mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-23 20:01:23 +01:00
Code Issues Projects Releases Wiki Activity

MINOR: log: add a new flag 'L' for locally processed requests

Browse Source 
People who use "option dontlog-normal" are bothered with redirects and
stats being logged and reported as errors in the logs ("PR" = proxy
blocked the request).

This patch introduces a new flag 'L' for when a request is locally
processed, that is not considered as an error by the log filters. That
way we know a request was intercepted and processed by haproxy without
logging the line when "option dontlog-normal" is in effect.
This commit is contained in:
Willy Tarreau 2013-06-10 16:42:09 +02:00
parent 19f7fda81f
commit 570f221cbb
4 changed files with 35 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/configuration.txt
View File

@ -11651,8 +11651,10 @@ each of which has a special meaning :
connection limit enforcement, because a DENY filter was matched, connection limit enforcement, because a DENY filter was matched,
because of a security check which detected and blocked a dangerous because of a security check which detected and blocked a dangerous
error in server response which might have caused information leak error in server response which might have caused information leak
(eg: cacheable cookie), or because the response was processed by (eg: cacheable cookie).
the proxy (redirect, stats, etc...).
L : the session was locally processed by haproxy and was not passed to
a server. This is what happens for stats and redirects.
R : a resource on the proxy has been exhausted (memory, sockets, source R : a resource on the proxy has been exhausted (memory, sockets, source
ports, ...). Usually, this appears during the connection phase, and ports, ...). Usually, this appears during the connection phase, and
@ -11837,6 +11839,9 @@ easier finding and understanding.
closer to the average reported "Tw" timer, in order not to consume closer to the average reported "Tw" timer, in order not to consume
resources for just a few attackers. resources for just a few attackers.
LR The request was intercepted and locally handled by haproxy. Generally
it means that this was a redirect or a stats request.
SC The server or an equipment between it and haproxy explicitly refused SC The server or an equipment between it and haproxy explicitly refused
the TCP connection (the proxy received a TCP RST or an ICMP message the TCP connection (the proxy received a TCP RST or an ICMP message
in return). Under some circumstances, it can also be the network in return). Under some circumstances, it can also be the network

23
include/types/session.h
View File

@ -60,17 +60,18 @@
#define SN_TUNNEL 0x00000800 /* tunnel-mode session, nothing to catch after data */ #define SN_TUNNEL 0x00000800 /* tunnel-mode session, nothing to catch after data */
/* session termination conditions, bits values 0x1000 to 0x7000 (0-9 shift 12) */ /* session termination conditions, bits values 0x1000 to 0x7000 (0-9 shift 12) */
#define SN_ERR_NONE 0x00000000 #define SN_ERR_NONE 0x00000000 /* normal end of request */
#define SN_ERR_CLITO 0x00001000 /* client time-out */ #define SN_ERR_LOCAL 0x00001000 /* the proxy locally processed this request => not an error */
#define SN_ERR_CLICL 0x00002000 /* client closed (read/write error) */ #define SN_ERR_CLITO 0x00002000 /* client time-out */
#define SN_ERR_SRVTO 0x00003000 /* server time-out, connect time-out */ #define SN_ERR_CLICL 0x00003000 /* client closed (read/write error) */
#define SN_ERR_SRVCL 0x00004000 /* server closed (connect/read/write error) */ #define SN_ERR_SRVTO 0x00004000 /* server time-out, connect time-out */
#define SN_ERR_PRXCOND 0x00005000 /* the proxy decided to close (deny...) */ #define SN_ERR_SRVCL 0x00005000 /* server closed (connect/read/write error) */
#define SN_ERR_RESOURCE 0x00006000 /* the proxy encountered a lack of a local resources (fd, mem, ...) */ #define SN_ERR_PRXCOND 0x00006000 /* the proxy decided to close (deny...) */
#define SN_ERR_INTERNAL 0x00007000 /* the proxy encountered an internal error */ #define SN_ERR_RESOURCE 0x00007000 /* the proxy encountered a lack of a local resources (fd, mem, ...) */
#define SN_ERR_DOWN 0x00008000 /* the proxy killed a session because the backend became unavailable */ #define SN_ERR_INTERNAL 0x00008000 /* the proxy encountered an internal error */
#define SN_ERR_KILLED 0x00009000 /* the proxy killed a session because it was asked to do so */ #define SN_ERR_DOWN 0x00009000 /* the proxy killed a session because the backend became unavailable */
#define SN_ERR_UP 0x0000a000 /* the proxy killed a session because a preferred backend became available */ #define SN_ERR_KILLED 0x0000a000 /* the proxy killed a session because it was asked to do so */
#define SN_ERR_UP 0x0000b000 /* the proxy killed a session because a preferred backend became available */
#define SN_ERR_MASK 0x0000f000 /* mask to get only session error flags */ #define SN_ERR_MASK 0x0000f000 /* mask to get only session error flags */
#define SN_ERR_SHIFT 12 /* bit shift */ #define SN_ERR_SHIFT 12 /* bit shift */

