upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-05-28 04:12:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 12
haproxy/src/flt_spoe.c

2945 lines
84 KiB
C
Raw Normal View History

MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
/*
* Stream processing offload engine management.
*
* Copyright 2016 HAProxy Technologies, Christopher Faulet <cfaulet@haproxy.com>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
*/
#include <ctype.h>
#include <errno.h>
REORG: include: move acl.h to haproxy/acl.h{,-t}.h The files were moved almost as-is, just dropping arg-t and auth-t from acl-t but keeping arg-t in acl.h. It was useful to revisit the call places since a handful of files used to continue to include acl.h while they did not need it at all. Struct stream was only made a forward declaration since not otherwise needed.
2020-06-04 13:11:43 -04:00
#include <haproxy/acl.h>
CLEANUP: tree-wide: Remove any ref to stream-interfaces Stream-interfaces are gone. Corresponding files can be safely be removed. In addition, comments are updated accordingly.
2022-04-04 05:29:28 -04:00
#include <haproxy/applet.h>
REORG: include: move action.h to haproxy/action{,-t}.h List.h was missing for LIST_ADDQ(). A few unneeded includes of action.h were removed from certain files. This one still relies on applet.h and stick-table.h.
2020-06-04 04:15:32 -04:00
#include <haproxy/action-t.h>
REORG: include: update all files to use haproxy/api.h or api-t.h if needed All files that were including one of the following include files have been updated to only include haproxy/api.h or haproxy/api-t.h once instead: - common/config.h - common/compat.h - common/compiler.h - common/defaults.h - common/initcall.h - common/tools.h The choice is simple: if the file only requires type definitions, it includes api-t.h, otherwise it includes the full api.h. In addition, in these files, explicit includes for inttypes.h and limits.h were dropped since these are now covered by api.h and api-t.h. No other change was performed, given that this patch is large and affects 201 files. At least one (tools.h) was already freestanding and didn't get the new one added.
2020-05-27 06:58:42 -04:00
#include <haproxy/api.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/arg.h>
REORG: include: move cfgparse.h to haproxy/cfgparse.h There's no point splitting the file in two since only cfgparse uses the types defined there. A few call places were updated and cleaned up. All of them were in C files which register keywords. There is nothing left in common/ now so this directory must not be used anymore.
2020-06-04 18:00:29 -04:00
#include <haproxy/cfgparse.h>
CLEANUP: Include check.h in flt_spoe.c This is required for the prototype of spoe_prepare_healthcheck_request().
2021-09-16 11:38:26 -04:00
#include <haproxy/check.h>
REORG: include: move filters.h to haproxy/filters{,-t}.h Just a minor change, moved the macro definitions upwards. A few caller files were updated since they didn't need to include it.
2020-06-04 15:29:29 -04:00
#include <haproxy/filters.h>
REORG: include: move stream.h to haproxy/stream{,-t}.h This one was not easy because it was embarking many includes with it, which other files would automatically find. At least global.h, arg.h and tools.h were identified. 93 total locations were identified, 8 additional includes had to be added. In the rare files where it was possible to finalize the sorting of includes by adjusting only one or two extra lines, it was done. But all files would need to be rechecked and cleaned up now. It was the last set of files in types/ and proto/ and these directories must not be reused anymore.
2020-06-04 17:46:14 -04:00
#include <haproxy/freq_ctr.h>
REORG: include: move frontend.h to haproxy/frontend.h There was no type file for this one, it only contains frontend_accept().
2020-06-04 05:23:07 -04:00
#include <haproxy/frontend.h>
REORG: include: move stream.h to haproxy/stream{,-t}.h This one was not easy because it was embarking many includes with it, which other files would automatically find. At least global.h, arg.h and tools.h were identified. 93 total locations were identified, 8 additional includes had to be added. In the rare files where it was possible to finalize the sorting of includes by adjusting only one or two extra lines, it was done. But all files would need to be rechecked and cleaned up now. It was the last set of files in types/ and proto/ and these directories must not be reused anymore.
2020-06-04 17:46:14 -04:00
#include <haproxy/global.h>
REORG: include: move http_rules.h to haproxy/http_rules.h There was no include file. This one still includes types/proxy.h.
2020-06-04 05:40:28 -04:00
#include <haproxy/http_rules.h>
REORG: include: move log.h to haproxy/log{,-t}.h The current state of the logging is a real mess. The main problem is that almost all files include log.h just in order to have access to the alert/warning functions like ha_alert() etc, and don't care about logs. But log.h also deals with real logging as well as log-format and depends on stream.h and various other things. As such it forces a few heavy files like stream.h to be loaded early and to hide missing dependencies depending where it's loaded. Among the missing ones is syslog.h which was often automatically included resulting in no less than 3 users missing it. Among 76 users, only 5 could be removed, and probably 70 don't need the full set of dependencies. A good approach would consist in splitting that file in 3 parts: - one for error output ("errors" ?). - one for log_format processing - and one for actual logging.
2020-06-04 16:01:04 -04:00
#include <haproxy/log.h>
REORG: include: move common/memory.h to haproxy/pool.h Now the file is ready to be stored into its final destination. A few minor reorderings were performed to keep the file properly organized, making the various sections more visible (cache & lockless). In addition and to stay consistent, memory.c was renamed to pool.c.
2020-06-02 03:38:52 -04:00
#include <haproxy/pool.h>
REORG: include: move proxy.h to haproxy/proxy{,-t}.h This one is particularly difficult to split because it provides all the functions used to manipulate a proxy state and to retrieve names or IDs for error reporting, and as such, it was included in 73 files (down to 68 after cleanup). It would deserve a small cleanup though the cut points are not obvious at the moment given the number of structs involved in the struct proxy itself.
2020-06-04 16:29:18 -04:00
#include <haproxy/proxy.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/sample.h>
REORG: rename cs_utils.h to sc_strm.h This file contains all the stream-connector functions that are specific to application layers of type stream. So let's name it accordingly so that it's easier to figure what's located there. The alphabetical ordering of include files was preserved.
2022-05-27 03:25:10 -04:00
#include <haproxy/sc_strm.h>
REORG: include: move session.h to haproxy/session{,-t}.h Almost no change was needed beyond a little bit of reordering of the types file and adjustments to use session-t instead of session at a few places.
2020-06-04 12:58:52 -04:00
#include <haproxy/session.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/signal.h>
BUG/MEDIUM: spoe: Resolve the sink if a SPOE logs in a ring buffer If a SPOE filter is configured to send its logs to a ring buffer, the corresponding sink must be resolved during the configuration post parsing. Otherwise, the sink is undefined when a log message is emitted, crashing HAProxy. This patch must be backported as far as 2.2.
2021-02-19 04:56:41 -05:00
#include <haproxy/sink.h>
REORG: include: move spoe.h to haproxy/spoe{,-t}.h Only minor change was to make sure all defines were before the structs in spoe-t.h, everything else went smoothly.
2020-06-04 16:35:49 -04:00
#include <haproxy/spoe.h>
REORG: stconn: rename conn_stream.{c,h} to stconn.{c,h} There's no more reason for keepin the code and definitions in conn_stream, let's move all that to stconn. The alphabetical ordering of include files was adjusted.
2022-05-27 03:47:12 -04:00
#include <haproxy/stconn.h>
REORG: include: move stream.h to haproxy/stream{,-t}.h This one was not easy because it was embarking many includes with it, which other files would automatically find. At least global.h, arg.h and tools.h were identified. 93 total locations were identified, 8 additional includes had to be added. In the rare files where it was possible to finalize the sorting of includes by adjusting only one or two extra lines, it was done. But all files would need to be rechecked and cleaned up now. It was the last set of files in types/ and proto/ and these directories must not be reused anymore.
2020-06-04 17:46:14 -04:00
#include <haproxy/stream.h>
REORG: include: move task.h to haproxy/task{,-t}.h The TASK_IS_TASKLET() macro was moved to the proto file instead of the type one. The proto part was a bit reordered to remove a number of ugly forward declaration of static inline functions. About a tens of C and H files had their dependency dropped since they were not using anything from task.h.
2020-06-04 11:25:40 -04:00
#include <haproxy/task.h>
REORG: include: move tcp_rules.h to haproxy/tcp_rules.h There's no type file on this one which is pretty simple.
2020-06-04 11:42:48 -04:00
#include <haproxy/tcp_rules.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/thread.h>
REORG: include: move time.h from common/ to haproxy/ This one is included almost everywhere and used to rely on a few other .h that are not needed (unistd, stdlib, standard.h). It could possibly make sense to split it into multiple parts to distinguish operations performed on timers and the internal time accounting, but at this point it does not appear much important.
2020-06-01 05:05:15 -04:00
#include <haproxy/time.h>
BUILD: spoe: flt_spoe.c needs tools.h It uses many functions declared there but used to inherit it through others.
2021-05-08 06:57:17 -04:00
#include <haproxy/tools.h>
REORG: include: move vars.h to haproxy/vars{,-t}.h A few includes (sessions.h, stream.h, api-t.h) were added for arguments that were first declared in function prototypes.
2020-06-04 10:25:31 -04:00
#include <haproxy/vars.h>
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MINOR: spoe: Move all stuff regarding the filter/applet in the C file Structures describing the SPOE applet context, the SPOE filter configuration and context and the SPOE messages and groups are moved in the C file. In spoe-t.h file, it remains the structure describing an SPOE agent and flags used by both sides. In addition, the SPOE frontend, created for a given SPOE engine, is moved from the SPOE filter configuration to the SPOE agent structure. The related issue is #2502.
2024-07-04 05:14:11 -04:00
/* Type of list of messages */
#define SPOE_MSGS_BY_EVENT 0x01
#define SPOE_MSGS_BY_GROUP 0x02
/* Flags set on the SPOE context */
#define SPOE_CTX_FL_CLI_CONNECTED 0x00000001 /* Set after that on-client-session event was processed */
#define SPOE_CTX_FL_SRV_CONNECTED 0x00000002 /* Set after that on-server-session event was processed */
#define SPOE_CTX_FL_REQ_PROCESS 0x00000004 /* Set when SPOE is processing the request */
#define SPOE_CTX_FL_RSP_PROCESS 0x00000008 /* Set when SPOE is processing the response */
CLEANUP: assorted typo fixes in the code and comments This is 43rd iteration of typo fixes
2024-08-26 17:40:15 -04:00
/* unused 0x00000010 */
MINOR: spoe: Move all stuff regarding the filter/applet in the C file Structures describing the SPOE applet context, the SPOE filter configuration and context and the SPOE messages and groups are moved in the C file. In spoe-t.h file, it remains the structure describing an SPOE agent and flags used by both sides. In addition, the SPOE frontend, created for a given SPOE engine, is moved from the SPOE filter configuration to the SPOE agent structure. The related issue is #2502.
2024-07-04 05:14:11 -04:00
#define SPOE_CTX_FL_PROCESS (SPOE_CTX_FL_REQ_PROCESS|SPOE_CTX_FL_RSP_PROCESS)
/* All possible states for a SPOE context */
enum spoe_ctx_state {
SPOE_CTX_ST_NONE = 0,
SPOE_CTX_ST_READY,
SPOE_CTX_ST_ENCODING_MSGS,
SPOE_CTX_ST_SENDING_MSGS,
SPOE_CTX_ST_WAITING_ACK,
SPOE_CTX_ST_DONE,
SPOE_CTX_ST_ERROR,
};
/* All possible states for a SPOE applet */
enum spoe_appctx_state {
MEDIUM: spoe: Directly xfer NOTIFY frame when SPOE applet is created Instead of using a buffer from the SPOE filter to store the NOTIFY frame, to copy it in a trash buffer in the SPOE applet to add meta-data and then tranfer it to the channel, the original buffer is directly transfered to the channel during the SPOE applet creation. The SPOE applet is thus simplied, the I/O handler is now only responsible to retrieve the ACK reply. The related issue is #2502.
2024-07-09 05:01:59 -04:00
SPOE_APPCTX_ST_WAITING_ACK = 0,
MINOR: spoe: Move all stuff regarding the filter/applet in the C file Structures describing the SPOE applet context, the SPOE filter configuration and context and the SPOE messages and groups are moved in the C file. In spoe-t.h file, it remains the structure describing an SPOE agent and flags used by both sides. In addition, the SPOE frontend, created for a given SPOE engine, is moved from the SPOE filter configuration to the SPOE agent structure. The related issue is #2502.
2024-07-04 05:14:11 -04:00
SPOE_APPCTX_ST_EXIT,
SPOE_APPCTX_ST_END,
};
/* All supported SPOE events */
enum spoe_event {
SPOE_EV_NONE = 0,
/* Request events */
SPOE_EV_ON_CLIENT_SESS = 1,
SPOE_EV_ON_TCP_REQ_FE,
SPOE_EV_ON_TCP_REQ_BE,
SPOE_EV_ON_HTTP_REQ_FE,
SPOE_EV_ON_HTTP_REQ_BE,
/* Response events */
SPOE_EV_ON_SERVER_SESS,
SPOE_EV_ON_TCP_RSP,
SPOE_EV_ON_HTTP_RSP,
SPOE_EV_EVENTS
};
/* Errors triggered by streams */
enum spoe_context_error {
SPOE_CTX_ERR_NONE = 0,
SPOE_CTX_ERR_TOUT,
SPOE_CTX_ERR_RES,
SPOE_CTX_ERR_TOO_BIG,
SPOE_CTX_ERR_INTERRUPT,
SPOE_CTX_ERR_UNKNOWN = 255,
SPOE_CTX_ERRS,
};
/* Describe an argument that will be linked to a message. It is a sample fetch,
* with an optional name. */
struct spoe_arg {
char *name; /* Name of the argument, may be NULL */
unsigned int name_len; /* The name length, 0 if NULL */
struct sample_expr *expr; /* Sample expression */
struct list list; /* Used to chain SPOE args */
};
/* Used during the config parsing only because, when a SPOE agent section is
* parsed, messages/groups can be undefined. */
struct spoe_placeholder {
char *id; /* SPOE placeholder id */
struct list list; /* Use to chain SPOE placeholders */
};
/* Used during the config parsing, when SPOE agent section is parsed, to
* register some variable names. */
struct spoe_var_placeholder {
char *name; /* The variable name */
struct list list; /* Use to chain SPOE var placeholders */
};
/* Describe a message that will be sent in a NOTIFY frame. A message has a name,
* an argument list (see above) and it is linked to a specific event. */
struct spoe_message {
char *id; /* SPOE message id */
unsigned int id_len; /* The message id length */
struct spoe_agent *agent; /* SPOE agent owning this SPOE message */
struct spoe_group *group; /* SPOE group owning this SPOE message (can be NULL) */
struct {
char *file; /* file where the SPOE message appears */
int line; /* line where the SPOE message appears */
} conf; /* config information */
unsigned int nargs; /* # of arguments */
struct list args; /* Arguments added when the SPOE messages is sent */
struct list list; /* Used to chain SPOE messages */
struct list by_evt; /* By event list */
struct list by_grp; /* By group list */
struct list acls; /* ACL declared on this message */
struct acl_cond *cond; /* acl condition to meet */
enum spoe_event event; /* SPOE_EV_* */
};
/* Describe a group of messages that will be sent in a NOTIFY frame. A group has
* a name and a list of messages. It can be used by HAProxy, outside events
* processing, mainly in (tcp|http) rules. */
struct spoe_group {
char *id; /* SPOE group id */
struct spoe_agent *agent; /* SPOE agent owning this SPOE group */
struct {
char *file; /* file where the SPOE group appears */
int line; /* line where the SPOE group appears */
} conf; /* config information */
struct list phs; /* List of placeholders used during conf parsing */
struct list messages; /* List of SPOE messages that will be sent by this
* group */
struct list list; /* Used to chain SPOE groups */
};
/* SPOE context attached to a stream. It is the main structure that handles the
* processing offload */
struct spoe_context {
struct filter *filter; /* The SPOE filter */
struct stream *strm; /* The stream that should be offloaded */
struct list *events; /* List of messages that will be sent during the stream processing */
struct list *groups; /* List of available SPOE group */
struct buffer buffer; /* Buffer used to store a encoded messages */
struct buffer_wait buffer_wait; /* position in the list of resources waiting for a buffer */
enum spoe_ctx_state state; /* SPOE_CTX_ST_* */
unsigned int flags; /* SPOE_CTX_FL_* */
unsigned int status_code; /* SPOE_CTX_ERR_* */
unsigned int stream_id; /* stream_id and frame_id are used */
unsigned int frame_id; /* to map NOTIFY and ACK frames */
unsigned int process_exp; /* expiration date to process an event */
struct spoe_appctx *spoe_appctx; /* SPOE appctx sending the current frame */
struct {
ullong start_ts; /* start date of the current event/group */
long t_process; /* processing time of the last event/group */
unsigned long t_total; /* cumulative processing time */
} stats; /* Stats for this stream */
};
/* SPOE context inside a appctx */
struct spoe_appctx {
struct appctx *owner; /* the owner */
struct spoe_agent *agent; /* agent on which the applet is attached */
unsigned int flags; /* SPOE_APPCTX_FL_* */
unsigned int status_code; /* SPOE_FRM_ERR_* */
struct spoe_context *spoe_ctx; /* The SPOE context to handle */
};
/* SPOE filter configuration */
struct spoe_config {
char *id; /* The SPOE engine name. If undefined in HAProxy config,
* it will be set with the SPOE agent name */
struct proxy *proxy; /* Proxy owning the filter */
struct spoe_agent *agent; /* Agent used by this filter */
};
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames Now, agents can announce the support for the "fragmentation" capability during the HELLO handshake. HAProxy will never announce it because fragmented frame decoding is not implemented yet. But it can send such kind of frames. So, if an agent supports this capability, payloads exceeding the frame size will be split. A fragemented payload consists of several frames with the FIN bit clear and terminated by a single frame with the FIN bit set. All these frames must share the same STREAM-ID and FRAME-ID. Note that an unfragemnted payload consists of a single frame with the FIN bit set. And HELLO and DISCONNECT frames cannot be fragmented. This means that only NOTIFY frames can transport fragmented payload for now.
2017-01-19 04:01:12 -05:00
/* Helper to get SPOE ctx inside an appctx */
CLEANUP: spoe: do not use appctx.ctx anymore The spoe code already uses its own generic pointer, let's move it to svcctx instead of keeping a struct spoe in the appctx union.
