5837 Commits

Author SHA1 Message Date
Willy Tarreau
09d1e254c9 MAJOR: http: stop using msg->sol outside the parsers
This is a left-over from the buffer changes. Msg->sol is always null at the
end of the parsing, so we must not use it anymore to read headers or find
the beginning of a message. As a side effect, the dump of the request in
debug mode is working again because it was relying on msg->sol not being
null.

Maybe it will even be mergeable with another of the message pointers.
2012-05-18 22:43:55 +02:00
Willy Tarreau
d1de8af362 BUG/MAJOR: fix regression on content-based hashing and http-send-name-header
The recent split between the buffers and HTTP messages in 1.5-dev9 caused
a major trouble : in the past, we used to keep a pointer to HTTP data in the
buffer struct itself, which was the cause of most of the pain we had to deal
with buffers.

Now the two are split but we lost the information about the beginning of
the HTTP message once it's being forwarded. While it seems normal, it happens
that several parts of the code currently rely on this ability to inspect a
buffer containing old contents :
  - balance uri
  - balance url_param
  - balance url_param check_post
  - balance hdr()
  - balance rdp-cookie()
  - http-send-name-header

All these happen after the data are scheduled for being forwarded, which
also causes a server to be selected. So for a long time we've been relying
on supposedly sent data that we still had a pointer to.

Now that we don't have such a pointer anymore, we only have one possibility :
when we need to inspect such data, we have to rewind the buffer so that ->p
points to where it previously was. We're lucky, no data can leave the buffer
before it's being connecting outside, and since no inspection can begin until
it's empty, we know that the skipped data are exactly ->o. So we rewind the
buffer by ->o to get headers and advance it back by the same amount.

Proceeding this way is particularly important when dealing with chunked-
encoded requests, because the ->som and ->sov fields may be reused by the
chunk parser before the connection attempt is made, so we cannot rely on
them.

Also, we need to be able to come back after retries and redispatches, which
might change the size of the request if http-send-name-header is set. All of
this is accounted for by the output queue so in the end it does not look like
a bad solution.

No backport is needed.
2012-05-18 22:23:01 +02:00
Willy Tarreau
13e66dad26 MINOR: buffers: add a rewind function
b_rew() will be used to rewind a buffer for certain specific operations
such as header inspection on data already in the output queue.
2012-05-18 22:11:27 +02:00
Willy Tarreau
be0688c64d MEDIUM: stream_interface: remove the si->init
Calling the init() function in sess_establish was a bad idea, it is
too late to allow it to fail on lack of resource and does not help at
all. Remove it for now before it's used.
2012-05-18 15:15:26 +02:00
David du Colombier
7af4605ef7 BUG/MAJOR: trash must always be the size of a buffer
Before it was possible to resize the buffers using global.tune.bufsize,
the trash has always been the size of a buffer by design. Unfortunately,
the recent buffer sizing at runtime forgot to adjust the trash, resulting
in it being too short for content rewriting if buffers were enlarged from
the default value.

The bug was encountered in 1.4 so the fix must be backported there.
2012-05-16 14:21:55 +02:00
Dmitry Sivachenko
7823de3d90 DOC: fix minor regex example issue and improve doc on stats
URL rewriting should use [^\ :]* to avoid matching headers.
2012-05-16 13:49:49 +02:00
Willy Tarreau
ffb8947bb8 [RELEASE] Released version 1.5-dev10
Released version 1.5-dev10 with the following main changes :
    - BUG/MINOR: stats admin: "Unexpected result" was displayed unconditionally
    - BUG/MAJOR: acl: http_auth_group() must not accept any user from the userlist
    - CLEANUP: auth: make the code build again with DEBUG_AUTH
    - BUG/MEDIUM: config: don't crash at config load time on invalid userlist names
    - REORG: use the name sock_raw instead of stream_sock
    - MINOR: stream_interface: add a client target : TARG_TYPE_CLIENT
    - BUG/MEDIUM: stream_interface: restore get_src/get_dst
    - CLEANUP: sock_raw: remove last references to stream_sock
    - CLEANUP: stream_interface: stop exporting socket layer functions
    - MINOR: stream_interface: add an init callback to sock_ops
    - MEDIUM: stream_interface: derive the socket operations from the target
    - MAJOR: fd: remove the need for the socket layer to recheck the connection
    - MINOR: session: call the socket layer init function when a session establishes
    - MEDIUM: session: add support for tunnel timeouts
    - MINOR: standard: add a new debug macro : fddebug()
    - CLEANUP: fd: remove unused cb->b pointers in the struct fdtab
    - OPTIM: proto_http: don't enable quick-ack on empty buffers
    - OPTIM/MAJOR: ev_sepoll: process spec events after polled events
    - OPTIM/MEDIUM: stream_interface: add a new SI_FL_NOHALF flag
v1.5-dev10
2012-05-14 07:26:56 +02:00
Willy Tarreau
7bb68abb9f OPTIM/MEDIUM: stream_interface: add a new SI_FL_NOHALF flag
This flag indicates that we're not interested in keeping half-open
connections on a stream interface. It has the benefit of allowing
the socket layer to cause an immediate write close when detecting
an incoming read close. This releases resources much faster and
saves one syscall (either a shutdown or setsockopt).

