MINOR: log: add a new flag 'L' for locally processed requests

People who use "option dontlog-normal" are bothered with redirects and
stats being logged and reported as errors in the logs ("PR" = proxy
blocked the request).

This patch introduces a new flag 'L' for when a request is locally
processed, that is not considered as an error by the log filters. That
way we know a request was intercepted and processed by haproxy without
logging the line when "option dontlog-normal" is in effect.

doc/configuration.txt

@@ -11651,8 +11651,10 @@ each of which has a special meaning :
             connection limit enforcement, because a DENY filter was matched,
             because of a security check which detected and blocked a dangerous
             error in server response which might have caused information leak
-            (eg: cacheable cookie), or because the response was processed by
-            the proxy (redirect, stats, etc...).
+            (eg: cacheable cookie).
+
+        L : the session was locally processed by haproxy and was not passed to
+            a server. This is what happens for stats and redirects.
 
         R : a resource on the proxy has been exhausted (memory, sockets, source
             ports, ...). Usually, this appears during the connection phase, and
@@ -11837,6 +11839,9 @@ easier finding and understanding.
           closer to the average reported "Tw" timer, in order not to consume
           resources for just a few attackers.
 
+     LR   The request was intercepted and locally handled by haproxy. Generally
+          it means that this was a redirect or a stats request.
+
      SC   The server or an equipment between it and haproxy explicitly refused
           the TCP connection (the proxy received a TCP RST or an ICMP message
           in return). Under some circumstances, it can also be the network

include/types/session.h

@@ -60,17 +60,18 @@
 #define SN_TUNNEL	0x00000800	/* tunnel-mode session, nothing to catch after data */
 
 /* session termination conditions, bits values 0x1000 to 0x7000 (0-9 shift 12) */
-#define SN_ERR_NONE     0x00000000
-#define SN_ERR_CLITO	0x00001000	/* client time-out */
-#define SN_ERR_CLICL	0x00002000	/* client closed (read/write error) */
-#define SN_ERR_SRVTO	0x00003000	/* server time-out, connect time-out */
-#define SN_ERR_SRVCL	0x00004000	/* server closed (connect/read/write error) */
-#define SN_ERR_PRXCOND	0x00005000	/* the proxy decided to close (deny...) */
-#define SN_ERR_RESOURCE	0x00006000	/* the proxy encountered a lack of a local resources (fd, mem, ...) */
-#define SN_ERR_INTERNAL	0x00007000	/* the proxy encountered an internal error */
-#define SN_ERR_DOWN	0x00008000	/* the proxy killed a session because the backend became unavailable */
-#define SN_ERR_KILLED	0x00009000	/* the proxy killed a session because it was asked to do so */
-#define SN_ERR_UP	0x0000a000	/* the proxy killed a session because a preferred backend became available */
+#define SN_ERR_NONE     0x00000000	/* normal end of request */
+#define SN_ERR_LOCAL    0x00001000	/* the proxy locally processed this request => not an error */
+#define SN_ERR_CLITO    0x00002000	/* client time-out */
+#define SN_ERR_CLICL    0x00003000	/* client closed (read/write error) */
+#define SN_ERR_SRVTO    0x00004000	/* server time-out, connect time-out */
+#define SN_ERR_SRVCL    0x00005000	/* server closed (connect/read/write error) */
+#define SN_ERR_PRXCOND  0x00006000	/* the proxy decided to close (deny...) */
+#define SN_ERR_RESOURCE 0x00007000	/* the proxy encountered a lack of a local resources (fd, mem, ...) */
+#define SN_ERR_INTERNAL 0x00008000	/* the proxy encountered an internal error */
+#define SN_ERR_DOWN     0x00009000	/* the proxy killed a session because the backend became unavailable */
+#define SN_ERR_KILLED   0x0000a000	/* the proxy killed a session because it was asked to do so */
+#define SN_ERR_UP       0x0000b000	/* the proxy killed a session because a preferred backend became available */
 #define SN_ERR_MASK     0x0000f000	/* mask to get only session error flags */
 #define SN_ERR_SHIFT    12		/* bit shift */
 

src/log.c

@@ -54,7 +54,7 @@ const char *log_levels[NB_LOG_LEVELS] = {
 	"warning", "notice", "info", "debug"
 };
 
