp-response content' rules cannot be used by frontends The TCP request/response inspect-delay of a proxy is now inherited from the defaults section it uses. For now, these rules are only parsed. No evaluation is performed.
2021-10-13 09:40:15 -04:00
curproxy->tcp_req.inspect_delay = defproxy->tcp_req.inspect_delay;
curproxy->tcp_rep.inspect_delay = defproxy->tcp_rep.inspect_delay;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
MEDIUM: proxy/http_ext: implement dynamic http_ext proxy http-only options implemented in http_ext were statically stored within proxy struct. We're making some changes so that http_ext are now stored in a dynamically allocated structs. http_ext related structs are only allocated when needed to save some space whenever possible, and they are automatically freed upon proxy deletion. Related PX_O_HTTP{7239,XFF,XOT) option flags were removed because we're now considering an http_ext option as 'active' if it is allocated (ptr is not NULL) A few checks (and BUG_ON) were added to make these changes safe because it adds some (acceptable) complexity to the previous design. Also, proxy.http was renamed to proxy.http_ext to make things more explicit.
2023-01-09 05:09:03 -05:00
http_ext_clean(curproxy);
http_ext_dup(defproxy, curproxy);
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
MEDIUM: proxy: Store server_id_hdr_name as a `struct ist` The server_id_hdr_name is already processed as an ist in various locations lets also just store it as such. see 0643b0e7e ("MINOR: proxy: Make `header_unique_id` a `struct ist`") for a very similar past commit.
2022-03-04 18:52:43 -05:00
if (isttest(defproxy->server_id_hdr_name))
curproxy->server_id_hdr_name = istdup(defproxy->server_id_hdr_name);
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
/* initialize error relocations */
if (!proxy_dup_default_conf_errors(curproxy, defproxy, &tmpmsg)) {
memprintf(errmsg, "proxy '%s' : %s", curproxy->id, tmpmsg);
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
free(tmpmsg);
return 1;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
}
if (curproxy->cap & PR_CAP_FE) {
curproxy->maxconn = defproxy->maxconn;
curproxy->backlog = defproxy->backlog;
curproxy->fe_sps_lim = defproxy->fe_sps_lim;
curproxy->to_log = defproxy->to_log & ~LW_COOKIE & ~LW_REQHDR & ~ LW_RSPHDR;
curproxy->max_out_conns = defproxy->max_out_conns;
curproxy->clitcpka_cnt = defproxy->clitcpka_cnt;
curproxy->clitcpka_idle = defproxy->clitcpka_idle;
curproxy->clitcpka_intvl = defproxy->clitcpka_intvl;
}
if (curproxy->cap & PR_CAP_BE) {
curproxy->lbprm.algo = defproxy->lbprm.algo;
curproxy->lbprm.hash_balance_factor = defproxy->lbprm.hash_balance_factor;
curproxy->fullconn = defproxy->fullconn;
curproxy->conn_retries = defproxy->conn_retries;
curproxy->redispatch_after = defproxy->redispatch_after;
curproxy->max_ka_queue = defproxy->max_ka_queue;
curproxy->tcpcheck_rules.flags = (defproxy->tcpcheck_rules.flags & ~TCPCHK_RULES_UNUSED_RS);
curproxy->tcpcheck_rules.list = defproxy->tcpcheck_rules.list;
if (!LIST_ISEMPTY(&defproxy->tcpcheck_rules.preset_vars)) {
if (!dup_tcpcheck_vars(&curproxy->tcpcheck_rules.preset_vars,
&defproxy->tcpcheck_rules.preset_vars)) {
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
memprintf(errmsg, "proxy '%s': failed to duplicate tcpcheck preset-vars", curproxy->id);
return 1;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
}
}
curproxy->ck_opts = defproxy->ck_opts;
MINOR: proxy/http_ext: introduce proxy forwarded option Introducing http_ext class for http extension related work that doesn't fit into existing http classes. HTTP extension "forwarded", introduced with 7239 RFC is now supported by haproxy. The option supports various modes from simple to complex usages involving custom sample expressions. Examples : # Those servers want the ip address and protocol of the client request # Resulting header would look like this: # forwarded: proto=http;for=127.0.0.1 backend www_default mode http option forwarded #equivalent to: option forwarded proto for # Those servers want the requested host and hashed client ip address # as well as client source port (you should use seed for xxh32 if ensuring # ip privacy is a concern) # Resulting header would look like this: # forwarded: host="haproxy.org";for="_000000007F2F367E:60138" backend www_host mode http option forwarded host for-expr src,xxh32,hex for_port # Those servers want custom data in host, for and by parameters # Resulting header would look like this: # forwarded: host="host.com";by=_haproxy;for="[::1]:10" backend www_custom mode http option forwarded host-expr str(host.com) by-expr str(_haproxy) for for_port-expr int(10) # Those servers want random 'for' obfuscated identifiers for request # tracing purposes while protecting sensitive IP information # Resulting header would look like this: # forwarded: for=_000000002B1F4D63 backend www_for_hide mode http option forwarded for-expr rand,hex By default (no argument provided), forwarded option will try to mimic x-forward-for common setups (source client ip address + source protocol) The option is not available for frontends. no option forwarded is supported. More info about 7239 RFC here: https://www.rfc-editor.org/rfc/rfc7239.html More info about the feature in doc/configuration.txt This should address feature request GH #575 Depends on: - "MINOR: http_htx: add http_append_header() to append value to header" - "MINOR: sample: add ARGC_OPT" - "MINOR: proxy: introduce http only options"
2022-12-28 09:37:57 -05:00
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
if (defproxy->cookie_name)
curproxy->cookie_name = strdup(defproxy->cookie_name);
curproxy->cookie_len = defproxy->cookie_len;
if (defproxy->dyncookie_key)
curproxy->dyncookie_key = strdup(defproxy->dyncookie_key);
if (defproxy->cookie_domain)
curproxy->cookie_domain = strdup(defproxy->cookie_domain);
if (defproxy->cookie_maxidle)
curproxy->cookie_maxidle = defproxy->cookie_maxidle;
if (defproxy->cookie_maxlife)
curproxy->cookie_maxlife = defproxy->cookie_maxlife;
if (defproxy->rdp_cookie_name)
curproxy->rdp_cookie_name = strdup(defproxy->rdp_cookie_name);
curproxy->rdp_cookie_len = defproxy->rdp_cookie_len;
if (defproxy->cookie_attrs)
curproxy->cookie_attrs = strdup(defproxy->cookie_attrs);
if (defproxy->lbprm.arg_str)
curproxy->lbprm.arg_str = strdup(defproxy->lbprm.arg_str);
curproxy->lbprm.arg_len = defproxy->lbprm.arg_len;
curproxy->lbprm.arg_opt1 = defproxy->lbprm.arg_opt1;
curproxy->lbprm.arg_opt2 = defproxy->lbprm.arg_opt2;
curproxy->lbprm.arg_opt3 = defproxy->lbprm.arg_opt3;
if (defproxy->conn_src.iface_name)
curproxy->conn_src.iface_name = strdup(defproxy->conn_src.iface_name);
curproxy->conn_src.iface_len = defproxy->conn_src.iface_len;
curproxy->conn_src.opts = defproxy->conn_src.opts;
#if defined(CONFIG_HAP_TRANSPARENT)
curproxy->conn_src.tproxy_addr = defproxy->conn_src.tproxy_addr;
#endif
curproxy->load_server_state_from_file = defproxy->load_server_state_from_file;
curproxy->srvtcpka_cnt = defproxy->srvtcpka_cnt;
curproxy->srvtcpka_idle = defproxy->srvtcpka_idle;
curproxy->srvtcpka_intvl = defproxy->srvtcpka_intvl;
}
if (curproxy->cap & PR_CAP_FE) {
if (defproxy->capture_name)
curproxy->capture_name = strdup(defproxy->capture_name);
curproxy->capture_namelen = defproxy->capture_namelen;
curproxy->capture_len = defproxy->capture_len;
BUG/MEDIUM: rules: Be able to use captures defined in defaults section Since the 2.5, it is possible to define TCP/HTTP ruleset in defaults sections. However, rules defining a capture in defaults sections was not properly handled because they was not shared with the proxies inheriting from the defaults section. This led to crash when haproxy tried to store a new capture. So now, to fix the issue, when a new proxy is created, the list of captures points to the list of its defaults section. It may be NULL or not. All new caputres are prepended to this list. It is not a problem to share the same defaults section between several proxies, because it is not altered and we take care to not release it when corresponding proxies are freed but only when defaults proxies are freed. To do so, defaults proxies are now unreferenced at the end of free_proxy() function instead of the beginning. This patch should fix the issue #1674. It must be backported to 2.5.
2022-04-25 08:30:58 -04:00
curproxy->nb_req_cap = defproxy->nb_req_cap;
curproxy->req_cap = defproxy->req_cap;
curproxy->nb_rsp_cap = defproxy->nb_rsp_cap;
curproxy->rsp_cap = defproxy->rsp_cap;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
}
if (curproxy->cap & PR_CAP_FE) {
curproxy->timeout.client = defproxy->timeout.client;
MINOR: quic: Rename "handshake" timeout to "client-hs" Use a more specific name for this timeout to distinguish it from a possible future one on the server side. Also update the documentation.
2023-11-17 12:03:20 -05:00
curproxy->timeout.client_hs = defproxy->timeout.client_hs;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
curproxy->timeout.clientfin = defproxy->timeout.clientfin;
curproxy->timeout.tarpit = defproxy->timeout.tarpit;
curproxy->timeout.httpreq = defproxy->timeout.httpreq;
curproxy->timeout.httpka = defproxy->timeout.httpka;
MINOR: proxy: Store monitor_uri as a `struct ist` The monitor_uri is already processed as an ist in `http_wait_for_request`, lets also just store it as such. see 0643b0e7e ("MINOR: proxy: Make `header_unique_id` a `struct ist`") for a very similar past commit.
2022-03-04 18:52:40 -05:00
if (isttest(defproxy->monitor_uri))
curproxy->monitor_uri = istdup(defproxy->monitor_uri);
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
if (defproxy->defbe.name)
curproxy->defbe.name = strdup(defproxy->defbe.name);
/* get either a pointer to the logformat string or a copy of it */
curproxy->conf.logformat_string = defproxy->conf.logformat_string;
if (curproxy->conf.logformat_string &&
curproxy->conf.logformat_string != default_http_log_format &&
curproxy->conf.logformat_string != default_tcp_log_format &&
MINOR: ssl: Define a default https log format This patch adds a new httpslog option and a new HTTP over SSL log-format that expands the default HTTP format and adds SSL specific information.
2021-07-29 03:45:52 -04:00
curproxy->conf.logformat_string != clf_http_log_format &&
curproxy->conf.logformat_string != default_https_log_format)
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
curproxy->conf.logformat_string = strdup(curproxy->conf.logformat_string);
if (defproxy->conf.lfs_file) {
curproxy->conf.lfs_file = strdup(defproxy->conf.lfs_file);
curproxy->conf.lfs_line = defproxy->conf.lfs_line;
}
/* get either a pointer to the logformat string for RFC5424 structured-data or a copy of it */
curproxy->conf.logformat_sd_string = defproxy->conf.logformat_sd_string;
if (curproxy->conf.logformat_sd_string &&
curproxy->conf.logformat_sd_string != default_rfc5424_sd_log_format)
curproxy->conf.logformat_sd_string = strdup(curproxy->conf.logformat_sd_string);
if (defproxy->conf.lfsd_file) {
curproxy->conf.lfsd_file = strdup(defproxy->conf.lfsd_file);
curproxy->conf.lfsd_line = defproxy->conf.lfsd_line;
}
MINOR: log: Add new "error-log-format" option This option can be used to define a specific log format that will be used in case of error, timeout, connection failure on a frontend... It will be used for any log line concerned by the log-separate-errors option. It will also replace the format of specific error messages decribed in section 8.2.6. If no "error-log-format" is defined, the legacy error messages are still emitted and the other error logs keep using the regular log-format.
2021-08-31 06:08:52 -04:00
curproxy->conf.error_logformat_string = defproxy->conf.error_logformat_string;
if (curproxy->conf.error_logformat_string)
curproxy->conf.error_logformat_string = strdup(curproxy->conf.error_logformat_string);
if (defproxy->conf.elfs_file) {
curproxy->conf.elfs_file = strdup(defproxy->conf.elfs_file);
curproxy->conf.elfs_line = defproxy->conf.elfs_line;
}
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
}
if (curproxy->cap & PR_CAP_BE) {
curproxy->timeout.connect = defproxy->timeout.connect;
curproxy->timeout.server = defproxy->timeout.server;
curproxy->timeout.serverfin = defproxy->timeout.serverfin;
curproxy->timeout.check = defproxy->timeout.check;
curproxy->timeout.queue = defproxy->timeout.queue;
curproxy->timeout.tarpit = defproxy->timeout.tarpit;
curproxy->timeout.httpreq = defproxy->timeout.httpreq;
curproxy->timeout.httpka = defproxy->timeout.httpka;
curproxy->timeout.tunnel = defproxy->timeout.tunnel;
curproxy->conn_src.source_addr = defproxy->conn_src.source_addr;
}
curproxy->mode = defproxy->mode;
curproxy->uri_auth = defproxy->uri_auth; /* for stats */
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
/* copy default loggers to curproxy */
list_for_each_entry(tmplogger, &defproxy->loggers, list) {
struct logger *node = dup_logger(tmplogger);
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
if (!node) {
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
memprintf(errmsg, "proxy '%s': out of memory", curproxy->id);
return 1;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
}
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
LIST_APPEND(&curproxy->loggers, &node->list);
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
}
curproxy->conf.uniqueid_format_string = defproxy->conf.uniqueid_format_string;
if (curproxy->conf.uniqueid_format_string)
curproxy->conf.uniqueid_format_string = strdup(curproxy->conf.uniqueid_format_string);
chunk_dup(&curproxy->log_tag, &defproxy->log_tag);
if (defproxy->conf.uif_file) {
curproxy->conf.uif_file = strdup(defproxy->conf.uif_file);
curproxy->conf.uif_line = defproxy->conf.uif_line;
}
/* copy default header unique id */
if (isttest(defproxy->header_unique_id)) {
const struct ist copy = istdup(defproxy->header_unique_id);
if (!isttest(copy)) {
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
memprintf(errmsg, "proxy '%s': out of memory for unique-id-header", curproxy->id);
return 1;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
}
curproxy->header_unique_id = copy;
}
/* default compression options */
if (defproxy->comp != NULL) {
curproxy->comp = calloc(1, sizeof(*curproxy->comp));
BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy A memory allocation failure happening in proxy_defproxy_cpy while copying the default compression options would have resulted in a crash. This function is called for every new proxy found while parsing the configuration. It was raised in GitHub issue #1233. It could be backported to all stable branches.
2021-05-12 12:07:27 -04:00
if (!curproxy->comp) {
memprintf(errmsg, "proxy '%s': out of memory for default compression options", curproxy->id);
return 1;
}
MINOR: compression: Store algo and type for both request and response Make provision for being able to store both compression algorithms and content-types to compress for both requests and responses. For now only the responses one are used.
2023-04-05 11:32:36 -04:00
curproxy->comp->algos_res = defproxy->comp->algos_res;
curproxy->comp->algo_req = defproxy->comp->algo_req;
curproxy->comp->types_res = defproxy->comp->types_res;
curproxy->comp->types_req = defproxy->comp->types_req;
BUG/MINOR: config: make compression work again in defaults section When commit ead43fe4f ("MEDIUM: compression: Make it so we can compress requests as well.") added the test for the direction flags to select the compression, it implicitly broke compression defined in defaults sections because the flags from the default proxy were not recopied, hence the compression was enabled but in no direction. No backport is needed, that's 2.8 only.
2023-05-10 10:39:00 -04:00
curproxy->comp->flags = defproxy->comp->flags;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
}
if (defproxy->check_path)
curproxy->check_path = strdup(defproxy->check_path);
if (defproxy->check_command)
curproxy->check_command = strdup(defproxy->check_command);
if (defproxy->email_alert.mailers.name)
curproxy->email_alert.mailers.name = strdup(defproxy->email_alert.mailers.name);
if (defproxy->email_alert.from)
curproxy->email_alert.from = strdup(defproxy->email_alert.from);
if (defproxy->email_alert.to)
curproxy->email_alert.to = strdup(defproxy->email_alert.to);
if (defproxy->email_alert.myhostname)
curproxy->email_alert.myhostname = strdup(defproxy->email_alert.myhostname);
curproxy->email_alert.level = defproxy->email_alert.level;
curproxy->email_alert.set = defproxy->email_alert.set;
MEDIUM: proxy: only take defaults when a default proxy is passed. The proxy initialization code relies on three phases, allocation, pre-initialization, and assignments from defaults. This last part is entirely taken from the defaults proxy when arguments are set. This sensibly complexifies the initialization code as it requires to always have a default proxy. This patch instead first applies the original default settings on a proxy, and then uses those from a default proxy only if one such is used. This will allow to initialize a proxy out of any default proxy while still using valid defaults. A careful inspection of the function showed that only 4 fields used to be set regardless of the default proxy, and those were moved to init_new_proxy() where they ought to have been in the first place.
2021-02-12 03:15:16 -05:00
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
return 0;
}
/* Allocates a new proxy <name> of type <cap> found at position <file:linenum>,
* preset it from the defaults of <defproxy> and returns it. In case of error,
* an alert is printed and NULL is returned.
*/
struct proxy *parse_new_proxy(const char *name, unsigned int cap,
const char *file, int linenum,
const struct proxy *defproxy)
{
struct proxy *curproxy = NULL;
BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy() As reported by Coverity in issue #1568, a missing initialization of the error message pointer in parse_new_proxy() may result in displaying garbage or crashing in case of memory allocation error when trying to create a new proxy on startup. This should be backported to 2.4.
2022-02-24 10:37:19 -05:00
char *errmsg = NULL;
REORG: split proxy allocation functions Create a new function parse_new_proxy specifically designed to allocate a new proxy from the configuration file and copy settings from the default proxy. The function alloc_new_proxy is reduced to a minimal allocation. It is used for default proxy allocation and could also be used for internal proxies such as the lua Socket proxy.
2021-03-23 12:27:05 -04:00
if (!(curproxy = alloc_new_proxy(name, cap, &errmsg))) {
ha_alert("parsing [%s:%d] : %s\n", file, linenum, errmsg);
free(errmsg);
return NULL;
}
if (defproxy) {
if (proxy_defproxy_cpy(curproxy, defproxy, &errmsg)) {
ha_alert("parsing [%s:%d] : %s\n", file, linenum, errmsg);
free(errmsg);
ha_free(&curproxy);
return NULL;
}
}
curproxy->conf.args.file = curproxy->conf.file = strdup(file);
curproxy->conf.args.line = curproxy->conf.line = linenum;
REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() This new function takes over the old open-coding that used to be done for too long in cfg_parse_listen() and it now does everything at once in a proxy-centric function. The function does all the job of allocating the structure, initializing it, presetting its defaults from the default proxy and checking for errors. The code was almost unchanged except for defproxy being passed as a pointer, and the error message being passed using memprintf(). This change will be needed to ease reuse of multiple default proxies, or to create dynamic backends in a distant future.
2021-02-12 02:49:47 -05:00
return curproxy;
}
MINOR: proxy/listener: support for additional PAUSED state This patch is a prerequisite for #1626. Adding PAUSED state to the list of available proxy states. The flag is set when the proxy is paused at runtime (pause_listener()). It is cleared when the proxy is resumed (resume_listener()). It should be backported to 2.6, 2.5 and 2.4
2022-09-09 09:51:37 -04:00
/* to be called under the proxy lock after pausing some listeners. This will
* automatically update the p->flags flag
*/
void proxy_cond_pause(struct proxy *p)
{
if (p->li_ready)
return;
p->flags |= PR_FL_PAUSED;
}
/* to be called under the proxy lock after resuming some listeners. This will
* automatically update the p->flags flag
*/
void proxy_cond_resume(struct proxy *p)
{
if (!p->li_ready)
return;
p->flags &= ~PR_FL_PAUSED;
}
MEDIUM: proxy: centralize proxy status update and reporting There are multiple ways a proxy may switch to the disabled state, but now it's essentially once it loses its last listener. Instead of keeping duplicate code around and reporting the state change before actually seeing it, we now report it at the moment it's performed (from the last listener leaving) which allows to remove the message from all other places.
2020-10-07 10:31:39 -04:00
/* to be called under the proxy lock after stopping some listeners. This will
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
* automatically update the p->flags flag after stopping the last one, and
MEDIUM: proxy: centralize proxy status update and reporting There are multiple ways a proxy may switch to the disabled state, but now it's essentially once it loses its last listener. Instead of keeping duplicate code around and reporting the state change before actually seeing it, we now report it at the moment it's performed (from the last listener leaving) which allows to remove the message from all other places.
2020-10-07 10:31:39 -04:00
* will emit a log indicating the proxy's condition. The function is idempotent
* so that it will not emit multiple logs; a proxy will be disabled only once.
*/
void proxy_cond_disable(struct proxy *p)
{
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (p->flags & (PR_FL_DISABLED|PR_FL_STOPPED))
MEDIUM: proxy: centralize proxy status update and reporting There are multiple ways a proxy may switch to the disabled state, but now it's essentially once it loses its last listener. Instead of keeping duplicate code around and reporting the state change before actually seeing it, we now report it at the moment it's performed (from the last listener leaving) which allows to remove the message from all other places.
2020-10-07 10:31:39 -04:00
return;
if (p->li_ready + p->li_paused > 0)
return;
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
p->flags |= PR_FL_STOPPED;
MEDIUM: proxy: centralize proxy status update and reporting There are multiple ways a proxy may switch to the disabled state, but now it's essentially once it loses its last listener. Instead of keeping duplicate code around and reporting the state change before actually seeing it, we now report it at the moment it's performed (from the last listener leaving) which allows to remove the message from all other places.
2020-10-07 10:31:39 -04:00
/* Note: syslog proxies use their own loggers so while it's somewhat OK
* to report them being stopped as a warning, we must not spam their log
* servers which are in fact production servers. For other types (CLI,
* peers, etc) we must not report them at all as they're not really on
* the data plane but on the control plane.
*/
MEDIUM: proxy: stop emitting logs for internal proxies when stopping The HTTPCLIENT and the OCSP-UPDATE proxies are internal proxies, we don't need to display logs of them stopping during the stopping of the process. This patch checks if a proxy has the flag PR_CAP_INT so it doesn't display annoying messages.
2023-05-14 17:23:36 -04:00
if ((p->mode == PR_MODE_TCP || p->mode == PR_MODE_HTTP || p->mode == PR_MODE_SYSLOG) && !(p->cap & PR_CAP_INT))
MEDIUM: proxy: centralize proxy status update and reporting There are multiple ways a proxy may switch to the disabled state, but now it's essentially once it loses its last listener. Instead of keeping duplicate code around and reporting the state change before actually seeing it, we now report it at the moment it's performed (from the last listener leaving) which allows to remove the message from all other places.
2020-10-07 10:31:39 -04:00
ha_warning("Proxy %s stopped (cumulated conns: FE: %lld, BE: %lld).\n",
p->id, p->fe_counters.cum_conn, p->be_counters.cum_conn);
MEDIUM: proxy: stop emitting logs for internal proxies when stopping The HTTPCLIENT and the OCSP-UPDATE proxies are internal proxies, we don't need to display logs of them stopping during the stopping of the process. This patch checks if a proxy has the flag PR_CAP_INT so it doesn't display annoying messages.
2023-05-14 17:23:36 -04:00
if ((p->mode == PR_MODE_TCP || p->mode == PR_MODE_HTTP) && !(p->cap & PR_CAP_INT))
MEDIUM: proxy: centralize proxy status update and reporting There are multiple ways a proxy may switch to the disabled state, but now it's essentially once it loses its last listener. Instead of keeping duplicate code around and reporting the state change before actually seeing it, we now report it at the moment it's performed (from the last listener leaving) which allows to remove the message from all other places.
2020-10-07 10:31:39 -04:00
send_log(p, LOG_WARNING, "Proxy %s stopped (cumulated conns: FE: %lld, BE: %lld).\n",
p->id, p->fe_counters.cum_conn, p->be_counters.cum_conn);
if (p->table && p->table->size && p->table->sync_task)
task_wakeup(p->table->sync_task, TASK_WOKEN_MSG);
if (p->task)
task_wakeup(p->task, TASK_WOKEN_MSG);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
* This is the proxy management task. It enables proxies when there are enough
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
* free streams, or stops them when the table is full. It is designed to be
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
* called as a task which is woken up upon stopping or when rate limiting must
* be enforced.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
MEDIUM: task: extend the state field to 32 bits It's been too short for quite a while now and is now full. It's still time to extend it to 32-bits since we have room for this without wasting any space, so we now gained 16 new bits for future flags. The values were not reassigned just in case there would be a few hidden u16 or short somewhere in which these flags are placed (as it used to be the case with stream->pending_events). The patch is tagged MEDIUM because this required to update the task's process() prototype to use an int instead of a short, that's quite a bunch of places.
2021-03-02 10:09:26 -05:00
struct task *manage_proxy(struct task *t, void *context, unsigned int state)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
MINOR: tasks: Change the task API so that the callback takes 3 arguments. In preparation for thread-specific runqueues, change the task API so that the callback takes 3 arguments, the task itself, the context, and the state, those were retrieved from the task before. This will allow these elements to change atomically in the scheduler while the application uses the copied value, and even to have NULL tasks later.
2018-05-25 08:04:04 -04:00
struct proxy *p = context;
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
int next = TICK_ETERNITY;
[OPTIM] rate-limit: cleaner behaviour on low rates and reduce consumption The rate-limit was applied to the smoothed value which does a special case for frequencies below 2 events per period. This caused irregular limitations when set to 1 session per second. The proper way to handle this is to compute the number of remaining events that can occur without reaching the limit. This is what has been added. It also has the benefit that the frequency calculation is now done once when entering event_accept(), before the accept() loop, and not once per accept() loop anymore, thus saving a few CPU cycles during very high loads. With this fix, rate limits of 1/s are perfectly respected.