This flag is only set by HTTP on the interface going to the server
since we don't want to continue pushing data there when it has
closed.

Another benefit is that it responds with a FIN to a server's FIN
instead of responding with an RST as it used to, which is much
cleaner.

Performance gains of 7.5% have been measured on HTTP connection
rate on empty objects.
2012-05-13 14:52:22 +02:00
Willy Tarreau
dbcd47ea35 OPTIM/MAJOR: ev_sepoll: process spec events after polled events
A suboptimal behaviour was appearing quite often with sepoll. When a
speculative write failed after a connect(), the socket was added to
the poll list using epoll_ctl(ADD). Then when epoll_wait() returned a
write event, the send() was performed and write event disabled, causing
it to get back to the spec list in order to be disabled later. But if
some new accept() did succeed in the same run, then fd_created was not
null, causing a new run of the spec list to happen. This run would then
detect the old event in STOP state and would remove it from the poll
list using epoll_ctl(DEL).

After this, process_session() enables reading on the FD, attempting
an speculative recv() which fails then adds it again using epoll_ctl(ADD)
to do it again. So the total sequence of syscalls looked like this :

connect(fd) = EAGAIN
send(fd) = EAGAIN
epoll_ctl(ADD(fd:OUT))
epoll_wait() = fd:OUT
send(fd) > 0
epoll_ctl(DEL(fd))
recv(fd) = EAGAIN
epoll_ctl(ADD(fd:IN))
recv(fd) > 0

In order to fix this stupid situation, we must compute the epoll_ctl()
parameters at the last moment, just before doing epoll_wait(). This is
what was done except that the spec events were processed just before doing
that without leaving time for the tasks to adjust the FDs if needed. This
is also the reason we have the re_poll_once label to try to catch new
events in case of a successful accept().

The new solution consists in doing the opposite :

  - compute epoll_ctl()
  - call epoll_wait()
  - call spec events

This significantly reduces the number of iterations on the spec events
and avoids a huge number of epoll_ctl() ping/pongs. The new sequence
above simply becomes :

connect(fd) = EAGAIN
send(fd) = EAGAIN
epoll_ctl(ADD(fd:OUT))
epoll_wait() = fd:OUT
send(fd) > 0
epoll_ctl(MOD(fd:IN))
recv(fd) > 0

Also, there is no need to re-run the spec events after an accept() as
it will automatically be detected in the spec list after a return from
polled events.

The gains are important, with up to 4.5% global performance increase in
connection rate on HTTP with small objects. The code is less tricky and
does not need anymore to skip epoll_wait() every other call, nor to
track the number of FDs newly created.
2012-05-13 09:55:07 +02:00
Willy Tarreau
93548be149 OPTIM: proto_http: don't enable quick-ack on empty buffers
Commit 5e205524 was a bit overzealous by inconditionally enabling
quick ack when a request is not yet in the buffer, because it also
does so when nothing has been received yet, causing a useless ACK
to be emitted.

Improve the situation by doing this only if the input buffer is
empty (indicating that nothing was sent by the client).

In case of keep-alive, an empty buffer means we already have a
response in flight which will serve as an ACK.
2012-05-13 08:44:16 +02:00
Willy Tarreau
b147a8382a CLEANUP: fd: remove unused cb->b pointers in the struct fdtab
These pointers were used to hold pointers to buffers in the past, but
since we introduced the stream interface, they're no longer used but
they were still sometimes set.