2022-05-05 14:18:44 -04:00
#define SPOE_APPCTX(appctx) ((struct spoe_appctx *)((appctx)->svcctx))
MINOR: spoe: Remove SPOE details from the appctx structure Now, as for peers, we use an opaque pointer to store information related to the SPOE filter in appctx structure. These information are now stored in a dedicated structure (spoe_appctx) and allocated, using a pool, when the applet is created. This removes the dependency between applets and the SPOE filter and avoids to eventually inflate the appctx structure.
2017-01-04 08:14:19 -05:00
BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters During a soft stop, we need to wakeup all SPOE applets to stop them. So we loop on all proxies, and for each proxy, on all filters. But we must be sure to only handle SPOE filters here. To do so, we use a specific id.
2017-02-23 04:17:15 -05:00
/* SPOE filter id. Used to identify SPOE filters */
const char *spoe_filter_id = "SPOE filter";
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
/* The name of the SPOE engine, used during the parsing */
char *curengine = NULL;
/* SPOE agent used during the parsing */
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
/* SPOE agent/group/message used during the parsing */
struct spoe_agent *curagent = NULL;
struct spoe_group *curgrp = NULL;
struct spoe_message *curmsg = NULL;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
/* list of SPOE messages and placeholders used during the parsing */
struct list curmsgs;
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
struct list curgrps;
struct list curmphs;
struct list curgphs;
MINOR: spoe: add register-var-names directive in spoe-agent configuration In addition to "option force-set-var", recently added, this directive can be used to selectivelly register unknown variable names, without totally relaxing their registration during the runtime, like "option force-set-var" does. So there is no way for a malicious agent to exhaust memory by defining a too high number of variable names. In other hand, you need to enumerate all variable names. This could be painfull in some circumstances. Remember, this directive is only usefull when the variable names are not referenced anywhere in the HAProxy configuration or the SPOE one. Thanks to Etienne Carrire for his help on this part.
2017-12-22 04:00:55 -05:00
struct list curvars;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MINOR: spoe: Add loggers dedicated to the SPOE agent Now it is possible to configure a logger in a spoe-agent section using a "log" line, as for a proxy. "no log", "log global" and "log <address> ..." syntaxes are supported.
2018-03-26 11:19:01 -04:00
/* list of log servers used during the parsing */
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
struct list curloggers;
MINOR: spoe: Add loggers dedicated to the SPOE agent Now it is possible to configure a logger in a spoe-agent section using a "log" line, as for a proxy. "no log", "log global" and "log <address> ..." syntaxes are supported.
2018-03-26 11:19:01 -04:00
MINOR: spoe: Add support for option dontlog-normal in the SPOE agent section It does the same than for proxies.
2018-03-26 11:20:36 -04:00
/* agent's proxy flags (PR_O_* and PR_O2_*) used during parsing */
int curpxopts;
int curpxopts2;
MINOR: spoe: Remove SPOE details from the appctx structure Now, as for peers, we use an opaque pointer to store information related to the SPOE filter in appctx structure. These information are now stored in a dedicated structure (spoe_appctx) and allocated, using a pool, when the applet is created. This removes the dependency between applets and the SPOE filter and avoids to eventually inflate the appctx structure.
2017-01-04 08:14:19 -05:00
/* Pools used to allocate SPOE structs */
MEDIUM: tree-wide: replace most DECLARE_POOL with DECLARE_TYPED_POOL This will make the pools size and alignment automatically inherit the type declaration. It was done like this: sed -i -e 's:DECLARE_POOL(\([^,]*,[^,]*,\s*\)sizeof(\([^)]*\))):DECLARE_TYPED_POOL(\1\2):g' $(git grep -lw DECLARE_POOL src addons) sed -i -e 's:DECLARE_STATIC_POOL(\([^,]*,[^,]*,\s*\)sizeof(\([^)]*\))):DECLARE_STATIC_TYPED_POOL(\1\2):g' $(git grep -lw DECLARE_STATIC_POOL src addons) 81 replacements were made. The only remaining ones are those which set their own size without depending on a structure. The few ones with an extra size were manually handled. It also means that the requested alignments are now checked against the type's. Given that none is specified for now, no issue is reported. It was verified with "show pools detailed" that the definitions are exactly the same, and that the binaries are similar.
2025-08-06 10:43:27 -04:00
DECLARE_STATIC_TYPED_POOL(pool_head_spoe_ctx, "spoe_ctx", struct spoe_context);
DECLARE_STATIC_TYPED_POOL(pool_head_spoe_appctx, "spoe_appctx", struct spoe_appctx);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
struct flt_ops spoe_ops;
MAJOR: buffer: finalize buffer detachment Now the buffers only contain the header and a pointer to the storage area which can be anywhere. This will significantly simplify buffer swapping and will make it possible to map chunks on buffers as well. The buf_empty variable was removed, as now it's enough to have size==0 and area==NULL to designate the empty buffer (thus a non-allocated head is the empty buffer by default). buf_wanted for now is indicated by size==0 and area==(void *)1. The channels and the checks now embed the buffer's head, and the only pointer is to the storage area. This slightly increases the unallocated buffer size (3 extra ints for the empty buffer) but considerably simplifies dynamic buffer management. It will also later permit to detach unused checks. The way the struct buffer is arranged has proven quite efficient on a number of tests, which makes sense given that size is always accessed and often first, followed by the othe ones.
2018-07-10 11:43:27 -04:00
static int spoe_acquire_buffer(struct buffer *buf, struct buffer_wait *buffer_wait);
static void spoe_release_buffer(struct buffer *buf, struct buffer_wait *buffer_wait);
MEDIUM: spoe: Directly xfer NOTIFY frame when SPOE applet is created Instead of using a buffer from the SPOE filter to store the NOTIFY frame, to copy it in a trash buffer in the SPOE applet to add meta-data and then tranfer it to the channel, the original buffer is directly transfered to the channel during the SPOE applet creation. The SPOE applet is thus simplied, the I/O handler is now only responsible to retrieve the ACK reply. The related issue is #2502.
2024-07-09 05:01:59 -04:00
static struct appctx *spoe_create_appctx(struct spoe_context *ctx);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
/********************************************************************
* helper functions/globals
********************************************************************/
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static void spoe_release_placeholder(struct spoe_placeholder *ph)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
if (!ph)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
return;
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
free(ph->id);
free(ph);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static void spoe_release_message(struct spoe_message *msg)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages Now, it is possible to conditionnaly send a SPOE message by adding an ACL-based condition on the "event" line, in a "spoe-message" section. Here is the example coming for the SPOE documentation: spoe-message get-ip-reputation args ip=src event on-client-session if ! { src -f /etc/haproxy/whitelist.lst } To avoid mixin with proxy's ACLs, each SPOE message has its private ACL list. It possible to declare named ACLs in "spoe-message" section, using the same syntax than for proxies. So we can rewrite the previous example to use a named ACL: spoe-message get-ip-reputation args ip=src acl ip-whitelisted src -f /etc/haproxy/whitelist.lst event on-client-session if ! ip-whitelisted ACL-based conditions are executed in the context of the stream that handle the client and the server connections.
2017-09-04 09:41:09 -04:00
struct spoe_arg *arg, *argback;
struct acl *acl, *aclback;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
if (!msg)
return;
free(msg->id);
free(msg->conf.file);
MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages Now, it is possible to conditionnaly send a SPOE message by adding an ACL-based condition on the "event" line, in a "spoe-message" section. Here is the example coming for the SPOE documentation: spoe-message get-ip-reputation args ip=src event on-client-session if ! { src -f /etc/haproxy/whitelist.lst } To avoid mixin with proxy's ACLs, each SPOE message has its private ACL list. It possible to declare named ACLs in "spoe-message" section, using the same syntax than for proxies. So we can rewrite the previous example to use a named ACL: spoe-message get-ip-reputation args ip=src acl ip-whitelisted src -f /etc/haproxy/whitelist.lst event on-client-session if ! ip-whitelisted ACL-based conditions are executed in the context of the stream that handle the client and the server connections.
2017-09-04 09:41:09 -04:00
list_for_each_entry_safe(arg, argback, &msg->args, list) {
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
release_sample_expr(arg->expr);
free(arg->name);
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&arg->list);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
free(arg);
}
MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages Now, it is possible to conditionnaly send a SPOE message by adding an ACL-based condition on the "event" line, in a "spoe-message" section. Here is the example coming for the SPOE documentation: spoe-message get-ip-reputation args ip=src event on-client-session if ! { src -f /etc/haproxy/whitelist.lst } To avoid mixin with proxy's ACLs, each SPOE message has its private ACL list. It possible to declare named ACLs in "spoe-message" section, using the same syntax than for proxies. So we can rewrite the previous example to use a named ACL: spoe-message get-ip-reputation args ip=src acl ip-whitelisted src -f /etc/haproxy/whitelist.lst event on-client-session if ! ip-whitelisted ACL-based conditions are executed in the context of the stream that handle the client and the server connections.
2017-09-04 09:41:09 -04:00
list_for_each_entry_safe(acl, aclback, &msg->acls, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&acl->list);
MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages Now, it is possible to conditionnaly send a SPOE message by adding an ACL-based condition on the "event" line, in a "spoe-message" section. Here is the example coming for the SPOE documentation: spoe-message get-ip-reputation args ip=src event on-client-session if ! { src -f /etc/haproxy/whitelist.lst } To avoid mixin with proxy's ACLs, each SPOE message has its private ACL list. It possible to declare named ACLs in "spoe-message" section, using the same syntax than for proxies. So we can rewrite the previous example to use a named ACL: spoe-message get-ip-reputation args ip=src acl ip-whitelisted src -f /etc/haproxy/whitelist.lst event on-client-session if ! ip-whitelisted ACL-based conditions are executed in the context of the stream that handle the client and the server connections.
2017-09-04 09:41:09 -04:00
prune_acl(acl);
free(acl);
}
MINOR: tree-wide: use free_acl_cond() where relevant Now that we have free_acl_cond(cond) function that does cond prune then frees cond, replace all occurences of this pattern: | prune_acl_cond(cond) | free(cond) with: | free_acl_cond(cond)
2023-05-11 06:29:51 -04:00
free_acl_cond(msg->cond);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
free(msg);
}
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static void spoe_release_group(struct spoe_group *grp)
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
{
if (!grp)
return;
free(grp->id);
free(grp->conf.file);
free(grp);
}
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static void spoe_release_agent(struct spoe_agent *agent)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
struct spoe_message *msg, *msgback;
struct spoe_group *grp, *grpback;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
if (!agent)
return;
free(agent->id);
free(agent->conf.file);
free(agent->var_pfx);
MINOR: spoe: Add "option set-on-error" statement It defines the variable to set when an error occurred during an event processing. It will only be set when an error occurred in the scope of the transaction. As for all other variables define by the SPOE, it will be prefixed. So, if your variable name is "error" and your prefix is "my_spoe_pfx", the variable will be "txn.my_spoe_pfx.error". When set, the variable is the boolean "true". Note that if "option continue-on-error" is set, the variable is not automatically removed between events processing.
2016-11-16 09:36:19 -05:00
free(agent->var_on_error);
MINOR: spoe: Add options to store processing times in variables "set-process-time" and "set-total-time" options have been added to store processing times in the transaction scope, at each event and group processing, the current one and the total one. So it is possible to get them. TODO: documentation
2018-03-22 04:08:20 -04:00
free(agent->var_t_process);
free(agent->var_t_total);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
list_for_each_entry_safe(msg, msgback, &agent->messages, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&msg->list);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
spoe_release_message(msg);
}
list_for_each_entry_safe(grp, grpback, &agent->groups, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&grp->list);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
spoe_release_group(grp);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
MINOR: spoe: Dynamically alloc the message list per event of an agent The inline array used to store, the configured messages per event in the SPOE agent structure, is replaced by a dynamic array, allocated during the configuration parsing. The main purpose of this change is to be able to move all stuff regarding the SPOE filter and applet in the C file. The related issue is #2502.
2024-07-04 04:57:29 -04:00
free(agent->events);
MINOR: spoe: Use only a global engine-id per agent Because the async mode was removed, it is no longer mandatory to announce a different engine identifiers per thread for a given SPOE agent. This was used to be sure requests and the corresponding responses are stuck on the same thread. So, now, a SPOE agent only announces one engine identifier on all connections. No changes should be expected for agents. The related issue is #2502.
2024-06-17 01:49:09 -04:00
free(agent->engine_id);
MINOR: flt_spoe: deinit spoe agent proxy upon agent release Even though spoe agent proxy is statically allocated, it uses the proxy API and is initialized like a regular proxy, thus specific cleanup is required upon release. This is not tagged as a bug because as of now this would only cause some minor memory leak upon deinit. We check the presence of proxy->id to know if it was initialized since we cannot rely on a pointer for that.
2025-04-10 10:57:58 -04:00
if (agent->fe.id)
deinit_proxy(&agent->fe);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
free(agent);
}
static const char *spoe_event_str[SPOE_EV_EVENTS] = {
[SPOE_EV_ON_CLIENT_SESS] = "on-client-session",
[SPOE_EV_ON_TCP_REQ_FE] = "on-frontend-tcp-request",
[SPOE_EV_ON_TCP_REQ_BE] = "on-backend-tcp-request",
[SPOE_EV_ON_HTTP_REQ_FE] = "on-frontend-http-request",
[SPOE_EV_ON_HTTP_REQ_BE] = "on-backend-http-request",
[SPOE_EV_ON_SERVER_SESS] = "on-server-session",
[SPOE_EV_ON_TCP_RSP] = "on-tcp-response",
[SPOE_EV_ON_HTTP_RSP] = "on-http-response",
};
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
/* Used to generates a unique id for an engine. On success, it returns a
CLEANUP: assorted typo fixes in the code and comments This is sixth iteration of typo fixes
2020-04-02 06:25:26 -04:00
* allocated string. So it is the caller's responsibility to release it. If the
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
* allocation failed, it returns NULL. */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static char *generate_pseudo_uuid()
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
{
MINOR: tools: Rename `ha_generate_uuid` to `ha_generate_uuid_v4` This is in preparation of adding support for other UUID versions.
2024-04-19 15:01:25 -04:00
ha_generate_uuid_v4(&trash);
BUG/MEDIUM: spoe: dup agent's engine_id string from trash.area The agent's engine_id forgot to dup from trash, all engine_ids point to the same address "&trash.area", the engine_id changed at run time and will double free when release agents and trash. This bug was introduced by the commit ee3bcddef ("MINOR: tools: add a generic function to generate UUIDs"). No backport is needed, this is 2.2-dev.
2020-03-12 22:39:51 -04:00
return my_strndup(trash.area, trash.data);
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
}
MINOR: spoe: switch the timeval-based timestamps to nanosecond timestamps Various points were collected during a request/response and were stored using timeval. Let's now switch them to nanosecond based timestamps.
2023-04-27 05:54:11 -04:00
/* set/add to <t> the elapsed time since <since> and now */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static inline void spoe_update_stat_time(ullong *since, long *t)
MINOR: spoe: Add metrics in to know time spent in the SPOE Following metrics are added for each event or group of messages processed in the SPOE: * processing time: the delay to process the event or the group. From the stream point of view, it is the latency added by the SPOE processing. * request time : It is the encoding time. It includes ACLs processing, if any. For fragmented frames, it is the sum of all fragments. * queue time : the delay before the request gets out the sending queue. For fragmented frames, it is the sum of all fragments. * waiting time: the delay before the reponse is received. No fragmentation supported here. * response time: the delay to process the response. No fragmentation supported here. * total time: (unused for now). It is the sum of all events or groups processed by the SPOE for a specific threads. Log messages has been updated. Before, only errors was logged (status_code != 0). Now every processing is logged, following this format: SPOE: [AGENT] <TYPE:NAME> sid=STREAM-ID st=STATUC-CODE reqT/qT/wT/resT/pT where: AGENT is the agent name TYPE is EVENT of GROUP NAME is the event or the group name STREAM-ID is an integer, the unique id of the stream STATUS_CODE is the processing's status code reqT/qT/wT/resT/pT are delays descrive above For all these delays, -1 means the processing was interrupted before the end. So -1 for the queue time means the request was never dequeued. For fragmented frames it is harder to know when the interruption happened. For now, messages are logged using the same logger than the backend of the stream which initiated the request.
2018-03-22 04:07:41 -04:00
{
if (*t == -1)
MEDIUM: clock: replace timeval "now" with integer "now_ns" This puts an end to the occasional confusion between the "now" date that is internal, monotonic and not synchronized with the system's date, and "date" which is the system's date and not necessarily monotonic. Variable "now" was removed and replaced with a 64-bit integer "now_ns" which is a counter of nanoseconds. It wraps every 585 years, so if all goes well (i.e. if humanity does not need haproxy anymore in 500 years), it will just never wrap. This implies that now_ns is never nul and that the zero value can reliably be used as "not set yet" for a timestamp if needed. This will also simplify date checks where it becomes possible again to do "date1<date2". All occurrences of "tv_to_ns(&now)" were simply replaced by "now_ns". Due to the intricacies between now, global_now and now_offset, all 3 had to be turned to nanoseconds at once. It's not a problem since all of them were solely used in 3 functions in clock.c, but they make the patch look bigger than it really is. The clock_update_local_date() and clock_update_global_date() functions are now much simpler as there's no need anymore to perform conversions nor to round the timeval up or down. The wrapping continues to happen by presetting the internal offset in the short future so that the 32-bit now_ms continues to wrap 20 seconds after boot. The start_time used to calculate uptime can still be turned to nanoseconds now. One interrogation concerns global_now_ms which is used only for the freq counters. It's unclear whether there's more value in using two variables that need to be synchronized sequentially like today or to just use global_now_ns divided by 1 million. Both approaches will work equally well on modern systems, the difference might come from smaller ones. Better not change anyhting for now. One benefit of the new approach is that we now have an internal date with a resolution of the nanosecond and the precision of the microsecond, which can be useful to extend some measurements given that timestamps also have this resolution.