2009-03-06 03:18:27 -05:00
unsigned int wait;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
/* We should periodically try to enable listeners waiting for a
* global resource here.
*/
MEDIUM: stick-tables: flush old entries upon soft-stop When a process with large stick tables is replaced by a new one and remains present until the last connection finishes, it keeps these data in memory for nothing since they will never be used anymore by incoming connections, except during syncing with the new process. This is especially problematic when dealing with long session protocols such as WebSocket as it becomes possible to stack many processes and eat a lot of memory. So the idea here is to know if a table still needs to be synced or not, and to purge all unused entries once the sync is complete. This means that after a few hundred milliseconds when everything has been synchronized with the new process, only a few entries will remain allocated (only the ones held by sessions during the restart) and all the remaining memory will be freed. Note that we carefully do that only after the grace period is expired so as not to impact a possible proxy that needs to accept a few more connections before leaving. Doing this required to add a sync counter to the stick tables, to know how many peer sync sessions are still in progress in order not to flush the entries until all synchronizations are completed.
2013-09-04 11:54:01 -04:00
/* If the proxy holds a stick table, we need to purge all unused
* entries. These are all the ones in the table with ref_cnt == 0
* and all the ones in the pool used to allocate new entries. Any
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
* entry attached to an existing stream waiting for a store will
MEDIUM: stick-tables: flush old entries upon soft-stop When a process with large stick tables is replaced by a new one and remains present until the last connection finishes, it keeps these data in memory for nothing since they will never be used anymore by incoming connections, except during syncing with the new process. This is especially problematic when dealing with long session protocols such as WebSocket as it becomes possible to stack many processes and eat a lot of memory. So the idea here is to know if a table still needs to be synced or not, and to purge all unused entries once the sync is complete. This means that after a few hundred milliseconds when everything has been synchronized with the new process, only a few entries will remain allocated (only the ones held by sessions during the restart) and all the remaining memory will be freed. Note that we carefully do that only after the grace period is expired so as not to impact a possible proxy that needs to accept a few more connections before leaving. Doing this required to add a sync counter to the stick tables, to know how many peer sync sessions are still in progress in order not to flush the entries until all synchronizations are completed.
2013-09-04 11:54:01 -04:00
* be in neither list. Any entry being dumped will have ref_cnt > 0.
* However we protect tables that are being synced to peers.
*/
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (unlikely(stopping && (p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && p->table && p->table->current)) {
BUG/MEDIUM: peers: re-work refcnt on table to protect against flush In proxy.c, when process is stopping we try to flush tables content using 'stktable_trash_oldest'. A check on a counter "table->syncing" was made to verify if there is no pending resync in progress. But using multiple threads this counter can be increased by an other thread only after some delay, so the content of some tables can be trashed earlier and won't be pushed to the new process (after reload, some tables appear reset and others don't). This patch re-names the counter "table->syncing" to "table->refcnt" and the counter is increased during configuration parsing (registering a table to a peer section) to protect tables during runtime and until resync of a new process has succeeded or failed. The inc/dec operations are now made using atomic operations because multiple peer sections could refer to the same table in futur. This fix addresses github #1216. This patch should be backported on all branches multi-thread support (v >= 1.8)
2021-04-23 06:21:26 -04:00
if (!p->table->refcnt) {
/* !table->refcnt means there
* is no more pending full resync
* to push to a new process and
* we are free to flush the table.
*/
BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop During soft-stop, manage_proxy() (p->task) will try to purge trashable (expired and not referenced) sticktable entries, effectively releasing the process memory to leave some space for new processes. This is done by calling stktable_trash_oldest(), immediately followed by a pool_gc() to give the memory back to the OS. As already mentioned in dfe7925 ("BUG/MEDIUM: stick-table: limit the time spent purging old entries"), calling stktable_trash_oldest() with a huge batch can result in the function spending too much time searching and purging entries, and ultimately triggering the watchdog. Lately, an internal issue was reported in which we could see that the watchdog is being triggered in stktable_trash_oldest() on soft-stop (thus initiated by manage_proxy()) According to the report, the crash seems to only occur since 5938021 ("BUG/MEDIUM: stick-table: do not leave entries in end of window during purge") This could be the result of stktable_trash_oldest() now working as expected, and thus spending a large amount of time purging entries when called with a large enough <to_batch>. Instead of adding new checks in stktable_trash_oldest(), here we chose to address the issue directly in manage_proxy(). Since the stktable_trash_oldest() function is called with <to_batch> == <p->table->current>, it's pretty obvious that it could cause some issues during soft-stop if a large table, assuming it is full prior to the soft-stop, suddenly sees most of its entries becoming trashable because of the soft-stop. Moreover, we should note that the call to stktable_trash_oldest() is immediately followed by a call to pool_gc(): We know for sure that pool_gc(), as it involves malloc_trim() on glibc, is rather expensive, and the more memory to reclaim, the longer the call. We need to ensure that both stktable_trash_oldest() + consequent pool_gc() call both theoretically fit in a single task execution window to avoid contention, and thus prevent the watchdog from being triggered. To do this, we now allocate a "budget" for each purging attempt. budget is maxed out to 32K, it means that each sticktable cleanup attempt will trash at most 32K entries. 32K value is quite arbitrary here, and might need to be adjusted or even deducted from other parameters if this fails to properly address the issue without introducing new side-effects. The goal is to find a good balance between the max duration of each cleanup batch and the frequency of (expensive) pool_gc() calls. If most of the budget is actually spent trashing entries, then the task will immediately be rescheduled to continue the purge. This way, the purge is effectively batched over multiple task runs. This may be slowly backported to all stable versions. [Please note that this commit depends on 6e1fe25 ("MINOR: proxy/pool: prevent unnecessary calls to pool_gc()")]
2023-03-29 10:18:50 -04:00
int budget;
int cleaned_up;
/* We purposely enforce a budget limitation since we don't want
* to spend too much time purging old entries
*
* This is known to cause the watchdog to occasionnaly trigger if
* the table is huge and all entries become available for purge
* at the same time
*
* Moreover, we must also anticipate the pool_gc() call which
* will also be much slower if there is too much work at once
*/
budget = MIN(p->table->current, (1 << 15)); /* max: 32K */
cleaned_up = stktable_trash_oldest(p->table, budget);
if (cleaned_up) {
/* immediately release freed memory since we are stopping */
MINOR: proxy/pool: prevent unnecessary calls to pool_gc() Under certain soft-stopping conditions (ie: sticktable attached to proxy and in-progress connections to the proxy that prevent haproxy from exiting), manage_proxy() (p->task) will wake up every second to perform a cleanup attempt on the proxy sticktable (to purge unused entries). However, as reported by TimWolla in GH #2091, it was found that a systematic call to pool_gc() could cause some CPU waste, mainly because malloc_trim() (which is rather expensive) is being called for each pool_gc() invocation. As a result, such soft-stopping process could be spending a significant amount of time in the malloc_trim->madvise() syscall for nothing. Example "strace -c -f -p `pidof haproxy`" output (taken from Tim's report): % time seconds usecs/call calls errors syscall ------ ----------- ----------- --------- --------- ---------------- 46.77 1.840549 3941 467 1 epoll_wait 43.82 1.724708 13 128509 sched_yield 8.82 0.346968 11 29696 madvise 0.58 0.023011 24 951 clock_gettime 0.01 0.000257 10 25 7 recvfrom 0.00 0.000033 11 3 sendto 0.00 0.000021 21 1 rt_sigreturn 0.00 0.000021 21 1 timer_settime ------ ----------- ----------- --------- --------- ---------------- 100.00 3.935568 24 159653 8 total To prevent this, we now only call pool_gc() when some memory is really expected to be reclaimed as a direct result of the previous stick table cleanup. This is pretty straightforward since stktable_trash_oldest() returns the number of trashed sticky sessions. This may be backported to every stable versions.
2023-03-28 09:14:48 -04:00
pool_gc(NULL);
BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop During soft-stop, manage_proxy() (p->task) will try to purge trashable (expired and not referenced) sticktable entries, effectively releasing the process memory to leave some space for new processes. This is done by calling stktable_trash_oldest(), immediately followed by a pool_gc() to give the memory back to the OS. As already mentioned in dfe7925 ("BUG/MEDIUM: stick-table: limit the time spent purging old entries"), calling stktable_trash_oldest() with a huge batch can result in the function spending too much time searching and purging entries, and ultimately triggering the watchdog. Lately, an internal issue was reported in which we could see that the watchdog is being triggered in stktable_trash_oldest() on soft-stop (thus initiated by manage_proxy()) According to the report, the crash seems to only occur since 5938021 ("BUG/MEDIUM: stick-table: do not leave entries in end of window during purge") This could be the result of stktable_trash_oldest() now working as expected, and thus spending a large amount of time purging entries when called with a large enough <to_batch>. Instead of adding new checks in stktable_trash_oldest(), here we chose to address the issue directly in manage_proxy(). Since the stktable_trash_oldest() function is called with <to_batch> == <p->table->current>, it's pretty obvious that it could cause some issues during soft-stop if a large table, assuming it is full prior to the soft-stop, suddenly sees most of its entries becoming trashable because of the soft-stop. Moreover, we should note that the call to stktable_trash_oldest() is immediately followed by a call to pool_gc(): We know for sure that pool_gc(), as it involves malloc_trim() on glibc, is rather expensive, and the more memory to reclaim, the longer the call. We need to ensure that both stktable_trash_oldest() + consequent pool_gc() call both theoretically fit in a single task execution window to avoid contention, and thus prevent the watchdog from being triggered. To do this, we now allocate a "budget" for each purging attempt. budget is maxed out to 32K, it means that each sticktable cleanup attempt will trash at most 32K entries. 32K value is quite arbitrary here, and might need to be adjusted or even deducted from other parameters if this fails to properly address the issue without introducing new side-effects. The goal is to find a good balance between the max duration of each cleanup batch and the frequency of (expensive) pool_gc() calls. If most of the budget is actually spent trashing entries, then the task will immediately be rescheduled to continue the purge. This way, the purge is effectively batched over multiple task runs. This may be slowly backported to all stable versions. [Please note that this commit depends on 6e1fe25 ("MINOR: proxy/pool: prevent unnecessary calls to pool_gc()")]
2023-03-29 10:18:50 -04:00
if (cleaned_up > (budget / 2)) {
/* most of the budget was used to purge entries,
* it is very likely that there are still trashable
* entries in the table, reschedule a new cleanup
* attempt ASAP
*/
t->expire = TICK_ETERNITY;
task_wakeup(t, TASK_WOKEN_RES);
return t;
}
}
MEDIUM: stick-tables: flush old entries upon soft-stop When a process with large stick tables is replaced by a new one and remains present until the last connection finishes, it keeps these data in memory for nothing since they will never be used anymore by incoming connections, except during syncing with the new process. This is especially problematic when dealing with long session protocols such as WebSocket as it becomes possible to stack many processes and eat a lot of memory. So the idea here is to know if a table still needs to be synced or not, and to purge all unused entries once the sync is complete. This means that after a few hundred milliseconds when everything has been synchronized with the new process, only a few entries will remain allocated (only the ones held by sessions during the restart) and all the remaining memory will be freed. Note that we carefully do that only after the grace period is expired so as not to impact a possible proxy that needs to accept a few more connections before leaving. Doing this required to add a sync counter to the stick tables, to know how many peer sync sessions are still in progress in order not to flush the entries until all synchronizations are completed.
2013-09-04 11:54:01 -04:00
}
MEDIUM: stick-table: Stop handling stick-tables as proxies. This patch adds the support for the "table" line parsing in "peers" sections to declare stick-table in such sections. This also prevents the user from having to declare dummy backends sections with a unique stick-table inside. Even if still supported, this usage will become deprecated. To do so, the ->table member of proxy struct which is a stktable struct is replaced by a pointer to a stktable struct allocated at parsing time in src/cfgparse-listen.c for the dummy stick-table backends and in src/cfgparse.c for "peers" sections. This has an impact on the code for stick-table sample converters and on the stickiness rules parsers which first store the name of the dummy before resolving the rules. This patch replaces proxy_tbl_by_name() calls by stktable_find_by_name() calls to lookup for stick-tables stored in "stktable_by_name" ebtree at parsing time. There is only one remaining place where proxy_tbl_by_name() is used: src/hlua.c. At several places in the code we relied on the fact that ->size member of stick-table was equal to zero to consider the stick-table was present by not configured, this do not make sense anymore as ->table member of struct proxyis fow now on a pointer. These tests are replaced by a test on ->table value itself. In "peers" section we do not have to temporary store the name of the section the stick-table are attached to because this name is obviously already known just after having entered this "peers" section. About the CLI stick-table I/O handler, the pointer to proxy struct is replaced by a pointer to a stktable struct.
2019-03-14 02:07:41 -04:00
if (p->table->current) {
BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop During soft-stop, manage_proxy() (p->task) will try to purge trashable (expired and not referenced) sticktable entries, effectively releasing the process memory to leave some space for new processes. This is done by calling stktable_trash_oldest(), immediately followed by a pool_gc() to give the memory back to the OS. As already mentioned in dfe7925 ("BUG/MEDIUM: stick-table: limit the time spent purging old entries"), calling stktable_trash_oldest() with a huge batch can result in the function spending too much time searching and purging entries, and ultimately triggering the watchdog. Lately, an internal issue was reported in which we could see that the watchdog is being triggered in stktable_trash_oldest() on soft-stop (thus initiated by manage_proxy()) According to the report, the crash seems to only occur since 5938021 ("BUG/MEDIUM: stick-table: do not leave entries in end of window during purge") This could be the result of stktable_trash_oldest() now working as expected, and thus spending a large amount of time purging entries when called with a large enough <to_batch>. Instead of adding new checks in stktable_trash_oldest(), here we chose to address the issue directly in manage_proxy(). Since the stktable_trash_oldest() function is called with <to_batch> == <p->table->current>, it's pretty obvious that it could cause some issues during soft-stop if a large table, assuming it is full prior to the soft-stop, suddenly sees most of its entries becoming trashable because of the soft-stop. Moreover, we should note that the call to stktable_trash_oldest() is immediately followed by a call to pool_gc(): We know for sure that pool_gc(), as it involves malloc_trim() on glibc, is rather expensive, and the more memory to reclaim, the longer the call. We need to ensure that both stktable_trash_oldest() + consequent pool_gc() call both theoretically fit in a single task execution window to avoid contention, and thus prevent the watchdog from being triggered. To do this, we now allocate a "budget" for each purging attempt. budget is maxed out to 32K, it means that each sticktable cleanup attempt will trash at most 32K entries. 32K value is quite arbitrary here, and might need to be adjusted or even deducted from other parameters if this fails to properly address the issue without introducing new side-effects. The goal is to find a good balance between the max duration of each cleanup batch and the frequency of (expensive) pool_gc() calls. If most of the budget is actually spent trashing entries, then the task will immediately be rescheduled to continue the purge. This way, the purge is effectively batched over multiple task runs. This may be slowly backported to all stable versions. [Please note that this commit depends on 6e1fe25 ("MINOR: proxy/pool: prevent unnecessary calls to pool_gc()")]
2023-03-29 10:18:50 -04:00
/* some entries still remain but are not yet available
* for cleanup, let's recheck in one second
*/
MEDIUM: stick-tables: flush old entries upon soft-stop When a process with large stick tables is replaced by a new one and remains present until the last connection finishes, it keeps these data in memory for nothing since they will never be used anymore by incoming connections, except during syncing with the new process. This is especially problematic when dealing with long session protocols such as WebSocket as it becomes possible to stack many processes and eat a lot of memory. So the idea here is to know if a table still needs to be synced or not, and to purge all unused entries once the sync is complete. This means that after a few hundred milliseconds when everything has been synchronized with the new process, only a few entries will remain allocated (only the ones held by sessions during the restart) and all the remaining memory will be freed. Note that we carefully do that only after the grace period is expired so as not to impact a possible proxy that needs to accept a few more connections before leaving. Doing this required to add a sync counter to the stick tables, to know how many peer sync sessions are still in progress in order not to flush the entries until all synchronizations are completed.
2013-09-04 11:54:01 -04:00
next = tick_first(next, tick_add(now_ms, 1000));
}
}
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
/* the rest below is just for frontends */
if (!(p->cap & PR_CAP_FE))
goto out;
[MEDIUM] listeners: don't change listeners states anymore in maintain_proxies Now maintain_proxies() only changes proxies states and does not affect their listeners anymore since they are autonomous. A proxy will switch between the PR_STIDLE and PR_STRUN states depending whether it's saturated or not. Next step will consist in renaming PR_STIDLE to PR_STFULL. This state is now only used to report the proxy state in the stats.
2011-07-25 01:37:28 -04:00
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
/* check the various reasons we may find to block the frontend */
MEDIUM: proxy: remove the unused PR_STFULL state Since v1.4 or so, it's almost not possible anymore to set this state. The only exception is by using the CLI to change a frontend's maxconn setting below its current usage. This case makes no sense, and for other cases it doesn't make sense either because "full" is a vague concept when only certain listeners are full and not all. Let's just remove this unused state and make it clear that it's not reported. The "ready" or "open" states will continue to be reported without being misleading as they will be opposed to "stop".
2020-09-24 01:35:46 -04:00
if (unlikely(p->feconn >= p->maxconn))
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
goto out;
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
if (p->fe_sps_lim &&
(wait = next_event_delay(&p->fe_sess_per_sec, p->fe_sps_lim, 0))) {
/* we're blocking because a limit was reached on the number of
* requests/s on the frontend. We want to re-check ASAP, which
* means in 1 ms before estimated expiration date, because the
* timer will have settled down.
*/
next = tick_first(next, tick_add(now_ms, wait));
goto out;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
/* The proxy is not limited so we can re-enable any waiting listener */
MINOR: listener: split dequeue_all_listener() in two We use it half times for the global_listener_queue and half times for a proxy's queue and this requires the callers to take care of these. Let's split it in two versions, the current one working only on the global queue and another one dedicated to proxies for the per-proxy queues. This cleans up quite a bit of code.
2019-12-10 08:10:52 -05:00
dequeue_proxy_listeners(p);
[MAJOR] proxy: finally get rid of maintain_proxies() This function is finally not needed anymore, as it has been replaced with a per-proxy task that is scheduled when some limits are encountered on incoming connections or when the process is stopping. The savings should be noticeable on configs with a large number of proxies. The most important point is that the rate limiting is now enforced in a clean and solid way.
2011-07-25 10:33:49 -04:00
out:
t->expire = next;
task_queue(t);
return t;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: proxy: add a global "grace" directive to postpone soft-stop In ticket #1348 some users expressed some concerns regarding the removal of the "grace" directive from the proxies. Their use case very closely mimmicks the original intent of the grace keyword, which is, let haproxy accept traffic for some time when stopping, while indicating an external LB that it's stopping. This is implemented here by starting a task whose expiration triggers the soft-stop for real. The global "stopping" variable is immediately set however. For example, this below will be sufficient to instantly notify an external check on port 9999 that the service is going down, while other services remain active for 10s: global grace 10s frontend ext-check bind :9999 monitor-uri /ext-check monitor fail if { stopping }
2021-09-07 04:49:45 -04:00
static int proxy_parse_grace(char **args, int section_type, struct proxy *curpx,
const struct proxy *defpx, const char *file, int line,
char **err)
{
const char *res;
if (!*args[1]) {
memprintf(err, "'%s' expects <time> as argument.\n", args[0]);
return -1;
}
res = parse_time_err(args[1], &global.grace_delay, TIME_UNIT_MS);
if (res == PARSE_TIME_OVER) {
memprintf(err, "timer overflow in argument '%s' to '%s' (maximum value is 2147483647 ms or ~24.8 days)",
args[1], args[0]);
return -1;
}
else if (res == PARSE_TIME_UNDER) {
memprintf(err, "timer underflow in argument '%s' to '%s' (minimum non-null value is 1 ms)",
args[1], args[0]);
return -1;
}
else if (res) {
memprintf(err, "unexpected character '%c' in argument to <%s>.\n", *res, args[0]);
return -1;
}
return 0;
}
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
static int proxy_parse_hard_stop_after(char **args, int section_type, struct proxy *curpx,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
char **err)
{
const char *res;
if (!*args[1]) {
memprintf(err, "'%s' expects <time> as argument.\n", args[0]);
return -1;
}
res = parse_time_err(args[1], &global.hard_stop_after, TIME_UNIT_MS);
MEDIUM: tools: improve time format error detection As reported in GH issue #109 and in discourse issue https://discourse.haproxy.org/t/haproxy-returns-408-or-504-error-when-timeout-client-value-is-every-25d the time parser doesn't error on overflows nor underflows. This is a recurring problem which additionally has the bad taste of taking a long time before hitting the user. This patch makes parse_time_err() return special error codes for overflows and underflows, and adds the control in the call places to report suitable errors depending on the requested unit. In practice, underflows are almost never returned as the parsing function takes care of rounding values up, so this might possibly happen on 64-bit overflows returning exactly zero after rounding though. It is not really possible to cut the patch into pieces as it changes the function's API, hence all callers. Tests were run on about every relevant part (cookie maxlife/maxidle, server inter, stats timeout, timeout*, cli's set timeout command, tcp-request/response inspect-delay).
2019-06-07 13:00:37 -04:00
if (res == PARSE_TIME_OVER) {
memprintf(err, "timer overflow in argument '%s' to '%s' (maximum value is 2147483647 ms or ~24.8 days)",
args[1], args[0]);
return -1;
}
else if (res == PARSE_TIME_UNDER) {
memprintf(err, "timer underflow in argument '%s' to '%s' (minimum non-null value is 1 ms)",
args[1], args[0]);
return -1;
}
else if (res) {
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
memprintf(err, "unexpected character '%c' in argument to <%s>.\n", *res, args[0]);
return -1;
}
return 0;
}
MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window The new 'close-spread-time' global option can be used to spread idle and active HTTP connction closing after a SIGUSR1 signal is received. This allows to limit bursts of reconnections when too many idle connections are closed at once. Indeed, without this new mechanism, in case of soft-stop, all the idle connections would be closed at once (after the grace period is over), and all active HTTP connections would be closed by appending a "Connection: close" header to the next response that goes over it (or via a GOAWAY frame in case of HTTP2). This patch adds the support of this new option for HTTP as well as HTTP2 connections. It works differently on active and idle connections. On active connections, instead of sending systematically the GOAWAY frame or adding the 'Connection: close' header like before once the soft-stop has started, a random based on the remainder of the close window is calculated, and depending on its result we could decide to keep the connection alive. The random will be recalculated for any subsequent request/response on this connection so the GOAWAY will still end up being sent, but we might wait a few more round trips. This will ensure that goaways are distributed along a longer time window than before. On idle connections, a random factor is used when determining the expire field of the connection's task, which should naturally spread connection closings on the time window (see h2c_update_timeout). This feature request was described in GitHub issue #1614. This patch should be backported to 2.5. It depends on "BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts" which refactorized the timeout management of HTTP2 connections.
2022-04-08 12:04:18 -04:00
static int proxy_parse_close_spread_time(char **args, int section_type, struct proxy *curpx,
const struct proxy *defpx, const char *file, int line,
char **err)
{
const char *res;
if (!*args[1]) {
memprintf(err, "'%s' expects <time> as argument.\n", args[0]);
return -1;
}
MINOR: connection: Add way to disable active connection closing during soft-stop If the "close-spread-time" option is set to "infinite", active connection closing during a soft-stop can be disabled. The 'connection: close' header or the GOAWAY frame will not be added anymore to the server's response and active connections will only be closed once the clients disconnect. Idle connections will not be closed all at once when the soft-stop starts anymore, and each idle connection will follow its own timeout based on the multiple timeouts set in the configuration (as is the case during regular execution). This feature request was described in GitHub issue #1614. This patch should be backported to 2.5. It depends on 'MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window'.
2022-04-26 09:17:18 -04:00
/* If close-spread-time is set to "infinite", disable the active connection
* closing during soft-stop.
*/
if (strcmp(args[1], "infinite") == 0) {
global.tune.options |= GTUNE_DISABLE_ACTIVE_CLOSE;
global.close_spread_time = TICK_ETERNITY;
return 0;
}
MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window The new 'close-spread-time' global option can be used to spread idle and active HTTP connction closing after a SIGUSR1 signal is received. This allows to limit bursts of reconnections when too many idle connections are closed at once. Indeed, without this new mechanism, in case of soft-stop, all the idle connections would be closed at once (after the grace period is over), and all active HTTP connections would be closed by appending a "Connection: close" header to the next response that goes over it (or via a GOAWAY frame in case of HTTP2). This patch adds the support of this new option for HTTP as well as HTTP2 connections. It works differently on active and idle connections. On active connections, instead of sending systematically the GOAWAY frame or adding the 'Connection: close' header like before once the soft-stop has started, a random based on the remainder of the close window is calculated, and depending on its result we could decide to keep the connection alive. The random will be recalculated for any subsequent request/response on this connection so the GOAWAY will still end up being sent, but we might wait a few more round trips. This will ensure that goaways are distributed along a longer time window than before. On idle connections, a random factor is used when determining the expire field of the connection's task, which should naturally spread connection closings on the time window (see h2c_update_timeout). This feature request was described in GitHub issue #1614. This patch should be backported to 2.5. It depends on "BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts" which refactorized the timeout management of HTTP2 connections.