Removing them shrink the struct fdtab from 32 to 24 bytes on 32-bit machines,
and from 52 to 36 bytes on 64-bit machines, which is a significant saving. A
quick tests shows a steady 0.5% performance gain, probably due to the better
cache efficiency.
2012-05-13 00:35:44 +02:00
Willy Tarreau
3d2f16f3c3 MINOR: standard: add a new debug macro : fddebug()
This macro is usable like printf but sends messages to fd #-1, which has no
visible effect but is easy to spot in strace. This is very useful to put
tracers at many points during debugging sessions.
2012-05-13 00:21:17 +02:00
Willy Tarreau
ce887fd3b2 MEDIUM: session: add support for tunnel timeouts
Tunnel timeouts are used when TCP connections are forwarded, or
when forwarding upgraded HTTP connections (WebSocket) as well as
CONNECT requests to proxies.

This timeout allows long-lived sessions to be supported without
having to set large timeouts to normal requests.
2012-05-12 12:50:00 +02:00
Willy Tarreau
2f5b6fc090 MINOR: session: call the socket layer init function when a session establishes
In sess_establish, once we've prepared everythin, we can call the socket layer
init function. We pass an argument for targets which have one (eg: servers). At
the moment, the existing socket layers don't have init functions, but SSL will
need one.
2012-05-12 08:09:27 +02:00
Willy Tarreau
eeda90e68c MAJOR: fd: remove the need for the socket layer to recheck the connection
Up to now, if an outgoing connection had no data to send, the socket layer
had to perform a connect() again to check for establishment. This is not
acceptable for SSL, and will cause problems with socketpair(). Some socket
layers will also need an initializer before sending data (eg: SSL).

The solution consists in moving the connect() test to the protocol layer
(eg: TCP) and to make it hold the fd->write callback until the connection
is validated. At this point, it will switch the write callback to the
socket layer's write function. In fact we need to hold both read and write
callbacks to ensure the socket layer is never called before being initialized.

This intermediate callback is used only if there is a socket init function
or if there are no data to send.

The socket layer does not have any code to check for connection establishment
anymore, which makes sense.
2012-05-11 20:18:26 +02:00
Willy Tarreau
d02394b5a1 MEDIUM: stream_interface: derive the socket operations from the target
Instead of hard-coding sock_raw in connect_server(), we set this socket
operation at config parsing time. Right now, only servers and peers have
it. Proxies are still hard-coded as sock_raw. This will be needed for
future work on SSL which requires a different socket layer.
2012-05-11 18:52:14 +02:00
Willy Tarreau
64798bd720 MINOR: stream_interface: add an init callback to sock_ops
This will be needed for some socket layers such as SSL. It's not used
at the moment.
2012-05-11 18:39:26 +02:00
Willy Tarreau
f873d754f8 CLEANUP: stream_interface: stop exporting socket layer functions
Similarly to the previous patch, we don't need the socket-layer functions
outside of stream_interface. They could even move to a file dedicated to
applets, though that does not seem particularly useful at the moment.
2012-05-11 17:47:17 +02:00
Willy Tarreau
b277d6e568 CLEANUP: sock_raw: remove last references to stream_sock
We also stop exporting all functions since they're not needed anymore outside
of sock_raw.c.
2012-05-11 17:03:42 +02:00
Willy Tarreau
59b9479667 BUG/MEDIUM: stream_interface: restore get_src/get_dst
Commit e164e7a removed get_src/get_dst setting in the stream interfaces but
forgot to set it in proto_tcp. Get the feature back because we need it for
logging, transparent mode, ACLs etc... We now rely on the stream interface
direction to know what syscall to use.