2023-04-28 03:16:15 -04:00
*t = ns_to_ms(now_ns - *since);
MINOR: spoe: Add metrics in to know time spent in the SPOE Following metrics are added for each event or group of messages processed in the SPOE: * processing time: the delay to process the event or the group. From the stream point of view, it is the latency added by the SPOE processing. * request time : It is the encoding time. It includes ACLs processing, if any. For fragmented frames, it is the sum of all fragments. * queue time : the delay before the request gets out the sending queue. For fragmented frames, it is the sum of all fragments. * waiting time: the delay before the reponse is received. No fragmentation supported here. * response time: the delay to process the response. No fragmentation supported here. * total time: (unused for now). It is the sum of all events or groups processed by the SPOE for a specific threads. Log messages has been updated. Before, only errors was logged (status_code != 0). Now every processing is logged, following this format: SPOE: [AGENT] <TYPE:NAME> sid=STREAM-ID st=STATUC-CODE reqT/qT/wT/resT/pT where: AGENT is the agent name TYPE is EVENT of GROUP NAME is the event or the group name STREAM-ID is an integer, the unique id of the stream STATUS_CODE is the processing's status code reqT/qT/wT/resT/pT are delays descrive above For all these delays, -1 means the processing was interrupted before the end. So -1 for the queue time means the request was never dequeued. For fragmented frames it is harder to know when the interruption happened. For now, messages are logged using the same logger than the backend of the stream which initiated the request.
2018-03-22 04:07:41 -04:00
else
MEDIUM: clock: replace timeval "now" with integer "now_ns" This puts an end to the occasional confusion between the "now" date that is internal, monotonic and not synchronized with the system's date, and "date" which is the system's date and not necessarily monotonic. Variable "now" was removed and replaced with a 64-bit integer "now_ns" which is a counter of nanoseconds. It wraps every 585 years, so if all goes well (i.e. if humanity does not need haproxy anymore in 500 years), it will just never wrap. This implies that now_ns is never nul and that the zero value can reliably be used as "not set yet" for a timestamp if needed. This will also simplify date checks where it becomes possible again to do "date1<date2". All occurrences of "tv_to_ns(&now)" were simply replaced by "now_ns". Due to the intricacies between now, global_now and now_offset, all 3 had to be turned to nanoseconds at once. It's not a problem since all of them were solely used in 3 functions in clock.c, but they make the patch look bigger than it really is. The clock_update_local_date() and clock_update_global_date() functions are now much simpler as there's no need anymore to perform conversions nor to round the timeval up or down. The wrapping continues to happen by presetting the internal offset in the short future so that the 32-bit now_ms continues to wrap 20 seconds after boot. The start_time used to calculate uptime can still be turned to nanoseconds now. One interrogation concerns global_now_ms which is used only for the freq counters. It's unclear whether there's more value in using two variables that need to be synchronized sequentially like today or to just use global_now_ns divided by 1 million. Both approaches will work equally well on modern systems, the difference might come from smaller ones. Better not change anyhting for now. One benefit of the new approach is that we now have an internal date with a resolution of the nanosecond and the precision of the microsecond, which can be useful to extend some measurements given that timestamps also have this resolution.
2023-04-28 03:16:15 -04:00
*t += ns_to_ms(now_ns - *since);
MINOR: spoe: switch the timeval-based timestamps to nanosecond timestamps Various points were collected during a request/response and were stored using timeval. Let's now switch them to nanosecond based timestamps.
2023-04-27 05:54:11 -04:00
*since = 0;
MINOR: spoe: Add metrics in to know time spent in the SPOE Following metrics are added for each event or group of messages processed in the SPOE: * processing time: the delay to process the event or the group. From the stream point of view, it is the latency added by the SPOE processing. * request time : It is the encoding time. It includes ACLs processing, if any. For fragmented frames, it is the sum of all fragments. * queue time : the delay before the request gets out the sending queue. For fragmented frames, it is the sum of all fragments. * waiting time: the delay before the reponse is received. No fragmentation supported here. * response time: the delay to process the response. No fragmentation supported here. * total time: (unused for now). It is the sum of all events or groups processed by the SPOE for a specific threads. Log messages has been updated. Before, only errors was logged (status_code != 0). Now every processing is logged, following this format: SPOE: [AGENT] <TYPE:NAME> sid=STREAM-ID st=STATUC-CODE reqT/qT/wT/resT/pT where: AGENT is the agent name TYPE is EVENT of GROUP NAME is the event or the group name STREAM-ID is an integer, the unique id of the stream STATUS_CODE is the processing's status code reqT/qT/wT/resT/pT are delays descrive above For all these delays, -1 means the processing was interrupted before the end. So -1 for the queue time means the request was never dequeued. For fragmented frames it is harder to know when the interruption happened. For now, messages are logged using the same logger than the backend of the stream which initiated the request.
2018-03-22 04:07:41 -04:00
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
/********************************************************************
* Functions that manage the SPOE applet
********************************************************************/
MEDIUM: mux-spop: Introduce the SPOP multiplexer It is no possible yet to use it. Idles connections and pipelining mode are not supported for now. But it should be possible to open a SPOP connection, perform the HELLO handshake, send a NOTIFY frame based on data produced by the client side and receive the corresponding ACK frame to transfer its content to the client side. The related issue is #2502.
2024-07-04 05:37:23 -04:00
struct spoe_agent *spoe_appctx_agent(struct appctx *appctx)
{
struct spoe_appctx *spoe_appctx;
if (!appctx)
return NULL;
spoe_appctx = SPOE_APPCTX(appctx);
if (!spoe_appctx)
return NULL;
return spoe_appctx->agent;
}
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int spoe_init_appctx(struct appctx *appctx)
MEDIUM: spoe: Refactor SPOE appctx creation A .init callback function is defined for the spoe_applet applet. This function finishes the spoe_appctx initialization. It also finishes the appctx startup by calling appctx_finalize_startup() and its handles the stream customization.
2022-05-12 09:28:51 -04:00
{
struct spoe_appctx *spoe_appctx = SPOE_APPCTX(appctx);
struct spoe_agent *agent = spoe_appctx->agent;
struct stream *s;
MEDIUM: spoe: Directly xfer NOTIFY frame when SPOE applet is created Instead of using a buffer from the SPOE filter to store the NOTIFY frame, to copy it in a trash buffer in the SPOE applet to add meta-data and then tranfer it to the channel, the original buffer is directly transfered to the channel during the SPOE applet creation. The SPOE applet is thus simplied, the I/O handler is now only responsible to retrieve the ACK reply. The related issue is #2502.
2024-07-09 05:01:59 -04:00
if (appctx_finalize_startup(appctx, &agent->fe, &spoe_appctx->spoe_ctx->buffer) == -1)
MINOR: spoe: Remove the dedicated SPOE applet task The dedicated task per SPOE applet is no longer used. So it is removed. The related issue is #2502.
2024-06-17 12:31:05 -04:00
goto error;
MEDIUM: spoe: Refactor SPOE appctx creation A .init callback function is defined for the spoe_applet applet. This function finishes the spoe_appctx initialization. It also finishes the appctx startup by calling appctx_finalize_startup() and its handles the stream customization.
2022-05-12 09:28:51 -04:00
spoe_appctx->owner = appctx;
s = appctx_strm(appctx);
stream_set_backend(s, agent->b.be);
/* applet is waiting for data */
CLEANUP: stconn: rename cs_cant_get() to se_need_more_data() An equivalent applet_need_more_data() was added as well since that function is mostly used from applet code. It makes it much clearer that the applet is waiting for data from the stream layer.
2022-05-25 12:21:43 -04:00
applet_need_more_data(appctx);
MEDIUM: spoe: Refactor SPOE appctx creation A .init callback function is defined for the spoe_applet applet. This function finishes the spoe_appctx initialization. It also finishes the appctx startup by calling appctx_finalize_startup() and its handles the stream customization.
2022-05-12 09:28:51 -04:00
s->do_log = NULL;
BUG/MEDIUM: flt-spoe: Properly handle end of stream from the SPOE applet The previous fix ("BUG/MEDIUM: applet: Don't pretend to have more data to handle EOI/EOS/ERROR") revealed an issue with the way the SPOE applet was reporting the end of stream, leading to never shut the applet down. In fact, there is two bug in one. The first one is about the applet shutdown. Since the fix above, the applet is no longer closed. Before, it was closed because it was reported in error. But now, it is just delayed because the applet and the SPOP stream are declared to support half close connections. So the applet is only closed when the SPOP connection is closed. To fix this bug, both side are now stating that half close connections are not supported. The second bug is about the way the end of stream is reported. It is reported when the ACK response is received. But it is too early, because the parent stream must process the response first. So now, we take care to have processed the ACK from the parent applet before reporting an end of stream. This patch must be backported with the commit above to 3.1.
2025-02-04 12:05:33 -05:00
s->scb->flags |= SC_FL_RCV_ONCE | SC_FL_NOHALF;
s->scf->flags |= SC_FL_NOHALF;
MEDIUM: spoe: Set the parent stream for SPOE streams When a SPOE applet is created to send a message to an agent, the parent of the associated stream is set to the one filtered. And the relationship between the streams is removed when the applet is released or when the processing on main stream is finished. In the mean time, it is possible to get variables of the parent stream from the SPOE one. It is not a huge change but this will be amazingly useful. For instance, it is now possible to be sticky on a server using a critera of the main streem. Here is an example using the client source address: listen http bind *:80 tcp-request content set-var(txn.client_src) src filter spoe engine {SPOE-NAME} config /{SPOE-CONFIG} http-request send-spoe-group {SPOE-NAME} {SPOE-MSG} server www 127.0.0.1:8000 backend spoe-backend mode spop timeout server 10s stick-table type ip size 200k expire 30m stick on var(ptxn.client_src) server srv1 ... server srv2 ... server srv3 ... server srv4 ... Of course, the feature is not limited to stick-tables. Everywhere variables are used, it is now possible to get the value set on the parent stream from the SPOE stream.
2024-07-17 11:06:00 -04:00
s->parent = spoe_appctx->spoe_ctx->strm;
MEDIUM: spoe: Refactor SPOE appctx creation A .init callback function is defined for the spoe_applet applet. This function finishes the spoe_appctx initialization. It also finishes the appctx startup by calling appctx_finalize_startup() and its handles the stream customization.
2022-05-12 09:28:51 -04:00
MINOR: flt-spoe: Report end of input immediately after applet init The SPOE applet forwards the message that must be sent to agent during its init stage. So just after it is created. When it is performed, the end of input must be reported because no more data will be forwarded. However, it was performed after receiving the ACK response. It is harmless, but there is no reason to delay the EOI. It is now fixed. This patch must be backported to 3.1.
2025-02-04 04:46:28 -05:00
/* The frame was forwarded to the SPOP mux, set EOI now */
applet_set_eoi(appctx);
MEDIUM: spoe: Directly xfer NOTIFY frame when SPOE applet is created Instead of using a buffer from the SPOE filter to store the NOTIFY frame, to copy it in a trash buffer in the SPOE applet to add meta-data and then tranfer it to the channel, the original buffer is directly transfered to the channel during the SPOE applet creation. The SPOE applet is thus simplied, the I/O handler is now only responsible to retrieve the ACK reply. The related issue is #2502.
2024-07-09 05:01:59 -04:00
appctx->st0 = SPOE_APPCTX_ST_WAITING_ACK;
MINOR: spoe: Remove the dedicated SPOE applet task The dedicated task per SPOE applet is no longer used. So it is removed. The related issue is #2502.
2024-06-17 12:31:05 -04:00
appctx_wakeup(appctx);
MEDIUM: spoe: Refactor SPOE appctx creation A .init callback function is defined for the spoe_applet applet. This function finishes the spoe_appctx initialization. It also finishes the appctx startup by calling appctx_finalize_startup() and its handles the stream customization.
2022-05-12 09:28:51 -04:00
return 0;
MINOR: spoe: Remove the dedicated SPOE applet task The dedicated task per SPOE applet is no longer used. So it is removed. The related issue is #2502.
2024-06-17 12:31:05 -04:00
error:
MEDIUM: spoe: Refactor SPOE appctx creation A .init callback function is defined for the spoe_applet applet. This function finishes the spoe_appctx initialization. It also finishes the appctx startup by calling appctx_finalize_startup() and its handles the stream customization.
2022-05-12 09:28:51 -04:00
return -1;
}
MAJOR: spoe: Rewrite SPOE applet to use the SPOP mux It is the huge part of the series. The patch is not so huge, it removes functions to produce or consume frames. The SPOE applet is pretty light now. But since this patch, the SPOP multiplexer is now used. The SPOP mode is now automatically ised for SPOP backends. So if there are bugs in the SPOP multiplexer, they will be visible now. The related issue is #2502.
2024-07-04 08:54:01 -04:00
static void spoe_shut_appctx(struct appctx *appctx, enum se_shut_mode mode, struct se_abort_info *reason)
{
struct spoe_appctx *spoe_appctx = SPOE_APPCTX(appctx);
if (!reason || spoe_appctx->status_code != SPOP_ERR_NONE)
return;
if (((reason->info & SE_ABRT_SRC_MASK) >> SE_ABRT_SRC_SHIFT) == SE_ABRT_SRC_MUX_SPOP)
spoe_appctx->status_code = reason->code;
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
/* Callback function that releases a SPOE applet. This happens when the
* connection with the agent is closed. */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static void spoe_release_appctx(struct appctx *appctx)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
MEDIUM: tree-wide: Use CS util functions instead of SI ones At many places, we now use the new CS functions to get a stream or a channel from a conn-stream instead of using the stream-interface API. It is the first step to reduce the scope of the stream-interfaces. The main change here is about the applet I/O callback functions. Before the refactoring, the stream-interface was the appctx owner. Thus, it was heavily used. Now, as far as possible,the conn-stream is used. Of course, it remains many calls to the stream-interface API.
2022-03-25 11:43:49 -04:00
struct spoe_appctx *spoe_appctx = SPOE_APPCTX(appctx);
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
if (spoe_appctx == NULL)
return;
MAJOR: spoe: Remove idle applets and pipelining support Management of idle applets is removed. Consequently, the pipelining support is also removed. It is a huge change but it should be transparent for the agents, except regarding the performances. Of course, being able to reuse already openned connections and being able to multiplex frames on a given connection is a must have. These features will be restored later. hello and idle timeout are not longer used. Because an applet is spawned to process a NOTIFY frame and closed after receiving the ACK reply, the processing timeout is the only one required. In addition, the parameters to limit the SPOE applet creation are no longer used too. The related issue is #2502.
2024-06-17 12:17:11 -04:00
appctx->svcctx = NULL;
MEDIUM: spoe: Set the parent stream for SPOE streams When a SPOE applet is created to send a message to an agent, the parent of the associated stream is set to the one filtered. And the relationship between the streams is removed when the applet is released or when the processing on main stream is finished. In the mean time, it is possible to get variables of the parent stream from the SPOE one. It is not a huge change but this will be amazingly useful. For instance, it is now possible to be sticky on a server using a critera of the main streem. Here is an example using the client source address: listen http bind *:80 tcp-request content set-var(txn.client_src) src filter spoe engine {SPOE-NAME} config /{SPOE-CONFIG} http-request send-spoe-group {SPOE-NAME} {SPOE-MSG} server www 127.0.0.1:8000 backend spoe-backend mode spop timeout server 10s stick-table type ip size 200k expire 30m stick on var(ptxn.client_src) server srv1 ... server srv2 ... server srv3 ... server srv4 ... Of course, the feature is not limited to stick-tables. Everywhere variables are used, it is now possible to get the value set on the parent stream from the SPOE stream.
2024-07-17 11:06:00 -04:00
appctx_strm(appctx)->parent = NULL;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
/* Shutdown the server connection, if needed */
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
if (appctx->st0 != SPOE_APPCTX_ST_END) {
appctx->st0 = SPOE_APPCTX_ST_END;
BUG/MEDIUM: spoe: Improve error detection in SPOE applet on client abort It is possible to interrupt a SPOE applet without reporting an error. For instance, when the client of the parent stream aborts. Thanks to this patch, we take care to report an error on the SPOE applet to be sure to interrupt the processing. It is especially important if the connection to the agent is queued. Thanks to 886a248be ("BUG/MEDIUM: mux-spop: Reject connection attempts from a non-spop frontend"), it is no longer an issue. But there is no reason to continue to process if the parent stream is gone. In addition, in the SPOE filter, if the processing is interrupted when the filter is destroyed, no specific status code was set. It is not a big deal because it cannot be logged at this stage. But it can be used to notify the SPOE applet. So better to set it. This patch should be backported as far as 3.1.
2025-08-26 09:49:15 -04:00
applet_set_error(appctx);
MINOR: spoe: Rename some flags and constant to use SPOP prefix A SPOP multiplexer will be added. Many flags, constants and structures will be remove from the applet scope. So the "SPOP" prefix is used instead of "SPOE", to be consistent. The related issue is #2502.
2024-07-04 04:53:43 -04:00
if (spoe_appctx->status_code == SPOP_ERR_NONE)
spoe_appctx->status_code = SPOP_ERR_IO;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
MAJOR: spoe: Remove idle applets and pipelining support Management of idle applets is removed. Consequently, the pipelining support is also removed. It is a huge change but it should be transparent for the agents, except regarding the performances. Of course, being able to reuse already openned connections and being able to multiplex frames on a given connection is a must have. These features will be restored later. hello and idle timeout are not longer used. Because an applet is spawned to process a NOTIFY frame and closed after receiving the ACK reply, the processing timeout is the only one required. In addition, the parameters to limit the SPOE applet creation are no longer used too. The related issue is #2502.
2024-06-17 12:17:11 -04:00
if (spoe_appctx->spoe_ctx) {
/* Report an error to stream */
spoe_appctx->spoe_ctx->spoe_appctx = NULL;
BUG/MINOR: spoe: Don't report error on applet release if filter is in DONE state When the SPOE applet was released, if a SPOE filter context was still attached to it, an error was reported to the filter. However, there is no reason to report an error if the ACK message was already received. Because of this bug, if the ACK message is received and the SPOE connection is immediately closed, this prevents the ACK message to be processed. This patch should be backported to 3.1.
2025-05-13 11:45:18 -04:00
if (spoe_appctx->spoe_ctx->state != SPOE_CTX_ST_DONE) {
spoe_appctx->spoe_ctx->state = SPOE_CTX_ST_ERROR;
spoe_appctx->spoe_ctx->status_code = (spoe_appctx->status_code + 0x100);
}
MAJOR: spoe: Remove idle applets and pipelining support Management of idle applets is removed. Consequently, the pipelining support is also removed. It is a huge change but it should be transparent for the agents, except regarding the performances. Of course, being able to reuse already openned connections and being able to multiplex frames on a given connection is a must have. These features will be restored later. hello and idle timeout are not longer used. Because an applet is spawned to process a NOTIFY frame and closed after receiving the ACK reply, the processing timeout is the only one required. In addition, the parameters to limit the SPOE applet creation are no longer used too. The related issue is #2502.