2022-04-08 12:04:18 -04:00
res = parse_time_err(args[1], &global.close_spread_time, TIME_UNIT_MS);
if (res == PARSE_TIME_OVER) {
memprintf(err, "timer overflow in argument '%s' to '%s' (maximum value is 2147483647 ms or ~24.8 days)",
args[1], args[0]);
return -1;
}
else if (res == PARSE_TIME_UNDER) {
memprintf(err, "timer underflow in argument '%s' to '%s' (minimum non-null value is 1 ms)",
args[1], args[0]);
return -1;
}
else if (res) {
memprintf(err, "unexpected character '%c' in argument to <%s>.\n", *res, args[0]);
return -1;
}
MINOR: connection: Add way to disable active connection closing during soft-stop If the "close-spread-time" option is set to "infinite", active connection closing during a soft-stop can be disabled. The 'connection: close' header or the GOAWAY frame will not be added anymore to the server's response and active connections will only be closed once the clients disconnect. Idle connections will not be closed all at once when the soft-stop starts anymore, and each idle connection will follow its own timeout based on the multiple timeouts set in the configuration (as is the case during regular execution). This feature request was described in GitHub issue #1614. This patch should be backported to 2.5. It depends on 'MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window'.
2022-04-26 09:17:18 -04:00
global.tune.options &= ~GTUNE_DISABLE_ACTIVE_CLOSE;
MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window The new 'close-spread-time' global option can be used to spread idle and active HTTP connction closing after a SIGUSR1 signal is received. This allows to limit bursts of reconnections when too many idle connections are closed at once. Indeed, without this new mechanism, in case of soft-stop, all the idle connections would be closed at once (after the grace period is over), and all active HTTP connections would be closed by appending a "Connection: close" header to the next response that goes over it (or via a GOAWAY frame in case of HTTP2). This patch adds the support of this new option for HTTP as well as HTTP2 connections. It works differently on active and idle connections. On active connections, instead of sending systematically the GOAWAY frame or adding the 'Connection: close' header like before once the soft-stop has started, a random based on the remainder of the close window is calculated, and depending on its result we could decide to keep the connection alive. The random will be recalculated for any subsequent request/response on this connection so the GOAWAY will still end up being sent, but we might wait a few more round trips. This will ensure that goaways are distributed along a longer time window than before. On idle connections, a random factor is used when determining the expire field of the connection's task, which should naturally spread connection closings on the time window (see h2c_update_timeout). This feature request was described in GitHub issue #1614. This patch should be backported to 2.5. It depends on "BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts" which refactorized the timeout management of HTTP2 connections.
2022-04-08 12:04:18 -04:00
return 0;
}
MEDIUM: task: extend the state field to 32 bits It's been too short for quite a while now and is now full. It's still time to extend it to 32-bits since we have room for this without wasting any space, so we now gained 16 new bits for future flags. The values were not reassigned just in case there would be a few hidden u16 or short somewhere in which these flags are placed (as it used to be the case with stream->pending_events). The patch is tagged MEDIUM because this required to update the task's process() prototype to use an int instead of a short, that's quite a bunch of places.
2021-03-02 10:09:26 -05:00
struct task *hard_stop(struct task *t, void *context, unsigned int state)
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
{
struct proxy *p;
struct stream *s;
BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal The hard-stop event didn't wake threads up. In the past it wasn't an issue as the poll timeout was limited to 1 second, but since commit 4f59d3861 ("MINOR: time: increase the minimum wakeup interval to 60s") it has become a problem because old processes can remain live for up to one minute after the hard-stop-after delay. Let's just wake them up. This may be backported to older releases, though before 2.4 the extra delay was only one second.
2021-02-24 05:13:59 -05:00
int thr;
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
if (killed) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Some tasks resisted to hard-stop, exiting now.\n");
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
send_log(NULL, LOG_WARNING, "Some tasks resisted to hard-stop, exiting now.\n");
BUG/MINOR: deinit/threads: make hard-stop-after perform a clean exit As reported in GH issue #99, when hard-stop-after triggers and threads are in use, the chance that any thread releases the resources in use by the other ones is non-null. Thus no thread should be allowed to deinit() nor exit by itself. Here we take a different approach. We simply use a 3rd possible value for the "killed" variable so that all threads know they must break out of the run-poll-loop and immediately stop. This patch was tested by commenting the stream_shutdown() calls in hard_stop() to increase the chances to see a stream use released resources. With this fix applied, it never crashes anymore. This fix should be backported to 1.9 and 1.8.
2019-06-02 05:11:29 -04:00
killed = 2;
BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal The hard-stop event didn't wake threads up. In the past it wasn't an issue as the poll timeout was limited to 1 second, but since commit 4f59d3861 ("MINOR: time: increase the minimum wakeup interval to 60s") it has become a problem because old processes can remain live for up to one minute after the hard-stop-after delay. Let's just wake them up. This may be backported to older releases, though before 2.4 the extra delay was only one second.
2021-02-24 05:13:59 -05:00
for (thr = 0; thr < global.nbthread; thr++)
BUG/MINOR: thread: always reload threads_enabled in loops A few loops waiting for threads to synchronize such as thread_isolate() rightfully filter the thread masks via the threads_enabled field that contains the list of enabled threads. However, it doesn't use an atomic load on it. Before 2.7, the equivalent variables were marked as volatile and were always reloaded. In 2.7 they're fields in ha_tgroup_ctx[], and the risk that the compiler keeps them in a register inside a loop is not null at all. In practice when ha_thread_relax() calls sched_yield() or an x86 PAUSE instruction, it could be verified that the variable is always reloaded. If these are avoided (e.g. architecture providing neither solution), it's visible in asm code that the variables are not reloaded. In this case, if a thread exists just between the moment the two values are read, the loop could spin forever. This patch adds the required _HA_ATOMIC_LOAD() on the relevant threads_enabled fields. It must be backported to 2.7.
2023-01-19 13:14:18 -05:00
if (_HA_ATOMIC_LOAD(&ha_thread_info[thr].tg->threads_enabled) & ha_thread_info[thr].ltid_bit)
BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal The hard-stop event didn't wake threads up. In the past it wasn't an issue as the poll timeout was limited to 1 second, but since commit 4f59d3861 ("MINOR: time: increase the minimum wakeup interval to 60s") it has become a problem because old processes can remain live for up to one minute after the hard-stop-after delay. Let's just wake them up. This may be backported to older releases, though before 2.4 the extra delay was only one second.
2021-02-24 05:13:59 -05:00
wake_thread(thr);
BUG/MINOR: deinit/threads: make hard-stop-after perform a clean exit As reported in GH issue #99, when hard-stop-after triggers and threads are in use, the chance that any thread releases the resources in use by the other ones is non-null. Thus no thread should be allowed to deinit() nor exit by itself. Here we take a different approach. We simply use a 3rd possible value for the "killed" variable so that all threads know they must break out of the run-poll-loop and immediately stop. This patch was tested by commenting the stream_shutdown() calls in hard_stop() to increase the chances to see a stream use released resources. With this fix applied, it never crashes anymore. This fix should be backported to 1.9 and 1.8.
2019-06-02 05:11:29 -04:00
t->expire = TICK_ETERNITY;
return t;
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
}
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("soft-stop running for too long, performing a hard-stop.\n");
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
send_log(NULL, LOG_WARNING, "soft-stop running for too long, performing a hard-stop.\n");
MINOR/CLEANUP: proxy: rename "proxy" to "proxies_list" Rename the global variable "proxy" to "proxies_list". There's been multiple proxies in haproxy for quite some time, and "proxy" is a potential source of bugs, a number of functions have a "proxy" argument, and some code used "proxy" when it really meant "px" or "curproxy". It worked by pure luck, because it usually happened while parsing the config, and thus "proxy" pointed to the currently parsed proxy, but we should probably not rely on this. [wt: some of these are definitely fixes that are worth backporting]
2017-11-24 10:54:05 -05:00
p = proxies_list;
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
while (p) {
if ((p->cap & PR_CAP_FE) && (p->feconn > 0)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Proxy %s hard-stopped (%d remaining conns will be closed).\n",
p->id, p->feconn);
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
send_log(p, LOG_WARNING, "Proxy %s hard-stopped (%d remaining conns will be closed).\n",
p->id, p->feconn);
}
p = p->next;
}
BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop When setting hard-stop-after, hard_stop() is called at the end to kill last pending streams. Unfortunately there's no locking there while walking over the streams list nor when shutting them down, so it's very likely that some old processes have been crashing or gone wild due to this. Let's use a thread_isolate() call for this as we don't have much other choice (and it happens once in the process' life, that's OK). This must be backported to 1.8.
2021-02-24 05:08:56 -05:00
thread_isolate();
MINOR: streams: use one list per stream instead of a global one The global streams list is exclusively used for "show sess", to look up a stream to shut down, and for the hard-stop. Having all of them in a single list is extremely expensive in terms of locking when using threads, with performance losses as high as 7% having been observed just due to this. This patch makes the list per-thread, since there's no need to have a global one in this situation. All call places just iterate over all threads. The most "invasive" changes was in "show sess" where the end of list needs to go back to the beginning of next thread's list until the last thread is seen. For now the lock was maintained to keep the code auditable but a next commit should get rid of it. The observed performance gain here with only 4 threads is already 7% (350krps -> 374krps).
2021-02-24 04:37:01 -05:00
for (thr = 0; thr < global.nbthread; thr++) {
REORG: thread/sched: move the last dynamic thread_info to thread_ctx The last 3 fields were 3 list heads that are per-thread, and which are: - the pool's LRU head - the buffer_wq - the streams list head Moving them into thread_ctx completes the removal of dynamic elements from the struct thread_info. Now all these dynamic elements are packed together at a single place for a thread.
2021-09-30 13:02:18 -04:00
list_for_each_entry(s, &ha_thread_ctx[thr].streams, list) {
MINOR: streams: use one list per stream instead of a global one The global streams list is exclusively used for "show sess", to look up a stream to shut down, and for the hard-stop. Having all of them in a single list is extremely expensive in terms of locking when using threads, with performance losses as high as 7% having been observed just due to this. This patch makes the list per-thread, since there's no need to have a global one in this situation. All call places just iterate over all threads. The most "invasive" changes was in "show sess" where the end of list needs to go back to the beginning of next thread's list until the last thread is seen. For now the lock was maintained to keep the code auditable but a next commit should get rid of it. The observed performance gain here with only 4 threads is already 7% (350krps -> 374krps).
2021-02-24 04:37:01 -05:00
stream_shutdown(s, SF_ERR_KILLED);
}
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
}
MINOR: streams: use one list per stream instead of a global one The global streams list is exclusively used for "show sess", to look up a stream to shut down, and for the hard-stop. Having all of them in a single list is extremely expensive in terms of locking when using threads, with performance losses as high as 7% having been observed just due to this. This patch makes the list per-thread, since there's no need to have a global one in this situation. All call places just iterate over all threads. The most "invasive" changes was in "show sess" where the end of list needs to go back to the beginning of next thread's list until the last thread is seen. For now the lock was maintained to keep the code auditable but a next commit should get rid of it. The observed performance gain here with only 4 threads is already 7% (350krps -> 374krps).
2021-02-24 04:37:01 -05:00
BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop When setting hard-stop-after, hard_stop() is called at the end to kill last pending streams. Unfortunately there's no locking there while walking over the streams list nor when shutting them down, so it's very likely that some old processes have been crashing or gone wild due to this. Let's use a thread_isolate() call for this as we don't have much other choice (and it happens once in the process' life, that's OK). This must be backported to 1.8.
2021-02-24 05:08:56 -05:00
thread_release();
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
killed = 1;
t->expire = tick_add(now_ms, MS_TO_TICKS(1000));
return t;
}
MINOR: proxy: add a global "grace" directive to postpone soft-stop In ticket #1348 some users expressed some concerns regarding the removal of the "grace" directive from the proxies. Their use case very closely mimmicks the original intent of the grace keyword, which is, let haproxy accept traffic for some time when stopping, while indicating an external LB that it's stopping. This is implemented here by starting a task whose expiration triggers the soft-stop for real. The global "stopping" variable is immediately set however. For example, this below will be sufficient to instantly notify an external check on port 9999 that the service is going down, while other services remain active for 10s: global grace 10s frontend ext-check bind :9999 monitor-uri /ext-check monitor fail if { stopping }
2021-09-07 04:49:45 -04:00
/* perform the soft-stop right now (i.e. unbind listeners) */
static void do_soft_stop_now()
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
BUG/MEDIUM: proxy: properly stop backends on soft-stop On soft-stop, we must properlu stop backends and not only proxies with at least a listener. This is mandatory in order to stop the health checks. A previous fix was provided to do so (ba29687bc1 "BUG/MEDIUM: proxy: properly stop backends"). However, only stop_proxy() function was fixed. When HAproxy is stopped, this function is no longer used. So the same kind of fix must be done on do_soft_stop_now(). This patch partially fixes the issue #1874. It must be backported as far as 2.4.
2023-03-14 09:33:11 -04:00
struct proxy *p;
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
struct task *task;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
MINOR: config: disable busy polling on old processes in the context of seamless reload and busy polling, older processes will create unecessary cpu conflicts; we can assume there is no need for busy polling for old processes which are waiting to be terminated. This patch is not a bug fix itself but might be a good stability improvment when you are un the context of frequent seamless reloads with a high "hard-stop-after" value; for that reasons I think this patch should be backported in all 2.x versions. Signed-off-by: William Dauchy <w.dauchy@criteo.com>
2019-12-28 09:36:02 -05:00
/* disable busy polling to avoid cpu eating for the new process */
global.tune.options &= ~GTUNE_BUSY_POLLING;
MINOR: proxy: add a global "grace" directive to postpone soft-stop In ticket #1348 some users expressed some concerns regarding the removal of the "grace" directive from the proxies. Their use case very closely mimmicks the original intent of the grace keyword, which is, let haproxy accept traffic for some time when stopping, while indicating an external LB that it's stopping. This is implemented here by starting a task whose expiration triggers the soft-stop for real. The global "stopping" variable is immediately set however. For example, this below will be sufficient to instantly notify an external check on port 9999 that the service is going down, while other services remain active for 10s: global grace 10s frontend ext-check bind :9999 monitor-uri /ext-check monitor fail if { stopping }
2021-09-07 04:49:45 -04:00
MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window The new 'close-spread-time' global option can be used to spread idle and active HTTP connction closing after a SIGUSR1 signal is received. This allows to limit bursts of reconnections when too many idle connections are closed at once. Indeed, without this new mechanism, in case of soft-stop, all the idle connections would be closed at once (after the grace period is over), and all active HTTP connections would be closed by appending a "Connection: close" header to the next response that goes over it (or via a GOAWAY frame in case of HTTP2). This patch adds the support of this new option for HTTP as well as HTTP2 connections. It works differently on active and idle connections. On active connections, instead of sending systematically the GOAWAY frame or adding the 'Connection: close' header like before once the soft-stop has started, a random based on the remainder of the close window is calculated, and depending on its result we could decide to keep the connection alive. The random will be recalculated for any subsequent request/response on this connection so the GOAWAY will still end up being sent, but we might wait a few more round trips. This will ensure that goaways are distributed along a longer time window than before. On idle connections, a random factor is used when determining the expire field of the connection's task, which should naturally spread connection closings on the time window (see h2c_update_timeout). This feature request was described in GitHub issue #1614. This patch should be backported to 2.5. It depends on "BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts" which refactorized the timeout management of HTTP2 connections.
2022-04-08 12:04:18 -04:00
if (tick_isset(global.close_spread_time)) {
global.close_spread_end = tick_add(now_ms, global.close_spread_time);
}
MINOR: proxy: add a global "grace" directive to postpone soft-stop In ticket #1348 some users expressed some concerns regarding the removal of the "grace" directive from the proxies. Their use case very closely mimmicks the original intent of the grace keyword, which is, let haproxy accept traffic for some time when stopping, while indicating an external LB that it's stopping. This is implemented here by starting a task whose expiration triggers the soft-stop for real. The global "stopping" variable is immediately set however. For example, this below will be sufficient to instantly notify an external check on port 9999 that the service is going down, while other services remain active for 10s: global grace 10s frontend ext-check bind :9999 monitor-uri /ext-check monitor fail if { stopping }
2021-09-07 04:49:45 -04:00
/* schedule a hard-stop after a delay if needed */
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
if (tick_isset(global.hard_stop_after)) {
MINOR: task: provide 3 task_new_* wrappers to simplify the API We'll need to improve the API to pass other arguments in the future, so let's start to adapt better to the current use cases. task_new() is used: - 18 times as task_new(tid_bit) - 18 times as task_new(MAX_THREADS_MASK) - 2 times with a single bit (in a loop) - 1 in the debug code that uses a mask This patch provides 3 new functions to achieve this: - task_new_here() to create a task on the calling thread - task_new_anywhere() to create a task to be run anywhere - task_new_on() to create a task to run on a specific thread The change is trivial and will allow us to later concentrate the required adaptations to these 3 functions only. It's still possible to call task_new() if needed but a comment was added to encourage the use of the new ones instead. The debug code was not changed and still uses it.
2021-10-01 12:23:30 -04:00
task = task_new_anywhere();
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
if (task) {
task->process = hard_stop;
task_schedule(task, tick_add(now_ms, global.hard_stop_after));
}
else {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("out of memory trying to allocate the hard-stop task.\n");
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
}
}
MEDIUM: proxy: make soft_stop() stop most listeners using protocol_stop_now() One difficulty in soft-stopping is to make sure not to forget unlisted listeners. By first doing a pass using protocol_stop_now() we catch the vast majority of them. The few remaining ones are the ones belonging to a proxy having a grace period. For these ones, the proxy will arm its stop_time timer and emit a log message. Since neither UDP listeners nor peers use the grace period, we can already get rid of the special cases there since we know they will have been stopped by the protocols.
2020-10-07 10:52:43 -04:00
MEDIUM: proto: stop protocols under thread isolation during soft stop protocol_stop_now() is called from do_soft_stop_now() running on any thread that received the signal. The problem is that it will call some listener handlers to close the FD, resulting in an fd_delete() being called from the wrong group. That's not clean and we cannot even rely on the thread mask to show up. One interesting long-term approach could be to have kill queues for FDs, and maybe we'll need them in the long run. However that doesn't work well for listeners in this situation. Let's simply isolate ourselves during this instant. We know we'll be alone dealing with the close and that the FD will be instantly deleted since not in use by any other thread. It's not the cleanest solution but it should last long enough without causing trouble.
2022-07-15 13:15:02 -04:00
/* we isolate so that we have a chance of stopping listeners in other groups */
thread_isolate();
MEDIUM: proxy: remove the deprecated "grace" keyword Commit ab0a5192a ("MEDIUM: config: mark "grace" as deprecated") marked the "grace" keyword as deprecated in 2.3, tentative removal for 2.4 with a hard deadline in 2.5, so let's remove it and return an error now. This old and outdated feature was incompatible with soft-stop, reload and socket transfers, and keeping it forced ugly hacks in the lower layers of the protocol stack.
2021-06-11 10:27:10 -04:00
/* stop all stoppable listeners */
MEDIUM: proxy: make soft_stop() stop most listeners using protocol_stop_now() One difficulty in soft-stopping is to make sure not to forget unlisted listeners. By first doing a pass using protocol_stop_now() we catch the vast majority of them. The few remaining ones are the ones belonging to a proxy having a grace period. For these ones, the proxy will arm its stop_time timer and emit a log message. Since neither UDP listeners nor peers use the grace period, we can already get rid of the special cases there since we know they will have been stopped by the protocols.
2020-10-07 10:52:43 -04:00
protocol_stop_now();
MEDIUM: proto: stop protocols under thread isolation during soft stop protocol_stop_now() is called from do_soft_stop_now() running on any thread that received the signal. The problem is that it will call some listener handlers to close the FD, resulting in an fd_delete() being called from the wrong group. That's not clean and we cannot even rely on the thread mask to show up. One interesting long-term approach could be to have kill queues for FDs, and maybe we'll need them in the long run. However that doesn't work well for listeners in this situation. Let's simply isolate ourselves during this instant. We know we'll be alone dealing with the close and that the FD will be instantly deleted since not in use by any other thread. It's not the cleanest solution but it should last long enough without causing trouble.
2022-07-15 13:15:02 -04:00
thread_release();
BUG/MEDIUM: proxy: properly stop backends on soft-stop On soft-stop, we must properlu stop backends and not only proxies with at least a listener. This is mandatory in order to stop the health checks. A previous fix was provided to do so (ba29687bc1 "BUG/MEDIUM: proxy: properly stop backends"). However, only stop_proxy() function was fixed. When HAproxy is stopped, this function is no longer used. So the same kind of fix must be done on do_soft_stop_now(). This patch partially fixes the issue #1874. It must be backported as far as 2.4.
2023-03-14 09:33:11 -04:00
/* Loop on proxies to stop backends */
p = proxies_list;
while (p) {
HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock);
proxy_cond_disable(p);
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &p->lock);
p = p->next;
}
[MEDIUM] signals: support redistribution of signal zero when stopping Signal zero is never delivered by the system. However having a signal to which functions and tasks can subscribe to be notified of a stopping event is useful. So this patch does two things : 1) allow signal zero to be delivered from any function of signal handler 2) make soft_stop() deliver this signal so that tasks can be notified of a stopping condition.
2010-08-27 12:26:11 -04:00
/* signal zero is used to broadcast the "stopping" event */
signal_handler(0);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
MINOR: proxy: add a global "grace" directive to postpone soft-stop In ticket #1348 some users expressed some concerns regarding the removal of the "grace" directive from the proxies. Their use case very closely mimmicks the original intent of the grace keyword, which is, let haproxy accept traffic for some time when stopping, while indicating an external LB that it's stopping. This is implemented here by starting a task whose expiration triggers the soft-stop for real. The global "stopping" variable is immediately set however. For example, this below will be sufficient to instantly notify an external check on port 9999 that the service is going down, while other services remain active for 10s: global grace 10s frontend ext-check bind :9999 monitor-uri /ext-check monitor fail if { stopping }
2021-09-07 04:49:45 -04:00
/* triggered by a soft-stop delayed with `grace` */
static struct task *grace_expired(struct task *t, void *context, unsigned int state)
{
ha_notice("Grace period expired, proceeding with soft-stop now.\n");
send_log(NULL, LOG_NOTICE, "Grace period expired, proceeding with soft-stop now.\n");
do_soft_stop_now();
task_destroy(t);
return NULL;
}
/*
* this function disables health-check servers so that the process will quickly be ignored
* by load balancers.
*/
void soft_stop(void)
{
struct task *task;
stopping = 1;
if (tick_isset(global.grace_delay)) {
MINOR: task: provide 3 task_new_* wrappers to simplify the API We'll need to improve the API to pass other arguments in the future, so let's start to adapt better to the current use cases. task_new() is used: - 18 times as task_new(tid_bit) - 18 times as task_new(MAX_THREADS_MASK) - 2 times with a single bit (in a loop) - 1 in the debug code that uses a mask This patch provides 3 new functions to achieve this: - task_new_here() to create a task on the calling thread - task_new_anywhere() to create a task to be run anywhere - task_new_on() to create a task to run on a specific thread The change is trivial and will allow us to later concentrate the required adaptations to these 3 functions only. It's still possible to call task_new() if needed but a comment was added to encourage the use of the new ones instead. The debug code was not changed and still uses it.
2021-10-01 12:23:30 -04:00
task = task_new_anywhere();
MINOR: proxy: add a global "grace" directive to postpone soft-stop In ticket #1348 some users expressed some concerns regarding the removal of the "grace" directive from the proxies. Their use case very closely mimmicks the original intent of the grace keyword, which is, let haproxy accept traffic for some time when stopping, while indicating an external LB that it's stopping. This is implemented here by starting a task whose expiration triggers the soft-stop for real. The global "stopping" variable is immediately set however. For example, this below will be sufficient to instantly notify an external check on port 9999 that the service is going down, while other services remain active for 10s: global grace 10s frontend ext-check bind :9999 monitor-uri /ext-check monitor fail if { stopping }
2021-09-07 04:49:45 -04:00
if (task) {
ha_notice("Scheduling a soft-stop in %u ms.\n", global.grace_delay);
send_log(NULL, LOG_WARNING, "Scheduling a soft-stop in %u ms.\n", global.grace_delay);
task->process = grace_expired;
task_schedule(task, tick_add(now_ms, global.grace_delay));
return;
}
else {
ha_alert("out of memory trying to allocate the stop-stop task, stopping now.\n");
}
}
/* no grace (or failure to enforce it): stop now */
do_soft_stop_now();
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
[MEDIUM] proxy: add a PAUSED state to listeners and move socket tricks out of proxy.c Managing listeners state is difficult because they have their own state and can at the same time have theirs dictated by their proxy. The pause is not done properly, as the proxy code is fiddling with sockets. By introducing new functions such as pause_listener()/resume_listener(), we make it a bit more obvious how/when they're supposed to be used. The listen_proxies() function was also renamed to resume_proxies() since it's only used for pause/resume. This patch is the first in a series aiming at getting rid of the maintain_proxies mess. In the end, proxies should not call enable_listener()/disable_listener() anymore.
2011-07-24 12:28:10 -04:00
/* Temporarily disables listening on all of the proxy's listeners. Upon
MEDIUM: proxy: remove the PR_STERROR state This state is only set when a pause() fails but isn't even set when a resume() fails. And we cannot recover from this state. Instead, let's just count remaining ready listeners to decide to emit an error or not. It's more accurate and will better support new attempts if needed.
2020-09-24 01:44:34 -04:00
* success, the proxy enters the PR_PAUSED state. The function returns 0
[CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs It avoids duplicated code in the caller.
2011-09-07 13:14:57 -04:00
* if it fails, or non-zero on success.
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
* The function takes the proxy's lock so it's safe to
* call from multiple places.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
*/
[CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs It avoids duplicated code in the caller.
2011-09-07 13:14:57 -04:00
int pause_proxy(struct proxy *p)
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
{
struct listener *l;
[CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs It avoids duplicated code in the caller.