8
src/log.c
View File

@ -54,7 +54,7 @@ const char *log_levels[NB_LOG_LEVELS] = {
"warning", "notice", "info", "debug" "warning", "notice", "info", "debug"
}; };
const char sess_term_cond[16] = "-cCsSPRIDKUIIIII"; /* normal, CliTo, CliErr, SrvTo, SrvErr, PxErr, Resource, Internal, Down, Killed, Up, -- */ const char sess_term_cond[16] = "-LcCsSPRIDKUIIII"; /* normal, Local, CliTo, CliErr, SrvTo, SrvErr, PxErr, Resource, Internal, Down, Killed, Up, -- */
const char sess_fin_state[8] = "-RCHDLQT"; /* cliRequest, srvConnect, srvHeader, Data, Last, Queue, Tarpit */ const char sess_fin_state[8] = "-RCHDLQT"; /* cliRequest, srvConnect, srvHeader, Data, Last, Queue, Tarpit */
@ -1516,8 +1516,10 @@ void sess_log(struct session *s)
int size, err, level; int size, err, level;
/* if we don't want to log normal traffic, return now */ /* if we don't want to log normal traffic, return now */
err = (s->flags & (SN_ERR_MASK | SN_REDISP)) || err = (s->flags & SN_REDISP) ||
(s->req->cons->conn_retries != s->be->conn_retries) || ((s->flags & SN_ERR_MASK) > SN_ERR_LOCAL) ||
(((s->flags & SN_ERR_MASK) == SN_ERR_NONE) &&
(s->req->cons->conn_retries != s->be->conn_retries)) ||
((s->fe->mode == PR_MODE_HTTP) && s->txn.status >= 500); ((s->fe->mode == PR_MODE_HTTP) && s->txn.status >= 500);
if (!err && (s->fe->options2 & PR_O2_NOLOGNORM)) if (!err && (s->fe->options2 & PR_O2_NOLOGNORM))

12
src/proto_http.c
View File

@ -830,7 +830,7 @@ void http_perform_server_redirect(struct session *s, struct stream_interface *si
si->state = SI_ST_CLO; si->state = SI_ST_CLO;
/* send the message */ /* send the message */
http_server_error(s, si, SN_ERR_PRXCOND, SN_FINST_C, 302, &trash); http_server_error(s, si, SN_ERR_LOCAL, SN_FINST_C, 302, &trash);
/* FIXME: we should increase a counter of redirects per server and per backend. */ /* FIXME: we should increase a counter of redirects per server and per backend. */
srv_inc_sess_ctr(srv); srv_inc_sess_ctr(srv);
@ -2529,6 +2529,8 @@ int http_wait_for_request(struct session *s, struct channel *req, int an_bit)
/* we fail this request, let's return 503 service unavail */ /* we fail this request, let's return 503 service unavail */
txn->status = 503; txn->status = 503;
stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_503)); stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_503));
if (!(s->flags & SN_ERR_MASK))
s->flags |= SN_ERR_LOCAL; /* we don't want a real error here */
goto return_prx_cond; goto return_prx_cond;
} }
} }
@ -2536,6 +2538,8 @@ int http_wait_for_request(struct session *s, struct channel *req, int an_bit)
/* nothing to fail, let's reply normaly */ /* nothing to fail, let's reply normaly */
txn->status = 200; txn->status = 200;
stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_200)); stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_200));
if (!(s->flags & SN_ERR_MASK))
s->flags |= SN_ERR_LOCAL; /* we don't want a real error here */
goto return_prx_cond; goto return_prx_cond;
} }
@ -3031,7 +3035,7 @@ int http_handle_stats(struct session *s, struct channel *req)
s->fe->fe_counters.intercepted_req++; s->fe->fe_counters.intercepted_req++;
if (!(s->flags & SN_ERR_MASK)) // this is not really an error but it is if (!(s->flags & SN_ERR_MASK)) // this is not really an error but it is
s->flags |= SN_ERR_PRXCOND; // to mark that it comes from the proxy s->flags |= SN_ERR_LOCAL; // to mark that it comes from the proxy
if (!(s->flags & SN_FINST_MASK)) if (!(s->flags & SN_FINST_MASK))
s->flags |= SN_FINST_R; s->flags |= SN_FINST_R;
req->analysers = 0; req->analysers = 0;
@ -3060,7 +3064,7 @@ int http_handle_stats(struct session *s, struct channel *req)
s->fe->fe_counters.intercepted_req++; s->fe->fe_counters.intercepted_req++;
if (!(s->flags & SN_ERR_MASK)) // this is not really an error but it is if (!(s->flags & SN_ERR_MASK)) // this is not really an error but it is
s->flags |= SN_ERR_PRXCOND; // to mark that it comes from the proxy s->flags |= SN_ERR_LOCAL; // to mark that it comes from the proxy
if (!(s->flags & SN_FINST_MASK)) if (!(s->flags & SN_FINST_MASK))
s->flags |= SN_FINST_R; s->flags |= SN_FINST_R;
@ -3375,7 +3379,7 @@ static int http_apply_redirect_rule(struct redirect_rule *rule, struct session *
} }
if (!(s->flags & SN_ERR_MASK)) if (!(s->flags & SN_ERR_MASK))
s->flags |= SN_ERR_PRXCOND; s->flags |= SN_ERR_LOCAL;
if (!(s->flags & SN_FINST_MASK)) if (!(s->flags & SN_FINST_MASK))
s->flags |= SN_FINST_R; s->flags |= SN_FINST_R;