8163 Commits

Author SHA1 Message Date
Emeric Brun
5a8c0a9f52 [MEDIUM] Manage soft stop on peers proxy 2010-11-11 09:29:08 +01:00
Emeric Brun
32da3c40db [MEDIUM] Manage peers section parsing and stick table registration on peers. 2010-11-11 09:29:08 +01:00
Emeric Brun
2b920a1af1 [MAJOR] Add new files src/peer.c, include/proto/peers.h and include/types/peers.h for sync stick table management
Add cmdline option -L to configure local peer name
2010-11-11 09:29:08 +01:00
Emeric Brun
85e77c7f0d [MEDIUM] Create updates tree on stick table to manage sync. 2010-11-11 09:29:08 +01:00
Emeric Brun
1e029aa965 [MINOR] Manage all types (ip, integer, string, binary) on cli "show table" command 2010-11-11 09:29:07 +01:00
Emeric
f2d7caedd1 [MINOR] Add pattern's fetchs payload and payload_lv 2010-11-11 09:29:07 +01:00
Emeric Brun
485479d8e9 [MEDIUM] Create new protected pattern types CONSTSTRING and CONSTDATA to force memcpy if data from protected areas need to be manipulated.
Enhance pattern convs and fetch argument parsing, now fetchs and convs callbacks used typed args.
Add more details on error messages on parsing pattern expression function.
Update existing pattern convs and fetchs to new proto.
Create stick table key type "binary".
Manage Truncation and padding if pattern's fetch-converted result don't match table key size.
2010-11-11 09:29:07 +01:00
Emeric Brun
38e7176961 [MINOR] new acls fetch req_ssl_hello_type and rep_ssl_hello_type 2010-11-11 09:28:55 +01:00
Emeric Brun
97679e7901 [MEDIUM] Implement tcp inspect response rules 2010-11-11 09:28:18 +01:00
Emeric Brun
fbce6d0215 [BUG] stick table purge failure if size less than 255
If table size is lower than 256, we can't force to purge old entries.
This patch should be backported to 1.4.
2010-11-11 09:28:18 +01:00
Willy Tarreau
da4d9fe5a4 [BUG] session: don't stop forwarding of data upon last packet
If a read shutdown is encountered on the first packet of a connection
right after the data and the last analyser is unplugged at the same
time, then that last data chunk may never be forwarded. In practice,
right now it cannot happen on requests due to the way they're scheduled,
nor can it happen on responses due to the way their analysers work.

But this behaviour has been observed with new response analysers being
developped.

The reason is that when the read shutdown is encountered and an analyser
is present, data cannot be forwarded but the BF_SHUTW_NOW flag is set.
After that, the analyser gets called and unplugs itself, hoping that
process_session() will automatically forward the data. This does not
happen due to BF_SHUTW_NOW.

Simply removing the test on this flag is not enough because then aborted
requests still get forwarded, due to the forwarding code undoing the
abort.

The solution here consists in checking BF_SHUTR_NOW instead of BF_SHUTW_NOW.
BF_SHUTR_NOW is only set on aborts and remains set until ->shutr() is called.
This is enough to catch recent aborts but not prevent forwarding in other
cases. Maybe a new special buffer flag "BF_ABORT" might be desirable in the
future.

This patch does not need to be backported because older versions don't
have the analyser which make the problem appear.
2010-11-11 09:26:29 +01:00
Cyril Bonté
62846b2674 [MINOR] config: detect options not supported due to compilation options
Some options depends on the target architecture or compilation options.
When such an option is used on a compiled version that doesn't support it,
it's probably better to identify it as an unsupported option due to
compilation options instead of an unknown option.

Edit: better check on the empty capability than on the option bits. -Willy
2010-11-11 09:26:28 +01:00
Cyril Bonté
acd7d63ff9 [CLEANUP] Remove unneeded chars allocation
Some arrays used to log addresses add some more bytes for ports but this space
is never used.
2010-11-11 09:26:28 +01:00
Willy Tarreau
b40dc94a9a [MEDIUM] unix sockets: cleanup the error reporting path
There were a lot of snprintf() everywhere in the UNIX bind code. Now we
proceed as for tcp and indicate the socket path at the end between square
brackets. The code is smaller and more readable.
2010-11-11 09:26:28 +01:00
Cyril Bonté
43ba1b331c [MINOR] startup: print the proxy socket which caused an error
Add the address and port to the error message of the proxy socket that caused
the error. This can be helpful when several listening addresses are used in a
proxy.