2024-06-17 12:17:11 -04:00
task_wakeup(spoe_appctx->spoe_ctx->strm->task, TASK_WOKEN_MSG);
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
}
MINOR: spoe: Use the min of all known max_frame_size to encode messages The max_frame_size value is negociated between HAProxy and SPOE agents during the HELLO handshake. It is a per-connection value. Different SPOE agents can choose to use different max_frame_size values. So, now, we keep the minimum of all known max_frame_size. This minimum is updated when a new connection to a SPOE agent is opened and when a connection is closed. We use this value as a limit to encode messages in NOTIFY frames.
2017-01-13 05:30:50 -05:00
end:
BUG/MEDIUM: spoe: Don't use the SPOE applet after releasing it In spoe_release_appctx(), the SPOE applet may be used after it was released to get its exit status code. Of course, HAProxy crashes when this happens. This patch must be backported to 1.9 and 1.8.
2019-05-23 16:47:48 -04:00
/* Release allocated memory */
pool_free(pool_head_spoe_appctx, spoe_appctx);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int spoe_handle_receiving_frame_appctx(struct appctx *appctx)
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
{
MEDIUM: spoe: Directly receive ACK frame in the SPOE context buffer Just like the previous patch, here we avoid a buffer copy between the SPOE applet and the SPOE filter for the ACK reply. The buffer from the SPOE context is used to retrieve the ACK reply from the channel response buffer. The related issue is #2502.
2024-07-09 05:38:51 -04:00
struct spoe_appctx *spoe_appctx = SPOE_APPCTX(appctx);
struct spoe_context *spoe_ctx = spoe_appctx->spoe_ctx;
MEDIUM: spoe: Make the SPOE applet use its own buffers The SPOE applet is rewritten to use its own buffers. It is not a huge change because, once started, the only responsibility of the SPOE applet is to transfer the ACK frame to the SPOE filter. So it means it does not send any data to the opposite endpoint, the NOTIFY frame was already transferred during the applet creation. And it does only receive one full frame. Once received, it can exit. The related issue is #2502.
2024-07-11 08:47:20 -04:00
int ret = 0;
MEDIUM: spoe: Directly receive ACK frame in the SPOE context buffer Just like the previous patch, here we avoid a buffer copy between the SPOE applet and the SPOE filter for the ACK reply. The buffer from the SPOE context is used to retrieve the ACK reply from the channel response buffer. The related issue is #2502.
2024-07-09 05:38:51 -04:00
MEDIUM: spoe: Make the SPOE applet use its own buffers The SPOE applet is rewritten to use its own buffers. It is not a huge change because, once started, the only responsibility of the SPOE applet is to transfer the ACK frame to the SPOE filter. So it means it does not send any data to the opposite endpoint, the NOTIFY frame was already transferred during the applet creation. And it does only receive one full frame. Once received, it can exit. The related issue is #2502.
2024-07-11 08:47:20 -04:00
BUG_ON(b_data(&spoe_ctx->buffer));
if (!b_data(&appctx->inbuf)) {
applet_need_more_data(appctx);
MEDIUM: spoe: Directly receive ACK frame in the SPOE context buffer Just like the previous patch, here we avoid a buffer copy between the SPOE applet and the SPOE filter for the ACK reply. The buffer from the SPOE context is used to retrieve the ACK reply from the channel response buffer. The related issue is #2502.
2024-07-09 05:38:51 -04:00
goto end;
}
MAJOR: spoe: Rewrite SPOE applet to use the SPOP mux It is the huge part of the series. The patch is not so huge, it removes functions to produce or consume frames. The SPOE applet is pretty light now. But since this patch, the SPOP multiplexer is now used. The SPOP mode is now automatically ised for SPOP backends. So if there are bugs in the SPOP multiplexer, they will be visible now. The related issue is #2502.
2024-07-04 08:54:01 -04:00
BUG/MEDIUM: spoe: Acquire context buffer in applet before consuming a frame Changes brought to support large buffers revealed a bug in the SPOE applet when a frame is copied in the SPOE context buffer. A b_xfer() was performed without allocating the SPOE context buffer. It is not expected. As stated in the function documentation, the caller is responsible for ensuring there is enough space in the destination buffer. So first of all, it must ensure this buffer was allocated. With recent changes, we are able to hit a BUG_ON() because the swap is no longer possible if source and destination buffers size are not the same. This patch should fix the issue #3286. It could be backported as far as 3.1.
2026-02-23 08:31:17 -05:00
if (!spoe_acquire_buffer(&spoe_ctx->buffer, &spoe_ctx->buffer_wait))
goto end;
MEDIUM: spoe: Make the SPOE applet use its own buffers The SPOE applet is rewritten to use its own buffers. It is not a huge change because, once started, the only responsibility of the SPOE applet is to transfer the ACK frame to the SPOE filter. So it means it does not send any data to the opposite endpoint, the NOTIFY frame was already transferred during the applet creation. And it does only receive one full frame. Once received, it can exit. The related issue is #2502.
2024-07-11 08:47:20 -04:00
if (b_data(&appctx->inbuf) > spoe_appctx->agent->max_frame_size) {
spoe_ctx->state = SPOE_CTX_ST_ERROR;
spoe_ctx->status_code = (spoe_appctx->status_code + 0x100);
spoe_appctx->status_code = SPOP_ERR_TOO_BIG;
appctx->st0 = SPOE_APPCTX_ST_EXIT;
task_wakeup(spoe_ctx->strm->task, TASK_WOKEN_MSG);
ret = -1;
goto end;
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
}
MEDIUM: spoe: Make the SPOE applet use its own buffers The SPOE applet is rewritten to use its own buffers. It is not a huge change because, once started, the only responsibility of the SPOE applet is to transfer the ACK frame to the SPOE filter. So it means it does not send any data to the opposite endpoint, the NOTIFY frame was already transferred during the applet creation. And it does only receive one full frame. Once received, it can exit. The related issue is #2502.
2024-07-11 08:47:20 -04:00
b_xfer(&spoe_ctx->buffer, &appctx->inbuf, b_data(&appctx->inbuf));
spoe_ctx->state = SPOE_CTX_ST_DONE;
appctx->st0 = SPOE_APPCTX_ST_EXIT;
task_wakeup(spoe_ctx->strm->task, TASK_WOKEN_MSG);
ret = 1;
MEDIUM: spoe: Directly xfer NOTIFY frame when SPOE applet is created Instead of using a buffer from the SPOE filter to store the NOTIFY frame, to copy it in a trash buffer in the SPOE applet to add meta-data and then tranfer it to the channel, the original buffer is directly transfered to the channel during the SPOE applet creation. The SPOE applet is thus simplied, the I/O handler is now only responsible to retrieve the ACK reply. The related issue is #2502.
2024-07-09 05:01:59 -04:00
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
end:
return ret;
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
/* I/O Handler processing messages exchanged with the agent */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static void spoe_handle_appctx(struct appctx *appctx)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
if (SPOE_APPCTX(appctx) == NULL)
MEDIUM: spoe: Make the SPOE applet use its own buffers The SPOE applet is rewritten to use its own buffers. It is not a huge change because, once started, the only responsibility of the SPOE applet is to transfer the ACK frame to the SPOE filter. So it means it does not send any data to the opposite endpoint, the NOTIFY frame was already transferred during the applet creation. And it does only receive one full frame. Once received, it can exit. The related issue is #2502.
2024-07-11 08:47:20 -04:00
goto out;
if (applet_fl_test(appctx, APPCTX_FL_INBLK_ALLOC))
goto out;
if (!appctx_get_buf(appctx, &appctx->inbuf))
goto out;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
BUG/MEDIUM: flt-spoe: Set/test applet flags instead of SE flags from I/O handler The SPOE applet is using the new applet API. Thus end of input, end of stream and errors must be reported using the applet flags, not the SE flags. This was not the case. So let's fix it. It seems this bug is harmless for now. This patch must be backported to 3.1.
2025-02-04 04:42:19 -05:00
if (unlikely(applet_fl_test(appctx, APPCTX_FL_EOS|APPCTX_FL_ERROR))) {
MEDIUM: spoe: Make the SPOE applet use its own buffers The SPOE applet is rewritten to use its own buffers. It is not a huge change because, once started, the only responsibility of the SPOE applet is to transfer the ACK frame to the SPOE filter. So it means it does not send any data to the opposite endpoint, the NOTIFY frame was already transferred during the applet creation. And it does only receive one full frame. Once received, it can exit. The related issue is #2502.
2024-07-11 08:47:20 -04:00
b_reset(&appctx->inbuf);
applet_fl_clr(appctx, APPCTX_FL_INBLK_FULL);
goto out;
MEDIUM: spoe: Use the sedesc to report and detect end of processing Just like for other applets, we now use the SE descriptor instead of the channel to report error and end-of-stream. We must just be sure to consume request data when we are waiting the applet to be released. This patch is bit different than others because messages handling is dispatched in several functions. But idea if the same.
2023-03-31 05:04:34 -04:00
}
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
switchstate:
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
switch (appctx->st0) {
MEDIUM: spoe: Directly xfer NOTIFY frame when SPOE applet is created Instead of using a buffer from the SPOE filter to store the NOTIFY frame, to copy it in a trash buffer in the SPOE applet to add meta-data and then tranfer it to the channel, the original buffer is directly transfered to the channel during the SPOE applet creation. The SPOE applet is thus simplied, the I/O handler is now only responsible to retrieve the ACK reply. The related issue is #2502.
2024-07-09 05:01:59 -04:00
/* case SPOE_APPCTX_ST_PROCESSING: */
case SPOE_APPCTX_ST_WAITING_ACK:
BUG/MEDIUM: spoe: Improve error detection in SPOE applet on client abort It is possible to interrupt a SPOE applet without reporting an error. For instance, when the client of the parent stream aborts. Thanks to this patch, we take care to report an error on the SPOE applet to be sure to interrupt the processing. It is especially important if the connection to the agent is queued. Thanks to 886a248be ("BUG/MEDIUM: mux-spop: Reject connection attempts from a non-spop frontend"), it is no longer an issue. But there is no reason to continue to process if the parent stream is gone. In addition, in the SPOE filter, if the processing is interrupted when the filter is destroyed, no specific status code was set. It is not a big deal because it cannot be logged at this stage. But it can be used to notify the SPOE applet. So better to set it. This patch should be backported as far as 3.1.
2025-08-26 09:49:15 -04:00
if (!SPOE_APPCTX(appctx)->spoe_ctx) {
appctx->st0 = SPOE_APPCTX_ST_END;
applet_set_error(appctx);
}
BUG/MINOR: spoe: Properly switch SPOE filter to WAITING_ACK state When the SPOE applet is created, the SPOE filter is set in SENDING_MSGS state. When the applet has transferred data, it should switch the filter to WAITING_ACK state. Concretly, there is no bug. At best, it could save some useless applet wakeups. This patch should be backported as far as 3.1
2026-03-16 02:46:30 -04:00
else {
SPOE_APPCTX(appctx)->spoe_ctx->state = SPOE_CTX_ST_WAITING_ACK;
if (!spoe_handle_receiving_frame_appctx(appctx))
break;
}
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
goto switchstate;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
case SPOE_APPCTX_ST_EXIT:
MINOR: spoe: Rename some flags and constant to use SPOP prefix A SPOP multiplexer will be added. Many flags, constants and structures will be remove from the applet scope. So the "SPOP" prefix is used instead of "SPOE", to be consistent. The related issue is #2502.
2024-07-04 04:53:43 -04:00
if (SPOE_APPCTX(appctx)->status_code != SPOP_ERR_NONE)
BUG/MEDIUM: flt-spoe: Set/test applet flags instead of SE flags from I/O handler The SPOE applet is using the new applet API. Thus end of input, end of stream and errors must be reported using the applet flags, not the SE flags. This was not the case. So let's fix it. It seems this bug is harmless for now. This patch must be backported to 3.1.
2025-02-04 04:42:19 -05:00
applet_set_error(appctx);
BUG/MEDIUM: flt-spoe: Properly handle end of stream from the SPOE applet The previous fix ("BUG/MEDIUM: applet: Don't pretend to have more data to handle EOI/EOS/ERROR") revealed an issue with the way the SPOE applet was reporting the end of stream, leading to never shut the applet down. In fact, there is two bug in one. The first one is about the applet shutdown. Since the fix above, the applet is no longer closed. Before, it was closed because it was reported in error. But now, it is just delayed because the applet and the SPOP stream are declared to support half close connections. So the applet is only closed when the SPOP connection is closed. To fix this bug, both side are now stating that half close connections are not supported. The second bug is about the way the end of stream is reported. It is reported when the ACK response is received. But it is too early, because the parent stream must process the response first. So now, we take care to have processed the ACK from the parent applet before reporting an end of stream. This patch must be backported with the commit above to 3.1.
2025-02-04 12:05:33 -05:00
if (!SPOE_APPCTX(appctx)->spoe_ctx) {
appctx->st0 = SPOE_APPCTX_ST_END;
applet_set_eos(appctx);
goto switchstate;
}
break;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
case SPOE_APPCTX_ST_END:
MEDIUM: spoe: Make the SPOE applet use its own buffers The SPOE applet is rewritten to use its own buffers. It is not a huge change because, once started, the only responsibility of the SPOE applet is to transfer the ACK frame to the SPOE filter. So it means it does not send any data to the opposite endpoint, the NOTIFY frame was already transferred during the applet creation. And it does only receive one full frame. Once received, it can exit. The related issue is #2502.
2024-07-11 08:47:20 -04:00
b_reset(&appctx->inbuf);
applet_fl_clr(appctx, APPCTX_FL_INBLK_FULL);
MINOR: spoe: Remove the dedicated SPOE applet task The dedicated task per SPOE applet is no longer used. So it is removed. The related issue is #2502.
2024-06-17 12:31:05 -04:00
break;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
MEDIUM: spoe: Make the SPOE applet use its own buffers The SPOE applet is rewritten to use its own buffers. It is not a huge change because, once started, the only responsibility of the SPOE applet is to transfer the ACK frame to the SPOE filter. So it means it does not send any data to the opposite endpoint, the NOTIFY frame was already transferred during the applet creation. And it does only receive one full frame. Once received, it can exit. The related issue is #2502.
2024-07-11 08:47:20 -04:00
out:
applet_have_no_more_data(appctx);
return;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
struct applet spoe_applet = {
.obj_type = OBJ_TYPE_APPLET,
MINOR: applet: Add support for flags on applets with a flag about the new API A new field was added in the applet structure to be able to set flags on the applets The first one is related to the new API. APPLET_FL_NEW_API is set for applets based on the new API. It was set on all HAProxy's applets.
2025-07-25 09:40:29 -04:00
.flags = APPLET_FL_NEW_API,
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
.name = "<SPOE>", /* used for logging */
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
.fct = spoe_handle_appctx,
MEDIUM: spoe: Refactor SPOE appctx creation A .init callback function is defined for the spoe_applet applet. This function finishes the spoe_appctx initialization. It also finishes the appctx startup by calling appctx_finalize_startup() and its handles the stream customization.
2022-05-12 09:28:51 -04:00
.init = spoe_init_appctx,
MAJOR: spoe: Rewrite SPOE applet to use the SPOP mux It is the huge part of the series. The patch is not so huge, it removes functions to produce or consume frames. The SPOE applet is pretty light now. But since this patch, the SPOP multiplexer is now used. The SPOP mode is now automatically ised for SPOP backends. So if there are bugs in the SPOP multiplexer, they will be visible now. The related issue is #2502.
2024-07-04 08:54:01 -04:00
.shut = spoe_shut_appctx,
MEDIUM: spoe: Make the SPOE applet use its own buffers The SPOE applet is rewritten to use its own buffers. It is not a huge change because, once started, the only responsibility of the SPOE applet is to transfer the ACK frame to the SPOE filter. So it means it does not send any data to the opposite endpoint, the NOTIFY frame was already transferred during the applet creation. And it does only receive one full frame. Once received, it can exit. The related issue is #2502.
2024-07-11 08:47:20 -04:00
.rcv_buf = appctx_raw_rcv_buf,
.snd_buf = appctx_raw_snd_buf,
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
.release = spoe_release_appctx,
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
};
/* Create a SPOE applet. On success, the created applet is returned, else
* NULL. */
MEDIUM: spoe: Directly xfer NOTIFY frame when SPOE applet is created Instead of using a buffer from the SPOE filter to store the NOTIFY frame, to copy it in a trash buffer in the SPOE applet to add meta-data and then tranfer it to the channel, the original buffer is directly transfered to the channel during the SPOE applet creation. The SPOE applet is thus simplied, the I/O handler is now only responsible to retrieve the ACK reply. The related issue is #2502.
2024-07-09 05:01:59 -04:00
static struct appctx *spoe_create_appctx(struct spoe_context *ctx)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
MEDIUM: spoe: Directly xfer NOTIFY frame when SPOE applet is created Instead of using a buffer from the SPOE filter to store the NOTIFY frame, to copy it in a trash buffer in the SPOE applet to add meta-data and then tranfer it to the channel, the original buffer is directly transfered to the channel during the SPOE applet creation. The SPOE applet is thus simplied, the I/O handler is now only responsible to retrieve the ACK reply. The related issue is #2502.
2024-07-09 05:01:59 -04:00
struct spoe_config *conf = FLT_CONF(ctx->filter);
BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up This test was already performed when a new message is queued into the sending queue. However not when the last applet is released, in spoe_release_appctx(). It is a quite old bug. It was introduced by commit 6f1296b5c7 ("BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released"). Because of this bug, new SPOE applets may be created and quickly released because there is no server up, in loop and while there is at least one message in the sending queue, consuming all the CPU. It is pretty visible if the processing timeout is high. To fix the bug, conditions to create or not a SPOE applet are now centralized in spoe_create_appctx(). The test about the max connections per second and about number of active servers are moved in this function. This patch must be backported to all stable versions.
2024-01-05 11:06:48 -05:00
struct spoe_agent *agent = conf->agent;
MEDIUM: spoe: Refactor SPOE appctx creation A .init callback function is defined for the spoe_applet applet. This function finishes the spoe_appctx initialization. It also finishes the appctx startup by calling appctx_finalize_startup() and its handles the stream customization.
2022-05-12 09:28:51 -04:00
struct spoe_appctx *spoe_appctx;
struct appctx *appctx;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MEDIUM: spoe: Refactor SPOE appctx creation A .init callback function is defined for the spoe_applet applet. This function finishes the spoe_appctx initialization. It also finishes the appctx startup by calling appctx_finalize_startup() and its handles the stream customization.