2011-09-07 13:14:57 -04:00
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock);
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (!(p->cap & PR_CAP_FE) || (p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) || !p->li_ready)
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
goto end;
[CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs It avoids duplicated code in the caller.
2011-09-07 13:14:57 -04:00
MEDIUM: proxy: remove the PR_STERROR state This state is only set when a pause() fails but isn't even set when a resume() fails. And we cannot recover from this state. Instead, let's just count remaining ready listeners to decide to emit an error or not. It's more accurate and will better support new attempts if needed.
2020-09-24 01:44:34 -04:00
list_for_each_entry(l, &p->conf.listeners, by_fe)
MINOR: listener: pause_listener() becomes suspend_listener() We are simply renaming pause_listener() to suspend_listener() to prevent confusion around listener pausing. A suspended listener can be in two differents valid states: - LI_PAUSED: the listener is effectively paused, it will unpause on resume_listener() - LI_ASSIGNED (not bound): the listener does not support the LI_PAUSED state, so it was unbound to satisfy the suspend request, it will correcly re-bind on resume_listener() Besides that, we add the LI_F_SUSPENDED flag to mark suspended listeners in suspend_listener() and unmark them in resume_listener(). We're also adding li_suspend proxy variable to track the number of currently suspended listeners: That is, the number of listeners that were suspended through suspend_listener() and that are either in LI_PAUSED or LI_ASSIGNED state. Counter is increased on successful suspend in suspend_listener() and it is decreased on successful resume in resume_listener() -- Backport notes: -> 2.4 only, as "MINOR: proxy/listener: support for additional PAUSED state" was not backported: Replace this: | /* PROXY_LOCK is require | proxy_cond_resume(px); By this: | ha_warning("Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); | send_log(px, LOG_WARNING, "Resumed %s %s.\n", proxy_cap_str(px->cap), px->id); -> 2.6 and 2.7 only, as "MINOR: listener: make sure we don't pause/resume" was custom patched: Replace this: |@@ -253,6 +253,7 @@ struct listener { | | /* listener flags (16 bits) */ | #define LI_F_FINALIZED 0x0001 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+#define LI_F_SUSPENDED 0x0002 /* listener has been suspended using suspend_listener(), it is either is LI_PAUSED or LI_ASSIGNED state */ | | /* Descriptor for a "bind" keyword. The ->parse() function returns 0 in case of | * success, or a combination of ERR_* flags if an error is encountered. The By this: |@@ -222,6 +222,7 @@ struct li_per_thread { | | #define LI_F_QUIC_LISTENER 0x00000001 /* listener uses proto quic */ | #define LI_F_FINALIZED 0x00000002 /* listener made it to the READY||LIMITED||FULL state at least once, may be suspended/resumed safely */ |+#define LI_F_SUSPENDED 0x00000004 /* listener has been suspended using suspend_listener(), it is either is LI_PAUSED or LI_ASSIGNED state */ | | /* The listener will be directly referenced by the fdtab[] which holds its | * socket. The listener provides the protocol-specific accept() function to
2023-02-13 11:45:08 -05:00
suspend_listener(l, 1, 0);
[CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs It avoids duplicated code in the caller.
2011-09-07 13:14:57 -04:00
MEDIUM: proxy: remove the PR_STERROR state This state is only set when a pause() fails but isn't even set when a resume() fails. And we cannot recover from this state. Instead, let's just count remaining ready listeners to decide to emit an error or not. It's more accurate and will better support new attempts if needed.
2020-09-24 01:44:34 -04:00
if (p->li_ready) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("%s %s failed to enter pause mode.\n", proxy_cap_str(p->cap), p->id);
[CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs It avoids duplicated code in the caller.
2011-09-07 13:14:57 -04:00
send_log(p, LOG_WARNING, "%s %s failed to enter pause mode.\n", proxy_cap_str(p->cap), p->id);
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &p->lock);
[CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs It avoids duplicated code in the caller.
2011-09-07 13:14:57 -04:00
return 0;
}
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
end:
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &p->lock);
[CLEANUP] proxy: make pause_proxy() perform the required controls and emit the logs It avoids duplicated code in the caller.
2011-09-07 13:14:57 -04:00
return 1;
[BUG] ensure that listeners from disabled proxies are correctly unbound. There is a problem when an instance is marked "disabled". Its ports are still bound but will not be unbound upon termination. This causes processes to accumulate during soft restarts, and might even cause failures to restart new ones due to the inability to bind to the same port. The ideal solution would be to bind all ports at the end of the configuration parsing. An acceptable workaround is to unbind all listeners of disabled proxies. This is what the current patch does. (cherry picked from commit a944218e9c1d5ff1aca34609146389dc680335b7) (cherry picked from commit 8cfebbb82b87345bade831920177077e7d25840a)
2008-10-12 06:07:48 -04:00
}
/*
* This function completely stops a proxy and releases its listeners. It has
* to be called when going down in order to release the ports so that another
* process may bind to them. It must also be called on disabled proxies at the
MEDIUM: listeners: support unstoppable listener An unstoppable listener is a listener which won't be stop during a soft stop. The unstoppable_jobs variable is incremented and the listener won't prevent the process to leave properly. It is not a good idea to use this feature (the LI_O_NOSTOP flag) with a listener that need to be bind again on another process during a soft reload.
2018-11-16 10:57:21 -05:00
* end of start-up. If all listeners are closed, the proxy is set to the
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
* PR_STOPPED state.
* The function takes the proxy's lock so it's safe to
BUG/MINOR: proxy: always lock stop_proxy() There is one unprotected call to stop_proxy() from the manage_proxy() task, so there is a single caller by definition, but there is also another such call from the CLI's "shutdown frontend" parser. This one does it under the proxy's lock but the first one doesn't use it. Thus it is theorically possible to corrupt the list of listeners in a proxy by issuing "shutdown frontend" and SIGUSR1 exactly at the same time. While it sounds particularly contrived or stupid, it could possibly happen with automated tools that would send actions via various channels. This could cause the process to loop forever or to crash and thus stop faster than expected. This might be backported as far as 1.8.
2019-07-24 11:42:44 -04:00
* call from multiple places.
[BUG] ensure that listeners from disabled proxies are correctly unbound. There is a problem when an instance is marked "disabled". Its ports are still bound but will not be unbound upon termination. This causes processes to accumulate during soft restarts, and might even cause failures to restart new ones due to the inability to bind to the same port. The ideal solution would be to bind all ports at the end of the configuration parsing. An acceptable workaround is to unbind all listeners of disabled proxies. This is what the current patch does. (cherry picked from commit a944218e9c1d5ff1aca34609146389dc680335b7) (cherry picked from commit 8cfebbb82b87345bade831920177077e7d25840a)
2008-10-12 06:07:48 -04:00
*/
void stop_proxy(struct proxy *p)
{
struct listener *l;
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock);
BUG/MINOR: proxy: always lock stop_proxy() There is one unprotected call to stop_proxy() from the manage_proxy() task, so there is a single caller by definition, but there is also another such call from the CLI's "shutdown frontend" parser. This one does it under the proxy's lock but the first one doesn't use it. Thus it is theorically possible to corrupt the list of listeners in a proxy by issuing "shutdown frontend" and SIGUSR1 exactly at the same time. While it sounds particularly contrived or stupid, it could possibly happen with automated tools that would send actions via various channels. This could cause the process to loop forever or to crash and thus stop faster than expected. This might be backported as far as 1.8.
2019-07-24 11:42:44 -04:00
MEDIUM: proxy: make stop_proxy() now use stop_listener() The function will stop the listeners using this method, which in turn will ping back once it finishes disabling the proxy.
2020-10-07 10:20:34 -04:00
list_for_each_entry(l, &p->conf.listeners, by_fe)
MINOR: listener/api: add lli hint to listener functions Add listener lock hint (AKA lli) to (stop/resume/pause)_listener() functions. All these functions implicitely take the listener lock when they are called: It could be useful to be able to call them while already holding the lock, so we're adding lli hint to make them take the lock only when it is missing. This should only be backported if explicitly required by another commit -- -> 2.4 and 2.5 common backport notes: These 2 commits need to be backported first: - 187396e34 "CLEANUP: listener: function comment typo in stop_listener()" - a57786e87 "BUG/MINOR: listener: null pointer dereference suspected by coverity" -> 2.4 special backport notes: In addition to the previously mentionned dependencies, the patch needs to be slightly adapted to match the corresponding contextual lines: Replace this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if (l->state <= LI_PAUSED) | goto end; By this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if ((global.mode & (MODE_DAEMON | MODE_MWORKER)) && | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) Replace this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); | } By this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) | if (!listener->bind_conf->frontend->grace) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); Replace this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!(p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && !p->li_ready) { | /* might be just a backend */ By this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!p->disabled && !p->li_ready) { | /* might be just a backend */
2023-02-06 11:06:03 -05:00
stop_listener(l, 1, 0, 0);
BUG/MINOR: proxy: always lock stop_proxy() There is one unprotected call to stop_proxy() from the manage_proxy() task, so there is a single caller by definition, but there is also another such call from the CLI's "shutdown frontend" parser. This one does it under the proxy's lock but the first one doesn't use it. Thus it is theorically possible to corrupt the list of listeners in a proxy by issuing "shutdown frontend" and SIGUSR1 exactly at the same time. While it sounds particularly contrived or stupid, it could possibly happen with automated tools that would send actions via various channels. This could cause the process to loop forever or to crash and thus stop faster than expected. This might be backported as far as 1.8.
2019-07-24 11:42:44 -04:00
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (!(p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && !p->li_ready) {
BUG/MEDIUM: proxy: properly stop backends The proxy stopping mechanism was changed with commit 322b9b94e ("MEDIUM: proxy: make stop_proxy() now use stop_listener()") so that it's now entirely driven by the listeners. One thing was forgotten though, which is that pure backends will not stop anymore since they don't have any listener, and that it's necessary to stop them in order to stop the health checks. No backport is needed.
2020-10-16 09:10:11 -04:00
/* might be just a backend */
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
p->flags |= PR_FL_STOPPED;
BUG/MEDIUM: proxy: properly stop backends The proxy stopping mechanism was changed with commit 322b9b94e ("MEDIUM: proxy: make stop_proxy() now use stop_listener()") so that it's now entirely driven by the listeners. One thing was forgotten though, which is that pure backends will not stop anymore since they don't have any listener, and that it's necessary to stop them in order to stop the health checks. No backport is needed.
2020-10-16 09:10:11 -04:00
}
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &p->lock);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
}
[BUG] peers: ensure the peers are resumed if they were paused Upon an incoming soft restart request, we first pause all frontends and peers. If the caller changes its mind and asks us to resume (eg: failed binding), we must resume all the frontends and peers. Unfortunately the peers were not resumed. The code was arranged to avoid code duplication (which used to hide the issue till now).
2011-09-07 15:33:14 -04:00
/* This function resumes listening on the specified proxy. It scans all of its
* listeners and tries to enable them all. If any of them fails, the proxy is
* put back to the paused state. It returns 1 upon success, or zero if an error
* is encountered.
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
* The function takes the proxy's lock so it's safe to
* call from multiple places.
[BUG] peers: ensure the peers are resumed if they were paused Upon an incoming soft restart request, we first pause all frontends and peers. If the caller changes its mind and asks us to resume (eg: failed binding), we must resume all the frontends and peers. Unfortunately the peers were not resumed. The code was arranged to avoid code duplication (which used to hide the issue till now).
2011-09-07 15:33:14 -04:00
*/
int resume_proxy(struct proxy *p)
{
struct listener *l;
int fail;
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock);
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if ((p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) || !p->li_paused)
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
goto end;
[BUG] peers: ensure the peers are resumed if they were paused Upon an incoming soft restart request, we first pause all frontends and peers. If the caller changes its mind and asks us to resume (eg: failed binding), we must resume all the frontends and peers. Unfortunately the peers were not resumed. The code was arranged to avoid code duplication (which used to hide the issue till now).
2011-09-07 15:33:14 -04:00
fail = 0;
MAJOR: listeners: use dual-linked lists to chain listeners with frontends Navigating through listeners was very inconvenient and error-prone. Not to mention that listeners were linked in reverse order and reverted afterwards. In order to definitely get rid of these issues, we now do the following : - frontends have a dual-linked list of bind_conf - frontends have a dual-linked list of listeners - bind_conf have a dual-linked list of listeners - listeners have a pointer to their bind_conf This way we can now navigate from anywhere to anywhere and always find the proper bind_conf for a given listener, as well as find the list of listeners for a current bind_conf.
2012-09-20 10:48:07 -04:00
list_for_each_entry(l, &p->conf.listeners, by_fe) {
MINOR: listener/api: add lli hint to listener functions Add listener lock hint (AKA lli) to (stop/resume/pause)_listener() functions. All these functions implicitely take the listener lock when they are called: It could be useful to be able to call them while already holding the lock, so we're adding lli hint to make them take the lock only when it is missing. This should only be backported if explicitly required by another commit -- -> 2.4 and 2.5 common backport notes: These 2 commits need to be backported first: - 187396e34 "CLEANUP: listener: function comment typo in stop_listener()" - a57786e87 "BUG/MINOR: listener: null pointer dereference suspected by coverity" -> 2.4 special backport notes: In addition to the previously mentionned dependencies, the patch needs to be slightly adapted to match the corresponding contextual lines: Replace this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if (l->state <= LI_PAUSED) | goto end; By this: |@@ -471,7 +474,8 @@ int pause_listener(struct listener *l, int lpx) | if (!lpx && px) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock); | |- HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); |+ if (!lli) |+ HA_RWLOCK_WRLOCK(LISTENER_LOCK, &l->lock); | | if ((global.mode & (MODE_DAEMON | MODE_MWORKER)) && | !(proc_mask(l->rx.settings->bind_proc) & pid_bit)) Replace this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); | } By this: |@@ -169,7 +169,7 @@ void protocol_stop_now(void) | HA_SPIN_LOCK(PROTO_LOCK, &proto_lock); | list_for_each_entry(proto, &protocols, list) { | list_for_each_entry_safe(listener, lback, &proto->receivers, rx.proto_list) | if (!listener->bind_conf->frontend->grace) |- stop_listener(listener, 0, 1); |+ stop_listener(listener, 0, 1, 0); | } | HA_SPIN_UNLOCK(PROTO_LOCK, &proto_lock); Replace this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!(p->flags & (PR_FL_DISABLED|PR_FL_STOPPED)) && !p->li_ready) { | /* might be just a backend */ By this: |@@ -2315,7 +2315,7 @@ void stop_proxy(struct proxy *p) | HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); | | list_for_each_entry(l, &p->conf.listeners, by_fe) |- stop_listener(l, 1, 0); |+ stop_listener(l, 1, 0, 0); | | if (!p->disabled && !p->li_ready) { | /* might be just a backend */
2023-02-06 11:06:03 -05:00
if (!resume_listener(l, 1, 0)) {
[BUG] peers: ensure the peers are resumed if they were paused Upon an incoming soft restart request, we first pause all frontends and peers. If the caller changes its mind and asks us to resume (eg: failed binding), we must resume all the frontends and peers. Unfortunately the peers were not resumed. The code was arranged to avoid code duplication (which used to hide the issue till now).
2011-09-07 15:33:14 -04:00
int port;
REORG: listener: move the listening address to a struct receiver The address will be specific to the receiver so let's move it there.
2020-08-27 01:48:42 -04:00
port = get_host_port(&l->rx.addr);
[BUG] peers: ensure the peers are resumed if they were paused Upon an incoming soft restart request, we first pause all frontends and peers. If the caller changes its mind and asks us to resume (eg: failed binding), we must resume all the frontends and peers. Unfortunately the peers were not resumed. The code was arranged to avoid code duplication (which used to hide the issue till now).
2011-09-07 15:33:14 -04:00
if (port) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Port %d busy while trying to enable %s %s.\n",
port, proxy_cap_str(p->cap), p->id);
[BUG] peers: ensure the peers are resumed if they were paused Upon an incoming soft restart request, we first pause all frontends and peers. If the caller changes its mind and asks us to resume (eg: failed binding), we must resume all the frontends and peers. Unfortunately the peers were not resumed. The code was arranged to avoid code duplication (which used to hide the issue till now).
2011-09-07 15:33:14 -04:00
send_log(p, LOG_WARNING, "Port %d busy while trying to enable %s %s.\n",
port, proxy_cap_str(p->cap), p->id);
}
else {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Bind on socket %d busy while trying to enable %s %s.\n",
l->luid, proxy_cap_str(p->cap), p->id);
[BUG] peers: ensure the peers are resumed if they were paused Upon an incoming soft restart request, we first pause all frontends and peers. If the caller changes its mind and asks us to resume (eg: failed binding), we must resume all the frontends and peers. Unfortunately the peers were not resumed. The code was arranged to avoid code duplication (which used to hide the issue till now).
2011-09-07 15:33:14 -04:00
send_log(p, LOG_WARNING, "Bind on socket %d busy while trying to enable %s %s.\n",
l->luid, proxy_cap_str(p->cap), p->id);
}
/* Another port might have been enabled. Let's stop everything. */
fail = 1;
break;
}
}
if (fail) {
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &p->lock);
/* pause_proxy will take PROXY_LOCK */
[BUG] peers: ensure the peers are resumed if they were paused Upon an incoming soft restart request, we first pause all frontends and peers. If the caller changes its mind and asks us to resume (eg: failed binding), we must resume all the frontends and peers. Unfortunately the peers were not resumed. The code was arranged to avoid code duplication (which used to hide the issue till now).
2011-09-07 15:33:14 -04:00
pause_proxy(p);
return 0;
}
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
end:
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &p->lock);
[BUG] peers: ensure the peers are resumed if they were paused Upon an incoming soft restart request, we first pause all frontends and peers. If the caller changes its mind and asks us to resume (eg: failed binding), we must resume all the frontends and peers. Unfortunately the peers were not resumed. The code was arranged to avoid code duplication (which used to hide the issue till now).
2011-09-07 15:33:14 -04:00
return 1;
}
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
/* Set current stream's backend to <be>. Nothing is done if the
* stream already had a backend assigned, which is indicated by
REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* This is in order to keep things consistent.
2015-04-02 19:14:29 -04:00
* s->flags & SF_BE_ASSIGNED.
[MAJOR] http: complete splitting of the remaining stages The HTTP processing has been splitted into 7 steps, one of which is not anymore HTTP-specific (content-switching). That way, it becomes possible to use "use_backend" rules in TCP mode. A new "use_server" directive should follow soon.
2009-07-07 09:10:31 -04:00
* All flags, stats and counters which need be updated are updated.
[MINOR] prepare callers of session_set_backend to handle errors session_set_backend will soon have to allocate areas for HTTP headers. We must ensure that the callers can handle an allocation error.
2009-07-12 02:27:39 -04:00
* Returns 1 if done, 0 in case of internal error, eg: lack of resource.
[MAJOR] http: complete splitting of the remaining stages The HTTP processing has been splitted into 7 steps, one of which is not anymore HTTP-specific (content-switching). That way, it becomes possible to use "use_backend" rules in TCP mode. A new "use_server" directive should follow soon.
2009-07-07 09:10:31 -04:00
*/
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
int stream_set_backend(struct stream *s, struct proxy *be)
[MAJOR] http: complete splitting of the remaining stages The HTTP processing has been splitted into 7 steps, one of which is not anymore HTTP-specific (content-switching). That way, it becomes possible to use "use_backend" rules in TCP mode. A new "use_server" directive should follow soon.
2009-07-07 09:10:31 -04:00
{
MINOR: stream: Handle stream HTTP upgrade in a dedicated function The code responsible to perform an HTTP upgrade from a TCP stream is moved in a dedicated function, stream_set_http_mode(). The stream_set_backend() function is slightly updated, especially to correctly set the request analysers.
2021-03-15 05:42:02 -04:00
unsigned int req_ana;
REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* This is in order to keep things consistent.
2015-04-02 19:14:29 -04:00
if (s->flags & SF_BE_ASSIGNED)
[MINOR] prepare callers of session_set_backend to handle errors session_set_backend will soon have to allocate areas for HTTP headers. We must ensure that the callers can handle an allocation error.
2009-07-12 02:27:39 -04:00
return 1;
MINOR: filters: Call stream_set_backend callbacks before updating backend stats So if an internal error is returned, the number of cumulated connections on the backend is not incremented.
2016-06-21 05:54:52 -04:00
if (flt_set_stream_backend(s, be) < 0)
return 0;
[MAJOR] http: complete splitting of the remaining stages The HTTP processing has been splitted into 7 steps, one of which is not anymore HTTP-specific (content-switching). That way, it becomes possible to use "use_backend" rules in TCP mode. A new "use_server" directive should follow soon.
2009-07-07 09:10:31 -04:00
s->be = be;
MEDIUM: threads/proxy: Add a lock per proxy and atomically update proxy vars Now, each proxy contains a lock that must be used when necessary to protect it. Moreover, all proxy's counters are now updated using atomic operations.
2017-06-02 09:33:24 -04:00
HA_ATOMIC_UPDATE_MAX(&be->be_counters.conn_max,
CLEANUP: atomic: add an explicit _FETCH variant for add/sub/and/or Currently our atomic ops return a value but it's never known whether the fetch is done before or after the operation, which causes some confusion each time the value is desired. Let's create an explicit variant of these operations suffixed with _FETCH to explicitly mention that the fetch occurs after the operation, and make use of it at the few call places.
2021-04-06 05:44:07 -04:00
HA_ATOMIC_ADD_FETCH(&be->beconn, 1));
[MAJOR] http: complete splitting of the remaining stages The HTTP processing has been splitted into 7 steps, one of which is not anymore HTTP-specific (content-switching). That way, it becomes possible to use "use_backend" rules in TCP mode. A new "use_server" directive should follow soon.
2009-07-07 09:10:31 -04:00
proxy_inc_be_ctr(be);
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 18:22:06 -04:00
/* assign new parameters to the stream from the new backend */
CLEANUP: stconn: tree-wide rename stream connector flags CS_FL_* to SC_FL_* This follows the natural naming. There are roughly 100 changes, all totally trivial.
2022-05-17 13:44:42 -04:00
s->scb->flags &= ~SC_FL_INDEP_STR;
[MEDIUM] new option "independant-streams" to stop updating read timeout on writes By default, when data is sent over a socket, both the write timeout and the read timeout for that socket are refreshed, because we consider that there is activity on that socket, and we have no other means of guessing if we should receive data or not. While this default behaviour is desirable for almost all applications, there exists a situation where it is desirable to disable it, and only refresh the read timeout if there are incoming data. This happens on sessions with large timeouts and low amounts of exchanged data such as telnet session. If the server suddenly disappears, the output data accumulates in the system's socket buffers, both timeouts are correctly refreshed, and there is no way to know the server does not receive them, so we don't timeout. However, when the underlying protocol always echoes sent data, it would be enough by itself to detect the issue using the read timeout. Note that this problem does not happen with more verbose protocols because data won't accumulate long in the socket buffers. When this option is set on the frontend, it will disable read timeout updates on data sent to the client. There probably is little use of this case. When the option is set on the backend, it will disable read timeout updates on data sent to the server. Doing so will typically break large HTTP posts from slow lines, so use it with caution.
2009-10-03 16:01:18 -04:00
if (be->options2 & PR_O2_INDEPSTR)
CLEANUP: stconn: tree-wide rename stream connector flags CS_FL_* to SC_FL_* This follows the natural naming. There are roughly 100 changes, all totally trivial.
2022-05-17 13:44:42 -04:00
s->scb->flags |= SC_FL_INDEP_STR;
[MEDIUM] new option "independant-streams" to stop updating read timeout on writes By default, when data is sent over a socket, both the write timeout and the read timeout for that socket are refreshed, because we consider that there is activity on that socket, and we have no other means of guessing if we should receive data or not. While this default behaviour is desirable for almost all applications, there exists a situation where it is desirable to disable it, and only refresh the read timeout if there are incoming data. This happens on sessions with large timeouts and low amounts of exchanged data such as telnet session. If the server suddenly disappears, the output data accumulates in the system's socket buffers, both timeouts are correctly refreshed, and there is no way to know the server does not receive them, so we don't timeout. However, when the underlying protocol always echoes sent data, it would be enough by itself to detect the issue using the read timeout. Note that this problem does not happen with more verbose protocols because data won't accumulate long in the socket buffers. When this option is set on the frontend, it will disable read timeout updates on data sent to the client. There probably is little use of this case. When the option is set on the backend, it will disable read timeout updates on data sent to the server. Doing so will typically break large HTTP posts from slow lines, so use it with caution.
2009-10-03 16:01:18 -04:00
MEDIUM: http: add a new option http-buffer-request It is sometimes desirable to wait for the body of an HTTP request before taking a decision. This is what is being done by "balance url_param" for example. The first use case is to buffer requests from slow clients before connecting to the server. Another use case consists in taking the routing decision based on the request body's contents. This option placed in a frontend or backend forces the HTTP processing to wait until either the whole body is received, or the request buffer is full, or the first chunk is complete in case of chunked encoding. It can have undesired side effects with some applications abusing HTTP by expecting unbufferred transmissions between the frontend and the backend, so this should definitely not be used by default. Note that it would not work for the response because we don't reset the message state before starting to forward. For the response we need to 1) reset the message state to MSG_100_SENT or BODY , and 2) to reset body_len in case of chunked encoding to avoid counting it twice.
2015-05-01 16:42:08 -04:00
/* We want to enable the backend-specific analysers except those which
* were already run as part of the frontend/listener. Note that it would
* be more reliable to store the list of analysers that have been run,
* but what we do here is OK for now.
*/
MINOR: stream: Handle stream HTTP upgrade in a dedicated function The code responsible to perform an HTTP upgrade from a TCP stream is moved in a dedicated function, stream_set_http_mode(). The stream_set_backend() function is slightly updated, especially to correctly set the request analysers.