Edit: since we now also support unix sockets (which already report their
      path), better move the address reporting to proto_tcp.c by analogy.
      -Willy
2010-11-11 09:26:28 +01:00
Willy Tarreau
17f449b214 [MINOR] move MAXPATHLEN definition to compat.h
MAXPATHLEN may be used at other places, it's unconvenient to have it
redefined in a few files. Also, since checking it requires including
sys/param.h, some versions of it cause a macro declaration conflict
with MIN/MAX which are defined in tools.h. The solution consists in
including sys/param.h in both files so that we ensure it's loaded
before the macros are defined and MAXPATHLEN is checked.
2010-11-11 09:21:53 +01:00
Willy Tarreau
d55c3feca6 [MINOR] cfgparse: report support of <path> for the 'bind' statements
"bind" now supports unix sockets, so report that in the error message.
2010-11-09 15:59:42 +01:00
Emeric Brun
ed76092e10 [MEDIUM] Add supports of bind on unix sockets. 2010-11-09 15:59:42 +01:00
Emeric Brun
5bd86a8ff5 [MINOR] Support listener's sockets unix on http logs.
Enhance controls of sockets family on X-Forwarded-For and X-Original-To insert
2010-11-09 15:59:42 +01:00
Emeric Brun
f769f51af6 [MINOR] Enhance controls of socket's family on acls and pattern fetch 2010-11-09 15:59:42 +01:00
Emeric Brun
0aaccf88f9 [MINOR] Manage socket type unix for some logs 2010-11-09 15:59:41 +01:00
Emeric Brun
ec810d1dc7 [MINOR] Add some tests on sockets family for port remapping and mode transparent. 2010-11-09 15:59:41 +01:00
Emeric Brun
ab844ea9e1 [MINOR] Support of unix listener sockets for debug and log event messages on frontend.c 2010-11-09 15:57:37 +01:00
Emeric Brun
837ca52de3 [MINOR] Manage unix socket source field on session dump on sock stats 2010-11-05 10:34:07 +01:00
Emeric Brun
4ab9262894 [MINOR] Manage unix socket source field on logs 2010-11-05 10:34:07 +01:00
Emeric Brun
cf20bf1c1c [MEDIUM] Enhance message errors management on binds 2010-11-05 10:34:07 +01:00
Emeric Brun
861ccff9ca [MINOR] frontend: add tcpv6 support on accept-proxy bind 2010-10-30 19:04:38 +02:00
Emeric Brun
f4711a3221 [MINOR] frontend: improve accept-proxy header parsing
The accept-proxy now automatically fails as soon as a character does not
match the expected syntax.
2010-10-30 19:04:38 +02:00
Willy Tarreau
3041b9fcc3 [MEDIUM] session: call the frontend_decode_proxy analyser on proxied connections
This analyser must absolutely be the earliest one to process contents, given
the nature of the protocol.
2010-10-30 19:04:38 +02:00
Willy Tarreau
8b0cbf9969 [MINOR] frontend: add a new analyser to parse a proxied connection
The introduction of a new PROXY protocol for proxied connections requires
an early analyser to decode the incoming connection and set the session
flags accordingly.