One benefit of doing it this way is that we don't use getsockopt() anymore
on outgoing stream interfaces nor on UNIX sockets.
2012-05-11 16:48:10 +02:00
Willy Tarreau
1539a01645 MINOR: stream_interface: add a client target : TARG_TYPE_CLIENT
This one will be used to identify the direction the SI is being used. All
incoming connections have a target of type TARG_TYPE_CLIENT.
2012-05-11 14:47:34 +02:00
Willy Tarreau
c63190d429 REORG: use the name sock_raw instead of stream_sock
We'll soon have an SSL socket layer, and in order to ease the difference
between the two, we use the name "sock_raw" to designate the one which
directly talks to the sockets without any conversion.
2012-05-11 14:23:52 +02:00
Willy Tarreau
46b39d0dc6 BUG/MEDIUM: config: don't crash at config load time on invalid userlist names
Cyril Bont reported that passing an invalid userlist name to
http_auth_group() caused haproxy to crash at load. This was due
to an attempt to use the unresolved userlist pointer later to
resolve auth groups since we report many errors before leaving
now.

This issue does not exist in earlier versions since they immediately
abort on the first error, so no backport is needed.
2012-05-10 23:42:22 +02:00
Willy Tarreau
b95095979c CLEANUP: auth: make the code build again with DEBUG_AUTH
Reported by Cyril Bont, minor issue caused by recent ACL rework.
2012-05-10 23:25:35 +02:00
Willy Tarreau
4a3fd4c8df BUG/MAJOR: acl: http_auth_group() must not accept any user from the userlist
http_auth and http_auth_group used to share the same fetch function, while
they're doing very different things. The first one only checks whether the
supplied credentials are valid wrt a userlist while the second not only
checks this but also checks group ownership from a list of patterns.

Recent acl/pattern merge caused a simplification here by which the fetch
function would always return a boolean, so the group match was always fine
if the user:password was valid, regardless of the patterns provided with
the ACL.

The proper solution consists in splitting the function in two, depending
on what is desired.

It's also worth noting that check_user() would probably be split, one to
check user:password, and the other one to check for group ownership for
an already valid user:password combination. At this point it is not certain
if the group mask is still useful or not considering that the passwd check
is always made.

This bug was reported and diagnosed by Cyril Bont. It first appeared
in 1.5-dev9 so it does not need any backporting.
2012-05-10 23:18:26 +02:00
Cyril Bont
20a804ac6d BUG/MINOR: stats admin: "Unexpected result" was displayed unconditionally
I introduced a regression in commit 19979e176e while reworking the admin
actions results.
"Unexpected result" was displayed even if the action was applied due to a
misplaced initialization. This small patch should fix it.