2021-03-15 05:42:02 -04:00
req_ana = be->be_req_ana;
if (!(strm_fe(s)->options & PR_O_WREQ_BODY) && be->options & PR_O_WREQ_BODY) {
/* The backend request to parse a request body while it was not
* performed on the frontend, so add the corresponding analyser
*/
req_ana |= AN_REQ_HTTP_BODY;
}
if (IS_HTX_STRM(s) && strm_fe(s)->mode != PR_MODE_HTTP) {
/* The stream was already upgraded to HTTP, so remove analysers
* set during the upgrade
*/
req_ana &= ~(AN_REQ_WAIT_HTTP|AN_REQ_HTTP_PROCESS_FE);
}
MEDIUM: listener: move the analysers mask to the bind_conf When bind_conf were created, some elements such as the analysers mask ought to have moved there but that wasn't the case. Now that it's getting clearer that bind_conf provides all binding parameters and the listener is essentially a listener on an address, it's starting to get really confusing to keep such parameters in the listener, so let's move the mask to the bind_conf. We also take this opportunity for pre-setting the mask to the frontend's upon initalization. Now several loops have one less argument to take care of.
2023-01-12 12:39:42 -05:00
s->req.analysers |= req_ana & ~(strm_li(s) ? strm_li(s)->bind_conf->analysers : 0);
[MEDIUM] allow a TCP frontend to switch to an HTTP backend This patch allows a TCP frontend to switch to an HTTP backend. During the switch, missing structures are automatically allocated. The HTTP parser is enabled so that the backend first waits for a full HTTP request.
2009-07-12 03:47:04 -04:00
MINOR: stream: Handle stream HTTP upgrade in a dedicated function The code responsible to perform an HTTP upgrade from a TCP stream is moved in a dedicated function, stream_set_http_mode(). The stream_set_backend() function is slightly updated, especially to correctly set the request analysers.
2021-03-15 05:42:02 -04:00
if (!IS_HTX_STRM(s) && be->mode == PR_MODE_HTTP) {
MAJOR: proxy/htx: Handle mux upgrades from TCP to HTTP in HTX mode It is now possible to upgrade TCP streams to HTX when an HTTP backend is set for a TCP frontend (both with the HTX enabled). So concretely, in such case, an upgrade is performed from the mux pt to the mux h1. The current CS and the channel's buffer are used to initialize the mux h1.
2019-04-08 04:53:51 -04:00
/* If we chain a TCP frontend to an HTX backend, we must upgrade
* the client mux */
MEDIUM: Add tcp-request switch-mode action to perform HTTP upgrade It is now possible to perform HTTP upgrades on a TCP stream from the frontend side. To do so, a tcp-request content rule must be defined with the switch-mode action, specifying the mode (for now, only http is supported) and optionnaly the proto (h1 or h2). This way it could be possible to set HTTP directives on a TCP frontend which will only be evaluated if an upgrade is performed. This new way to perform HTTP upgrades should replace progressively the old way, consisting to route the request to an HTTP backend. And it should be also a good start to remove all HTTP processing from tcp-request content rules. This action is terminal, it stops the ruleset evaluation. It is only available on proxy with the frontend capability. The configuration manual has been updated accordingly.
2021-03-15 07:03:44 -04:00
if (!stream_set_http_mode(s, NULL))
MINOR: stream: Handle stream HTTP upgrade in a dedicated function The code responsible to perform an HTTP upgrade from a TCP stream is moved in a dedicated function, stream_set_http_mode(). The stream_set_backend() function is slightly updated, especially to correctly set the request analysers.
2021-03-15 05:42:02 -04:00
return 0;
}
else if (IS_HTX_STRM(s) && be->mode != PR_MODE_HTTP) {
/* If a TCP backend is assgiend to an HTX stream, return an
* error. It may happens for a new stream on a previously
* upgraded connections. */
if (!(s->flags & SF_ERR_MASK))
s->flags |= SF_ERR_INTERNAL;
return 0;
}
else {
/* If the target backend requires HTTP processing, we have to allocate
* the HTTP transaction if we did not have one.
*/
if (unlikely(!s->txn && be->http_needed && !http_create_txn(s)))
BUG/MEDIUM: stream: Be sure to never assign a TCP backend to an HTX stream With a TCP frontend, it is possible to upgrade a connection to HTTP when the backend is in HTTP mode. Concretly the upgrade install a new mux. So, once it is done, the downgrade to TCP is no longer possible. So we must take care to never assign a TCP backend to a stream on this connection. Otherwise, HAProxy crashes because raw data from the server are handled as structured data on the client side. This patch fixes the issue #420. It must be backported to all versions supporting the HTX.
2019-12-20 09:59:20 -05:00
return 0;
MAJOR: http: move http_txn out of struct stream Now this one is dynamically allocated. It means that 280 bytes of memory are saved per TCP stream, but more importantly that it will become possible to remove the l7 pointer from fetches and converters since it will be deduced from the stream and will support being null. A lot of care was taken because it's easy to forget a test somewhere, and the previous code used to always trust s->txn for being valid, but all places seem to have been visited. All HTTP fetch functions check the txn first so we shouldn't have any issue there even when called from TCP. When branching from a TCP frontend to an HTTP backend, the txn is properly allocated at the same time as the hdr_idx.
2015-04-03 17:46:31 -04:00
}
s->flags |= SF_BE_ASSIGNED;
[MEDIUM] http: add support for "http-no-delay" There are some very rare server-to-server applications that abuse the HTTP protocol and expect the payload phase to be highly interactive, with many interleaved data chunks in both directions within a single request. This is absolutely not supported by the HTTP specification and will not work across most proxies or servers. When such applications attempt to do this through haproxy, it works but they will experience high delays due to the network optimizations which favor performance by instructing the system to wait for enough data to be available in order to only send full packets. Typical delays are around 200 ms per round trip. Note that this only happens with abnormal uses. Normal uses such as CONNECT requests nor WebSockets are not affected. When "option http-no-delay" is present in either the frontend or the backend used by a connection, all such optimizations will be disabled in order to make the exchanges as fast as possible. Of course this offers no guarantee on the functionality, as it may break at any other place. But if it works via HAProxy, it will work as fast as possible. This option should never be used by default, and should never be used at all unless such a buggy application is discovered. The impact of using this option is an increase of bandwidth usage and CPU usage, which may significantly lower performance in high latency environments. This change should be backported to 1.4 since the first report of such a misuse was in 1.4. Next patch will also be needed.
2011-05-30 12:10:30 -04:00
if (be->options2 & PR_O2_NODELAY) {
MINOR: stconn/channel: Move CF_NEVER_WAIT into the SC and rename it The channel flag CF_NEVER_WAIT is renamed to SC_FL_SND_NEVERWAIT and moved into the stream-connector.
2023-03-17 10:38:18 -04:00
s->scf->flags |= SC_FL_SND_NEVERWAIT;
s->scb->flags |= SC_FL_SND_NEVERWAIT;
[MEDIUM] http: add support for "http-no-delay" There are some very rare server-to-server applications that abuse the HTTP protocol and expect the payload phase to be highly interactive, with many interleaved data chunks in both directions within a single request. This is absolutely not supported by the HTTP specification and will not work across most proxies or servers. When such applications attempt to do this through haproxy, it works but they will experience high delays due to the network optimizations which favor performance by instructing the system to wait for enough data to be available in order to only send full packets. Typical delays are around 200 ms per round trip. Note that this only happens with abnormal uses. Normal uses such as CONNECT requests nor WebSockets are not affected. When "option http-no-delay" is present in either the frontend or the backend used by a connection, all such optimizations will be disabled in order to make the exchanges as fast as possible. Of course this offers no guarantee on the functionality, as it may break at any other place. But if it works via HAProxy, it will work as fast as possible. This option should never be used by default, and should never be used at all unless such a buggy application is discovered. The impact of using this option is an increase of bandwidth usage and CPU usage, which may significantly lower performance in high latency environments. This change should be backported to 1.4 since the first report of such a misuse was in 1.4. Next patch will also be needed.
2011-05-30 12:10:30 -04:00
}
[MINOR] prepare callers of session_set_backend to handle errors session_set_backend will soon have to allocate areas for HTTP headers. We must ensure that the callers can handle an allocation error.
2009-07-12 02:27:39 -04:00
return 1;
[MAJOR] http: complete splitting of the remaining stages The HTTP processing has been splitted into 7 steps, one of which is not anymore HTTP-specific (content-switching). That way, it becomes possible to use "use_backend" rules in TCP mode. A new "use_server" directive should follow soon.
2009-07-07 09:10:31 -04:00
}
MINOR: proxy: add a new generic proxy_capture_error() This function now captures an error regardless of its side and protocol. The caller must pass a number of elements and may pass a protocol-specific structure and a callback to display it. Later this function may deal with more advanced allocation techniques to avoid allocating as many buffers as proxies.
2018-09-07 11:43:26 -04:00
/* Capture a bad request or response and archive it in the proxy's structure.
* It is relatively protocol-agnostic so it requires that a number of elements
* are passed :
* - <proxy> is the proxy where the error was detected and where the snapshot
* needs to be stored
CLEANUP: fix typos in the proxy subsystem Fix typos in the code comments of the proxy subsystem.
2018-11-15 14:46:55 -05:00
* - <is_back> indicates that the error happened when receiving the response
MINOR: proxy: add a new generic proxy_capture_error() This function now captures an error regardless of its side and protocol. The caller must pass a number of elements and may pass a protocol-specific structure and a callback to display it. Later this function may deal with more advanced allocation techniques to avoid allocating as many buffers as proxies.
2018-09-07 11:43:26 -04:00
* - <other_end> is a pointer to the proxy on the other side when known
* - <target> is the target of the connection, usually a server or a proxy
* - <sess> is the session which experienced the error
* - <ctx> may be NULL or should contain any info relevant to the protocol
* - <buf> is the buffer containing the offending data
* - <buf_ofs> is the position of this buffer's input data in the input
* stream, starting at zero. It may be passed as zero if unknown.
* - <buf_out> is the portion of <buf->data> which was already forwarded and
* which precedes the buffer's input. The buffer's input starts at
* buf->head + buf_out.
* - <err_pos> is the pointer to the faulty byte in the buffer's input.
* - <show> is the callback to use to display <ctx>. It may be NULL.
*/
void proxy_capture_error(struct proxy *proxy, int is_back,
struct proxy *other_end, enum obj_type *target,
const struct session *sess,
const struct buffer *buf, long buf_ofs,
unsigned int buf_out, unsigned int err_pos,
const union error_snapshot_ctx *ctx,
void (*show)(struct buffer *, const struct error_snapshot *))
{
struct error_snapshot *es;
unsigned int buf_len;
int len1, len2;
MEDIUM: snapshots: dynamically allocate the snapshots Now upon error we dynamically allocate the snapshot instead of overwriting it. This way there is no more memory wasted in the proxy to hold the two error snapshot descriptors. Also an appreciable side effect of this is that the proxy's lock is only taken during the pointer swap, no more while copying the buffer's contents. This saves 480 bytes of memory per proxy.
2018-09-07 13:02:32 -04:00
unsigned int ev_id;
CLEANUP: atomic: add a fetch-and-xxx variant for common operations The fetch_and_xxx variant is often missing for add/sub/and/or. In fact it was only provided for ADD under the name XADD which corresponds to the x86 instruction name. But for destructive operations like AND and OR it's missing even more as it's not possible to know the value before modifying it. This patch explicitly adds HA_ATOMIC_FETCH_{OR,AND,ADD,SUB} which cover these standard operations, and renames XADD to FETCH_ADD (there were only 6 call places). In the future, backport of fixes involving such operations could simply remap FETCH_ADD(x) to XADD(x), FETCH_SUB(x) to XADD(-x), and for the OR/AND if needed, these could possibly be done using BTS/BTR. It's worth noting that xchg could have been renamed to fetch_and_store() but xchg already has well understood semantics and it wasn't needed to go further.
2021-04-06 05:57:41 -04:00
ev_id = HA_ATOMIC_FETCH_ADD(&error_snapshot_id, 1);
MEDIUM: snapshots: dynamically allocate the snapshots Now upon error we dynamically allocate the snapshot instead of overwriting it. This way there is no more memory wasted in the proxy to hold the two error snapshot descriptors. Also an appreciable side effect of this is that the proxy's lock is only taken during the pointer swap, no more while copying the buffer's contents. This saves 480 bytes of memory per proxy.
2018-09-07 13:02:32 -04:00
MEDIUM: snapshot: merge the captured data after the descriptor Instead of having a separate area for the captured data, we now have a contigous block made of the descriptor and the data. At the moment, since the area is dynamically allocated, we can adjust its size to what is needed, but the idea is to quickly switch to a pool and an LRU list.
2018-09-07 14:07:17 -04:00
buf_len = b_data(buf) - buf_out;
es = malloc(sizeof(*es) + buf_len);
MEDIUM: snapshots: dynamically allocate the snapshots Now upon error we dynamically allocate the snapshot instead of overwriting it. This way there is no more memory wasted in the proxy to hold the two error snapshot descriptors. Also an appreciable side effect of this is that the proxy's lock is only taken during the pointer swap, no more while copying the buffer's contents. This saves 480 bytes of memory per proxy.
2018-09-07 13:02:32 -04:00
if (!es)
return;
MEDIUM: snapshot: merge the captured data after the descriptor Instead of having a separate area for the captured data, we now have a contigous block made of the descriptor and the data. At the moment, since the area is dynamically allocated, we can adjust its size to what is needed, but the idea is to quickly switch to a pool and an LRU list.
2018-09-07 14:07:17 -04:00
es->buf_len = buf_len;
es->ev_id = ev_id;
MINOR: proxy: add a new generic proxy_capture_error() This function now captures an error regardless of its side and protocol. The caller must pass a number of elements and may pass a protocol-specific structure and a callback to display it. Later this function may deal with more advanced allocation techniques to avoid allocating as many buffers as proxies.
2018-09-07 11:43:26 -04:00
BUG/MINOR: proxy: Fix input data copy when an error is captured In proxy_capture_error(), input data are copied in the error snapshot. The copy must take care of the data wrapping. But the length of the first block is wrong. It should be the amount of contiguous input data that can be copied starting from the input's beginning. But the mininum between the input length and the buffer size minus the input length is used instead. So it is a problem if input data are wrapping or if more than the half of the buffer is used by input data. This patch must be backported as far as 1.9.
2020-01-06 05:37:00 -05:00
len1 = b_size(buf) - b_peek_ofs(buf, buf_out);
MINOR: proxy: add a new generic proxy_capture_error() This function now captures an error regardless of its side and protocol. The caller must pass a number of elements and may pass a protocol-specific structure and a callback to display it. Later this function may deal with more advanced allocation techniques to avoid allocating as many buffers as proxies.
2018-09-07 11:43:26 -04:00
if (len1 > buf_len)
len1 = buf_len;
MEDIUM: snapshot: merge the captured data after the descriptor Instead of having a separate area for the captured data, we now have a contigous block made of the descriptor and the data. At the moment, since the area is dynamically allocated, we can adjust its size to what is needed, but the idea is to quickly switch to a pool and an LRU list.
2018-09-07 14:07:17 -04:00
if (len1) {
MINOR: proxy: add a new generic proxy_capture_error() This function now captures an error regardless of its side and protocol. The caller must pass a number of elements and may pass a protocol-specific structure and a callback to display it. Later this function may deal with more advanced allocation techniques to avoid allocating as many buffers as proxies.
2018-09-07 11:43:26 -04:00
memcpy(es->buf, b_peek(buf, buf_out), len1);
MEDIUM: snapshot: merge the captured data after the descriptor Instead of having a separate area for the captured data, we now have a contigous block made of the descriptor and the data. At the moment, since the area is dynamically allocated, we can adjust its size to what is needed, but the idea is to quickly switch to a pool and an LRU list.
2018-09-07 14:07:17 -04:00
len2 = buf_len - len1;
MINOR: proxy: add a new generic proxy_capture_error() This function now captures an error regardless of its side and protocol. The caller must pass a number of elements and may pass a protocol-specific structure and a callback to display it. Later this function may deal with more advanced allocation techniques to avoid allocating as many buffers as proxies.
2018-09-07 11:43:26 -04:00
if (len2)
memcpy(es->buf + len1, b_orig(buf), len2);
}
es->buf_err = err_pos;
es->when = date; // user-visible date
es->srv = objt_server(target);
es->oe = other_end;
BUG/MEDIUM: connections: Don't assume the connection has a valid session. Don't assume the connection always has a valid session in "owner". Instead, attempt to retrieve the session from the stream, and modify the error snapshot code to not assume we always have a session, or the proxy for the other end.
2020-03-12 10:30:17 -04:00
if (sess && objt_conn(sess->origin) && conn_get_src(__objt_conn(sess->origin)))
MINOR: proxy: switch to conn->src in error snapshots The source address was taken unchecked from a client connection. In practice we know it's set but better strengthen this now.
2019-07-17 09:20:02 -04:00
es->src = *__objt_conn(sess->origin)->src;
MINOR: proxy: add a new generic proxy_capture_error() This function now captures an error regardless of its side and protocol. The caller must pass a number of elements and may pass a protocol-specific structure and a callback to display it. Later this function may deal with more advanced allocation techniques to avoid allocating as many buffers as proxies.
2018-09-07 11:43:26 -04:00
else
memset(&es->src, 0, sizeof(es->src));
es->buf_wrap = b_wrap(buf) - b_peek(buf, buf_out);
es->buf_out = buf_out;
es->buf_ofs = buf_ofs;
/* be sure to indicate the offset of the first IN byte */
if (es->buf_ofs >= es->buf_len)
es->buf_ofs -= es->buf_len;
else
es->buf_ofs = 0;
/* protocol-specific part now */
if (ctx)
es->ctx = *ctx;
else
memset(&es->ctx, 0, sizeof(es->ctx));
es->show = show;
MEDIUM: snapshots: dynamically allocate the snapshots Now upon error we dynamically allocate the snapshot instead of overwriting it. This way there is no more memory wasted in the proxy to hold the two error snapshot descriptors. Also an appreciable side effect of this is that the proxy's lock is only taken during the pointer swap, no more while copying the buffer's contents. This saves 480 bytes of memory per proxy.
2018-09-07 13:02:32 -04:00
/* note: we still lock since we have to be certain that nobody is
* dumping the output while we free.
*/
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &proxy->lock);
MEDIUM: snapshots: dynamically allocate the snapshots Now upon error we dynamically allocate the snapshot instead of overwriting it. This way there is no more memory wasted in the proxy to hold the two error snapshot descriptors. Also an appreciable side effect of this is that the proxy's lock is only taken during the pointer swap, no more while copying the buffer's contents. This saves 480 bytes of memory per proxy.
2018-09-07 13:02:32 -04:00
if (is_back) {
es = HA_ATOMIC_XCHG(&proxy->invalid_rep, es);
} else {
es = HA_ATOMIC_XCHG(&proxy->invalid_req, es);
}
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &proxy->lock);
BUG/MEDIUM: captures: free() an error capture out of the proxy lock Ed Hein reported in github issue #1856 some occasional watchdog panics in 2.4.18 showing extreme contention on the proxy's lock while the libc was in malloc()/free(). One cause of this problem is that we call free() under the proxy's lock in proxy_capture_error(), which makes no sense since if we can free the object under the lock after it's been detached, we can also free it after releasing the lock (since it's not referenced anymore). This should be backported to all relevant versions, likely all supported ones.
2022-09-17 05:07:19 -04:00
ha_free(&es);
MINOR: proxy: add a new generic proxy_capture_error() This function now captures an error regardless of its side and protocol. The caller must pass a number of elements and may pass a protocol-specific structure and a callback to display it. Later this function may deal with more advanced allocation techniques to avoid allocating as many buffers as proxies.
2018-09-07 11:43:26 -04:00
}
MEDIUM: config: don't enforce a low frontend maxconn value anymore Historically the default frontend's maxconn used to be quite low (2000), which was sufficient two decades ago but often proved to be a problem when users had purposely set the global maxconn value but forgot to set the frontend's. There is no point in keeping this arbitrary limit for frontends : when the global maxconn is lower, it's already too high and when the global maxconn is much higher, it becomes a limiting factor which causes trouble in production. This commit allows the value to be set to zero, which becomes the new default value, to mean it's not directly limited, or in fact it's set to the global maxconn. Since this operation used to be performed before computing a possibly automatic global maxconn based on memory limits, the calculation of the maxconn value and its propagation to the backends' fullconn has now moved to a dedicated function, proxy_adjust_all_maxconn(), which is called once the global maxconn is stabilized. This comes with two benefits : 1) a configuration missing "maxconn" in the defaults section will not limit itself to a magically hardcoded value but will scale up to the global maxconn ; 2) when the global maxconn is not set and memory limits are used instead, the frontends' maxconn automatically adapts, and the backends' fullconn as well.
2019-02-27 11:25:52 -05:00
/* Configure all proxies which lack a maxconn setting to use the global one by
* default. This avoids the common mistake consisting in setting maxconn only
* in the global section and discovering the hard way that it doesn't propagate
* through the frontends. These values are also propagated through the various
CLEANUP: assorted typo fixes in the code and comments This is 10th iteration of typo fixes
2020-06-21 12:42:57 -04:00
* targeted backends, whose fullconn is finally calculated if not yet set.
MEDIUM: config: don't enforce a low frontend maxconn value anymore Historically the default frontend's maxconn used to be quite low (2000), which was sufficient two decades ago but often proved to be a problem when users had purposely set the global maxconn value but forgot to set the frontend's. There is no point in keeping this arbitrary limit for frontends : when the global maxconn is lower, it's already too high and when the global maxconn is much higher, it becomes a limiting factor which causes trouble in production. This commit allows the value to be set to zero, which becomes the new default value, to mean it's not directly limited, or in fact it's set to the global maxconn. Since this operation used to be performed before computing a possibly automatic global maxconn based on memory limits, the calculation of the maxconn value and its propagation to the backends' fullconn has now moved to a dedicated function, proxy_adjust_all_maxconn(), which is called once the global maxconn is stabilized. This comes with two benefits : 1) a configuration missing "maxconn" in the defaults section will not limit itself to a magically hardcoded value but will scale up to the global maxconn ; 2) when the global maxconn is not set and memory limits are used instead, the frontends' maxconn automatically adapts, and the backends' fullconn as well.
2019-02-27 11:25:52 -05:00
*/
void proxy_adjust_all_maxconn()
{
struct proxy *curproxy;
struct switching_rule *swrule1, *swrule2;
for (curproxy = proxies_list; curproxy; curproxy = curproxy->next) {
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (curproxy->flags & (PR_FL_DISABLED|PR_FL_STOPPED))
MEDIUM: config: don't enforce a low frontend maxconn value anymore Historically the default frontend's maxconn used to be quite low (2000), which was sufficient two decades ago but often proved to be a problem when users had purposely set the global maxconn value but forgot to set the frontend's. There is no point in keeping this arbitrary limit for frontends : when the global maxconn is lower, it's already too high and when the global maxconn is much higher, it becomes a limiting factor which causes trouble in production. This commit allows the value to be set to zero, which becomes the new default value, to mean it's not directly limited, or in fact it's set to the global maxconn. Since this operation used to be performed before computing a possibly automatic global maxconn based on memory limits, the calculation of the maxconn value and its propagation to the backends' fullconn has now moved to a dedicated function, proxy_adjust_all_maxconn(), which is called once the global maxconn is stabilized. This comes with two benefits : 1) a configuration missing "maxconn" in the defaults section will not limit itself to a magically hardcoded value but will scale up to the global maxconn ; 2) when the global maxconn is not set and memory limits are used instead, the frontends' maxconn automatically adapts, and the backends' fullconn as well.
2019-02-27 11:25:52 -05:00
continue;
if (!(curproxy->cap & PR_CAP_FE))
continue;
if (!curproxy->maxconn)
curproxy->maxconn = global.maxconn;
/* update the target backend's fullconn count : default_backend */
if (curproxy->defbe.be)
curproxy->defbe.be->tot_fe_maxconn += curproxy->maxconn;
else if ((curproxy->cap & PR_CAP_LISTEN) == PR_CAP_LISTEN)
curproxy->tot_fe_maxconn += curproxy->maxconn;
list_for_each_entry(swrule1, &curproxy->switching_rules, list) {
/* For each target of switching rules, we update their
* tot_fe_maxconn, except if a previous rule points to
* the same backend or to the default backend.
*/
if (swrule1->be.backend != curproxy->defbe.be) {
BUG/MAJOR: config: Wrong maxconn adjustment. Before c8d5b95 the "maxconn" of the backend of dynamic "use_backend" rules was not modified (this does not make sense and this is correct). When implementing proxy_adjust_all_maxconn(), c8d5b95 commit missed this case. With this patch we adjust the "maxconn" of the backend of such rules only if they are not dynamic. Without this patch reg-tests/http-rules/h00003.vtc could make haproxy crash.
2019-03-07 09:02:52 -05:00
/* note: swrule1->be.backend isn't a backend if the rule
* is dynamic, it's an expression instead, so it must not
* be dereferenced as a backend before being certain it is.
*/
MEDIUM: config: don't enforce a low frontend maxconn value anymore Historically the default frontend's maxconn used to be quite low (2000), which was sufficient two decades ago but often proved to be a problem when users had purposely set the global maxconn value but forgot to set the frontend's. There is no point in keeping this arbitrary limit for frontends : when the global maxconn is lower, it's already too high and when the global maxconn is much higher, it becomes a limiting factor which causes trouble in production. This commit allows the value to be set to zero, which becomes the new default value, to mean it's not directly limited, or in fact it's set to the global maxconn. Since this operation used to be performed before computing a possibly automatic global maxconn based on memory limits, the calculation of the maxconn value and its propagation to the backends' fullconn has now moved to a dedicated function, proxy_adjust_all_maxconn(), which is called once the global maxconn is stabilized. This comes with two benefits : 1) a configuration missing "maxconn" in the defaults section will not limit itself to a magically hardcoded value but will scale up to the global maxconn ; 2) when the global maxconn is not set and memory limits are used instead, the frontends' maxconn automatically adapts, and the backends' fullconn as well.