2022-05-12 09:28:51 -04:00
spoe_appctx = pool_zalloc(pool_head_spoe_appctx);
if (spoe_appctx == NULL)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
goto out_error;
BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up This test was already performed when a new message is queued into the sending queue. However not when the last applet is released, in spoe_release_appctx(). It is a quite old bug. It was introduced by commit 6f1296b5c7 ("BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released"). Because of this bug, new SPOE applets may be created and quickly released because there is no server up, in loop and while there is at least one message in the sending queue, consuming all the CPU. It is pretty visible if the processing timeout is high. To fix the bug, conditions to create or not a SPOE applet are now centralized in spoe_create_appctx(). The test about the max connections per second and about number of active servers are moved in this function. This patch must be backported to all stable versions.
2024-01-05 11:06:48 -05:00
spoe_appctx->agent = agent;
MEDIUM: spoe: Refactor SPOE appctx creation A .init callback function is defined for the spoe_applet applet. This function finishes the spoe_appctx initialization. It also finishes the appctx startup by calling appctx_finalize_startup() and its handles the stream customization.
2022-05-12 09:28:51 -04:00
spoe_appctx->flags = 0;
MINOR: spoe: Rename some flags and constant to use SPOP prefix A SPOP multiplexer will be added. Many flags, constants and structures will be remove from the applet scope. So the "SPOP" prefix is used instead of "SPOE", to be consistent. The related issue is #2502.
2024-07-04 04:53:43 -04:00
spoe_appctx->status_code = SPOP_ERR_NONE;
MEDIUM: spoe: Directly xfer NOTIFY frame when SPOE applet is created Instead of using a buffer from the SPOE filter to store the NOTIFY frame, to copy it in a trash buffer in the SPOE applet to add meta-data and then tranfer it to the channel, the original buffer is directly transfered to the channel during the SPOE applet creation. The SPOE applet is thus simplied, the I/O handler is now only responsible to retrieve the ACK reply. The related issue is #2502.
2024-07-09 05:01:59 -04:00
spoe_appctx->spoe_ctx = ctx;
ctx->spoe_appctx = spoe_appctx;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MINOR: applet: Add API to start applet on a thread subset In the same way than for the tasks, the applets api was changed to be able to start a new appctx on a thread subset. For now the feature is disabled. Only appctx_new_here() is working. But it will be possible to start an appctx on a specific thread or a subset via a mask.
2022-05-16 11:09:48 -04:00
if ((appctx = appctx_new_here(&spoe_applet, NULL)) == NULL)
MEDIUM: spoe: Refactor SPOE appctx creation A .init callback function is defined for the spoe_applet applet. This function finishes the spoe_appctx initialization. It also finishes the appctx startup by calling appctx_finalize_startup() and its handles the stream customization.
2022-05-12 09:28:51 -04:00
goto out_free_spoe_appctx;
MAJOR: conn_stream/stream-int: move the appctx to the conn-stream Thanks to previous changes, it is now possible to set an appctx as endpoint for a conn-stream. This means the appctx is no longer linked to the stream-interface but to the conn-stream. Thus, a pointer to the conn-stream is explicitly stored in the stream-interface. The endpoint (connection or appctx) can be retrieved via the conn-stream.
2021-12-20 09:34:16 -05:00
MEDIUM: spoe: Refactor SPOE appctx creation A .init callback function is defined for the spoe_applet applet. This function finishes the spoe_appctx initialization. It also finishes the appctx startup by calling appctx_finalize_startup() and its handles the stream customization.
2022-05-12 09:28:51 -04:00
appctx->svcctx = spoe_appctx;
if (appctx_init(appctx) == -1)
goto out_free_appctx;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
appctx_wakeup(appctx);
return appctx;
/* Error unrolling */
out_free_appctx:
MEDIUM: spoe: Refactor SPOE appctx creation A .init callback function is defined for the spoe_applet applet. This function finishes the spoe_appctx initialization. It also finishes the appctx startup by calling appctx_finalize_startup() and its handles the stream customization.
2022-05-12 09:28:51 -04:00
appctx_free_on_early_error(appctx);
out_free_spoe_appctx:
pool_free(pool_head_spoe_appctx, spoe_appctx);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
out_error:
MINOR: spoe: Move all stuff regarding the filter/applet in the C file Structures describing the SPOE applet context, the SPOE filter configuration and context and the SPOE messages and groups are moved in the C file. In spoe-t.h file, it remains the structure describing an SPOE agent and flags used by both sides. In addition, the SPOE frontend, created for a given SPOE engine, is moved from the SPOE filter configuration to the SPOE agent structure. The related issue is #2502.
2024-07-04 05:14:11 -04:00
send_log(&agent->fe, LOG_EMERG, "SPOE: [%s] failed to create SPOE applet\n", agent->id);
BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up This test was already performed when a new message is queued into the sending queue. However not when the last applet is released, in spoe_release_appctx(). It is a quite old bug. It was introduced by commit 6f1296b5c7 ("BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released"). Because of this bug, new SPOE applets may be created and quickly released because there is no server up, in loop and while there is at least one message in the sending queue, consuming all the CPU. It is pretty visible if the processing timeout is high. To fix the bug, conditions to create or not a SPOE applet are now centralized in spoe_create_appctx(). The test about the max connections per second and about number of active servers are moved in this function. This patch must be backported to all stable versions.
2024-01-05 11:06:48 -05:00
out:
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
return NULL;
}
/***************************************************************************
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames Now, agents can announce the support for the "fragmentation" capability during the HELLO handshake. HAProxy will never announce it because fragmented frame decoding is not implemented yet. But it can send such kind of frames. So, if an agent supports this capability, payloads exceeding the frame size will be split. A fragemented payload consists of several frames with the FIN bit clear and terminated by a single frame with the FIN bit set. All these frames must share the same STREAM-ID and FRAME-ID. Note that an unfragemnted payload consists of a single frame with the FIN bit set. And HELLO and DISCONNECT frames cannot be fragmented. This means that only NOTIFY frames can transport fragmented payload for now.
2017-01-19 04:01:12 -05:00
* Functions that encode SPOE messages
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
**************************************************************************/
MEDIUM: spoe: Remove fragmentation support It is the first patch of a long series to refactor the SPOE filter. The idea is to rely on a dedicated multiplexer instead of hakcing HAProxy with a list of applets processing a message queue. First of all, optionnal features will be removed. Some will be restored at the end, some others will just be removed. It is the case here. The frame fragmentation support is removed. The only purpose of this feature is to be able to support the streaming. Because it is out of the scope of this refactoring, the fragmentation is removed. The related issue is #2502.
2024-06-13 05:03:14 -04:00
/* Encode a SPOE message. If the next message can be processed, it returns 0. If
MINOR: spoe: Move message encoding in its own function Instead of having a big function to encode a list of messages, now we have a function to unroll the list and a function to encode the message itself.
2017-09-21 10:38:22 -04:00
* the message is too big, it returns -1.*/
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int spoe_encode_message(struct stream *s, struct spoe_context *ctx,
struct spoe_message *msg, int dir,
char **buf, char *end)
MINOR: spoe: Move message encoding in its own function Instead of having a big function to encode a list of messages, now we have a function to unroll the list and a function to encode the message itself.
2017-09-21 10:38:22 -04:00
{
struct sample *smp;
struct spoe_arg *arg;
int ret;
CLEANUP: tree-wide: define and use acl_match_cond() helper acl_match_cond() combines acl_exec_cond() + acl_pass() and a check on the condition->pol (to check if the cond is inverted) in order to return either 0 if the cond doesn't match or 1 if it matches (or NULL). Thanks to this we can actually simplify some redundant constructs that iterate over rules and evaluate if the condition matches or not. Conditions for tcp-request inspect-content and tcp-response inspect-content couldn't be simplified because they perform an extra check for missing data, and thus still need to leverage acl_exec_cond() It's best to display the patch using "-w", like "git show xxxx -w", because some blocks had to be re-indented after the cleanup, which makes the patch hard to review by default.
2025-01-22 08:15:47 -05:00
if (!acl_match_cond(msg->cond, s->be, s->sess, s, dir|SMP_OPT_FINAL))
goto next;
MINOR: spoe: Move message encoding in its own function Instead of having a big function to encode a list of messages, now we have a function to unroll the list and a function to encode the message itself.
2017-09-21 10:38:22 -04:00
/* Check if there is enough space for the message name and the
* number of arguments. It implies <msg->id_len> is encoded on 2
* bytes, at most (< 2288). */
if (*buf + 2 + msg->id_len + 1 > end)
goto too_big;
/* Encode the message name */
if (spoe_encode_buffer(msg->id, msg->id_len, buf, end) == -1)
goto too_big;
/* Set the number of arguments for this message */
**buf = msg->nargs;
(*buf)++;
/* Loop on arguments */
list_for_each_entry(arg, &msg->args, list) {
CLEANUP: Fix typos in the spoe subsystem Fix typos in the code comments of the spoe subsystem.
2018-11-15 16:46:49 -05:00
/* Encode the argument name as a string. It can by NULL */
MINOR: spoe: Move message encoding in its own function Instead of having a big function to encode a list of messages, now we have a function to unroll the list and a function to encode the message itself.
2017-09-21 10:38:22 -04:00
if (spoe_encode_buffer(arg->name, arg->name_len, buf, end) == -1)
goto too_big;
CLEANUP: Fix typos in the spoe subsystem Fix typos in the code comments of the spoe subsystem.
2018-11-15 16:46:49 -05:00
/* Fetch the argument value */
MINOR: spoe: Move message encoding in its own function Instead of having a big function to encode a list of messages, now we have a function to unroll the list and a function to encode the message itself.
2017-09-21 10:38:22 -04:00
smp = sample_process(s->be, s->sess, s, dir|SMP_OPT_FINAL, arg->expr, NULL);
MINOR: spoe: Use the sample context to pass frag_ctx info during encoding This simplifies the API and hide the details in the sample. This way, only string and binary are aware of these info, because other types cannot be partially encoded. This patch may be backported to 1.9 and 1.8.
2019-04-26 08:30:15 -04:00
ret = spoe_encode_data(smp, buf, end);
MEDIUM: spoe: Remove fragmentation support It is the first patch of a long series to refactor the SPOE filter. The idea is to rely on a dedicated multiplexer instead of hakcing HAProxy with a list of applets processing a message queue. First of all, optionnal features will be removed. Some will be restored at the end, some others will just be removed. It is the case here. The frame fragmentation support is removed. The only purpose of this feature is to be able to support the streaming. Because it is out of the scope of this refactoring, the fragmentation is removed. The related issue is #2502.
2024-06-13 05:03:14 -04:00
if (ret == -1)
MINOR: spoe: Move message encoding in its own function Instead of having a big function to encode a list of messages, now we have a function to unroll the list and a function to encode the message itself.
2017-09-21 10:38:22 -04:00
goto too_big;
}
next:
return 0;
too_big:
return -1;
}
MEDIUM: spoe: Remove fragmentation support It is the first patch of a long series to refactor the SPOE filter. The idea is to rely on a dedicated multiplexer instead of hakcing HAProxy with a list of applets processing a message queue. First of all, optionnal features will be removed. Some will be restored at the end, some others will just be removed. It is the case here. The frame fragmentation support is removed. The only purpose of this feature is to be able to support the streaming. Because it is out of the scope of this refactoring, the fragmentation is removed. The related issue is #2502.
2024-06-13 05:03:14 -04:00
/* Encode list of SPOE messages. On success it returns 1. If an error occurred, -1
* is returned. If nothing has been encoded, it returns 0. */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int spoe_encode_messages(struct stream *s, struct spoe_context *ctx,
struct list *messages, int dir, int type)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
struct spoe_config *conf = FLT_CONF(ctx->filter);
struct spoe_agent *agent = conf->agent;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
struct spoe_message *msg;
BUG/MINOR: spoe: Properly detect and skip empty NOTIFY frames Since the SPOE was refactored, the detection of empty NOTIFY frames is broken. So it is possible to send a NOTIFY frames to an agent with no message at all. The bug happens because the frame type is now added to the buffer before the messages encoding. So the buffer is never really empty. To fix the issue, the condition to detect empty frame was adapted. This patch must be backported as far as 3.1.
2025-08-20 09:38:42 -04:00
char *p, *start, *end;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MAJOR: buffer: finalize buffer detachment Now the buffers only contain the header and a pointer to the storage area which can be anywhere. This will significantly simplify buffer swapping and will make it possible to map chunks on buffers as well. The buf_empty variable was removed, as now it's enough to have size==0 and area==NULL to designate the empty buffer (thus a non-allocated head is the empty buffer by default). buf_wanted for now is indicated by size==0 and area==(void *)1. The channels and the checks now embed the buffer's head, and the only pointer is to the storage area. This slightly increases the unallocated buffer size (3 extra ints for the empty buffer) but considerably simplifies dynamic buffer management. It will also later permit to detach unused checks. The way the struct buffer is arranged has proven quite efficient on a number of tests, which makes sense given that size is always accessed and often first, followed by the othe ones.
2018-07-10 11:43:27 -04:00
p = b_head(&ctx->buffer);
MINOR: spoe: Rename some flags and constant to use SPOP prefix A SPOP multiplexer will be added. Many flags, constants and structures will be remove from the applet scope. So the "SPOP" prefix is used instead of "SPOE", to be consistent. The related issue is #2502.
2024-07-04 04:53:43 -04:00
end = p + agent->max_frame_size - SPOP_FRAME_HDR_SIZE;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MEDIUM: spoe: Directly xfer NOTIFY frame when SPOE applet is created Instead of using a buffer from the SPOE filter to store the NOTIFY frame, to copy it in a trash buffer in the SPOE applet to add meta-data and then tranfer it to the channel, the original buffer is directly transfered to the channel during the SPOE applet creation. The SPOE applet is thus simplied, the I/O handler is now only responsible to retrieve the ACK reply. The related issue is #2502.
2024-07-09 05:01:59 -04:00
/* Set Frame type */
*p++ = SPOP_FRM_T_HAPROXY_NOTIFY;
BUG/MINOR: spoe: Properly detect and skip empty NOTIFY frames Since the SPOE was refactored, the detection of empty NOTIFY frames is broken. So it is possible to send a NOTIFY frames to an agent with no message at all. The bug happens because the frame type is now added to the buffer before the messages encoding. So the buffer is never really empty. To fix the issue, the condition to detect empty frame was adapted. This patch must be backported as far as 3.1.
2025-08-20 09:38:42 -04:00
start = p;
MEDIUM: spoe: Directly xfer NOTIFY frame when SPOE applet is created Instead of using a buffer from the SPOE filter to store the NOTIFY frame, to copy it in a trash buffer in the SPOE applet to add meta-data and then tranfer it to the channel, the original buffer is directly transfered to the channel during the SPOE applet creation. The SPOE applet is thus simplied, the I/O handler is now only responsible to retrieve the ACK reply. The related issue is #2502.
2024-07-09 05:01:59 -04:00
MINOR: spoe: Add a type to qualify the message list during encoding Because we can have messages chained by event or by group, we need to have a way to know which kind of list we manipulate during the encoding. So 2 types of list has been added, SPOE_MSGS_BY_EVENT and SPOE_MSGS_BY_GROUP. And the right type is passed when spoe_encode_messages is called.
2017-09-21 10:50:56 -04:00
if (type == SPOE_MSGS_BY_EVENT) { /* Loop on messages by event */
list_for_each_entry(msg, messages, by_evt) {
if (spoe_encode_message(s, ctx, msg, dir, &p, end) == -1)
goto too_big;
}
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames Now, agents can announce the support for the "fragmentation" capability during the HELLO handshake. HAProxy will never announce it because fragmented frame decoding is not implemented yet. But it can send such kind of frames. So, if an agent supports this capability, payloads exceeding the frame size will be split. A fragemented payload consists of several frames with the FIN bit clear and terminated by a single frame with the FIN bit set. All these frames must share the same STREAM-ID and FRAME-ID. Note that an unfragemnted payload consists of a single frame with the FIN bit set. And HELLO and DISCONNECT frames cannot be fragmented. This means that only NOTIFY frames can transport fragmented payload for now.
2017-01-19 04:01:12 -05:00
}
MINOR: spoe: Add a type to qualify the message list during encoding Because we can have messages chained by event or by group, we need to have a way to know which kind of list we manipulate during the encoding. So 2 types of list has been added, SPOE_MSGS_BY_EVENT and SPOE_MSGS_BY_GROUP. And the right type is passed when spoe_encode_messages is called.
2017-09-21 10:50:56 -04:00
else if (type == SPOE_MSGS_BY_GROUP) { /* Loop on messages by group */
list_for_each_entry(msg, messages, by_grp) {
encode_grp_message:
if (spoe_encode_message(s, ctx, msg, dir, &p, end) == -1)
goto too_big;
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
MINOR: spoe: Add a type to qualify the message list during encoding Because we can have messages chained by event or by group, we need to have a way to know which kind of list we manipulate during the encoding. So 2 types of list has been added, SPOE_MSGS_BY_EVENT and SPOE_MSGS_BY_GROUP. And the right type is passed when spoe_encode_messages is called.
2017-09-21 10:50:56 -04:00
else
goto skip;
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames Now, agents can announce the support for the "fragmentation" capability during the HELLO handshake. HAProxy will never announce it because fragmented frame decoding is not implemented yet. But it can send such kind of frames. So, if an agent supports this capability, payloads exceeding the frame size will be split. A fragemented payload consists of several frames with the FIN bit clear and terminated by a single frame with the FIN bit set. All these frames must share the same STREAM-ID and FRAME-ID. Note that an unfragemnted payload consists of a single frame with the FIN bit set. And HELLO and DISCONNECT frames cannot be fragmented. This means that only NOTIFY frames can transport fragmented payload for now.
2017-01-19 04:01:12 -05:00
MEDIUM: spoe: Remove fragmentation support It is the first patch of a long series to refactor the SPOE filter. The idea is to rely on a dedicated multiplexer instead of hakcing HAProxy with a list of applets processing a message queue. First of all, optionnal features will be removed. Some will be restored at the end, some others will just be removed. It is the case here. The frame fragmentation support is removed. The only purpose of this feature is to be able to support the streaming. Because it is out of the scope of this refactoring, the fragmentation is removed. The related issue is #2502.