Some more work is needed, among which setting a flag on the session to
indicate it's proxied, and copying the original parameters for later
comparisons with new ACLs (eg: real_src, ...).
2010-10-30 19:04:38 +02:00
Willy Tarreau
74172757c7 [MINOR] standard: change arg type from const char* to char*
inetaddr_host_lim_ret() used to make use of const char** for some
args, but that make it impossible ot use char** due to the way
controls are made by gcc. So let's change that.
2010-10-30 19:04:37 +02:00
Willy Tarreau
4ec83cd939 [MINOR] standard: add read_uint() to parse a delimited unsigned integer
This function parses an integer and returns it along with the pointer to the
next char not part of the number.
2010-10-30 19:04:37 +02:00
Willy Tarreau
8a95691ae8 [MINOR] listener: add the "accept-proxy" option to the "bind" keyword
This option will enable the AN_REQ_DECODE_PROXY analyser on the requests
that come from those listeners.
2010-10-30 19:04:37 +02:00
Willy Tarreau
ba4c5be880 [MINOR] cookie: add support for the "preserve" option
This option makes haproxy preserve any persistence cookie emitted by
the server, which allows the server to change it or to unset it, for
instance, after a logout request.
(cherry picked from commit 52e6d75374c7900c1fe691c5633b4ae029cae8d5)
2010-10-30 19:04:36 +02:00
Willy Tarreau
c63d4bbff9 [BUG] cookie: correctly unset default cookie parameters
When a backend defines a new cookie, it forgot to unset any params
that could have been set in a defaults section, resulting in configs
that would sometimes refuse to load or not work as expected.
(cherry picked from commit f80bf174ed905a29a3ed8ee91fcd528da6df174f)
2010-10-30 19:04:36 +02:00
Willy Tarreau
7f18e52b13 [MINOR] acl: add the http_req_first match
This match returns true when the request calling it is the first one of
a connection.
(cherry picked from commit 922ca979c50653c415852531f36fe409190ad76b)
2010-10-30 19:04:35 +02:00
emeric
8aa6b3762c [BUG] proto_tcp: potential bug on pattern fetch dst and dport
Pattern fetches relying on destination address must first fetch
the address if it has not been done yet.

(cherry picked from commit 21abf441feb318b2ccd7df590fd89e9e824627f6)
2010-10-30 19:04:35 +02:00
Hervé COMMOWICK
8776f1b3a0 [MINOR] add better support to "mysql-check"
The MySQL check has been revamped to be able to send real MySQL data,
and to avoid Aborted connects on MySQL side.
It is however backward compatible with older version, but it is highly
recommended to use the new mode, by adding "user <username>" on the
"mysql-check" line.

The new check consists in sending two MySQL packet, one Client
Authentication packet, with "haproxy" username (by default), and one
QUIT packet, to correctly close MySQL session. We then parse the Mysql
Handshake Initialisation packet and/or Error packet. It is a basic but
useful test which does not produce error nor aborted connect on the
server.
(cherry picked from commit a1e4dcfe5718311b7653d7dabfad65c005d0439b)
2010-10-30 19:04:35 +02:00
Willy Tarreau
aa2f389cbb [MINOR] checks: ensure that we can inherit binary checks from the defaults section
Health checks were all pure ASCII, but we're going to have to support some
binary checks (eg: SQL). When they're inherited from the default section,
they will be truncated to the first \0 due to strdup(). Let's fix that with
a simple malloc.
(cherry picked from commit 98fc04a766bcff80f57db2b1cd865c91761b131b)
2010-10-30 19:04:35 +02:00
Willy Tarreau
53621e0eb6 [BUG] config: report correct keywords for "observe"
Keywords were changed just before the commit but not in the help message.
Spotted by Hank A. Paulson.
(cherry picked from commit fdd46a0766dccec704aa1bd5acb0ac99a801c549)
2010-10-30 19:04:34 +02:00
Willy Tarreau
70461308fe [MEDIUM] checks: set server state to one state from failure when leaving maintenance
When we're enabling a server again (unix CLI or stats interface), we must not mark
it completely up because it can take a while before a failure is detected. So we
mark it one step above failure, which means it's up but will be marked down upon
first failure.
(cherry picked from commit 83c3e06452457ed5660fc814cbda5bf878bf19a2)
2010-10-30 19:04:34 +02:00
Cyril Bonté
474be415af [MEDIUM] stats: add an admin level
The stats web interface must be read-only by default to prevent security
holes. As it is now allowed to enable/disable servers, a new keyword
"stats admin" is introduced to activate this admin level, conditioned by ACLs.
(cherry picked from commit 5334bab92ca7debe36df69983c19c21b6dc63f78)
2010-10-30 19:04:34 +02:00
Cyril Bonté
70be45dbdf [MEDIUM] enable/disable servers from the stats web interface
Based on a patch provided by Judd Montgomery, it is now possible to
enable/disable servers from the stats web interface. This allows to select
several servers in a backend and apply the action to them at the same time.

