mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-08-07 15:47:01 +02:00
MINOR: payload/config: Warn if a L6 sample fetch is used from an HTTP proxy
L6 sample fetches are now ignored when called from an HTTP proxy. Thus, a warning is emitted during the startup if such usage is detected. It is true for most ACLs and for log-format strings. Unfortunately, it is a bit painful to do so for sample expressions. This patch relies on the commit "MINOR: action: Use a generic function to check validity of an action rule list".
This commit is contained in:
Christopher Faulet
parent
42c6cf9501
commit
581db2b829
@ -106,6 +106,7 @@ int warnif_misplaced_tcp_conn(struct proxy *proxy, const char *file, int line, c
|
||||
int warnif_misplaced_tcp_sess(struct proxy *proxy, const char *file, int line, const char *arg);
|
||||
int warnif_misplaced_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg);
|
||||
int warnif_cond_conflicts(const struct acl_cond *cond, unsigned int where, const char *file, int line);
|
||||
int warnif_tcp_http_cond(const struct proxy *px, const struct acl_cond *cond);
|
||||
int too_many_args_idx(int maxarg, int index, char **args, char **msg, int *err_code);
|
||||
int too_many_args(int maxarg, char **args, char **msg, int *err_code);
|
||||
int alertif_too_many_args_idx(int maxarg, int index, const char *file, int linenum, char **args, int *err_code);
|
||||
|
||||
@ -13,6 +13,7 @@
|
||||
#include <haproxy/acl.h>
|
||||
#include <haproxy/action.h>
|
||||
#include <haproxy/api.h>
|
||||
#include <haproxy/cfgparse.h>
|
||||
#include <haproxy/errors.h>
|
||||
#include <haproxy/list.h>
|
||||
#include <haproxy/obj_type.h>
|
||||
@ -37,7 +38,7 @@ int check_action_rules(struct list *rules, struct proxy *px, int *err_code)
|
||||
ha_alert("Proxy '%s': %s.\n", px->id, errmsg);
|
||||
err++;
|
||||
}
|
||||
|
||||
*err_code |= warnif_tcp_http_cond(px, rule->cond);
|
||||
free(errmsg);
|
||||
errmsg = NULL;
|
||||
}
|
||||
|
||||
@ -334,6 +334,23 @@ int warnif_cond_conflicts(const struct acl_cond *cond, unsigned int where, const
|
||||
return ERR_WARN;
|
||||
}
|
||||
|
||||
/* Report it if an ACL uses a L6 sample fetch from an HTTP proxy. It returns
|
||||
* either 0 or ERR_WARN so that its result can be or'ed with err_code. Note that
|
||||
* <cond> may be NULL and then will be ignored.
|
||||
*/
|
||||
int warnif_tcp_http_cond(const struct proxy *px, const struct acl_cond *cond)
|
||||
{
|
||||
if (!cond || px->mode != PR_MODE_HTTP)
|
||||
return 0;
|
||||
|
||||
if (cond->use & (SMP_USE_L6REQ|SMP_USE_L6RES)) {
|
||||
ha_warning("Proxy '%s': L6 sample fetches ignored on HTTP proxies (declared at %s:%d).\n",
|
||||
px->id, cond->file, cond->line);
|
||||
return ERR_WARN;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* try to find in <list> the word that looks closest to <word> by counting
|
||||
* transitions between letters, digits and other characters. Will return the
|
||||
* best matching word if found, otherwise NULL. An optional array of extra
|
||||
@ -379,7 +396,6 @@ const char *cfg_find_best_match(const char *word, const struct list *list, int s
|
||||
return best_ptr;
|
||||
}
|
||||
|
||||
|
||||
/* Parse a string representing a process number or a set of processes. It must
|
||||
* be "all", "odd", "even", a number between 1 and <max> or a range with
|
||||
* two such numbers delimited by a dash ('-'). On success, it returns
|
||||
@ -2362,6 +2378,7 @@ int check_config_validity()
|
||||
ha_free(&rule->be.name);
|
||||
rule->be.backend = target;
|
||||
}
|
||||
err_code |= warnif_tcp_http_cond(curproxy, rule->cond);
|
||||
}
|
||||
|
||||
/* find the target server for 'use_server' rules */
|
||||
@ -2404,6 +2421,7 @@ int check_config_validity()
|
||||
srule->dynamic = 0;
|
||||
srule->srv.name = server_name;
|
||||
target = findserver(curproxy, srule->srv.name);
|
||||
err_code |= warnif_tcp_http_cond(curproxy, srule->cond);
|
||||
|
||||
if (!target) {
|
||||
ha_alert("config : %s '%s' : unable to find server '%s' referenced in a 'use-server' rule.\n",
|
||||
@ -2453,6 +2471,7 @@ int check_config_validity()
|
||||
target->proxies_list = curproxy;
|
||||
}
|
||||
}
|
||||
err_code |= warnif_tcp_http_cond(curproxy, mrule->cond);
|
||||
}
|
||||
|
||||
/* find the target table for 'store response' rules */
|
||||
|
||||
@ -512,6 +512,11 @@ int add_sample_to_logformat_list(char *text, char *arg, int arg_len, struct prox
|
||||
goto error_free;
|
||||
}
|
||||
|
||||
if ((options & LOG_OPT_HTTP) && (expr->fetch->use & (SMP_USE_L6REQ|SMP_USE_L6RES))) {
|
||||
ha_warning("parsing [%s:%d] : L6 sample fetch <%s> ignored in HTTP log-format string.\n",
|
||||
curpx->conf.args.file, curpx->conf.args.line, text);
|
||||
}
|
||||
|
||||
/* check if we need to allocate an http_txn struct for HTTP parsing */
|
||||
/* Note, we may also need to set curpx->to_log with certain fetches */
|
||||
curpx->http_needed |= !!(expr->fetch->use & SMP_USE_HTTP_ANY);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user