2024-06-13 05:03:14 -04:00
/* nothing has been encoded */
BUG/MINOR: spoe: Properly detect and skip empty NOTIFY frames Since the SPOE was refactored, the detection of empty NOTIFY frames is broken. So it is possible to send a NOTIFY frames to an agent with no message at all. The bug happens because the frame type is now added to the buffer before the messages encoding. So the buffer is never really empty. To fix the issue, the condition to detect empty frame was adapted. This patch must be backported as far as 3.1.
2025-08-20 09:38:42 -04:00
if (p == start)
MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages Now, it is possible to conditionnaly send a SPOE message by adding an ACL-based condition on the "event" line, in a "spoe-message" section. Here is the example coming for the SPOE documentation: spoe-message get-ip-reputation args ip=src event on-client-session if ! { src -f /etc/haproxy/whitelist.lst } To avoid mixin with proxy's ACLs, each SPOE message has its private ACL list. It possible to declare named ACLs in "spoe-message" section, using the same syntax than for proxies. So we can rewrite the previous example to use a named ACL: spoe-message get-ip-reputation args ip=src acl ip-whitelisted src -f /etc/haproxy/whitelist.lst event on-client-session if ! ip-whitelisted ACL-based conditions are executed in the context of the stream that handle the client and the server connections.
2017-09-04 09:41:09 -04:00
goto skip;
MAJOR: buffer: finalize buffer detachment Now the buffers only contain the header and a pointer to the storage area which can be anywhere. This will significantly simplify buffer swapping and will make it possible to map chunks on buffers as well. The buf_empty variable was removed, as now it's enough to have size==0 and area==NULL to designate the empty buffer (thus a non-allocated head is the empty buffer by default). buf_wanted for now is indicated by size==0 and area==(void *)1. The channels and the checks now embed the buffer's head, and the only pointer is to the storage area. This slightly increases the unallocated buffer size (3 extra ints for the empty buffer) but considerably simplifies dynamic buffer management. It will also later permit to detach unused checks. The way the struct buffer is arranged has proven quite efficient on a number of tests, which makes sense given that size is always accessed and often first, followed by the othe ones.
2018-07-10 11:43:27 -04:00
b_set_data(&ctx->buffer, p - b_head(&ctx->buffer));
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
return 1;
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames Now, agents can announce the support for the "fragmentation" capability during the HELLO handshake. HAProxy will never announce it because fragmented frame decoding is not implemented yet. But it can send such kind of frames. So, if an agent supports this capability, payloads exceeding the frame size will be split. A fragemented payload consists of several frames with the FIN bit clear and terminated by a single frame with the FIN bit set. All these frames must share the same STREAM-ID and FRAME-ID. Note that an unfragemnted payload consists of a single frame with the FIN bit set. And HELLO and DISCONNECT frames cannot be fragmented. This means that only NOTIFY frames can transport fragmented payload for now.
2017-01-19 04:01:12 -05:00
too_big:
MEDIUM: spoe: Remove fragmentation support It is the first patch of a long series to refactor the SPOE filter. The idea is to rely on a dedicated multiplexer instead of hakcing HAProxy with a list of applets processing a message queue. First of all, optionnal features will be removed. Some will be restored at the end, some others will just be removed. It is the case here. The frame fragmentation support is removed. The only purpose of this feature is to be able to support the streaming. Because it is out of the scope of this refactoring, the fragmentation is removed. The related issue is #2502.
2024-06-13 05:03:14 -04:00
/* Return an error if nothing has been encoded because its too big */
ctx->status_code = SPOE_CTX_ERR_TOO_BIG;
return -1;
MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages Now, it is possible to conditionnaly send a SPOE message by adding an ACL-based condition on the "event" line, in a "spoe-message" section. Here is the example coming for the SPOE documentation: spoe-message get-ip-reputation args ip=src event on-client-session if ! { src -f /etc/haproxy/whitelist.lst } To avoid mixin with proxy's ACLs, each SPOE message has its private ACL list. It possible to declare named ACLs in "spoe-message" section, using the same syntax than for proxies. So we can rewrite the previous example to use a named ACL: spoe-message get-ip-reputation args ip=src acl ip-whitelisted src -f /etc/haproxy/whitelist.lst event on-client-session if ! ip-whitelisted ACL-based conditions are executed in the context of the stream that handle the client and the server connections.
2017-09-04 09:41:09 -04:00
skip:
return 0;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames Now, agents can announce the support for the "fragmentation" capability during the HELLO handshake. HAProxy will never announce it because fragmented frame decoding is not implemented yet. But it can send such kind of frames. So, if an agent supports this capability, payloads exceeding the frame size will be split. A fragemented payload consists of several frames with the FIN bit clear and terminated by a single frame with the FIN bit set. All these frames must share the same STREAM-ID and FRAME-ID. Note that an unfragemnted payload consists of a single frame with the FIN bit set. And HELLO and DISCONNECT frames cannot be fragmented. This means that only NOTIFY frames can transport fragmented payload for now.
2017-01-19 04:01:12 -05:00
/***************************************************************************
* Functions that handle SPOE actions
**************************************************************************/
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
/* Helper function to set a variable */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static void spoe_set_var(struct spoe_context *ctx, char *scope, char *name, int len,
struct sample *smp)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
struct spoe_config *conf = FLT_CONF(ctx->filter);
struct spoe_agent *agent = conf->agent;
char varname[64];
memset(varname, 0, sizeof(varname));
len = snprintf(varname, sizeof(varname), "%s.%s.%.*s",
scope, agent->var_pfx, len, name);
MINOR: spoe: add force-set-var option in spoe-agent configuration For security reasons, the spoe filter was only able to change values of existing variables. In specific cases (ex : with LUA code), the name of variables are unknown at the configuration parsing phase. The force-set-var option can be enabled to register all variables.
2017-12-14 04:36:40 -05:00
if (agent->flags & SPOE_FL_FORCE_SET_VAR)
vars_set_by_name(varname, len, smp);
else
vars_set_by_name_ifexist(varname, len, smp);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
/* Helper function to unset a variable */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static void spoe_unset_var(struct spoe_context *ctx, char *scope, char *name, int len,
struct sample *smp)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
struct spoe_config *conf = FLT_CONF(ctx->filter);
struct spoe_agent *agent = conf->agent;
char varname[64];
memset(varname, 0, sizeof(varname));
len = snprintf(varname, sizeof(varname), "%s.%s.%.*s",
scope, agent->var_pfx, len, name);
vars_unset_by_name_ifexist(varname, len, smp);
}
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static inline int spoe_decode_action_set_var(struct stream *s, struct spoe_context *ctx,
char **buf, char *end, int dir)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
char *str, *scope, *p = *buf;
struct sample smp;
uint64_t sz;
int ret;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
if (p + 2 >= end)
goto skip;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
/* SET-VAR requires 3 arguments */
if (*p++ != 3)
goto skip;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
switch (*p++) {
MINOR: spoe: Rename some flags and constant to use SPOP prefix A SPOP multiplexer will be added. Many flags, constants and structures will be remove from the applet scope. So the "SPOP" prefix is used instead of "SPOE", to be consistent. The related issue is #2502.
2024-07-04 04:53:43 -04:00
case SPOP_SCOPE_PROC: scope = "proc"; break;
case SPOP_SCOPE_SESS: scope = "sess"; break;
case SPOP_SCOPE_TXN : scope = "txn"; break;
case SPOP_SCOPE_REQ : scope = "req"; break;
case SPOP_SCOPE_RES : scope = "res"; break;
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
default: goto skip;
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
goto skip;
memset(&smp, 0, sizeof(smp));
smp_set_owner(&smp, s->be, s->sess, s, dir|SMP_OPT_FINAL);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
if (spoe_decode_data(&p, end, &smp) == -1)
goto skip;
BUG: spoe: Fix parsing of SPOE actions in ACK frames For "SET-VAR" actions, data was not correctly parsed. 'idx' variable was not correctly updated when the 3rd argument was parsed.
2016-11-24 08:53:22 -05:00
BUG/MEDIUM: spoe: Unset variable instead of set it if no data provided If an agent try to set a variable with the NULL data type, an unset is perform instead to avoid undefined behaviors. Once decoded, such data are translated to a sample with the type SMP_T_ANY. It is unexpected in HAProxy. When a variable is set with such sample, no data are attached to the variable. Thus, when the variable is retrieved later in the transaction, the sample data are uninitialized, leading to undefined behaviors depending on how it is used. For instance, it leads to a crash if the debug converter is used on such variable. This patch should fix the issue #855. It must be backported as far as 1.8.
2020-10-15 10:08:30 -04:00
if (smp.data.type == SMP_T_ANY)
spoe_unset_var(ctx, scope, str, sz, &smp);
else
spoe_set_var(ctx, scope, str, sz, &smp);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
ret = (p - *buf);
*buf = p;
return ret;
skip:
return 0;
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static inline int spoe_decode_action_unset_var(struct stream *s, struct spoe_context *ctx,
char **buf, char *end, int dir)
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
{
char *str, *scope, *p = *buf;
struct sample smp;
uint64_t sz;
int ret;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
if (p + 2 >= end)
goto skip;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
/* UNSET-VAR requires 2 arguments */
if (*p++ != 2)
goto skip;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
switch (*p++) {
MINOR: spoe: Rename some flags and constant to use SPOP prefix A SPOP multiplexer will be added. Many flags, constants and structures will be remove from the applet scope. So the "SPOP" prefix is used instead of "SPOE", to be consistent. The related issue is #2502.
2024-07-04 04:53:43 -04:00
case SPOP_SCOPE_PROC: scope = "proc"; break;
case SPOP_SCOPE_SESS: scope = "sess"; break;
case SPOP_SCOPE_TXN : scope = "txn"; break;
case SPOP_SCOPE_REQ : scope = "req"; break;
case SPOP_SCOPE_RES : scope = "res"; break;
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
default: goto skip;
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
goto skip;
memset(&smp, 0, sizeof(smp));
smp_set_owner(&smp, s->be, s->sess, s, dir|SMP_OPT_FINAL);
spoe_unset_var(ctx, scope, str, sz, &smp);
ret = (p - *buf);
*buf = p;
return ret;
skip:
return 0;
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
/* Process SPOE actions for a specific event. It returns 1 on success. If an
* error occurred, 0 is returned. */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int spoe_process_actions(struct stream *s, struct spoe_context *ctx, int dir)
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
{
char *p, *end;
int ret;
MAJOR: buffer: finalize buffer detachment Now the buffers only contain the header and a pointer to the storage area which can be anywhere. This will significantly simplify buffer swapping and will make it possible to map chunks on buffers as well. The buf_empty variable was removed, as now it's enough to have size==0 and area==NULL to designate the empty buffer (thus a non-allocated head is the empty buffer by default). buf_wanted for now is indicated by size==0 and area==(void *)1. The channels and the checks now embed the buffer's head, and the only pointer is to the storage area. This slightly increases the unallocated buffer size (3 extra ints for the empty buffer) but considerably simplifies dynamic buffer management. It will also later permit to detach unused checks. The way the struct buffer is arranged has proven quite efficient on a number of tests, which makes sense given that size is always accessed and often first, followed by the othe ones.
2018-07-10 11:43:27 -04:00
p = b_head(&ctx->buffer);
end = p + b_data(&ctx->buffer);
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
while (p < end) {
enum spoe_action_type type;
type = *p++;
switch (type) {
MINOR: spoe: Rename some flags and constant to use SPOP prefix A SPOP multiplexer will be added. Many flags, constants and structures will be remove from the applet scope. So the "SPOP" prefix is used instead of "SPOE", to be consistent. The related issue is #2502.
2024-07-04 04:53:43 -04:00
case SPOP_ACT_T_SET_VAR:
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
ret = spoe_decode_action_set_var(s, ctx, &p, end, dir);
if (!ret)
goto skip;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
break;
MINOR: spoe: Rename some flags and constant to use SPOP prefix A SPOP multiplexer will be added. Many flags, constants and structures will be remove from the applet scope. So the "SPOP" prefix is used instead of "SPOE", to be consistent. The related issue is #2502.
2024-07-04 04:53:43 -04:00
case SPOP_ACT_T_UNSET_VAR:
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
ret = spoe_decode_action_unset_var(s, ctx, &p, end, dir);
if (!ret)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
goto skip;
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
break;
default:
goto skip;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
}
return 1;
skip:
return 0;
}
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames Now, agents can announce the support for the "fragmentation" capability during the HELLO handshake. HAProxy will never announce it because fragmented frame decoding is not implemented yet. But it can send such kind of frames. So, if an agent supports this capability, payloads exceeding the frame size will be split. A fragemented payload consists of several frames with the FIN bit clear and terminated by a single frame with the FIN bit set. All these frames must share the same STREAM-ID and FRAME-ID. Note that an unfragemnted payload consists of a single frame with the FIN bit set. And HELLO and DISCONNECT frames cannot be fragmented. This means that only NOTIFY frames can transport fragmented payload for now.
2017-01-19 04:01:12 -05:00
/***************************************************************************
* Functions that process SPOE events
**************************************************************************/
MEDIUM: spoe: Forward SPOE context error to the SPOE applet Errors triggered by a SPOE filter intance, mainly the processing timeout, are now forwarded to the SPOE applet. This way, an error can be reported to the SPOP mux stream to abort it early. Note that, for now, no abort reaon is set because the SPOP connection is not closed. Only the SPOP stream is aborted. But thanks to this patch, the SPOE applet can be released immediately, instead of waiting for the ACK frame or an error on the mux side. The related issue is #2502.
2024-07-10 02:06:59 -04:00
static inline enum spop_error spoe_ctx_err_to_spop_err(enum spoe_context_error err)
{
switch (err) {
case SPOE_CTX_ERR_NONE:
return SPOP_ERR_NONE;
case SPOE_CTX_ERR_TOUT:
return SPOP_ERR_TOUT;
case SPOE_CTX_ERR_RES:
return SPOP_ERR_RES;
case SPOE_CTX_ERR_TOO_BIG:
return SPOP_ERR_TOO_BIG;
case SPOE_CTX_ERR_INTERRUPT:
return SPOP_ERR_IO;
default:
return SPOP_ERR_UNKNOWN;
}
}
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static void spoe_update_stats(struct stream *s, struct spoe_agent *agent,
struct spoe_context *ctx, int dir)
MINOR: spoe: Add counters to log info about SPOE agents In addition to metrics about time spent in the SPOE, following counters have been added: * applets : number of SPOE applets. * idles : number of idle applets. * nb_sending : number of streams waiting to send data. * nb_waiting : number of streams waiting for a ack. * nb_processed : number of events/groups processed by the SPOE (from the stream point of view). * nb_errors : number of errors during the processing (from the stream point of view). Log messages has been updated to report these counters. Following pattern has been added at the end of the log message: ... <idles>/<applets> <nb_sending>/<nb_waiting> <nb_error>/<nb_processed>
2018-04-04 04:25:50 -04:00
{
MINOR: spoe: switch the timeval-based timestamps to nanosecond timestamps Various points were collected during a request/response and were stored using timeval. Let's now switch them to nanosecond based timestamps.
2023-04-27 05:54:11 -04:00
if (ctx->stats.start_ts != 0) {
spoe_update_stat_time(&ctx->stats.start_ts, &ctx->stats.t_process);
ctx->stats.t_total += ctx->stats.t_process;
MINOR: spoe: Add counters to log info about SPOE agents In addition to metrics about time spent in the SPOE, following counters have been added: * applets : number of SPOE applets. * idles : number of idle applets. * nb_sending : number of streams waiting to send data. * nb_waiting : number of streams waiting for a ack. * nb_processed : number of events/groups processed by the SPOE (from the stream point of view). * nb_errors : number of errors during the processing (from the stream point of view). Log messages has been updated to report these counters. Following pattern has been added at the end of the log message: ... <idles>/<applets> <nb_sending>/<nb_waiting> <nb_error>/<nb_processed>
2018-04-04 04:25:50 -04:00
}
if (agent->var_t_process) {
struct sample smp;
memset(&smp, 0, sizeof(smp));
smp_set_owner(&smp, s->be, s->sess, s, dir|SMP_OPT_FINAL);
smp.data.u.sint = ctx->stats.t_process;
smp.data.type = SMP_T_SINT;
spoe_set_var(ctx, "txn", agent->var_t_process,
strlen(agent->var_t_process), &smp);
}
if (agent->var_t_total) {
struct sample smp;
memset(&smp, 0, sizeof(smp));
smp_set_owner(&smp, s->be, s->sess, s, dir|SMP_OPT_FINAL);
smp.data.u.sint = ctx->stats.t_total;
smp.data.type = SMP_T_SINT;
spoe_set_var(ctx, "txn", agent->var_t_total,
strlen(agent->var_t_total), &smp);
}
}
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static void spoe_handle_processing_error(struct stream *s, struct spoe_agent *agent,
struct spoe_context *ctx, int dir)
MINOR: spoe: Add counters to log info about SPOE agents In addition to metrics about time spent in the SPOE, following counters have been added: * applets : number of SPOE applets. * idles : number of idle applets. * nb_sending : number of streams waiting to send data. * nb_waiting : number of streams waiting for a ack. * nb_processed : number of events/groups processed by the SPOE (from the stream point of view). * nb_errors : number of errors during the processing (from the stream point of view). Log messages has been updated to report these counters. Following pattern has been added at the end of the log message: ... <idles>/<applets> <nb_sending>/<nb_waiting> <nb_error>/<nb_processed>
2018-04-04 04:25:50 -04:00
{
if (agent->var_on_error) {
struct sample smp;
memset(&smp, 0, sizeof(smp));
smp_set_owner(&smp, s->be, s->sess, s, dir|SMP_OPT_FINAL);
smp.data.u.sint = ctx->status_code;
smp.data.type = SMP_T_BOOL;
spoe_set_var(ctx, "txn", agent->var_on_error,
strlen(agent->var_on_error), &smp);
}
ctx->state = ((agent->flags & SPOE_FL_CONT_ON_ERR)
? SPOE_CTX_ST_READY
: SPOE_CTX_ST_NONE);
}
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static inline int spoe_start_processing(struct spoe_agent *agent, struct spoe_context *ctx, int dir)
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
{
/* If a process is already started for this SPOE context, retry
* later. */
if (ctx->flags & SPOE_CTX_FL_PROCESS)
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames Now, agents can announce the support for the "fragmentation" capability during the HELLO handshake. HAProxy will never announce it because fragmented frame decoding is not implemented yet. But it can send such kind of frames. So, if an agent supports this capability, payloads exceeding the frame size will be split. A fragemented payload consists of several frames with the FIN bit clear and terminated by a single frame with the FIN bit set. All these frames must share the same STREAM-ID and FRAME-ID. Note that an unfragemnted payload consists of a single frame with the FIN bit set. And HELLO and DISCONNECT frames cannot be fragmented. This means that only NOTIFY frames can transport fragmented payload for now.