Note: no need to backport.
2012-05-10 21:51:17 +02:00
Willy Tarreau
a0564f3541 [RELEASE] Released version 1.5-dev9
Released version 1.5-dev9 with the following main changes :
    - MINOR: Add release callback to si_applet
    - CLEANUP: Fix some minor typos
    - MINOR: Add TO/FROM_SET flags to struct stream_interface
    - CLEANUP: Fix some minor whitespace issues
    - MINOR: stats admin: allow unordered parameters in POST requests
    - CLEANUP: fix typo in findserver() log message
    - MINOR: stats admin: use the backend id instead of its name in the form
    - MINOR: stats admin: reduce memcmp()/strcmp() calls on status codes
    - DOC: cleanup indentation, alignment, columns and chapters
    - DOC: fix some keywords arguments documentation
    - MINOR: cli: display the 4 IP addresses and ports on "show sess XXX"
    - BUG/MAJOR: log: possible segfault with logformat
    - MEDIUM: log: split of log_format generation
    - MEDIUM: log: New format-log flags: %Fi %Fp %Si %Sp %Ts %rt %H %pid
    - MEDIUM: log: Unique ID
    - MINOR: log: log-format: usable without httplog and tcplog
    - BUG/MEDIUM: balance source did not properly hash IPv6 addresses
    - MINOR: contrib/iprange: add a network IP range to mask converter
    - MEDIUM: session: implement the "use-server" directive
    - MEDIUM: log: add a new cookie flag 'U' to report situations where cookie is not used
    - MEDIUM: http: make extract_cookie_value() iterate over cookie values
    - MEDIUM: http: add cookie and scookie ACLs
    - CLEANUP: lb_first: add reference to a paper describing the original idea
    - MEDIUM: stream_sock: add a get_src and get_dst callback and remove SN_FRT_ADDR_SET
    - BUG/MINOR: acl: req_ssl_sni would randomly fail if a session ID is present
    - BUILD: http: make extract_cookie_value() return an int not size_t
    - BUILD: http: stop gcc-4.1.2 from complaining about possibly uninitialized values
    - CLEANUP: http: message parser must ignore HTTP_MSG_ERROR
    - MINOR: standard: add a memprintf() function to build formatted error messages
    - CLEANUP: remove a few warning about unchecked return values in debug code
    - MEDIUM: move message-related flags from transaction to message
    - DOC: add a diagram to explain how circular buffers work
    - MAJOR: buffer rework: replace ->send_max with ->o
    - MAJOR: buffer: replace buf->l with buf->{o+i}
    - MINOR: buffers: provide simple pointer normalization functions
    - MINOR: buffers: remove unused function buffer_contig_data()
    - MAJOR: buffers: replace buf->w with buf->p - buf->o
    - MAJOR: buffers: replace buf->r with buf->p + buf->i
    - MAJOR: http: move buffer->lr to http_msg->next
    - MAJOR: http: change msg->{som,col,sov,eoh} to be relative to buffer origin
    - CLEANUP: http: remove unused http_msg->col
    - MAJOR: http: turn http_msg->eol to a buffer-relative offset
    - MEDIUM: http: add a pointer to the buffer in http_msg
    - MAJOR: http: make http_msg->sol relative to buffer's origin
    - MEDIUM: http: http_send_name_header: remove references to msg and buffer
    - MEDIUM: http: remove buffer arg in a few header manipulation functions
    - MEDIUM: http: remove buffer arg in http_capture_bad_message
    - MEDIUM: http: remove buffer arg in http_msg_analyzer
    - MEDIUM: http: remove buffer arg in http_upgrade_v09_to_v10
    - MEDIUM: http: remove buffer arg in http_buffer_heavy_realign
    - MEDIUM: http: remove buffer arg in chunk parsing functions
    - MINOR: http: remove useless wrapping checks in http_msg_analyzer
    - MEDIUM: buffers: fix unsafe use of buffer_ignore at some places
    - MEDIUM: buffers: add new pointer wrappers and get rid of almost all buffer_wrap_add calls
    - MEDIUM: buffers: implement b_adv() to advance a buffer's pointer
    - MEDIUM: buffers: rename a number of buffer management functions
    - MEDIUM: http: add a prefetch function for ACL pattern fetch
    - MEDIUM: http: make all ACL fetch function use acl_prefetch_http()
    - BUG/MINOR: http_auth: ACLs are volatile, not permanent
    - MEDIUM: http/acl: merge all request and response ACL fetches of headers and cookies
    - MEDIUM: http/acl: make acl_fetch_hdr_{ip,val} rely on acl_fetch_hdr()
    - MEDIUM: add a new typed argument list parsing framework
    - MAJOR: acl: make use of the new argument parsing framework
    - MAJOR: acl: store the ACL argument types in the ACL keyword declaration
    - MEDIUM: acl: acl_find_target() now resolves arguments based on their types
    - MAJOR: acl: make acl_find_targets also resolve proxy names at config time
    - MAJOR: acl: ensure that implicit table and proxies are valid
    - MEDIUM: acl: remove unused tests for missing args when args are mandatory
    - MEDIUM: pattern: replace type pattern_arg with type arg
    - MEDIUM: pattern: get rid of arg_i in all functions making use of arguments
    - MEDIUM: pattern: use the standard arg parser
    - MEDIUM: pattern: add an argument validation callback to pattern descriptors
    - MEDIUM: pattern: report the precise argument parsing error when known.
    - MEDIUM: acl: remove the ACL_TEST_F_NULL_MATCH flag
    - MINOR: pattern: add a new 'sample' type to store fetched data
    - MEDIUM: pattern: add new sample types to replace pattern types
    - MAJOR: acl: make use of the new sample struct and get rid of acl_test
    - MEDIUM: pattern/acl: get rid of temp_pattern in ACLs
    - MEDIUM: acl: get rid of the SET_RES flags
    - MEDIUM: get rid of SMP_F_READ_ONLY and SMP_F_MUST_FREE
    - MINOR: pattern: replace struct pattern with struct sample
    - MEDIUM: pattern: integrate pattern_data into sample and use sample everywhere
    - MEDIUM: pattern: retrieve the sample type in the sample, not in the keyword description
    - MEDIUM: acl/pattern: switch rdp_cookie functions stack up-down
    - MEDIUM: acl: replace acl_expr with args in acl fetch_* functions
    - MINOR: tcp: replace acl_fetch_rdp_cookie with smp_fetch_rdp_cookie
    - MEDIUM: acl/pattern: use the same direction scheme
    - MEDIUM: acl/pattern: start merging common sample fetch functions
    - MEDIUM: pattern: ensure that sample types always cast into other types.
    - MEDIUM: acl/pattern: factor out the src/dst address fetches
    - MEDIUM: acl: implement payload and payload_lv
    - CLEANUP: pattern: ensure that payload and payload_lv always stay in the buffer
    - MINOR: stick_table: centralize the handling of empty keys
    - MINOR: pattern: centralize handling of unstable data in pattern_process()
    - MEDIUM: pattern: use smp_fetch_rdp_cookie instead of the pattern specific version
    - MINOR: acl: set SMP_OPT_ITERATE on fetch functions
    - MINOR: acl: add a val_args field to keywords
    - MINOR: proto_tcp: validate arguments of payload and payload_lv ACLs
    - MEDIUM: http: merge acl and pattern header fetch functions
    - MEDIUM: http: merge ACL and pattern cookie fetches into a single one
    - MEDIUM: acl: report parsing errors to the caller
    - MINOR: arg: improve error reporting on invalid arguments
    - MINOR: acl: report errors encountered when loading patterns from files
    - MEDIUM: acl: extend the pattern parsers to report meaningful errors
    - REORG: use the name "sample" instead of "pattern" to designate extracted data
    - REORG: rename "pattern" files
    - MINOR: acl: add types to ACL patterns
    - MINOR: standard: add an IPv6 parsing function (str62net)
    - MEDIUM: acl: support IPv6 address matching
    - REORG: stream_interface: create a struct sock_ops to hold socket operations
    - REORG/MEDIUM: move protocol->{read,write} to sock_ops
    - REORG/MEDIUM: stream_interface: initialize socket ops from descriptors
    - REORG/MEDIUM: replace stream interface protocol functions by a proto pointer
    - REORG/MEDIUM: move the default accept function from sockstream to protocols.c
    - MEDIUM: proto_tcp: remove src6 and dst6 pattern fetch methods
    - BUG/MINOR: http: error snapshots are wrong if buffer wraps
    - BUG/MINOR: http: ensure that msg->err_pos is always relative to buf->p
    - MEDIUM: http: improve error capture reports
    - MINOR: acl: add the cook_val() match to match a cookie against an integer
    - BUG/MEDIUM: send_proxy: fix initialisation of send_proxy_ofs
    - MEDIUM: memory: add the ability to poison memory at run time
    - BUG/MEDIUM: log: ensure that unique_id is properly initialized
    - MINOR: cfgparse: use a common errmsg pointer for all parsers
    - MEDIUM: cfgparse: make backend_parse_balance() use memprintf to report errors
    - MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords
    - MINOR: http: replace http_message_realign() with  buffer_slow_realign()
v1.5-dev9
2012-05-08 21:56:27 +02:00
Willy Tarreau
a7fe8e527c MINOR: http: replace http_message_realign() with buffer_slow_realign()
There is no more reason for the realign function being HTTP specific,
it only operates on a buffer now. Let's move it to buffers.c instead.