2019-02-27 11:25:52 -05:00
list_for_each_entry(swrule2, &curproxy->switching_rules, list) {
if (swrule2 == swrule1) {
BUG/MAJOR: config: Wrong maxconn adjustment. Before c8d5b95 the "maxconn" of the backend of dynamic "use_backend" rules was not modified (this does not make sense and this is correct). When implementing proxy_adjust_all_maxconn(), c8d5b95 commit missed this case. With this patch we adjust the "maxconn" of the backend of such rules only if they are not dynamic. Without this patch reg-tests/http-rules/h00003.vtc could make haproxy crash.
2019-03-07 09:02:52 -05:00
if (!swrule1->dynamic)
swrule1->be.backend->tot_fe_maxconn += curproxy->maxconn;
MEDIUM: config: don't enforce a low frontend maxconn value anymore Historically the default frontend's maxconn used to be quite low (2000), which was sufficient two decades ago but often proved to be a problem when users had purposely set the global maxconn value but forgot to set the frontend's. There is no point in keeping this arbitrary limit for frontends : when the global maxconn is lower, it's already too high and when the global maxconn is much higher, it becomes a limiting factor which causes trouble in production. This commit allows the value to be set to zero, which becomes the new default value, to mean it's not directly limited, or in fact it's set to the global maxconn. Since this operation used to be performed before computing a possibly automatic global maxconn based on memory limits, the calculation of the maxconn value and its propagation to the backends' fullconn has now moved to a dedicated function, proxy_adjust_all_maxconn(), which is called once the global maxconn is stabilized. This comes with two benefits : 1) a configuration missing "maxconn" in the defaults section will not limit itself to a magically hardcoded value but will scale up to the global maxconn ; 2) when the global maxconn is not set and memory limits are used instead, the frontends' maxconn automatically adapts, and the backends' fullconn as well.
2019-02-27 11:25:52 -05:00
break;
}
else if (!swrule2->dynamic && swrule2->be.backend == swrule1->be.backend) {
/* there are multiple refs of this backend */
break;
}
}
}
}
}
/* automatically compute fullconn if not set. We must not do it in the
* loop above because cross-references are not yet fully resolved.
*/
for (curproxy = proxies_list; curproxy; curproxy = curproxy->next) {
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (curproxy->flags & (PR_FL_DISABLED|PR_FL_STOPPED))
MEDIUM: config: don't enforce a low frontend maxconn value anymore Historically the default frontend's maxconn used to be quite low (2000), which was sufficient two decades ago but often proved to be a problem when users had purposely set the global maxconn value but forgot to set the frontend's. There is no point in keeping this arbitrary limit for frontends : when the global maxconn is lower, it's already too high and when the global maxconn is much higher, it becomes a limiting factor which causes trouble in production. This commit allows the value to be set to zero, which becomes the new default value, to mean it's not directly limited, or in fact it's set to the global maxconn. Since this operation used to be performed before computing a possibly automatic global maxconn based on memory limits, the calculation of the maxconn value and its propagation to the backends' fullconn has now moved to a dedicated function, proxy_adjust_all_maxconn(), which is called once the global maxconn is stabilized. This comes with two benefits : 1) a configuration missing "maxconn" in the defaults section will not limit itself to a magically hardcoded value but will scale up to the global maxconn ; 2) when the global maxconn is not set and memory limits are used instead, the frontends' maxconn automatically adapts, and the backends' fullconn as well.
2019-02-27 11:25:52 -05:00
continue;
/* If <fullconn> is not set, let's set it to 10% of the sum of
* the possible incoming frontend's maxconns.
*/
if (!curproxy->fullconn && (curproxy->cap & PR_CAP_BE)) {
/* we have the sum of the maxconns in <total>. We only
* keep 10% of that sum to set the default fullconn, with
* a hard minimum of 1 (to avoid a divide by zero).
*/
curproxy->fullconn = (curproxy->tot_fe_maxconn + 9) / 10;
if (!curproxy->fullconn)
curproxy->fullconn = 1;
}
}
}
MINOR: proxy: add a new generic proxy_capture_error() This function now captures an error regardless of its side and protocol. The caller must pass a number of elements and may pass a protocol-specific structure and a callback to display it. Later this function may deal with more advanced allocation techniques to avoid allocating as many buffers as proxies.
2018-09-07 11:43:26 -04:00
/* Config keywords below */
BUG/MEDIUM: prevent gcc from moving empty keywords lists into BSS Benoit Dolez reported a failure to start haproxy 1.5-dev19. The process would immediately report an internal error with missing fetches from some crap instead of ACL names. The cause is that some versions of gcc seem to trim static structs containing a variable array when moving them to BSS, and only keep the fixed size, which is just a list head for all ACL and sample fetch keywords. This was confirmed at least with gcc 3.4.6. And we can't move these structs to const because they contain a list element which is needed to link all of them together during the parsing. The bug indeed appeared with 1.5-dev19 because it's the first one to have some empty ACL keyword lists. One solution is to impose -fno-zero-initialized-in-bss to everyone but this is not really nice. Another solution consists in ensuring the struct is never empty so that it does not move there. The easy solution consists in having a non-null list head since it's not yet initialized. A new "ILH" list head type was thus created for this purpose : create an Initialized List Head so that gcc cannot move the struct to BSS. This fixes the issue for this version of gcc and does not create any burden for the declarations.
2013-06-21 17:16:39 -04:00
static struct cfg_kw_list cfg_kws = {ILH, {
MINOR: proxy: add a global "grace" directive to postpone soft-stop In ticket #1348 some users expressed some concerns regarding the removal of the "grace" directive from the proxies. Their use case very closely mimmicks the original intent of the grace keyword, which is, let haproxy accept traffic for some time when stopping, while indicating an external LB that it's stopping. This is implemented here by starting a task whose expiration triggers the soft-stop for real. The global "stopping" variable is immediately set however. For example, this below will be sufficient to instantly notify an external check on port 9999 that the service is going down, while other services remain active for 10s: global grace 10s frontend ext-check bind :9999 monitor-uri /ext-check monitor fail if { stopping }
2021-09-07 04:49:45 -04:00
{ CFG_GLOBAL, "grace", proxy_parse_grace },
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time When SIGUSR1 is received, haproxy enters in soft-stop and quits when no connection remains. It can happen that the instance remains alive for a long time, depending on timeouts and traffic. This option ensures that soft-stop won't run for too long. Example: global hard-stop-after 30s # Once in soft-stop, the instance will remain # alive for at most 30 seconds.
2017-03-23 17:44:13 -04:00
{ CFG_GLOBAL, "hard-stop-after", proxy_parse_hard_stop_after },
MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window The new 'close-spread-time' global option can be used to spread idle and active HTTP connction closing after a SIGUSR1 signal is received. This allows to limit bursts of reconnections when too many idle connections are closed at once. Indeed, without this new mechanism, in case of soft-stop, all the idle connections would be closed at once (after the grace period is over), and all active HTTP connections would be closed by appending a "Connection: close" header to the next response that goes over it (or via a GOAWAY frame in case of HTTP2). This patch adds the support of this new option for HTTP as well as HTTP2 connections. It works differently on active and idle connections. On active connections, instead of sending systematically the GOAWAY frame or adding the 'Connection: close' header like before once the soft-stop has started, a random based on the remainder of the close window is calculated, and depending on its result we could decide to keep the connection alive. The random will be recalculated for any subsequent request/response on this connection so the GOAWAY will still end up being sent, but we might wait a few more round trips. This will ensure that goaways are distributed along a longer time window than before. On idle connections, a random factor is used when determining the expire field of the connection's task, which should naturally spread connection closings on the time window (see h2c_update_timeout). This feature request was described in GitHub issue #1614. This patch should be backported to 2.5. It depends on "BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts" which refactorized the timeout management of HTTP2 connections.
2022-04-08 12:04:18 -04:00
{ CFG_GLOBAL, "close-spread-time", proxy_parse_close_spread_time },
[MEDIUM] modularize the "timeout" keyword configuration parser The "timeout" keyword already relied on an external parser, let's make use of the new keyword registration mechanism.
2008-07-09 14:34:27 -04:00
{ CFG_LISTEN, "timeout", proxy_parse_timeout },
MEDIUM: Make '(cli|con|srv)timeout' directive fatal They were deprecated with HAProxy 1.5. Time to remove them.
2019-05-14 14:57:59 -04:00
{ CFG_LISTEN, "clitimeout", proxy_parse_timeout }, /* This keyword actually fails to parse, this line remains for better error messages. */
{ CFG_LISTEN, "contimeout", proxy_parse_timeout }, /* This keyword actually fails to parse, this line remains for better error messages. */
{ CFG_LISTEN, "srvtimeout", proxy_parse_timeout }, /* This keyword actually fails to parse, this line remains for better error messages. */
[MEDIUM] implement "rate-limit sessions" for the frontend The new "rate-limit sessions" statement sets a limit on the number of new connections per second on the frontend. As it is extremely accurate (about 0.1%), it is efficient at limiting resource abuse or DoS.
2009-03-05 17:48:25 -05:00
{ CFG_LISTEN, "rate-limit", proxy_parse_rate_limit },
MINOR: http: implement the max-keep-alive-queue setting Finn Arne Gangstad suggested that we should have the ability to break keep-alive when the target server has reached its maxconn and that a number of connections are present in the queue. After some discussion around his proposed patch, the following solution was suggested : have a per-proxy setting to fix a limit to the number of queued connections on a server after which we break keep-alive. This ensures that even in high latency networks where keep-alive is beneficial, we try to find a different server. This patch is partially based on his original proposal and implements this configurable threshold.
2014-04-25 07:58:37 -04:00
{ CFG_LISTEN, "max-keep-alive-queue", proxy_parse_max_ka_queue },
MINOR: proxy: custom capture declaration This patch adds a new keyword called "declare". This keyword allow to declare some capture slots in requests and response. It is useful for sharing capture between frontend and backends.
2015-05-26 11:44:32 -04:00
{ CFG_LISTEN, "declare", proxy_parse_declare },
MEDIUM: streams: Add the ability to retry a request on L7 failure. When running in HTX mode, if we sent the request, but failed to get the answer, either because the server just closed its socket, we hit a server timeout, or we get a 404, 408, 425, 500, 501, 502, 503 or 504 error, attempt to retry the request, exactly as if we just failed to connect to the server. To do so, add a new backend keyword, "retry-on". It accepts a list of keywords, which can be "none" (never retry), "conn-failure" (we failed to connect, or to do the SSL handshake), "empty-response" (the server closed the connection without answering), "response-timeout" (we timed out while waiting for the server response), or "404", "408", "425", "500", "501", "502", "503" and "504". The default is "conn-failure".
2019-04-05 09:30:12 -04:00
{ CFG_LISTEN, "retry-on", proxy_parse_retry_on },
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#ifdef TCP_KEEPCNT
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
{ CFG_LISTEN, "clitcpka-cnt", proxy_parse_tcpka_cnt },
{ CFG_LISTEN, "srvtcpka-cnt", proxy_parse_tcpka_cnt },
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#endif
#ifdef TCP_KEEPIDLE
{ CFG_LISTEN, "clitcpka-idle", proxy_parse_tcpka_idle },
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
{ CFG_LISTEN, "srvtcpka-idle", proxy_parse_tcpka_idle },
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#endif
#ifdef TCP_KEEPINTVL
{ CFG_LISTEN, "clitcpka-intvl", proxy_parse_tcpka_intvl },
MINOR: tcp: Support TCP keepalive parameters customization It is now possible to customize TCP keepalive parameters. These correspond to the socket options TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and are valid for the defaults, listen, frontend and backend sections. This patch fixes GitHub issue #670.
2020-07-08 22:13:20 -04:00
{ CFG_LISTEN, "srvtcpka-intvl", proxy_parse_tcpka_intvl },
BUILD: tcp: condition TCP keepalive settings to platforms providing them Previous commit b24bc0d ("MINOR: tcp: Support TCP keepalive parameters customization") broke non-Linux builds as TCP_KEEP{CNT,IDLE,INTVL} are not necessarily defined elsewhere. This patch adds the required #ifdefs to condition the visibility of the keywords, and adds a mention in the doc about their dependency on Linux.
2020-07-08 23:58:51 -04:00
#endif
[MEDIUM] modularize the "timeout" keyword configuration parser The "timeout" keyword already relied on an external parser, let's make use of the new keyword registration mechanism.
2008-07-09 14:34:27 -04:00
{ 0, NULL, NULL },
}};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 13:14:37 -05:00
INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
MINOR: proxy: create new function cli_find_frontend() to find a frontend Several CLI commands require a frontend, so let's have a function to look this one up and prepare the appropriate error message and the appctx's state in case of failure.
2016-11-24 06:02:29 -05:00
/* Expects to find a frontend named <arg> and returns it, otherwise displays various
* adequate error messages and returns NULL. This function is designed to be used by
* functions requiring a frontend on the CLI.
*/
struct proxy *cli_find_frontend(struct appctx *appctx, const char *arg)
{
struct proxy *px;
if (!*arg) {
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
cli_err(appctx, "A frontend name is expected.\n");
MINOR: proxy: create new function cli_find_frontend() to find a frontend Several CLI commands require a frontend, so let's have a function to look this one up and prepare the appropriate error message and the appctx's state in case of failure.
2016-11-24 06:02:29 -05:00
return NULL;
}
px = proxy_fe_by_name(arg);
if (!px) {
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
cli_err(appctx, "No such frontend.\n");
MINOR: proxy: create new function cli_find_frontend() to find a frontend Several CLI commands require a frontend, so let's have a function to look this one up and prepare the appropriate error message and the appctx's state in case of failure.
2016-11-24 06:02:29 -05:00
return NULL;
}
return px;
}
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
/* Expects to find a backend named <arg> and returns it, otherwise displays various
* adequate error messages and returns NULL. This function is designed to be used by
* functions requiring a frontend on the CLI.
*/
struct proxy *cli_find_backend(struct appctx *appctx, const char *arg)
{
struct proxy *px;
if (!*arg) {
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
cli_err(appctx, "A backend name is expected.\n");
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
return NULL;
}
px = proxy_be_by_name(arg);
if (!px) {
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
cli_err(appctx, "No such backend.\n");
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
return NULL;
}
return px;
}
MINOR: cli/proxy: add a new "show servers conn" command This command reuses the existing "show servers state" to also dump the state of active and idle connections. The main use is to serve as a debugging tool to troubleshot connection reuse issues.
2020-07-01 01:00:59 -04:00
/* parse a "show servers [state|conn]" CLI line, returns 0 if it wants to start
* the dump or 1 if it stops immediately. If an argument is specified, it will
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
* reserve a show_srv_ctx context and set the proxy pointer into ->px, its ID
* into ->only_pxid, and ->show_conn to 0 for "state", or 1 for "conn".
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
*/
MEDIUM: cli: Add payload support In order to use arbitrary data in the CLI (multiple lines or group of words that must be considered as a whole, for example), it is now possible to add a payload to the commands. To do so, the first line needs to end with a special pattern: <<\n. Everything that follows will be left untouched by the CLI parser and will be passed to the commands parsers. Per-command support will need to be added to take advantage of this feature. Signed-off-by: Aurlien Nephtali <aurelien.nephtali@corp.ovh.com>
2018-04-18 07:26:46 -04:00
static int cli_parse_show_servers(char **args, char *payload, struct appctx *appctx, void *private)
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
{
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
struct show_srv_ctx *ctx = applet_reserve_svcctx(appctx, sizeof(*ctx));
MINOR: appctx/cli: remove the "server_state" entry from the appctx union This one now migrates to the general purpose cli.p0 for the proxy pointer, cli.p1 for the server pointer, and cli.i0 for the proxy's instance if only one has to be dumped.
2016-12-16 12:23:39 -05:00
struct proxy *px;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
ctx->show_conn = *args[2] == 'c'; // "conn" vs "state"
MINOR: cli/proxy: add a new "show servers conn" command This command reuses the existing "show servers state" to also dump the state of active and idle connections. The main use is to serve as a debugging tool to troubleshot connection reuse issues.
2020-07-01 01:00:59 -04:00
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
/* check if a backend name has been provided */
if (*args[3]) {
/* read server state from local file */
MINOR: appctx/cli: remove the "server_state" entry from the appctx union This one now migrates to the general purpose cli.p0 for the proxy pointer, cli.p1 for the server pointer, and cli.i0 for the proxy's instance if only one has to be dumped.
2016-12-16 12:23:39 -05:00
px = proxy_be_by_name(args[3]);
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
if (!px)
return cli_err(appctx, "Can't find backend.\n");
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
ctx->px = px;
ctx->only_pxid = px->uuid;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
}
return 0;
}
MEDIUM: server: support {check,agent}_addr, agent_port in server state logical followup from cli commands addition, so that the state server file stays compatible with the changes made at runtime; use previously added helper to load server attributes. also alloc a specific chunk to avoid mixing with other called functions using it Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-02-11 16:51:26 -05:00
/* helper to dump server addr */
static void dump_server_addr(const struct sockaddr_storage *addr, char *addr_str)
{
addr_str[0] = '\0';
switch (addr->ss_family) {
case AF_INET:
case AF_INET6:
addr_to_str(addr, addr_str, INET6_ADDRSTRLEN + 1);
break;
default:
memcpy(addr_str, "-\0", 2);
break;
}
}
BUG/MINOR: proxy: fix dump_server_state()'s misuse of the trash dump_server_state() claims to dump into a buffer but instead it writes into a buffer then dumps the trash into the channel, so it only supports being called with buf=&trash and doesn't need this buffer. There doesn't seem to be any current impact of this mistake since the function is called from one location only. A backport may be performed if it helps fixing other bugs but it will not fix an existing bug by itself.
2020-07-01 01:02:42 -04:00
/* dumps server state information for all the servers found in backend cli.p0.
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
* These information are all the parameters which may change during HAProxy runtime.
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
* By default, we only export to the last known server state file format. These
* information can be used at next startup to recover same level of server
* state. It takes its context from show_srv_ctx, with the proxy pointer from
* ->px, the proxy's id ->only_pxid, the server's pointer from ->sv, and the
* choice of what to dump from ->show_conn.
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
*/
CLEANUP: cli: rename all occurrences of stconn "cs" to "sc" Function arguments and local variables called "cs" were renamed to "sc" in the various keyword handlers.
2022-05-27 04:26:46 -04:00
static int dump_servers_state(struct stconn *sc)
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
{
CLEANUP: cli: rename all occurrences of stconn "cs" to "sc" Function arguments and local variables called "cs" were renamed to "sc" in the various keyword handlers.
2022-05-27 04:26:46 -04:00
struct appctx *appctx = __sc_appctx(sc);
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
struct show_srv_ctx *ctx = appctx->svcctx;
struct proxy *px = ctx->px;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
struct server *srv;
char srv_addr[INET6_ADDRSTRLEN + 1];
MEDIUM: server: support {check,agent}_addr, agent_port in server state logical followup from cli commands addition, so that the state server file stays compatible with the changes made at runtime; use previously added helper to load server attributes. also alloc a specific chunk to avoid mixing with other called functions using it Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-02-11 16:51:26 -05:00
char srv_agent_addr[INET6_ADDRSTRLEN + 1];
char srv_check_addr[INET6_ADDRSTRLEN + 1];
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
time_t srv_time_since_last_change;
int bk_f_forced_id, srv_f_forced_id;
BUG/MEDIUM: dns/server: fix incomatibility between SRV resolution and server state file Server state file has no indication that a server is currently managed by a DNS SRV resolution. And thus, both feature (DNS SRV resolution and server state), when used together, does not provide the expected behavior: a smooth experience... This patch introduce the "SRV record name" in the server state file and loads and applies it if found and wherever required. This patch applies to haproxy-dev branch only. For backport, a specific patch is provided for 1.8.
2018-07-02 11:00:54 -04:00
char *srvrecord;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
if (!ctx->sv)
ctx->sv = px->srv;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
for (; ctx->sv != NULL; ctx->sv = srv->next) {
srv = ctx->sv;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
MEDIUM: server: support {check,agent}_addr, agent_port in server state logical followup from cli commands addition, so that the state server file stays compatible with the changes made at runtime; use previously added helper to load server attributes. also alloc a specific chunk to avoid mixing with other called functions using it Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-02-11 16:51:26 -05:00
dump_server_addr(&srv->addr, srv_addr);
dump_server_addr(&srv->check.addr, srv_check_addr);
dump_server_addr(&srv->agent.addr, srv_agent_addr);
MEDIUM: clock: replace timeval "now" with integer "now_ns" This puts an end to the occasional confusion between the "now" date that is internal, monotonic and not synchronized with the system's date, and "date" which is the system's date and not necessarily monotonic. Variable "now" was removed and replaced with a 64-bit integer "now_ns" which is a counter of nanoseconds. It wraps every 585 years, so if all goes well (i.e. if humanity does not need haproxy anymore in 500 years), it will just never wrap. This implies that now_ns is never nul and that the zero value can reliably be used as "not set yet" for a timestamp if needed. This will also simplify date checks where it becomes possible again to do "date1<date2". All occurrences of "tv_to_ns(&now)" were simply replaced by "now_ns". Due to the intricacies between now, global_now and now_offset, all 3 had to be turned to nanoseconds at once. It's not a problem since all of them were solely used in 3 functions in clock.c, but they make the patch look bigger than it really is. The clock_update_local_date() and clock_update_global_date() functions are now much simpler as there's no need anymore to perform conversions nor to round the timeval up or down. The wrapping continues to happen by presetting the internal offset in the short future so that the 32-bit now_ms continues to wrap 20 seconds after boot. The start_time used to calculate uptime can still be turned to nanoseconds now. One interrogation concerns global_now_ms which is used only for the freq counters. It's unclear whether there's more value in using two variables that need to be synchronized sequentially like today or to just use global_now_ns divided by 1 million. Both approaches will work equally well on modern systems, the difference might come from smaller ones. Better not change anyhting for now. One benefit of the new approach is that we now have an internal date with a resolution of the nanosecond and the precision of the microsecond, which can be useful to extend some measurements given that timestamps also have this resolution.
2023-04-28 03:16:15 -04:00
srv_time_since_last_change = ns_to_sec(now_ns) - srv->last_change;
MINOR: appctx/cli: remove the "server_state" entry from the appctx union This one now migrates to the general purpose cli.p0 for the proxy pointer, cli.p1 for the server pointer, and cli.i0 for the proxy's instance if only one has to be dumped.
2016-12-16 12:23:39 -05:00
bk_f_forced_id = px->options & PR_O_FORCED_ID ? 1 : 0;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
srv_f_forced_id = srv->flags & SRV_F_FORCED_ID ? 1 : 0;
BUG/MEDIUM: dns/server: fix incomatibility between SRV resolution and server state file Server state file has no indication that a server is currently managed by a DNS SRV resolution. And thus, both feature (DNS SRV resolution and server state), when used together, does not provide the expected behavior: a smooth experience... This patch introduce the "SRV record name" in the server state file and loads and applies it if found and wherever required. This patch applies to haproxy-dev branch only. For backport, a specific patch is provided for 1.8.
2018-07-02 11:00:54 -04:00
srvrecord = NULL;
if (srv->srvrq && srv->srvrq->name)
srvrecord = srv->srvrq->name;
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
if (ctx->show_conn == 0) {
MINOR: cli/proxy: add a new "show servers conn" command This command reuses the existing "show servers state" to also dump the state of active and idle connections. The main use is to serve as a debugging tool to troubleshot connection reuse issues.
2020-07-01 01:00:59 -04:00
/* show servers state */
chunk_printf(&trash,
"%d %s "
"%d %s %s "
"%d %d %d %d %ld "
"%d %d %d %d %d "
MEDIUM: cli/ssl: configure ssl on server at runtime in the context of a progressive backend migration, we want to be able to activate SSL on outgoing connections to the server at runtime without reloading. This patch adds a `set server ssl` command; in order to allow that: - add `srv_use_ssl` to `show servers state` command for compatibility, also update associated parsing - when using default-server ssl setting, and `no-ssl` on server line, init SSL ctx without activating it - when triggering ssl API, de/activate SSL connections as requested - clean ongoing connections as it is done for addr/port changes, without checking prior server state example config: backend be_foo default-server ssl server srv0 127.0.0.1:6011 weight 1 no-ssl show servers state: 5 be_foo 1 srv0 127.0.0.1 2 0 1 1 15 1 0 4 0 0 0 0 - 6011 - -1 where srv0 can switch to ssl later during the runtime: set server be_foo/srv0 ssl on 5 be_foo 1 srv0 127.0.0.1 2 0 1 1 15 1 0 4 0 0 0 0 - 6011 - 1 Also update existing tests and create a new one. Signed-off-by: William Dauchy <wdauchy@gmail.com>
2020-11-14 13:25:33 -05:00
"%d %d %s %u "
MEDIUM: server: support {check,agent}_addr, agent_port in server state logical followup from cli commands addition, so that the state server file stays compatible with the changes made at runtime; use previously added helper to load server attributes. also alloc a specific chunk to avoid mixing with other called functions using it Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-02-11 16:51:26 -05:00
"%s %d %d "
"%s %s %d"
MINOR: cli/proxy: add a new "show servers conn" command This command reuses the existing "show servers state" to also dump the state of active and idle connections. The main use is to serve as a debugging tool to troubleshot connection reuse issues.
2020-07-01 01:00:59 -04:00
"\n",
MINOR: cli: anonymize 'show servers state' and 'show servers conn' Modify proxy.c in order to anonymize the following confidential data on commands 'show servers state' and 'show servers conn': - proxy name - server name - server address
2022-09-14 11:48:55 -04:00
px->uuid, HA_ANON_CLI(px->id),
MINOR: cli: use hash_ipanon to anonymized address Replace HA_ANON_CLI by hash_ipanon to anonynmized address like anonymizing address in the configuration file. No backport needed, except if anonymization mechanism is backported.