2017-01-19 04:01:12 -05:00
return 0;
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
MEDIUM: clock: replace timeval "now" with integer "now_ns" This puts an end to the occasional confusion between the "now" date that is internal, monotonic and not synchronized with the system's date, and "date" which is the system's date and not necessarily monotonic. Variable "now" was removed and replaced with a 64-bit integer "now_ns" which is a counter of nanoseconds. It wraps every 585 years, so if all goes well (i.e. if humanity does not need haproxy anymore in 500 years), it will just never wrap. This implies that now_ns is never nul and that the zero value can reliably be used as "not set yet" for a timestamp if needed. This will also simplify date checks where it becomes possible again to do "date1<date2". All occurrences of "tv_to_ns(&now)" were simply replaced by "now_ns". Due to the intricacies between now, global_now and now_offset, all 3 had to be turned to nanoseconds at once. It's not a problem since all of them were solely used in 3 functions in clock.c, but they make the patch look bigger than it really is. The clock_update_local_date() and clock_update_global_date() functions are now much simpler as there's no need anymore to perform conversions nor to round the timeval up or down. The wrapping continues to happen by presetting the internal offset in the short future so that the 32-bit now_ms continues to wrap 20 seconds after boot. The start_time used to calculate uptime can still be turned to nanoseconds now. One interrogation concerns global_now_ms which is used only for the freq counters. It's unclear whether there's more value in using two variables that need to be synchronized sequentially like today or to just use global_now_ns divided by 1 million. Both approaches will work equally well on modern systems, the difference might come from smaller ones. Better not change anyhting for now. One benefit of the new approach is that we now have an internal date with a resolution of the nanosecond and the precision of the microsecond, which can be useful to extend some measurements given that timestamps also have this resolution.
2023-04-28 03:16:15 -04:00
ctx->stats.start_ts = now_ns;
MINOR: spoe: Add metrics in to know time spent in the SPOE Following metrics are added for each event or group of messages processed in the SPOE: * processing time: the delay to process the event or the group. From the stream point of view, it is the latency added by the SPOE processing. * request time : It is the encoding time. It includes ACLs processing, if any. For fragmented frames, it is the sum of all fragments. * queue time : the delay before the request gets out the sending queue. For fragmented frames, it is the sum of all fragments. * waiting time: the delay before the reponse is received. No fragmentation supported here. * response time: the delay to process the response. No fragmentation supported here. * total time: (unused for now). It is the sum of all events or groups processed by the SPOE for a specific threads. Log messages has been updated. Before, only errors was logged (status_code != 0). Now every processing is logged, following this format: SPOE: [AGENT] <TYPE:NAME> sid=STREAM-ID st=STATUC-CODE reqT/qT/wT/resT/pT where: AGENT is the agent name TYPE is EVENT of GROUP NAME is the event or the group name STREAM-ID is an integer, the unique id of the stream STATUS_CODE is the processing's status code reqT/qT/wT/resT/pT are delays descrive above For all these delays, -1 means the processing was interrupted before the end. So -1 for the queue time means the request was never dequeued. For fragmented frames it is harder to know when the interruption happened. For now, messages are logged using the same logger than the backend of the stream which initiated the request.
2018-03-22 04:07:41 -04:00
ctx->stats.t_process = -1;
ctx->status_code = 0;
MINOR: spoe: Replace sending_rate by a frequency counter sending_rate was a counter used to evaluate the SPOE capacity to process frames. Because it was not really accurrate, it has been replaced by a frequency counter representing the number of frames handled by the SPOE per second. We just check this counter is higher than the number of streams waiting for a reply. If not, a new applet is created.
2018-01-24 10:13:48 -05:00
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
/* Set the right flag to prevent request and response processing
* in same time. */
ctx->flags |= ((dir == SMP_OPT_DIR_REQ)
? SPOE_CTX_FL_REQ_PROCESS
: SPOE_CTX_FL_RSP_PROCESS);
return 1;
}
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static inline void spoe_stop_processing(struct spoe_agent *agent, struct spoe_context *ctx)
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
{
MINOR: spoe: Always link a SPOE context with the applet processing it This was already done for fragmented frames. Now, this is true for all frames.
2018-01-24 09:59:32 -05:00
struct spoe_appctx *sa = ctx->spoe_appctx;
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames Now, agents can announce the support for the "fragmentation" capability during the HELLO handshake. HAProxy will never announce it because fragmented frame decoding is not implemented yet. But it can send such kind of frames. So, if an agent supports this capability, payloads exceeding the frame size will be split. A fragemented payload consists of several frames with the FIN bit clear and terminated by a single frame with the FIN bit set. All these frames must share the same STREAM-ID and FRAME-ID. Note that an unfragemnted payload consists of a single frame with the FIN bit set. And HELLO and DISCONNECT frames cannot be fragmented. This means that only NOTIFY frames can transport fragmented payload for now.
2017-01-19 04:01:12 -05:00
MINOR: spoe: Replace sending_rate by a frequency counter sending_rate was a counter used to evaluate the SPOE capacity to process frames. Because it was not really accurrate, it has been replaced by a frequency counter representing the number of frames handled by the SPOE per second. We just check this counter is higher than the number of streams waiting for a reply. If not, a new applet is created.
2018-01-24 10:13:48 -05:00
if (!(ctx->flags & SPOE_CTX_FL_PROCESS))
return;
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 07:53:36 -04:00
_HA_ATOMIC_INC(&agent->counters.nb_processed);
MAJOR: spoe: Remove idle applets and pipelining support Management of idle applets is removed. Consequently, the pipelining support is also removed. It is a huge change but it should be transparent for the agents, except regarding the performances. Of course, being able to reuse already openned connections and being able to multiplex frames on a given connection is a must have. These features will be restored later. hello and idle timeout are not longer used. Because an applet is spawned to process a NOTIFY frame and closed after receiving the ACK reply, the processing timeout is the only one required. In addition, the parameters to limit the SPOE applet creation are no longer used too. The related issue is #2502.
2024-06-17 12:17:11 -04:00
if (sa) {
MEDIUM: spoe: Forward SPOE context error to the SPOE applet Errors triggered by a SPOE filter intance, mainly the processing timeout, are now forwarded to the SPOE applet. This way, an error can be reported to the SPOP mux stream to abort it early. Note that, for now, no abort reaon is set because the SPOP connection is not closed. Only the SPOP stream is aborted. But thanks to this patch, the SPOE applet can be released immediately, instead of waiting for the ACK frame or an error on the mux side. The related issue is #2502.
2024-07-10 02:06:59 -04:00
if (sa->status_code == SPOP_ERR_NONE)
sa->status_code = spoe_ctx_err_to_spop_err(ctx->status_code);
MAJOR: spoe: Remove idle applets and pipelining support Management of idle applets is removed. Consequently, the pipelining support is also removed. It is a huge change but it should be transparent for the agents, except regarding the performances. Of course, being able to reuse already openned connections and being able to multiplex frames on a given connection is a must have. These features will be restored later. hello and idle timeout are not longer used. Because an applet is spawned to process a NOTIFY frame and closed after receiving the ACK reply, the processing timeout is the only one required. In addition, the parameters to limit the SPOE applet creation are no longer used too. The related issue is #2502.
2024-06-17 12:17:11 -04:00
sa->spoe_ctx = NULL;
MEDIUM: spoe: Set the parent stream for SPOE streams When a SPOE applet is created to send a message to an agent, the parent of the associated stream is set to the one filtered. And the relationship between the streams is removed when the applet is released or when the processing on main stream is finished. In the mean time, it is possible to get variables of the parent stream from the SPOE one. It is not a huge change but this will be amazingly useful. For instance, it is now possible to be sticky on a server using a critera of the main streem. Here is an example using the client source address: listen http bind *:80 tcp-request content set-var(txn.client_src) src filter spoe engine {SPOE-NAME} config /{SPOE-CONFIG} http-request send-spoe-group {SPOE-NAME} {SPOE-MSG} server www 127.0.0.1:8000 backend spoe-backend mode spop timeout server 10s stick-table type ip size 200k expire 30m stick on var(ptxn.client_src) server srv1 ... server srv2 ... server srv3 ... server srv4 ... Of course, the feature is not limited to stick-tables. Everywhere variables are used, it is now possible to get the value set on the parent stream from the SPOE stream.
2024-07-17 11:06:00 -04:00
appctx_strm(sa->owner)->parent = NULL;
MEDIUM: spoe: Make the SPOE applet use its own buffers The SPOE applet is rewritten to use its own buffers. It is not a huge change because, once started, the only responsibility of the SPOE applet is to transfer the ACK frame to the SPOE filter. So it means it does not send any data to the opposite endpoint, the NOTIFY frame was already transferred during the applet creation. And it does only receive one full frame. Once received, it can exit. The related issue is #2502.
2024-07-11 08:47:20 -04:00
appctx_wakeup(sa->owner);
MAJOR: spoe: Remove idle applets and pipelining support Management of idle applets is removed. Consequently, the pipelining support is also removed. It is a huge change but it should be transparent for the agents, except regarding the performances. Of course, being able to reuse already openned connections and being able to multiplex frames on a given connection is a must have. These features will be restored later. hello and idle timeout are not longer used. Because an applet is spawned to process a NOTIFY frame and closed after receiving the ACK reply, the processing timeout is the only one required. In addition, the parameters to limit the SPOE applet creation are no longer used too. The related issue is #2502.
2024-06-17 12:17:11 -04:00
}
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames Now, agents can announce the support for the "fragmentation" capability during the HELLO handshake. HAProxy will never announce it because fragmented frame decoding is not implemented yet. But it can send such kind of frames. So, if an agent supports this capability, payloads exceeding the frame size will be split. A fragemented payload consists of several frames with the FIN bit clear and terminated by a single frame with the FIN bit set. All these frames must share the same STREAM-ID and FRAME-ID. Note that an unfragemnted payload consists of a single frame with the FIN bit set. And HELLO and DISCONNECT frames cannot be fragmented. This means that only NOTIFY frames can transport fragmented payload for now.
2017-01-19 04:01:12 -05:00
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
/* Reset the flag to allow next processing */
MEDIUM: spoe: Remove fragmentation support It is the first patch of a long series to refactor the SPOE filter. The idea is to rely on a dedicated multiplexer instead of hakcing HAProxy with a list of applets processing a message queue. First of all, optionnal features will be removed. Some will be restored at the end, some others will just be removed. It is the case here. The frame fragmentation support is removed. The only purpose of this feature is to be able to support the streaming. Because it is out of the scope of this refactoring, the fragmentation is removed. The related issue is #2502.
2024-06-13 05:03:14 -04:00
ctx->flags &= ~SPOE_CTX_FL_PROCESS;
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
/* Reset processing timer */
ctx->process_exp = TICK_ETERNITY;
BUG/MEDIUM: spoe: Don't rely on stream's expiration to detect processing timeout On stream side, the SPOE filter relied on the stream's expiration date to be woken up and be able to detect processing timeout. However, the stream expiration date must not be updated this way. Mainly because it may be overwritten at the end of process_stream(). In the worst case, it is set to TICK_ETERNITY for any reason. In this case, it is impossible to detect the SPOE filter must time out and abort the processing. The right way to do is to set an analysis expiration date on the corresponding channel, depending on the direction. This expiration date will be used to compute the stream's expiration date at the end of process_stream(). This patch may be related to issue #2478. It must be backported to all stable versions.
2024-03-14 05:21:56 -04:00
ctx->strm->req.analyse_exp = TICK_ETERNITY;
ctx->strm->res.analyse_exp = TICK_ETERNITY;
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
spoe_release_buffer(&ctx->buffer, &ctx->buffer_wait);
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
MEDIUM: spoe: Remove fragmentation support It is the first patch of a long series to refactor the SPOE filter. The idea is to rely on a dedicated multiplexer instead of hakcing HAProxy with a list of applets processing a message queue. First of all, optionnal features will be removed. Some will be restored at the end, some others will just be removed. It is the case here. The frame fragmentation support is removed. The only purpose of this feature is to be able to support the streaming. Because it is out of the scope of this refactoring, the fragmentation is removed. The related issue is #2502.
2024-06-13 05:03:14 -04:00
ctx->spoe_appctx = NULL;
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MINOR: spoe: Add a generic function to encode a list of SPOE message So it will be possible to encode messages chained by event or by group. For now, it is only possible to do it by event.
2017-09-21 10:57:24 -04:00
/* Process a list of SPOE messages. First, this functions will process messages
* and send them to an agent in a NOTIFY frame. Then, it will wait a ACK frame
* to process corresponding actions. During all the processing, it returns 0
* and it returns 1 when the processing is finished. If an error occurred, -1
* is returned. */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int spoe_process_messages(struct stream *s, struct spoe_context *ctx,
struct list *messages, int dir, int type)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
MINOR: spoe: Add 'timeout processing' option to limit time to process an event It is a way to set the maximum time to wait for a stream to process an event, i.e to acquire a stream to talk with an agent, to encode all messages, to send the NOTIFY frame, to receive the corrsponding acknowledgement and to process all actions. It is applied on the stream that handle the client and the server sessions.
2016-11-10 09:04:51 -05:00
struct spoe_config *conf = FLT_CONF(ctx->filter);
struct spoe_agent *agent = conf->agent;
MINOR: spoe: Add a generic function to encode a list of SPOE message So it will be possible to encode messages chained by event or by group. For now, it is only possible to do it by event.
2017-09-21 10:57:24 -04:00
int ret = 1;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
if (ctx->state == SPOE_CTX_ST_ERROR)
MINOR: spoe: Add counters to log info about SPOE agents In addition to metrics about time spent in the SPOE, following counters have been added: * applets : number of SPOE applets. * idles : number of idle applets. * nb_sending : number of streams waiting to send data. * nb_waiting : number of streams waiting for a ack. * nb_processed : number of events/groups processed by the SPOE (from the stream point of view). * nb_errors : number of errors during the processing (from the stream point of view). Log messages has been updated to report these counters. Following pattern has been added at the end of the log message: ... <idles>/<applets> <nb_sending>/<nb_waiting> <nb_error>/<nb_processed>
2018-04-04 04:25:50 -04:00
goto end;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MINOR: spoe: Add 'timeout processing' option to limit time to process an event It is a way to set the maximum time to wait for a stream to process an event, i.e to acquire a stream to talk with an agent, to encode all messages, to send the NOTIFY frame, to receive the corrsponding acknowledgement and to process all actions. It is applied on the stream that handle the client and the server sessions.
2016-11-10 09:04:51 -05:00
if (tick_is_expired(ctx->process_exp, now_ms) && ctx->state != SPOE_CTX_ST_DONE) {
MINOR: spoe: Add status code in error variable instead of hardcoded value Now, when option "set-on-error" is enabled, we set a status code representing the error occurred instead of "true". For values under 256, it represents an error coming from the engine. Below 256, it reports a SPOP error. In this case, to retrieve the right SPOP status code, you must remove 256 to this value. Here are possible values: * 1: a timeout occurred during the event processing. * 2: an error was triggered during the ressources allocation. * 255: an unknown error occurred during the event processing. * 256+N: a SPOP error occurred during the event processing.
2017-01-04 10:39:11 -05:00
ctx->status_code = SPOE_CTX_ERR_TOUT;
MINOR: spoe: Add counters to log info about SPOE agents In addition to metrics about time spent in the SPOE, following counters have been added: * applets : number of SPOE applets. * idles : number of idle applets. * nb_sending : number of streams waiting to send data. * nb_waiting : number of streams waiting for a ack. * nb_processed : number of events/groups processed by the SPOE (from the stream point of view). * nb_errors : number of errors during the processing (from the stream point of view). Log messages has been updated to report these counters. Following pattern has been added at the end of the log message: ... <idles>/<applets> <nb_sending>/<nb_waiting> <nb_error>/<nb_processed>
2018-04-04 04:25:50 -04:00
goto end;
MINOR: spoe: Add 'timeout processing' option to limit time to process an event It is a way to set the maximum time to wait for a stream to process an event, i.e to acquire a stream to talk with an agent, to encode all messages, to send the NOTIFY frame, to receive the corrsponding acknowledgement and to process all actions. It is applied on the stream that handle the client and the server sessions.
2016-11-10 09:04:51 -05:00
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
if (ctx->state == SPOE_CTX_ST_READY) {
MINOR: spoe: Add 'timeout processing' option to limit time to process an event It is a way to set the maximum time to wait for a stream to process an event, i.e to acquire a stream to talk with an agent, to encode all messages, to send the NOTIFY frame, to receive the corrsponding acknowledgement and to process all actions. It is applied on the stream that handle the client and the server sessions.
2016-11-10 09:04:51 -05:00
if (!tick_isset(ctx->process_exp)) {
ctx->process_exp = tick_add_ifset(now_ms, agent->timeout.processing);
BUG/MEDIUM: spoe: Don't rely on stream's expiration to detect processing timeout On stream side, the SPOE filter relied on the stream's expiration date to be woken up and be able to detect processing timeout. However, the stream expiration date must not be updated this way. Mainly because it may be overwritten at the end of process_stream(). In the worst case, it is set to TICK_ETERNITY for any reason. In this case, it is impossible to detect the SPOE filter must time out and abort the processing. The right way to do is to set an analysis expiration date on the corresponding channel, depending on the direction. This expiration date will be used to compute the stream's expiration date at the end of process_stream(). This patch may be related to issue #2478. It must be backported to all stable versions.
2024-03-14 05:21:56 -04:00
if (dir == SMP_OPT_DIR_REQ)
s->req.analyse_exp = ctx->process_exp;
else
s->res.analyse_exp = ctx->process_exp;
MINOR: spoe: Add 'timeout processing' option to limit time to process an event It is a way to set the maximum time to wait for a stream to process an event, i.e to acquire a stream to talk with an agent, to encode all messages, to send the NOTIFY frame, to receive the corrsponding acknowledgement and to process all actions. It is applied on the stream that handle the client and the server sessions.