It's likely that buffer_bounce_realign is broken (not used), this will
have to be inspected. The function is worth rewriting as it can be
cheaper than buffer_slow_realign() to realign large wrapping buffers.
2012-05-08 21:28:17 +02:00
Willy Tarreau
0a3dd74c9c MEDIUM: cfgparse: use the new error reporting framework for remaining cfg_keywords
All keywords registered using a cfg_kw_list now make use of the new error reporting
framework. This allows easier and more precise error reporting without having to
deal with complex buffer allocation issues.
2012-05-08 21:28:17 +02:00
Willy Tarreau
a93c74be5c MEDIUM: cfgparse: make backend_parse_balance() use memprintf to report errors
Using the new error reporting framework makes it easier to report complex
errors.
2012-05-08 21:28:17 +02:00
Willy Tarreau
f4068b6503 MINOR: cfgparse: use a common errmsg pointer for all parsers
In order to generalize the simplified error reporting mechanism, let's
centralize the error pointer.
2012-05-08 21:28:17 +02:00
Willy Tarreau
bd83314ee9 BUG/MEDIUM: log: ensure that unique_id is properly initialized
Last memory poisonning patch immediately made this issue appear.
The unique_id field is released but not properly initialized. The
feature was introduced very recently, no backport is needed.
2012-05-08 21:28:16 +02:00
Willy Tarreau
6e0644339f MEDIUM: memory: add the ability to poison memory at run time
From time to time, some bugs are discovered that are caused by non-initialized
memory areas. It happens that most platforms return a zero-filled area upon
first malloc() thus hiding potential bugs. This patch also replaces malloc()
in pools with calloc() to ensure that all platforms exhibit the same behaviour
upon startup. In order to catch these bugs more easily, add a -dM command line
flag to enable memory poisonning. Optionally, passing -dM<byte> forces the
poisonning byte to <byte>.
2012-05-08 21:28:16 +02:00
Willy Tarreau
63e7fe310e BUG/MEDIUM: send_proxy: fix initialisation of send_proxy_ofs
Commit b22e55bc introduced send_proxy_ofs but forgot to initialize it,
which remained unnoticed since it's always at the same place in the
stream interface. On a machine with dirty RAM returned by malloc(),
some responses were holding a PROXY header, which normally is not
possible.