Currently, there are 2 known limitations :
- The POST data are limited to one packet
  (don't alter too many servers at a time).
- Expect: 100-continue is not supported.
(cherry picked from commit 7693948766cb5647ac03b48e782cfee2b1f14491)
2010-10-30 19:04:34 +02:00
Willy Tarreau
d64d225e52 [BUG] checks: don't log backend down for all zero-weight servers
In a down backend, when a zero-weight server is lost, a new
"backend down" message was emitted and the down transition of that
backend was wrongly increased. This change ensures that we don't
count that transition again.

This patch should be backported to 1.3.
(cherry picked from commit 60efc5f745b5fa70d811f977727592e47e32a281)
2010-10-30 19:04:34 +02:00
Willy Tarreau
ef4f391cc4 [MEDIUM] cookie: set the date in the cookie if needed
If a maxidle or maxlife parameter is set on the persistence cookie in
insert mode and the client did not provide a recent enough cookie,
then we emit a new cookie with a new last_seen date and the same
first_seen (if maxlife is set). Recent enough here designates a
cookie that would be rounded to the same date. That way, we can
refresh a cookie when required without doing it in all responses.

If the request did not contain such parameters, they are set anyway.
This means that a monitoring request that is forced to a server will
get an expiration date anyway, but this should not be a problem given
that the client is able to set its cookie in this case. This also
permits to force an expiration date on visitors who previously did
not have one.

If a request comes with a dated cookie while no date check is performed,
then a new cookie is emitted with no date, so that we don't risk dropping
the user too fast due to a very old date when we re-enable the date check.

All requests that were targetting the correct server and which had their
expiration date added/updated/removed in the response cookie are logged
with the 'U' ("updated") flag instead of the 'I' ("inserted"). So very
often we'll see "VU" instead of "VN".
(cherry picked from commit 8b3c6ecab6d37be5f3655bc3a2d2c0f9f37325eb)
2010-10-30 19:04:33 +02:00
Willy Tarreau
f64d1410fc [MEDIUM] cookie: check for maxidle and maxlife for incoming dated cookies
If a cookie comes in with a first or last date, and they are configured on
the backend, they're checked. If a date is expired or too far in the future,
then the cookie is ignored and the specific reason appears in the cookie
field of the logs.
(cherry picked from commit faa3019107eabe6b3ab76ffec9754f2f31aa24c6)
2010-10-30 19:04:33 +02:00
Willy Tarreau
c01062bead [MINOR] add encode/decode function for 30-bit integers from/to base64
These functions only require 5 chars to encode 30 bits, and don't expect
any padding. They will be used to encode dates in cookies.
(cherry picked from commit a7e2b5fc4612994c7b13bcb103a4a2c3ecd6438a)
2010-10-30 19:04:33 +02:00
Willy Tarreau
f1348310e8 [MEDIUM] cookie: reassign set-cookie status flags to store more states
The set-cookie status flags were not very handy and limited. Reorder
them to save some room for additional values and add the "U" flags
(for Updated expiration date) that will be used with expirable cookies
in insert mode.
(cherry picked from commit 5bab52f821bb0fa99fc48ad1b400769e66196ece)
2010-10-30 19:04:33 +02:00
Willy Tarreau
b761ec4c94 [MINOR] cookie: add the expired (E) and old (O) flags for request cookies
These flags will indicate the cookie status when an expiration date is
set.
(cherry picked from commit 3f0f0e4583a432d34b75bc7b9dd2c756b4e181a7)
2010-10-30 19:04:33 +02:00
Willy Tarreau
bca9969daf [MEDIUM] cookie: support client cookies with some contents appended to their value
In all cookie persistence modes but prefix, we now support cookies whose
value is suffixed with some contents after a vertical bar ('|'). This will
be used to pass an optional expiration date. So as of now we only consider
the part of the cookie value which is used before the vertical bar.
(cherry picked from commit a4486bf4e5b03b5a980d03fef799f6407b2c992d)
2010-10-30 19:04:32 +02:00