2022-09-29 04:27:33 -04:00
srv->puid, HA_ANON_CLI(srv->id),
hash_ipanon(appctx->cli_anon_key, srv_addr, 0),
MINOR: cli: anonymize 'show servers state' and 'show servers conn' Modify proxy.c in order to anonymize the following confidential data on commands 'show servers state' and 'show servers conn': - proxy name - server name - server address
2022-09-14 11:48:55 -04:00
srv->cur_state, srv->cur_admin, srv->uweight, srv->iweight,
(long int)srv_time_since_last_change,
srv->check.status, srv->check.result, srv->check.health,
BUG/MINOR: server: make sure "show servers state" hides private bits In the past we've seen "show servers state" dump some internal bits for the check states, that were causing regtests to fail. The relevant bits have been added to the doc to fix the public API and make sure they do not change by accident, but the output doesn't take care of masking the undesired ones, causing regtests (and possibly user programs) to fail when new bits are added. Let's add the mask for the only documented ones (0x0F for check and 0x1F for agent respectively). This could be backported wherever the server state is present, though there's a tiny risk that some undocumented bits might have already leaked to some user scripts, so it might be wise to wait a bit before doing that or even not to backport too far.
2022-10-12 15:40:31 -04:00
srv->check.state & 0x0F, srv->agent.state & 0x1F,
MINOR: cli: Add an anonymization on a missed element in 'show server state' Add HA_ANON_CLI to the srv->hostname when using 'show servers state'. It can contain sensitive information like 'www....com' No backport needed, except if anonymization mechanism is backported.
2022-09-29 04:28:44 -04:00
bk_f_forced_id, srv_f_forced_id,
srv->hostname ? HA_ANON_CLI(srv->hostname) : "-", srv->svc_port,
MEDIUM: server: support {check,agent}_addr, agent_port in server state logical followup from cli commands addition, so that the state server file stays compatible with the changes made at runtime; use previously added helper to load server attributes. also alloc a specific chunk to avoid mixing with other called functions using it Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-02-11 16:51:26 -05:00
srvrecord ? srvrecord : "-", srv->use_ssl, srv->check.port,
srv_check_addr, srv_agent_addr, srv->agent.port);
MINOR: cli/proxy: add a new "show servers conn" command This command reuses the existing "show servers state" to also dump the state of active and idle connections. The main use is to serve as a debugging tool to troubleshot connection reuse issues.
2020-07-01 01:00:59 -04:00
} else {
/* show servers conn */
int thr;
chunk_printf(&trash,
"%s/%s %d/%d %s %u - %u %u %u %u %u %u %d %u",
MINOR: cli: anonymize 'show servers state' and 'show servers conn' Modify proxy.c in order to anonymize the following confidential data on commands 'show servers state' and 'show servers conn': - proxy name - server name - server address
2022-09-14 11:48:55 -04:00
HA_ANON_CLI(px->id), HA_ANON_CLI(srv->id),
MINOR: cli: use hash_ipanon to anonymized address Replace HA_ANON_CLI by hash_ipanon to anonynmized address like anonymizing address in the configuration file. No backport needed, except if anonymization mechanism is backported.
2022-09-29 04:27:33 -04:00
px->uuid, srv->puid, hash_ipanon(appctx->cli_anon_key, srv_addr, 0),
MINOR: cli: anonymize 'show servers state' and 'show servers conn' Modify proxy.c in order to anonymize the following confidential data on commands 'show servers state' and 'show servers conn': - proxy name - server name - server address
2022-09-14 11:48:55 -04:00
srv->svc_port, srv->pool_purge_delay,
MINOR: cli/proxy: add a new "show servers conn" command This command reuses the existing "show servers state" to also dump the state of active and idle connections. The main use is to serve as a debugging tool to troubleshot connection reuse issues.
2020-07-01 01:00:59 -04:00
srv->curr_used_conns, srv->max_used_conns, srv->est_need_conns,
srv->curr_idle_nb, srv->curr_safe_nb, (int)srv->max_idle_conns, srv->curr_idle_conns);
BUG/MEDIUM: cli/proxy: don't try to dump idle connection state if there's none Commit 69f591e3b ("MINOR: cli/proxy: add a new "show servers conn" command") added the ability to dump the idle connections state for a server, but we must not do this if idle connections were not allocated, which happens if the server is configured with pool-max-conn 0. This is 2.2, no backport is needed.
2020-07-02 09:19:57 -04:00
for (thr = 0; thr < global.nbthread && srv->curr_idle_thr; thr++)
MINOR: cli/proxy: add a new "show servers conn" command This command reuses the existing "show servers state" to also dump the state of active and idle connections. The main use is to serve as a debugging tool to troubleshot connection reuse issues.
2020-07-01 01:00:59 -04:00
chunk_appendf(&trash, " %u", srv->curr_idle_thr[thr]);
chunk_appendf(&trash, "\n");
}
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
if (applet_putchk(appctx, &trash) == -1) {
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
return 0;
}
}
return 1;
}
/* Parses backend list or simply use backend name provided by the user to return
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
* states of servers to stdout. It takes its context from show_srv_ctx and dumps
* proxy ->px and stops if ->only_pxid is non-null.
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
*/
static int cli_io_handler_servers_state(struct appctx *appctx)
{
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
struct show_srv_ctx *ctx = appctx->svcctx;
CLEANUP: applet: rename appctx_cs() to appctx_sc() It returns a stream connector, not a conn_stream anymore, so let's fix its name.
2022-05-27 05:08:15 -04:00
struct stconn *sc = appctx_sc(appctx);
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
struct proxy *curproxy;
CLEANUP: proxy/cli: get rid of appctx->st2 in "show servers" Now that we have the show_srv_ctx, let's store a state in it. We only need two states here, header and list.
2022-05-05 13:26:18 -04:00
if (ctx->state == SHOW_SRV_HEAD) {
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
if (ctx->show_conn == 0)
MINOR: cli/proxy: add a new "show servers conn" command This command reuses the existing "show servers state" to also dump the state of active and idle connections. The main use is to serve as a debugging tool to troubleshot connection reuse issues.
2020-07-01 01:00:59 -04:00
chunk_printf(&trash, "%d\n# %s\n", SRV_STATE_FILE_VERSION, SRV_STATE_FILE_FIELD_NAMES);
else
chunk_printf(&trash,
"# bkname/svname bkid/svid addr port - purge_delay used_cur used_max need_est unsafe_nb safe_nb idle_lim idle_cur idle_per_thr[%d]\n",
global.nbthread);
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
if (applet_putchk(appctx, &trash) == -1)
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
return 0;
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
CLEANUP: proxy/cli: get rid of appctx->st2 in "show servers" Now that we have the show_srv_ctx, let's store a state in it. We only need two states here, header and list.
2022-05-05 13:26:18 -04:00
ctx->state = SHOW_SRV_LIST;
if (!ctx->px)
ctx->px = proxies_list;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
}
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
for (; ctx->px != NULL; ctx->px = curproxy->next) {
curproxy = ctx->px;
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
/* servers are only in backends */
BUG/MINOR: proxy: don't dump servers of internal proxies Patch 211c967 ("MINOR: httpclient: add the server to the proxy") broke the reg-tests that do a "show servers state". Indeed the servers of the proxies flagged with PR_CAP_INT are dumped in the output of this CLI command. This patch fixes the issue par ignoring the PR_CA_INT proxies in the dump.
2021-08-25 12:15:31 -04:00
if ((curproxy->cap & PR_CAP_BE) && !(curproxy->cap & PR_CAP_INT)) {
CLEANUP: cli: rename all occurrences of stconn "cs" to "sc" Function arguments and local variables called "cs" were renamed to "sc" in the various keyword handlers.
2022-05-27 04:26:46 -04:00
if (!dump_servers_state(sc))
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
return 0;
}
/* only the selected proxy is dumped */
CLEANUP: proxy/cli: make use of a locally defined context for "show servers" The command uses a pointer to the current proxy being dumped, one to the current server being dumped, an optional ID of the only proxy to dump (which is in fact used as a boolean), and a flag indicating if we're doing a "show servers conn" or a "show servers state". Let's move all this to a struct show_srv_ctx.
2022-05-05 11:00:20 -04:00
if (ctx->only_pxid)
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
break;
}
return 1;
}
MINOR: appctx/cli: remove the "be" entry from the appctx union This one now migrates to the general purpose cli.p0. The parsing function was removed since it was only used to set the pointer to NULL.
2016-12-16 12:01:15 -05:00
/* Parses backend list and simply report backend names. It keeps the proxy
CLEANUP: proxy/cli: make "show backend" only use the generic context Let's use appctx->svcctx instead of abusing cli.p0 to store the current proxy being dumped.
2022-05-05 11:05:38 -04:00
* pointer in svcctx since there's nothing else to store there.
MINOR: appctx/cli: remove the "be" entry from the appctx union This one now migrates to the general purpose cli.p0. The parsing function was removed since it was only used to set the pointer to NULL.
2016-12-16 12:01:15 -05:00
*/
REORG: cli: move 'show backend' to proxy.c Move 'show backend' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-22 06:34:16 -05:00
static int cli_io_handler_show_backend(struct appctx *appctx)
{
struct proxy *curproxy;
chunk_reset(&trash);
CLEANUP: proxy/cli: make "show backend" only use the generic context Let's use appctx->svcctx instead of abusing cli.p0 to store the current proxy being dumped.
2022-05-05 11:05:38 -04:00
if (!appctx->svcctx) {
REORG: cli: move 'show backend' to proxy.c Move 'show backend' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-22 06:34:16 -05:00
chunk_printf(&trash, "# name\n");
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
if (applet_putchk(appctx, &trash) == -1)
REORG: cli: move 'show backend' to proxy.c Move 'show backend' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-22 06:34:16 -05:00
return 0;
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
CLEANUP: proxy/cli: make "show backend" only use the generic context Let's use appctx->svcctx instead of abusing cli.p0 to store the current proxy being dumped.
2022-05-05 11:05:38 -04:00
appctx->svcctx = proxies_list;
REORG: cli: move 'show backend' to proxy.c Move 'show backend' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-22 06:34:16 -05:00
}
CLEANUP: proxy/cli: make "show backend" only use the generic context Let's use appctx->svcctx instead of abusing cli.p0 to store the current proxy being dumped.
2022-05-05 11:05:38 -04:00
for (; appctx->svcctx != NULL; appctx->svcctx = curproxy->next) {
curproxy = appctx->svcctx;
REORG: cli: move 'show backend' to proxy.c Move 'show backend' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-22 06:34:16 -05:00
BUG/MINOR: proxy/cli: don't enumerate internal proxies on "show backend" Commit e7f74623e ("MINOR: stats: don't output internal proxies (PR_CAP_INT)") in 2.5 ensured we don't dump internal proxies on the stats page, but the same is needed for "show backend", as since the addition of the HTTP client it now appears there: $ socat /tmp/sock1 - <<< "show backend" # name <HTTPCLIENT> This needs to be backported to 2.5.
2022-05-05 11:10:03 -04:00
/* looking for non-internal backends only */
if ((curproxy->cap & (PR_CAP_BE|PR_CAP_INT)) != PR_CAP_BE)
REORG: cli: move 'show backend' to proxy.c Move 'show backend' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-22 06:34:16 -05:00
continue;
chunk_appendf(&trash, "%s\n", curproxy->id);
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
if (applet_putchk(appctx, &trash) == -1)
REORG: cli: move 'show backend' to proxy.c Move 'show backend' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-22 06:34:16 -05:00
return 0;
}
return 1;
}
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
/* Parses the "enable dynamic-cookies backend" directive, it always returns 1.
*
* Grabs the proxy lock and each server's lock.
*/
MEDIUM: cli: Add payload support In order to use arbitrary data in the CLI (multiple lines or group of words that must be considered as a whole, for example), it is now possible to add a payload to the commands. To do so, the first line needs to end with a special pattern: <<\n. Everything that follows will be left untouched by the CLI parser and will be passed to the commands parsers. Per-command support will need to be added to take advantage of this feature. Signed-off-by: Aurlien Nephtali <aurelien.nephtali@corp.ovh.com>
2018-04-18 07:26:46 -04:00
static int cli_parse_enable_dyncookie_backend(char **args, char *payload, struct appctx *appctx, void *private)
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
{
struct proxy *px;
struct server *s;
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
px = cli_find_backend(appctx, args[3]);
if (!px)
return 1;
MINOR: proxy: dynamic-cookie CLIs require TCP or HTTP mode Prevent the use of "dynamic-cookie" related CLI commands if the backend is not in TCP or HTTP mode.
2023-09-20 04:54:06 -04:00
if (px->mode != PR_MODE_TCP && px->mode != PR_MODE_HTTP)
return cli_err(appctx, "Not available.\n");
BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue() A problem involving server slowstart was reported by @max2k1 in issue #197. The problem is that pendconn_grab_from_px() takes the proxy lock while already under the server's lock while process_srv_queue() first takes the proxy's lock then the server's lock. While the latter seems more natural, it is fundamentally incompatible with mayn other operations performed on servers, namely state change propagation, where the proxy is only known after the server and cannot be locked around the servers. Howwever reversing the lock in process_srv_queue() is trivial and only the few functions related to dynamic cookies need to be adjusted for this so that the proxy's lock is taken for each server operation. This is possible because the proxy's server list is built once at boot time and remains stable. So this is what this patch does. The comments in the proxy and server structs were updated to mention this rule that the server's lock may not be taken under the proxy's lock but may enclose it. Another approach could consist in using a second lock for the proxy's queue which would be different from the regular proxy's lock, but given that the operations above are rare and operate on small servers list, there is no reason for overdesigning a solution. This fix was successfully tested with 10000 servers in a backend where adjusting the dyncookies in loops over the CLI didn't have a measurable impact on the traffic. The only workaround without the fix is to disable any occurrence of "slowstart" on server lines, or to disable threads using "nbthread 1". This must be backported as far as 1.8.
2019-07-30 05:59:34 -04:00
/* Note: this lock is to make sure this doesn't change while another
* thread is in srv_set_dyncookie().
*/
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock);
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
px->ck_opts |= PR_CK_DYNAMIC;
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &px->lock);
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
for (s = px->srv; s != NULL; s = s->next) {
HA_SPIN_LOCK(SERVER_LOCK, &s->lock);
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
srv_set_dyncookie(s);
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
HA_SPIN_UNLOCK(SERVER_LOCK, &s->lock);
}
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
return 1;
}
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
/* Parses the "disable dynamic-cookies backend" directive, it always returns 1.
*
* Grabs the proxy lock and each server's lock.
*/
MEDIUM: cli: Add payload support In order to use arbitrary data in the CLI (multiple lines or group of words that must be considered as a whole, for example), it is now possible to add a payload to the commands. To do so, the first line needs to end with a special pattern: <<\n. Everything that follows will be left untouched by the CLI parser and will be passed to the commands parsers. Per-command support will need to be added to take advantage of this feature. Signed-off-by: Aurlien Nephtali <aurelien.nephtali@corp.ovh.com>
2018-04-18 07:26:46 -04:00
static int cli_parse_disable_dyncookie_backend(char **args, char *payload, struct appctx *appctx, void *private)
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
{
struct proxy *px;
struct server *s;
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
px = cli_find_backend(appctx, args[3]);
if (!px)
return 1;
MINOR: proxy: dynamic-cookie CLIs require TCP or HTTP mode Prevent the use of "dynamic-cookie" related CLI commands if the backend is not in TCP or HTTP mode.
2023-09-20 04:54:06 -04:00
if (px->mode != PR_MODE_TCP && px->mode != PR_MODE_HTTP)
return cli_err(appctx, "Not available.\n");
BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue() A problem involving server slowstart was reported by @max2k1 in issue #197. The problem is that pendconn_grab_from_px() takes the proxy lock while already under the server's lock while process_srv_queue() first takes the proxy's lock then the server's lock. While the latter seems more natural, it is fundamentally incompatible with mayn other operations performed on servers, namely state change propagation, where the proxy is only known after the server and cannot be locked around the servers. Howwever reversing the lock in process_srv_queue() is trivial and only the few functions related to dynamic cookies need to be adjusted for this so that the proxy's lock is taken for each server operation. This is possible because the proxy's server list is built once at boot time and remains stable. So this is what this patch does. The comments in the proxy and server structs were updated to mention this rule that the server's lock may not be taken under the proxy's lock but may enclose it. Another approach could consist in using a second lock for the proxy's queue which would be different from the regular proxy's lock, but given that the operations above are rare and operate on small servers list, there is no reason for overdesigning a solution. This fix was successfully tested with 10000 servers in a backend where adjusting the dyncookies in loops over the CLI didn't have a measurable impact on the traffic. The only workaround without the fix is to disable any occurrence of "slowstart" on server lines, or to disable threads using "nbthread 1". This must be backported as far as 1.8.
2019-07-30 05:59:34 -04:00
/* Note: this lock is to make sure this doesn't change while another
* thread is in srv_set_dyncookie().
*/
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock);
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
px->ck_opts &= ~PR_CK_DYNAMIC;
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &px->lock);
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
for (s = px->srv; s != NULL; s = s->next) {
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
HA_SPIN_LOCK(SERVER_LOCK, &s->lock);
CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) This makes the code more readable and less prone to copy-paste errors. In addition, it allows to place some __builtin_constant_p() predicates to trigger a link-time error in case the compiler knows that the freed area is constant. It will also produce compile-time error if trying to free something that is not a regular pointer (e.g. a function). The DEBUG_MEM_STATS macro now also defines an instance for ha_free() so that all these calls can be checked. 178 occurrences were converted. The vast majority of them were handled by the following Coccinelle script, some slightly refined to better deal with "&*x" or with long lines: @ rule @ expression E; @@ - free(E); - E = NULL; + ha_free(&E); It was verified that the resulting code is the same, more or less a handful of cases where the compiler optimized slightly differently the temporary variable that holds the copy of the pointer. A non-negligible amount of {free(str);str=NULL;str_len=0;} are still present in the config part (mostly header names in proxies). These ones should also be cleaned for the same reasons, and probably be turned into ist strings.
2021-02-20 04:46:51 -05:00
if (!(s->flags & SRV_F_COOKIESET))
ha_free(&s->cookie);
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
HA_SPIN_UNLOCK(SERVER_LOCK, &s->lock);
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
}
return 1;
}
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
/* Parses the "set dynamic-cookie-key backend" directive, it always returns 1.
*
* Grabs the proxy lock and each server's lock.
*/
MEDIUM: cli: Add payload support In order to use arbitrary data in the CLI (multiple lines or group of words that must be considered as a whole, for example), it is now possible to add a payload to the commands. To do so, the first line needs to end with a special pattern: <<\n. Everything that follows will be left untouched by the CLI parser and will be passed to the commands parsers. Per-command support will need to be added to take advantage of this feature. Signed-off-by: Aurlien Nephtali <aurelien.nephtali@corp.ovh.com>
2018-04-18 07:26:46 -04:00
static int cli_parse_set_dyncookie_key_backend(char **args, char *payload, struct appctx *appctx, void *private)
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
{
struct proxy *px;
struct server *s;
char *newkey;
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
px = cli_find_backend(appctx, args[3]);
if (!px)
return 1;
MINOR: proxy: dynamic-cookie CLIs require TCP or HTTP mode Prevent the use of "dynamic-cookie" related CLI commands if the backend is not in TCP or HTTP mode.
2023-09-20 04:54:06 -04:00
if (px->mode != PR_MODE_TCP && px->mode != PR_MODE_HTTP)
return cli_err(appctx, "Not available.\n");
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
if (!*args[4])
return cli_err(appctx, "String value expected.\n");
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
newkey = strdup(args[4]);
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
if (!newkey)
return cli_err(appctx, "Failed to allocate memory.\n");
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue() A problem involving server slowstart was reported by @max2k1 in issue #197. The problem is that pendconn_grab_from_px() takes the proxy lock while already under the server's lock while process_srv_queue() first takes the proxy's lock then the server's lock. While the latter seems more natural, it is fundamentally incompatible with mayn other operations performed on servers, namely state change propagation, where the proxy is only known after the server and cannot be locked around the servers. Howwever reversing the lock in process_srv_queue() is trivial and only the few functions related to dynamic cookies need to be adjusted for this so that the proxy's lock is taken for each server operation. This is possible because the proxy's server list is built once at boot time and remains stable. So this is what this patch does. The comments in the proxy and server structs were updated to mention this rule that the server's lock may not be taken under the proxy's lock but may enclose it. Another approach could consist in using a second lock for the proxy's queue which would be different from the regular proxy's lock, but given that the operations above are rare and operate on small servers list, there is no reason for overdesigning a solution. This fix was successfully tested with 10000 servers in a backend where adjusting the dyncookies in loops over the CLI didn't have a measurable impact on the traffic. The only workaround without the fix is to disable any occurrence of "slowstart" on server lines, or to disable threads using "nbthread 1". This must be backported as far as 1.8.
2019-07-30 05:59:34 -04:00
/* Note: this lock is to make sure this doesn't change while another
* thread is in srv_set_dyncookie().
*/
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock);
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
free(px->dyncookie_key);
px->dyncookie_key = newkey;
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &px->lock);
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
for (s = px->srv; s != NULL; s = s->next) {
HA_SPIN_LOCK(SERVER_LOCK, &s->lock);
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
srv_set_dyncookie(s);
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
HA_SPIN_UNLOCK(SERVER_LOCK, &s->lock);
}
MINOR: cli: Let configure the dynamic cookies from the cli. This adds 3 new commands to the cli : enable dynamic-cookie backend <backend> that enables dynamic cookies for a specified backend disable dynamic-cookie backend <backend> that disables dynamic cookies for a specified backend set dynamic-cookie-key backend <backend> that lets one change the dynamic cookie secret key, for a specified backend.
2017-03-14 15:08:46 -04:00
return 1;
}
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
/* Parses the "set maxconn frontend" directive, it always returns 1.
*
* Grabs the proxy lock.
*/
MEDIUM: cli: Add payload support In order to use arbitrary data in the CLI (multiple lines or group of words that must be considered as a whole, for example), it is now possible to add a payload to the commands. To do so, the first line needs to end with a special pattern: <<\n. Everything that follows will be left untouched by the CLI parser and will be passed to the commands parsers. Per-command support will need to be added to take advantage of this feature. Signed-off-by: Aurlien Nephtali <aurelien.nephtali@corp.ovh.com>
2018-04-18 07:26:46 -04:00
static int cli_parse_set_maxconn_frontend(char **args, char *payload, struct appctx *appctx, void *private)
REORG: cli: move "set maxconn frontend" to proxy.c And get rid of the last specific "set maxconn" case.
2016-11-23 10:22:04 -05:00
{
struct proxy *px;
struct listener *l;
int v;
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
px = cli_find_frontend(appctx, args[3]);
if (!px)
return 1;
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
if (!*args[4])
return cli_err(appctx, "Integer value expected.\n");
REORG: cli: move "set maxconn frontend" to proxy.c And get rid of the last specific "set maxconn" case.
2016-11-23 10:22:04 -05:00
v = atoi(args[4]);
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
if (v < 0)
return cli_err(appctx, "Value out of range.\n");
REORG: cli: move "set maxconn frontend" to proxy.c And get rid of the last specific "set maxconn" case.
2016-11-23 10:22:04 -05:00
/* OK, the value is fine, so we assign it to the proxy and to all of
* its listeners. The blocked ones will be dequeued.
*/
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRLOCK(PROXY_LOCK, &px->lock);
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
REORG: cli: move "set maxconn frontend" to proxy.c And get rid of the last specific "set maxconn" case.
2016-11-23 10:22:04 -05:00
px->maxconn = v;
list_for_each_entry(l, &px->conf.listeners, by_fe) {
if (l->state == LI_FULL)
MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping This is an alternative fix that tries to address the same issue as d1ebee177 ("BUG/MINOR: listener: close tiny race between resume_listener() and stopping") while allowing resume_listener() to be more versatile. Indeed, because of the previous fix, resume_listener() is not able to rebind stopped listeners, and this breaks the original behavior that is documented in the function description: "If the listener was only in the assigned state, it's totally rebound. This can happen if a pause() has completely stopped it. If the resume fails, 0 is returned and an error might be displayed." With relax_listener(), we now make sure to check l->state under the listener lock so we don't call resume_listener() when the conditions are not met. As such, concurrently stopped listeners may not be rebound using relax_listener(). Note: the documented race can't happen since 1b927eb3c ("MEDIUM: proto: stop protocols under thread isolation during soft stop"), but older versions are concerned as 1b927eb3c was not marked for backports. Moreover, the patch also prevents the race between protocol_pause_all() and resuming from LIMITED or FULL states. This commit depends on: - "MINOR: listener: add relax_listener() function" This should be backported with d1ebee177 up to 2.4 (d1ebee177 is marked to be backported for all stable versions but the current patch does not apply for versions < 2.4)
2023-02-06 11:19:58 -05:00
relax_listener(l, 1, 0);
REORG: cli: move "set maxconn frontend" to proxy.c And get rid of the last specific "set maxconn" case.
2016-11-23 10:22:04 -05:00
}
MINOR: listener: split dequeue_all_listener() in two We use it half times for the global_listener_queue and half times for a proxy's queue and this requires the callers to take care of these. Let's split it in two versions, the current one working only on the global queue and another one dedicated to proxies for the per-proxy queues. This cleans up quite a bit of code.
2019-12-10 08:10:52 -05:00
if (px->maxconn > px->feconn)
dequeue_proxy_listeners(px);
REORG: cli: move "set maxconn frontend" to proxy.c And get rid of the last specific "set maxconn" case.
2016-11-23 10:22:04 -05:00
MINOR: proxy; replace the spinlock with an rwlock This is an anticipation of finer grained locking for the queues. For now all lock places take a write lock so that there is no difference at all with previous code.