The problem goes away after properly initializing the field upon each
new session_accept().

This fix does not need to be backported except if any code makes use of
a backport of this feature.
2012-05-08 21:28:16 +02:00
Willy Tarreau
515393649c MINOR: acl: add the cook_val() match to match a cookie against an integer 2012-05-08 21:28:16 +02:00
Willy Tarreau
d04b1bce69 MEDIUM: http: improve error capture reports
A number of important information were missing from the error captures, so
let's improve them. Now we also log source port, session flags, transaction
flags, message flags, pending output bytes, expected buffer wrapping position,
total bytes transferred, message chunk length, and message body length.

As such, the output format has slightly evolved and the source address moved
to the third line :

[08/May/2012:11:14:36.341] frontend echo (#1): invalid request
  backend echo (#1), server <NONE> (#-1), event #1
  src 127.0.0.1:40616, session #4, session flags 0x00000000
  HTTP msg state 26, msg flags 0x00000000, tx flags 0x00000000
  HTTP chunk len 0 bytes, HTTP body len 0 bytes
  buffer flags 0x00909002, out 0 bytes, total 28 bytes
  pending 28 bytes, wrapping at 8030, error at position 7:

  00000  GET / /?t=20000 HTTP/1.1\r\n
  00026  \r\n

[08/May/2012:11:13:13.426] backend echo (#1) : invalid response
  frontend echo (#1), server local (#1), event #0
  src 127.0.0.1:40615, session #1, session flags 0x0000044e
  HTTP msg state 32, msg flags 0x0000000e, tx flags 0x08200000
  HTTP chunk len 0 bytes, HTTP body len 20 bytes
  buffer flags 0x00008002, out 81 bytes, total 92 bytes
  pending 11 bytes, wrapping at 7949, error at position 9:

  00000  Foo: bar\r\r\n
2012-05-08 21:28:16 +02:00
Willy Tarreau
69d8c5d99e BUG/MINOR: http: ensure that msg->err_pos is always relative to buf->p
Since the beginning of buffer&msg changes, the error position (err_pos)
had not completely been converted and some offsets still appear wrong.
Now we ensure that everywhere msg->err_pos is relative to buf->p and
we always report buf->i bytes starting at buf->p in all error captures,
which ensures that err_pos is there.

This is not exactly a bug and is specific to latest changes so no backport
is needed.
2012-05-08 21:28:15 +02:00
Willy Tarreau
d6c2e8c916 BUG/MINOR: http: error snapshots are wrong if buffer wraps
Commit 81f2fb added support for wrapping buffer captures, but unfortunately
the code used to perform two memcpy() over the same destination, causing a
loss of the start of the buffer rendering some error snapshots unusable.

This bug is present in 1.4 too and must be backported.
2012-05-08 21:28:15 +02:00
Willy Tarreau
22bca61404 MEDIUM: proto_tcp: remove src6 and dst6 pattern fetch methods
These methods have been superseded by src and dst which support
multiple families. There is no point keeping them since they appeared
in a development version anyway.