-const char sess_term_cond[16] = "-cCsSPRIDKUIIIII"; /* normal, CliTo, CliErr, SrvTo, SrvErr, PxErr, Resource, Internal, Down, Killed, Up, -- */
+const char sess_term_cond[16] = "-LcCsSPRIDKUIIII"; /* normal, Local, CliTo, CliErr, SrvTo, SrvErr, PxErr, Resource, Internal, Down, Killed, Up, -- */
 const char sess_fin_state[8]  = "-RCHDLQT";	/* cliRequest, srvConnect, srvHeader, Data, Last, Queue, Tarpit */
 
 
@@ -1516,8 +1516,10 @@ void sess_log(struct session *s)
 	int size, err, level;
 
 	/* if we don't want to log normal traffic, return now */
-	err = (s->flags & (SN_ERR_MASK | SN_REDISP)) ||
-		(s->req->cons->conn_retries != s->be->conn_retries) ||
+	err = (s->flags & SN_REDISP) ||
+              ((s->flags & SN_ERR_MASK) > SN_ERR_LOCAL) ||
+	      (((s->flags & SN_ERR_MASK) == SN_ERR_NONE) &&
+	       (s->req->cons->conn_retries != s->be->conn_retries)) ||
 	      ((s->fe->mode == PR_MODE_HTTP) && s->txn.status >= 500);
 
 	if (!err && (s->fe->options2 & PR_O2_NOLOGNORM))

src/proto_http.c

@@ -830,7 +830,7 @@ void http_perform_server_redirect(struct session *s, struct stream_interface *si
 	si->state    = SI_ST_CLO;
 
 	/* send the message */
-	http_server_error(s, si, SN_ERR_PRXCOND, SN_FINST_C, 302, &trash);
+	http_server_error(s, si, SN_ERR_LOCAL, SN_FINST_C, 302, &trash);
 
 	/* FIXME: we should increase a counter of redirects per server and per backend. */
 	srv_inc_sess_ctr(srv);
@@ -2529,6 +2529,8 @@ int http_wait_for_request(struct session *s, struct channel *req, int an_bit)
 				/* we fail this request, let's return 503 service unavail */
 				txn->status = 503;
 				stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_503));
+				if (!(s->flags & SN_ERR_MASK))
+					s->flags |= SN_ERR_LOCAL; /* we don't want a real error here */
 				goto return_prx_cond;
 			}
 		}
@@ -2536,6 +2538,8 @@ int http_wait_for_request(struct session *s, struct channel *req, int an_bit)
 		/* nothing to fail, let's reply normaly */
 		txn->status = 200;
 		stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_200));
+		if (!(s->flags & SN_ERR_MASK))
+			s->flags |= SN_ERR_LOCAL; /* we don't want a real error here */
 		goto return_prx_cond;
 	}
 
@@ -3031,7 +3035,7 @@ int http_handle_stats(struct session *s, struct channel *req)
 			s->fe->fe_counters.intercepted_req++;
 
 		if (!(s->flags & SN_ERR_MASK))      // this is not really an error but it is
-			s->flags |= SN_ERR_PRXCOND; // to mark that it comes from the proxy
+			s->flags |= SN_ERR_LOCAL;   // to mark that it comes from the proxy
 		if (!(s->flags & SN_FINST_MASK))
 			s->flags |= SN_FINST_R;
 		req->analysers = 0;
@@ -3060,7 +3064,7 @@ int http_handle_stats(struct session *s, struct channel *req)
 		s->fe->fe_counters.intercepted_req++;
 
 	if (!(s->flags & SN_ERR_MASK))      // this is not really an error but it is
-		s->flags |= SN_ERR_PRXCOND; // to mark that it comes from the proxy
+		s->flags |= SN_ERR_LOCAL;   // to mark that it comes from the proxy
 	if (!(s->flags & SN_FINST_MASK))
 		s->flags |= SN_FINST_R;
 
@@ -3375,7 +3379,7 @@ static int http_apply_redirect_rule(struct redirect_rule *rule, struct session *
 	}
 
 	if (!(s->flags & SN_ERR_MASK))
-		s->flags |= SN_ERR_PRXCOND;
+		s->flags |= SN_ERR_LOCAL;
 	if (!(s->flags & SN_FINST_MASK))
 		s->flags |= SN_FINST_R;