2020-10-20 11:24:27 -04:00
HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &px->lock);
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
REORG: cli: move "set maxconn frontend" to proxy.c And get rid of the last specific "set maxconn" case.
2016-11-23 10:22:04 -05:00
return 1;
}
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
/* Parses the "shutdown frontend" directive, it always returns 1.
*
* Grabs the proxy lock.
*/
MEDIUM: cli: Add payload support In order to use arbitrary data in the CLI (multiple lines or group of words that must be considered as a whole, for example), it is now possible to add a payload to the commands. To do so, the first line needs to end with a special pattern: <<\n. Everything that follows will be left untouched by the CLI parser and will be passed to the commands parsers. Per-command support will need to be added to take advantage of this feature. Signed-off-by: Aurlien Nephtali <aurelien.nephtali@corp.ovh.com>
2018-04-18 07:26:46 -04:00
static int cli_parse_shutdown_frontend(char **args, char *payload, struct appctx *appctx, void *private)
REORG: cli: move "shutdown frontend" to proxy.c Now we don't have any "shutdown" commands left in cli.c.
2016-11-24 05:13:06 -05:00
{
struct proxy *px;
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
px = cli_find_frontend(appctx, args[2]);
if (!px)
return 1;
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (px->flags & (PR_FL_DISABLED|PR_FL_STOPPED))
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
return cli_msg(appctx, LOG_NOTICE, "Frontend was already shut down.\n");
REORG: cli: move "shutdown frontend" to proxy.c Now we don't have any "shutdown" commands left in cli.c.
2016-11-24 05:13:06 -05:00
stop_proxy(px);
return 1;
}
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
/* Parses the "disable frontend" directive, it always returns 1.
*
* Grabs the proxy lock.
*/
MEDIUM: cli: Add payload support In order to use arbitrary data in the CLI (multiple lines or group of words that must be considered as a whole, for example), it is now possible to add a payload to the commands. To do so, the first line needs to end with a special pattern: <<\n. Everything that follows will be left untouched by the CLI parser and will be passed to the commands parsers. Per-command support will need to be added to take advantage of this feature. Signed-off-by: Aurlien Nephtali <aurelien.nephtali@corp.ovh.com>
2018-04-18 07:26:46 -04:00
static int cli_parse_disable_frontend(char **args, char *payload, struct appctx *appctx, void *private)
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
{
struct proxy *px;
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
int ret;
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
px = cli_find_frontend(appctx, args[2]);
if (!px)
return 1;
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (px->flags & (PR_FL_DISABLED|PR_FL_STOPPED))
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
return cli_msg(appctx, LOG_NOTICE, "Frontend was previously shut down, cannot disable.\n");
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
MEDIUM: proxy: remove state PR_STPAUSED This state was used to mention that a proxy was in PAUSED state, as opposed to the READY state. This was causing some trouble because if a listener failed to resume (e.g. because its port was temporarily in use during the resume), it was not possible to retry the operation later. Now by checking the number of READY or PAUSED listeners instead, we can accurately know if something went bad and try to fix it again later. The case of the temporary port conflict during resume now works well: $ socat readline /tmp/sock1 prompt > disable frontend testme3 > disable frontend testme3 All sockets are already disabled. > enable frontend testme3 Failed to resume frontend, check logs for precise cause (port conflict?). > enable frontend testme3 > enable frontend testme3 All sockets are already enabled.
2020-09-24 02:04:27 -04:00
if (!px->li_ready)
return cli_msg(appctx, LOG_NOTICE, "All sockets are already disabled.\n");
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
/* pause_proxy will take PROXY_LOCK */
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
ret = pause_proxy(px);
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
if (!ret)
return cli_err(appctx, "Failed to pause frontend, check logs for precise cause.\n");
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
return 1;
}
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
/* Parses the "enable frontend" directive, it always returns 1.
*
* Grabs the proxy lock.
*/
MEDIUM: cli: Add payload support In order to use arbitrary data in the CLI (multiple lines or group of words that must be considered as a whole, for example), it is now possible to add a payload to the commands. To do so, the first line needs to end with a special pattern: <<\n. Everything that follows will be left untouched by the CLI parser and will be passed to the commands parsers. Per-command support will need to be added to take advantage of this feature. Signed-off-by: Aurlien Nephtali <aurelien.nephtali@corp.ovh.com>
2018-04-18 07:26:46 -04:00
static int cli_parse_enable_frontend(char **args, char *payload, struct appctx *appctx, void *private)
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
{
struct proxy *px;
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
int ret;
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
return 1;
px = cli_find_frontend(appctx, args[2]);
if (!px)
return 1;
MINOR: proxy: Introduce proxy flags to replace disabled bitfield This change is required to support TCP/HTTP rules in defaults sections. The 'disabled' bitfield in the proxy structure, used to know if a proxy is disabled or stopped, is replaced a generic bitfield named 'flags'. PR_DISABLED and PR_STOPPED flags are renamed to PR_FL_DISABLED and PR_FL_STOPPED respectively. In addition, everywhere there is a test to know if a proxy is disabled or stopped, there is now a bitwise AND operation on PR_FL_DISABLED and/or PR_FL_STOPPED flags.
2021-10-06 08:24:19 -04:00
if (px->flags & (PR_FL_DISABLED|PR_FL_STOPPED))
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
return cli_err(appctx, "Frontend was previously shut down, cannot enable.\n");
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
MEDIUM: proxy: remove state PR_STPAUSED This state was used to mention that a proxy was in PAUSED state, as opposed to the READY state. This was causing some trouble because if a listener failed to resume (e.g. because its port was temporarily in use during the resume), it was not possible to retry the operation later. Now by checking the number of READY or PAUSED listeners instead, we can accurately know if something went bad and try to fix it again later. The case of the temporary port conflict during resume now works well: $ socat readline /tmp/sock1 prompt > disable frontend testme3 > disable frontend testme3 All sockets are already disabled. > enable frontend testme3 Failed to resume frontend, check logs for precise cause (port conflict?). > enable frontend testme3 > enable frontend testme3 All sockets are already enabled.
2020-09-24 02:04:27 -04:00
if (px->li_ready == px->li_all)
return cli_msg(appctx, LOG_NOTICE, "All sockets are already enabled.\n");
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK There was a race involving hlua_proxy_* functions and some proxy management functions. pause_proxy() and resume_proxy() can be used directly from lua code, but that could lead to some race as lua code didn't make sure PROXY_LOCK was owned before calling the proxy functions. This patch makes sure it won't happen again elsewhere in the code by locking PROXY_LOCK directly in resume and pause proxy functions so that it's not the caller's responsibility anymore. (based on stop_proxy() behavior that was already safe prior to the patch) This should be backported to stable series. Note that the API will likely differ < 2.4
2022-09-08 08:35:35 -04:00
/* resume_proxy will take PROXY_LOCK */
BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates The proxy-related commands like "{enable|disable|shutdown} frontend", "{enable|disable} dynamic-cookie", "set dynamic-cookie-key" were not protected against concurrent accesses making their use dangerous with threads. This patch must be backported to 1.8.
2018-08-21 08:50:44 -04:00
ret = resume_proxy(px);
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
if (!ret)
return cli_err(appctx, "Failed to resume frontend, check logs for precise cause (port conflict?).\n");
REORG: cli: move "{enable|disable} frontend" to proxy.c These are the last frontend-specific actions on the CLI. The function expect_frontend_admin() which is not used anymore was removed.
2016-11-24 05:55:28 -05:00
return 1;
}
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
/* appctx context used during "show errors" */
struct show_errors_ctx {
struct proxy *px; /* current proxy being dumped, NULL = not started yet. */
unsigned int flag; /* bit0: buffer being dumped, 0 = req, 1 = resp ; bit1=skip req ; bit2=skip resp. */
unsigned int ev_id; /* event ID of error being dumped */
int iid; /* if >= 0, ID of the proxy to filter on */
int ptr; /* <0: headers, >=0 : text pointer to restart from */
int bol; /* pointer to beginning of current line */
};
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
/* "show errors" handler for the CLI. Returns 0 if wants to continue, 1 to stop
* now.
*/
static int cli_parse_show_errors(char **args, char *payload, struct appctx *appctx, void *private)
{
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
struct show_errors_ctx *ctx = applet_reserve_svcctx(appctx, sizeof(*ctx));
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
if (!cli_has_level(appctx, ACCESS_LVL_OPER))
return 1;
if (*args[2]) {
struct proxy *px;
px = proxy_find_by_name(args[2], 0, 0);
if (px)
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->iid = px->uuid;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
else
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->iid = atoi(args[2]);
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
if (!ctx->iid)
CLEANUP: cli: replace all occurrences of manual handling of return messages There were 221 places where a status message or an error message were built to be returned on the CLI. All of them were replaced to use cli_err(), cli_msg(), cli_dynerr() or cli_dynmsg() depending on what was expected. This removed a lot of duplicated code because most of the times, 4 lines are replaced by a single, safer one.
2019-08-09 05:21:01 -04:00
return cli_err(appctx, "No such proxy.\n");
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
}
else
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->iid = -1; // dump all proxies
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->flag = 0;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
if (strcmp(args[3], "request") == 0)
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->flag |= 4; // ignore response
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
else if (strcmp(args[3], "response") == 0)
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->flag |= 2; // ignore request
ctx->px = NULL;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
return 0;
}
CLEANUP: conn_stream: tree-wide rename to stconn (stream connector) This renames the "struct conn_stream" to "struct stconn" and updates the descriptions in all comments (and the rare help descriptions) to "stream connector" or "connector". This touches a lot of files but the change is minimal. The local variables were not even renamed, so there's still a lot of "cs" everywhere.
2022-05-17 13:07:51 -04:00
/* This function dumps all captured errors onto the stream connector's
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
* read buffer. It returns 0 if the output buffer is full and it needs
* to be called again, otherwise non-zero.
*/
static int cli_io_handler_show_errors(struct appctx *appctx)
{
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
struct show_errors_ctx *ctx = appctx->svcctx;
CLEANUP: applet: rename appctx_cs() to appctx_sc() It returns a stream connector, not a conn_stream anymore, so let's fix its name.
2022-05-27 05:08:15 -04:00
struct stconn *sc = appctx_sc(appctx);
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
extern const char *monthname[12];
MEDIUM: tree-wide: Move flags about shut from the channel to the SC The purpose of this patch is only a one-to-one replacement, as far as possible. CF_SHUTR(_NOW) and CF_SHUTW(_NOW) flags are now carried by the stream-connecter. CF_ prefix is replaced by SC_FL_ one. Of course, it is not so simple because at many places, we were testing if a channel was shut for reads and writes in same time. To do the same, shut for reads must be tested on one side on the SC and shut for writes on the other side on the opposite SC. A special care was taken with process_stream(). flags of SCs must be saved to be able to detect changes, just like for the channels.
2023-04-03 12:32:50 -04:00
/* FIXME: Don't watch the other side !*/
MINOR: stconn: Rename SC_FL_SHUTW in SC_FL_SHUT_DONE Here again, it is just a flag renaming. In SC flags, there is no longer shutdown for writes but shutdowns.
2023-04-13 10:16:15 -04:00
if (unlikely(sc_opposite(sc)->flags & SC_FL_SHUT_DONE))
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
return 1;
chunk_reset(&trash);
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
if (!ctx->px) {
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
/* the function had not been called yet, let's prepare the
* buffer for a response.
*/
struct tm tm;
get_localtime(date.tv_sec, &tm);
chunk_appendf(&trash, "Total events captured on [%02d/%s/%04d:%02d:%02d:%02d.%03d] : %u\n",
tm.tm_mday, monthname[tm.tm_mon], tm.tm_year+1900,
tm.tm_hour, tm.tm_min, tm.tm_sec, (int)(date.tv_usec/1000),
error_snapshot_id);
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
if (applet_putchk(appctx, &trash) == -1)
BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors The proxy's lock it held while filling the error but not while dumping it, so it's possible to dereference pointers being replaced, typically server pointers. The risk is very low and unlikely but not inexistent. Since "show errors" is rarely used in parallel, let's simply grab the proxy's lock while dumping. Ideally we should use an R/W lock here but it will not make any difference. This patch must be backported to 1.8, but the code is in proto_http.c there, though mostly similar.
2018-09-07 13:55:44 -04:00
goto cant_send;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->px = proxies_list;
ctx->bol = 0;
ctx->ptr = -1;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
}
/* we have two inner loops here, one for the proxy, the other one for
* the buffer.
*/
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
while (ctx->px) {
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
struct error_snapshot *es;
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
HA_RWLOCK_RDLOCK(PROXY_LOCK, &ctx->px->lock);
BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors The proxy's lock it held while filling the error but not while dumping it, so it's possible to dereference pointers being replaced, typically server pointers. The risk is very low and unlikely but not inexistent. Since "show errors" is rarely used in parallel, let's simply grab the proxy's lock while dumping. Ideally we should use an R/W lock here but it will not make any difference. This patch must be backported to 1.8, but the code is in proto_http.c there, though mostly similar.
2018-09-07 13:55:44 -04:00
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
if ((ctx->flag & 1) == 0) {
es = ctx->px->invalid_req;
if (ctx->flag & 2) // skip req
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
goto next;
}
else {
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
es = ctx->px->invalid_rep;
if (ctx->flag & 4) // skip resp
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
goto next;
}
MEDIUM: snapshots: dynamically allocate the snapshots Now upon error we dynamically allocate the snapshot instead of overwriting it. This way there is no more memory wasted in the proxy to hold the two error snapshot descriptors. Also an appreciable side effect of this is that the proxy's lock is only taken during the pointer swap, no more while copying the buffer's contents. This saves 480 bytes of memory per proxy.
2018-09-07 13:02:32 -04:00
if (!es)
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
goto next;
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
if (ctx->iid >= 0 &&
ctx->px->uuid != ctx->iid &&
(!es->oe || es->oe->uuid != ctx->iid))
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
goto next;
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
if (ctx->ptr < 0) {
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
/* just print headers now */
char pn[INET6_ADDRSTRLEN];
struct tm tm;
int port;
get_localtime(es->when.tv_sec, &tm);
chunk_appendf(&trash, " \n[%02d/%s/%04d:%02d:%02d:%02d.%03d]",
tm.tm_mday, monthname[tm.tm_mon], tm.tm_year+1900,
tm.tm_hour, tm.tm_min, tm.tm_sec, (int)(es->when.tv_usec/1000));
switch (addr_to_str(&es->src, pn, sizeof(pn))) {
case AF_INET:
case AF_INET6:
port = get_host_port(&es->src);
break;
default:
port = 0;
}
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
switch (ctx->flag & 1) {
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
case 0:
chunk_appendf(&trash,
" frontend %s (#%d): invalid request\n"
" backend %s (#%d)",
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->px->id, ctx->px->uuid,
BUG/MEDIUM: connections: Don't assume the connection has a valid session. Don't assume the connection always has a valid session in "owner". Instead, attempt to retrieve the session from the stream, and modify the error snapshot code to not assume we always have a session, or the proxy for the other end.
2020-03-12 10:30:17 -04:00
(es->oe && es->oe->cap & PR_CAP_BE) ? es->oe->id : "<NONE>",
(es->oe && es->oe->cap & PR_CAP_BE) ? es->oe->uuid : -1);
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
break;
case 1:
chunk_appendf(&trash,
" backend %s (#%d): invalid response\n"
" frontend %s (#%d)",
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->px->id, ctx->px->uuid,
BUG/MEDIUM: connections: Don't assume the connection has a valid session. Don't assume the connection always has a valid session in "owner". Instead, attempt to retrieve the session from the stream, and modify the error snapshot code to not assume we always have a session, or the proxy for the other end.
2020-03-12 10:30:17 -04:00
es->oe ? es->oe->id : "<NONE>" , es->oe ? es->oe->uuid : -1);
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
break;
}
chunk_appendf(&trash,
", server %s (#%d), event #%u, src %s:%d\n"
" buffer starts at %llu (including %u out), %u free,\n"
" len %u, wraps at %u, error at position %u\n",
es->srv ? es->srv->id : "<NONE>",
es->srv ? es->srv->puid : -1,
es->ev_id, pn, port,
es->buf_ofs, es->buf_out,
global.tune.bufsize - es->buf_out - es->buf_len,
es->buf_len, es->buf_wrap, es->buf_err);
if (es->show)
es->show(&trash, es);
chunk_appendf(&trash, " \n");
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
if (applet_putchk(appctx, &trash) == -1)
BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors The proxy's lock it held while filling the error but not while dumping it, so it's possible to dereference pointers being replaced, typically server pointers. The risk is very low and unlikely but not inexistent. Since "show errors" is rarely used in parallel, let's simply grab the proxy's lock while dumping. Ideally we should use an R/W lock here but it will not make any difference. This patch must be backported to 1.8, but the code is in proto_http.c there, though mostly similar.
2018-09-07 13:55:44 -04:00
goto cant_send_unlock;
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->ptr = 0;
ctx->ev_id = es->ev_id;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
}
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
if (ctx->ev_id != es->ev_id) {
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
/* the snapshot changed while we were dumping it */
chunk_appendf(&trash,
" WARNING! update detected on this snapshot, dump interrupted. Please re-check!\n");
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
if (applet_putchk(appctx, &trash) == -1)
BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors The proxy's lock it held while filling the error but not while dumping it, so it's possible to dereference pointers being replaced, typically server pointers. The risk is very low and unlikely but not inexistent. Since "show errors" is rarely used in parallel, let's simply grab the proxy's lock while dumping. Ideally we should use an R/W lock here but it will not make any difference. This patch must be backported to 1.8, but the code is in proto_http.c there, though mostly similar.
2018-09-07 13:55:44 -04:00
goto cant_send_unlock;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
goto next;
}
/* OK, ptr >= 0, so we have to dump the current line */
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
while (ctx->ptr < es->buf_len && ctx->ptr < global.tune.bufsize) {
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
int newptr;
int newline;
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
newline = ctx->bol;
newptr = dump_text_line(&trash, es->buf, global.tune.bufsize, es->buf_len, &newline, ctx->ptr);
MEDIUM: tree-wide: Change sc API to specify required free space to progress sc_need_room() now takes the required free space to receive more data as parameter. All calls to this function are updated accordingly. For now, this value is set but not used. When we are waiting for a buffer, 0 is used. So we expect to be unblocked ASAP. However this must be reviewed because SC_FL_NEED_BUF is probably enough in this case and this flag is already set if the input buffer allocation fails.
2023-05-05 05:28:45 -04:00
if (newptr == ctx->ptr) {
sc_need_room(sc, 0);
BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors The proxy's lock it held while filling the error but not while dumping it, so it's possible to dereference pointers being replaced, typically server pointers. The risk is very low and unlikely but not inexistent. Since "show errors" is rarely used in parallel, let's simply grab the proxy's lock while dumping. Ideally we should use an R/W lock here but it will not make any difference. This patch must be backported to 1.8, but the code is in proto_http.c there, though mostly similar.
2018-09-07 13:55:44 -04:00
goto cant_send_unlock;
MEDIUM: tree-wide: Change sc API to specify required free space to progress sc_need_room() now takes the required free space to receive more data as parameter. All calls to this function are updated accordingly. For now, this value is set but not used. When we are waiting for a buffer, 0 is used. So we expect to be unblocked ASAP. However this must be reviewed because SC_FL_NEED_BUF is probably enough in this case and this flag is already set if the input buffer allocation fails.
2023-05-05 05:28:45 -04:00
}
BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors The proxy's lock it held while filling the error but not while dumping it, so it's possible to dereference pointers being replaced, typically server pointers. The risk is very low and unlikely but not inexistent. Since "show errors" is rarely used in parallel, let's simply grab the proxy's lock while dumping. Ideally we should use an R/W lock here but it will not make any difference. This patch must be backported to 1.8, but the code is in proto_http.c there, though mostly similar.
2018-09-07 13:55:44 -04:00
CLEANUP: applet: use applet_put*() everywhere possible This applies the change so that the applet code stops using ci_putchk() and friends everywhere possible, for the much saferapplet_put*() instead. The change is mechanical but large. Two or three functions used to have no appctx and a cs derived from the appctx instead, which was a reminiscence of old times' stream_interface. These were simply changed to directly take the appctx. No sensitive change was performed, and the old (more complex) API is still usable when needed (e.g. the channel is already known). The change touched roughly a hundred of locations, with no less than 124 lines removed. It's worth noting that the stats applet, the oldest of the series, could get a serious lifting, as it's still very channel-centric instead of propagating the appctx along the chain. Given that this code doesn't change often, there's no emergency to clean it up but it would look better.
2022-05-18 09:07:19 -04:00
if (applet_putchk(appctx, &trash) == -1)
BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors The proxy's lock it held while filling the error but not while dumping it, so it's possible to dereference pointers being replaced, typically server pointers. The risk is very low and unlikely but not inexistent. Since "show errors" is rarely used in parallel, let's simply grab the proxy's lock while dumping. Ideally we should use an R/W lock here but it will not make any difference. This patch must be backported to 1.8, but the code is in proto_http.c there, though mostly similar.
2018-09-07 13:55:44 -04:00
goto cant_send_unlock;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
ctx->ptr = newptr;
ctx->bol = newline;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
};
next:
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
HA_RWLOCK_RDUNLOCK(PROXY_LOCK, &ctx->px->lock);
ctx->bol = 0;
ctx->ptr = -1;
ctx->flag ^= 1;
if (!(ctx->flag & 1))
ctx->px = ctx->px->next;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
}
/* dump complete */
return 1;
BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors The proxy's lock it held while filling the error but not while dumping it, so it's possible to dereference pointers being replaced, typically server pointers. The risk is very low and unlikely but not inexistent. Since "show errors" is rarely used in parallel, let's simply grab the proxy's lock while dumping. Ideally we should use an R/W lock here but it will not make any difference. This patch must be backported to 1.8, but the code is in proto_http.c there, though mostly similar.
2018-09-07 13:55:44 -04:00
cant_send_unlock:
CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx This makes use of the generic command context allocation so that the appctx doesn't have to declare a specific one anymore. The context is created during parsing. The code still has room for improvement, such as in the "flags" field where bits are hard-coded, but they weren't modified.
2022-05-03 05:24:24 -04:00
HA_RWLOCK_RDUNLOCK(PROXY_LOCK, &ctx->px->lock);
BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors The proxy's lock it held while filling the error but not while dumping it, so it's possible to dereference pointers being replaced, typically server pointers. The risk is very low and unlikely but not inexistent. Since "show errors" is rarely used in parallel, let's simply grab the proxy's lock while dumping. Ideally we should use an R/W lock here but it will not make any difference. This patch must be backported to 1.8, but the code is in proto_http.c there, though mostly similar.
2018-09-07 13:55:44 -04:00
cant_send:
return 0;
REORG: cli: move the "show errors" handler from http to proxy There's nothing HTTP-specific there anymore at all, let's move this to the proxy where it belongs.
2018-09-07 12:34:24 -04:00
}
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
/* register cli keywords */
static struct cli_kw_list cli_kws = {{ },{
CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages There were 102 CLI commands whose help were zig-zagging all along the dump making them unreadable. This patch realigns all these messages so that the command now uses up to 40 characters before the delimiting colon. About a third of the commands did not correctly list their arguments which were added after the first version, so they were all updated. Some abuses of the term "id" were fixed to use a more explanatory term. The "set ssl ocsp-response" command was not listed because it lacked a help message, this was fixed as well. The deprecated enable/disable commands for agent/health/server were prominently written as deprecated. Whenever possible, clearer explanations were provided.
2021-05-07 05:38:37 -04:00
{ { "disable", "frontend", NULL }, "disable frontend <frontend> : temporarily disable specific frontend", cli_parse_disable_frontend, NULL, NULL },
{ { "enable", "frontend", NULL }, "enable frontend <frontend> : re-enable specific frontend", cli_parse_enable_frontend, NULL, NULL },
{ { "set", "maxconn", "frontend", NULL }, "set maxconn frontend <frontend> <value> : change a frontend's maxconn setting", cli_parse_set_maxconn_frontend, NULL },
{ { "show","servers", "conn", NULL }, "show servers conn [<backend>] : dump server connections status (all or for a single backend)", cli_parse_show_servers, cli_io_handler_servers_state },
{ { "show","servers", "state", NULL }, "show servers state [<backend>] : dump volatile server information (all or for a single backend)", cli_parse_show_servers, cli_io_handler_servers_state },
{ { "show", "backend", NULL }, "show backend : list backends in the current running config", NULL, cli_io_handler_show_backend },
{ { "shutdown", "frontend", NULL }, "shutdown frontend <frontend> : stop a specific frontend", cli_parse_shutdown_frontend, NULL, NULL },
{ { "set", "dynamic-cookie-key", "backend", NULL }, "set dynamic-cookie-key backend <bk> <k> : change a backend secret key for dynamic cookies", cli_parse_set_dyncookie_key_backend, NULL },
{ { "enable", "dynamic-cookie", "backend", NULL }, "enable dynamic-cookie backend <bk> : enable dynamic cookies on a specific backend", cli_parse_enable_dyncookie_backend, NULL },
{ { "disable", "dynamic-cookie", "backend", NULL }, "disable dynamic-cookie backend <bk> : disable dynamic cookies on a specific backend", cli_parse_disable_dyncookie_backend, NULL },
{ { "show", "errors", NULL }, "show errors [<px>] [request|response] : report last request and/or response errors for each proxy", cli_parse_show_errors, cli_io_handler_show_errors, NULL },
REORG: cli: move 'show servers' to proxy.c Move 'show servers' CLI functions to proxy.c and use the cli keyword API to register it on the CLI.
2016-11-18 20:25:36 -05:00
{{},}
}};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 13:14:37 -05:00
INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-25 20:48:02 -04:00
/*
* Local variables:
* c-indent-level: 8
* c-basic-offset: 8
* End:
*/
Reference in a new issue Copy permalink