For configurations using "src6", please use "src" instead. For "dst6",
use "dst" instead.
2012-05-08 21:28:15 +02:00
Willy Tarreau
bbebbbff83 REORG/MEDIUM: move the default accept function from sockstream to protocols.c
The previous sockstream_accept() function uses nothing from sockstream, and
is totally irrelevant to stream interfaces. Move this to the protocols.c
file which handles listeners and protocols, and call it listener_accept().

It now makes much more sense that the code dealing with listen() also handles
accept() and passes it to upper layers.
2012-05-08 21:28:15 +02:00
Willy Tarreau
26d8c59f0b REORG/MEDIUM: replace stream interface protocol functions by a proto pointer
The stream interface now makes use of the socket protocol pointer instead
of the direct functions.
2012-05-08 21:28:15 +02:00
Willy Tarreau
5c979a9c71 REORG/MEDIUM: stream_interface: initialize socket ops from descriptors 2012-05-08 21:28:14 +02:00
Willy Tarreau
1b79bdee26 REORG/MEDIUM: move protocol->{read,write} to sock_ops
The protocol must not set the read and write callbacks, they're specific
to the socket layer. Move them to sock_ops instead.
2012-05-08 21:28:14 +02:00
Willy Tarreau
060781fb4a REORG: stream_interface: create a struct sock_ops to hold socket operations
These operators are used regardless of the socket protocol family. Move
them to a "sock_ops" struct. ->read and ->write have been moved there too
as they have no reason to remain at the protocol level.
2012-05-08 21:28:14 +02:00
Willy Tarreau
ceb4ac9c34 MEDIUM: acl: support IPv6 address matching
Make use of the new IPv6 pattern type so that acl_match_ip() knows how to
compare pattern and sample.

IPv6 may be entered in their usual form, with or without a netmask appended.
Only bit counts are accepted for IPv6 netmasks. In order to avoid any risk of
trouble with randomly resolved IP addresses, host names are never allowed in
IPv6 patterns.

HAProxy is also able to match IPv4 addresses with IPv6 addresses in the
following situations :
  - tested address is IPv4, pattern address is IPv4, the match applies
    in IPv4 using the supplied mask if any.
  - tested address is IPv6, pattern address is IPv6, the match applies
    in IPv6 using the supplied mask if any.
  - tested address is IPv6, pattern address is IPv4, the match applies in IPv4
    using the pattern's mask if the IPv6 address matches with 2002:IPV4::,
    ::IPV4 or ::ffff:IPV4, otherwise it fails.
  - tested address is IPv4, pattern address is IPv6, the IPv4 address is first
    converted to IPv6 by prefixing ::ffff: in front of it, then the match is
    applied in IPv6 using the supplied IPv6 mask.
2012-05-08 21:28:14 +02:00
Willy Tarreau
6d20e28556 MINOR: standard: add an IPv6 parsing function (str62net)
str62net returns an address and a netmask in number of bits.
2012-05-08 20:57:21 +02:00
Willy Tarreau
c92ddbc37d MINOR: acl: add types to ACL patterns
We cannot currently match IPv6 addresses in ACL simply because we don't
support types on the patterns. Let's introduce this notion. For now, we
rely on the SMP_TYPES though it doesn't seem like it will last forever
given that some types are not present there (eg: regex, meth). Still it
should be enough to support mixed matchings for most types.

We use the special impossible value SMP_TYPES for types that don't exist
in the SMP_T_* space.
2012-05-08 20:57:21 +02:00
Willy Tarreau
cd3b094618 REORG: rename "pattern" files
They're now called "sample" everywhere to match their description.
2012-05-08 20:57:21 +02:00
Willy Tarreau
1278578487 REORG: use the name "sample" instead of "pattern" to designate extracted data
This is mainly a massive renaming in the code to get it in line with the
calling convention. Next patch will rename a few files to complete this
operation.
2012-05-08 20:57:20 +02:00
Willy Tarreau
7dcb6480db MEDIUM: acl: extend the pattern parsers to report meaningful errors
By passing the error pointer to all ACL parsers, we can make them report
useful errors and not simply fail.
2012-05-08 20:57:20 +02:00