2016-11-10 09:04:51 -05:00
}
MINOR: spoe: Replace sending_rate by a frequency counter sending_rate was a counter used to evaluate the SPOE capacity to process frames. Because it was not really accurrate, it has been replaced by a frequency counter representing the number of frames handled by the SPOE per second. We just check this counter is higher than the number of streams waiting for a reply. If not, a new applet is created.
2018-01-24 10:13:48 -05:00
ret = spoe_start_processing(agent, ctx, dir);
MINOR: spoe: Add status code in error variable instead of hardcoded value Now, when option "set-on-error" is enabled, we set a status code representing the error occurred instead of "true". For values under 256, it represents an error coming from the engine. Below 256, it reports a SPOP error. In this case, to retrieve the right SPOP status code, you must remove 256 to this value. Here are possible values: * 1: a timeout occurred during the event processing. * 2: an error was triggered during the ressources allocation. * 255: an unknown error occurred during the event processing. * 256+N: a SPOP error occurred during the event processing.
2017-01-04 10:39:11 -05:00
if (!ret)
goto out;
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames Now, agents can announce the support for the "fragmentation" capability during the HELLO handshake. HAProxy will never announce it because fragmented frame decoding is not implemented yet. But it can send such kind of frames. So, if an agent supports this capability, payloads exceeding the frame size will be split. A fragemented payload consists of several frames with the FIN bit clear and terminated by a single frame with the FIN bit set. All these frames must share the same STREAM-ID and FRAME-ID. Note that an unfragemnted payload consists of a single frame with the FIN bit set. And HELLO and DISCONNECT frames cannot be fragmented. This means that only NOTIFY frames can transport fragmented payload for now.
2017-01-19 04:01:12 -05:00
ctx->state = SPOE_CTX_ST_ENCODING_MSGS;
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
/* fall through */
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames Now, agents can announce the support for the "fragmentation" capability during the HELLO handshake. HAProxy will never announce it because fragmented frame decoding is not implemented yet. But it can send such kind of frames. So, if an agent supports this capability, payloads exceeding the frame size will be split. A fragemented payload consists of several frames with the FIN bit clear and terminated by a single frame with the FIN bit set. All these frames must share the same STREAM-ID and FRAME-ID. Note that an unfragemnted payload consists of a single frame with the FIN bit set. And HELLO and DISCONNECT frames cannot be fragmented. This means that only NOTIFY frames can transport fragmented payload for now.
2017-01-19 04:01:12 -05:00
if (ctx->state == SPOE_CTX_ST_ENCODING_MSGS) {
MAJOR: spoe: Remove idle applets and pipelining support Management of idle applets is removed. Consequently, the pipelining support is also removed. It is a huge change but it should be transparent for the agents, except regarding the performances. Of course, being able to reuse already openned connections and being able to multiplex frames on a given connection is a must have. These features will be restored later. hello and idle timeout are not longer used. Because an applet is spawned to process a NOTIFY frame and closed after receiving the ACK reply, the processing timeout is the only one required. In addition, the parameters to limit the SPOE applet creation are no longer used too. The related issue is #2502.
2024-06-17 12:17:11 -04:00
struct appctx *appctx;
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
if (!spoe_acquire_buffer(&ctx->buffer, &ctx->buffer_wait))
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames Now, agents can announce the support for the "fragmentation" capability during the HELLO handshake. HAProxy will never announce it because fragmented frame decoding is not implemented yet. But it can send such kind of frames. So, if an agent supports this capability, payloads exceeding the frame size will be split. A fragemented payload consists of several frames with the FIN bit clear and terminated by a single frame with the FIN bit set. All these frames must share the same STREAM-ID and FRAME-ID. Note that an unfragemnted payload consists of a single frame with the FIN bit set. And HELLO and DISCONNECT frames cannot be fragmented. This means that only NOTIFY frames can transport fragmented payload for now.
2017-01-19 04:01:12 -05:00
goto out;
MINOR: spoe: Add a generic function to encode a list of SPOE message So it will be possible to encode messages chained by event or by group. For now, it is only possible to do it by event.
2017-09-21 10:57:24 -04:00
ret = spoe_encode_messages(s, ctx, messages, dir, type);
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames Now, agents can announce the support for the "fragmentation" capability during the HELLO handshake. HAProxy will never announce it because fragmented frame decoding is not implemented yet. But it can send such kind of frames. So, if an agent supports this capability, payloads exceeding the frame size will be split. A fragemented payload consists of several frames with the FIN bit clear and terminated by a single frame with the FIN bit set. All these frames must share the same STREAM-ID and FRAME-ID. Note that an unfragemnted payload consists of a single frame with the FIN bit set. And HELLO and DISCONNECT frames cannot be fragmented. This means that only NOTIFY frames can transport fragmented payload for now.
2017-01-19 04:01:12 -05:00
if (ret < 0)
MINOR: spoe: Add counters to log info about SPOE agents In addition to metrics about time spent in the SPOE, following counters have been added: * applets : number of SPOE applets. * idles : number of idle applets. * nb_sending : number of streams waiting to send data. * nb_waiting : number of streams waiting for a ack. * nb_processed : number of events/groups processed by the SPOE (from the stream point of view). * nb_errors : number of errors during the processing (from the stream point of view). Log messages has been updated to report these counters. Following pattern has been added at the end of the log message: ... <idles>/<applets> <nb_sending>/<nb_waiting> <nb_error>/<nb_processed>
2018-04-04 04:25:50 -04:00
goto end;
MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages Now, it is possible to conditionnaly send a SPOE message by adding an ACL-based condition on the "event" line, in a "spoe-message" section. Here is the example coming for the SPOE documentation: spoe-message get-ip-reputation args ip=src event on-client-session if ! { src -f /etc/haproxy/whitelist.lst } To avoid mixin with proxy's ACLs, each SPOE message has its private ACL list. It possible to declare named ACLs in "spoe-message" section, using the same syntax than for proxies. So we can rewrite the previous example to use a named ACL: spoe-message get-ip-reputation args ip=src acl ip-whitelisted src -f /etc/haproxy/whitelist.lst event on-client-session if ! ip-whitelisted ACL-based conditions are executed in the context of the stream that handle the client and the server connections.
2017-09-04 09:41:09 -04:00
if (!ret)
goto skip;
MEDIUM: spoe: Directly xfer NOTIFY frame when SPOE applet is created Instead of using a buffer from the SPOE filter to store the NOTIFY frame, to copy it in a trash buffer in the SPOE applet to add meta-data and then tranfer it to the channel, the original buffer is directly transfered to the channel during the SPOE applet creation. The SPOE applet is thus simplied, the I/O handler is now only responsible to retrieve the ACK reply. The related issue is #2502.
2024-07-09 05:01:59 -04:00
appctx = spoe_create_appctx(ctx);
MAJOR: spoe: Remove idle applets and pipelining support Management of idle applets is removed. Consequently, the pipelining support is also removed. It is a huge change but it should be transparent for the agents, except regarding the performances. Of course, being able to reuse already openned connections and being able to multiplex frames on a given connection is a must have. These features will be restored later. hello and idle timeout are not longer used. Because an applet is spawned to process a NOTIFY frame and closed after receiving the ACK reply, the processing timeout is the only one required. In addition, the parameters to limit the SPOE applet creation are no longer used too. The related issue is #2502.
2024-06-17 12:17:11 -04:00
if (!appctx) {
ctx->status_code = SPOE_CTX_ERR_RES;
MINOR: spoe: Add counters to log info about SPOE agents In addition to metrics about time spent in the SPOE, following counters have been added: * applets : number of SPOE applets. * idles : number of idle applets. * nb_sending : number of streams waiting to send data. * nb_waiting : number of streams waiting for a ack. * nb_processed : number of events/groups processed by the SPOE (from the stream point of view). * nb_errors : number of errors during the processing (from the stream point of view). Log messages has been updated to report these counters. Following pattern has been added at the end of the log message: ... <idles>/<applets> <nb_sending>/<nb_waiting> <nb_error>/<nb_processed>
2018-04-04 04:25:50 -04:00
goto end;
MAJOR: spoe: Remove idle applets and pipelining support Management of idle applets is removed. Consequently, the pipelining support is also removed. It is a huge change but it should be transparent for the agents, except regarding the performances. Of course, being able to reuse already openned connections and being able to multiplex frames on a given connection is a must have. These features will be restored later. hello and idle timeout are not longer used. Because an applet is spawned to process a NOTIFY frame and closed after receiving the ACK reply, the processing timeout is the only one required. In addition, the parameters to limit the SPOE applet creation are no longer used too. The related issue is #2502.
2024-06-17 12:17:11 -04:00
}
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames Now, agents can announce the support for the "fragmentation" capability during the HELLO handshake. HAProxy will never announce it because fragmented frame decoding is not implemented yet. But it can send such kind of frames. So, if an agent supports this capability, payloads exceeding the frame size will be split. A fragemented payload consists of several frames with the FIN bit clear and terminated by a single frame with the FIN bit set. All these frames must share the same STREAM-ID and FRAME-ID. Note that an unfragemnted payload consists of a single frame with the FIN bit set. And HELLO and DISCONNECT frames cannot be fragmented. This means that only NOTIFY frames can transport fragmented payload for now.
2017-01-19 04:01:12 -05:00
ctx->state = SPOE_CTX_ST_SENDING_MSGS;
}
if (ctx->state == SPOE_CTX_ST_SENDING_MSGS) {
MINOR: spoe: Always link a SPOE context with the applet processing it This was already done for fragmented frames. Now, this is true for all frames.
2018-01-24 09:59:32 -05:00
if (ctx->spoe_appctx)
MEDIUM: spoe: Make the SPOE applet use its own buffers The SPOE applet is rewritten to use its own buffers. It is not a huge change because, once started, the only responsibility of the SPOE applet is to transfer the ACK frame to the SPOE filter. So it means it does not send any data to the opposite endpoint, the NOTIFY frame was already transferred during the applet creation. And it does only receive one full frame. Once received, it can exit. The related issue is #2502.
2024-07-11 08:47:20 -04:00
appctx_wakeup(ctx->spoe_appctx->owner);
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames Now, agents can announce the support for the "fragmentation" capability during the HELLO handshake. HAProxy will never announce it because fragmented frame decoding is not implemented yet. But it can send such kind of frames. So, if an agent supports this capability, payloads exceeding the frame size will be split. A fragemented payload consists of several frames with the FIN bit clear and terminated by a single frame with the FIN bit set. All these frames must share the same STREAM-ID and FRAME-ID. Note that an unfragemnted payload consists of a single frame with the FIN bit set. And HELLO and DISCONNECT frames cannot be fragmented. This means that only NOTIFY frames can transport fragmented payload for now.
2017-01-19 04:01:12 -05:00
ret = 0;
goto out;
}
if (ctx->state == SPOE_CTX_ST_WAITING_ACK) {
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
ret = 0;
goto out;
}
if (ctx->state == SPOE_CTX_ST_DONE) {
MINOR: spoe: Add a generic function to encode a list of SPOE message So it will be possible to encode messages chained by event or by group. For now, it is only possible to do it by event.
2017-09-21 10:57:24 -04:00
spoe_process_actions(s, ctx, dir);
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
ret = 1;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
ctx->frame_id++;
ctx->state = SPOE_CTX_ST_READY;
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
goto end;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
out:
return ret;
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
skip:
MINOR: spoe: switch the timeval-based timestamps to nanosecond timestamps Various points were collected during a request/response and were stored using timeval. Let's now switch them to nanosecond based timestamps.
2023-04-27 05:54:11 -04:00
ctx->stats.start_ts = 0;
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
ctx->state = SPOE_CTX_ST_READY;
MINOR: spoe: Add counters to log info about SPOE agents In addition to metrics about time spent in the SPOE, following counters have been added: * applets : number of SPOE applets. * idles : number of idle applets. * nb_sending : number of streams waiting to send data. * nb_waiting : number of streams waiting for a ack. * nb_processed : number of events/groups processed by the SPOE (from the stream point of view). * nb_errors : number of errors during the processing (from the stream point of view). Log messages has been updated to report these counters. Following pattern has been added at the end of the log message: ... <idles>/<applets> <nb_sending>/<nb_waiting> <nb_error>/<nb_processed>
2018-04-04 04:25:50 -04:00
spoe_stop_processing(agent, ctx);
return 1;
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
end:
MINOR: spoe: Add metrics in to know time spent in the SPOE Following metrics are added for each event or group of messages processed in the SPOE: * processing time: the delay to process the event or the group. From the stream point of view, it is the latency added by the SPOE processing. * request time : It is the encoding time. It includes ACLs processing, if any. For fragmented frames, it is the sum of all fragments. * queue time : the delay before the request gets out the sending queue. For fragmented frames, it is the sum of all fragments. * waiting time: the delay before the reponse is received. No fragmentation supported here. * response time: the delay to process the response. No fragmentation supported here. * total time: (unused for now). It is the sum of all events or groups processed by the SPOE for a specific threads. Log messages has been updated. Before, only errors was logged (status_code != 0). Now every processing is logged, following this format: SPOE: [AGENT] <TYPE:NAME> sid=STREAM-ID st=STATUC-CODE reqT/qT/wT/resT/pT where: AGENT is the agent name TYPE is EVENT of GROUP NAME is the event or the group name STREAM-ID is an integer, the unique id of the stream STATUS_CODE is the processing's status code reqT/qT/wT/resT/pT are delays descrive above For all these delays, -1 means the processing was interrupted before the end. So -1 for the queue time means the request was never dequeued. For fragmented frames it is harder to know when the interruption happened. For now, messages are logged using the same logger than the backend of the stream which initiated the request.
2018-03-22 04:07:41 -04:00
spoe_update_stats(s, agent, ctx, dir);
MINOR: spoe: Replace sending_rate by a frequency counter sending_rate was a counter used to evaluate the SPOE capacity to process frames. Because it was not really accurrate, it has been replaced by a frequency counter representing the number of frames handled by the SPOE per second. We just check this counter is higher than the number of streams waiting for a reply. If not, a new applet is created.
2018-01-24 10:13:48 -05:00
spoe_stop_processing(agent, ctx);
MINOR: spoe: Add counters to log info about SPOE agents In addition to metrics about time spent in the SPOE, following counters have been added: * applets : number of SPOE applets. * idles : number of idle applets. * nb_sending : number of streams waiting to send data. * nb_waiting : number of streams waiting for a ack. * nb_processed : number of events/groups processed by the SPOE (from the stream point of view). * nb_errors : number of errors during the processing (from the stream point of view). Log messages has been updated to report these counters. Following pattern has been added at the end of the log message: ... <idles>/<applets> <nb_sending>/<nb_waiting> <nb_error>/<nb_processed>
2018-04-04 04:25:50 -04:00
if (ctx->status_code) {
CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec This patch replaces roughly all occurrences of an HA_ATOMIC_ADD(&foo, 1) or HA_ATOMIC_SUB(&foo, 1) with the equivalent HA_ATOMIC_INC(&foo) and HA_ATOMIC_DEC(&foo) respectively. These are 507 changes over 45 files.
2021-04-06 07:53:36 -04:00
_HA_ATOMIC_INC(&agent->counters.nb_errors);
MINOR: spoe: Add counters to log info about SPOE agents In addition to metrics about time spent in the SPOE, following counters have been added: * applets : number of SPOE applets. * idles : number of idle applets. * nb_sending : number of streams waiting to send data. * nb_waiting : number of streams waiting for a ack. * nb_processed : number of events/groups processed by the SPOE (from the stream point of view). * nb_errors : number of errors during the processing (from the stream point of view). Log messages has been updated to report these counters. Following pattern has been added at the end of the log message: ... <idles>/<applets> <nb_sending>/<nb_waiting> <nb_error>/<nb_processed>
2018-04-04 04:25:50 -04:00
spoe_handle_processing_error(s, agent, ctx, dir);
ret = 1;
}
MINOR: spoe: Add a generic function to encode a list of SPOE message So it will be possible to encode messages chained by event or by group. For now, it is only possible to do it by event.
2017-09-21 10:57:24 -04:00
return ret;
}
MEDIUM: spoe/rules: Process "send-spoe-group" action The messages processing is done using existing functions. So here, the main task is to find the SPOE engine to use. To do so, we loop on all filter instances attached to the stream. For each, we check if it is a SPOE filter and, if yes, if its name is the one used to declare the "send-spoe-group" action. We also take care to return an error if the action processing is interrupted by HAProxy (because of a timeout or an error at the HAProxy level). This is done by checking if the flag ACT_FLAG_FINAL is set. The function spoe_send_group is the action_ptr callback ot
2017-09-22 04:20:13 -04:00
/* Process a SPOE group, ie the list of messages attached to the group <grp>.
* See spoe_process_message for details. */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int spoe_process_group(struct stream *s, struct spoe_context *ctx,
struct spoe_group *group, int dir)
MEDIUM: spoe/rules: Process "send-spoe-group" action The messages processing is done using existing functions. So here, the main task is to find the SPOE engine to use. To do so, we loop on all filter instances attached to the stream. For each, we check if it is a SPOE filter and, if yes, if its name is the one used to declare the "send-spoe-group" action. We also take care to return an error if the action processing is interrupted by HAProxy (because of a timeout or an error at the HAProxy level). This is done by checking if the flag ACT_FLAG_FINAL is set. The function spoe_send_group is the action_ptr callback ot
2017-09-22 04:20:13 -04:00
{
MINOR: spoe: Add metrics in to know time spent in the SPOE Following metrics are added for each event or group of messages processed in the SPOE: * processing time: the delay to process the event or the group. From the stream point of view, it is the latency added by the SPOE processing. * request time : It is the encoding time. It includes ACLs processing, if any. For fragmented frames, it is the sum of all fragments. * queue time : the delay before the request gets out the sending queue. For fragmented frames, it is the sum of all fragments. * waiting time: the delay before the reponse is received. No fragmentation supported here. * response time: the delay to process the response. No fragmentation supported here. * total time: (unused for now). It is the sum of all events or groups processed by the SPOE for a specific threads. Log messages has been updated. Before, only errors was logged (status_code != 0). Now every processing is logged, following this format: SPOE: [AGENT] <TYPE:NAME> sid=STREAM-ID st=STATUC-CODE reqT/qT/wT/resT/pT where: AGENT is the agent name TYPE is EVENT of GROUP NAME is the event or the group name STREAM-ID is an integer, the unique id of the stream STATUS_CODE is the processing's status code reqT/qT/wT/resT/pT are delays descrive above For all these delays, -1 means the processing was interrupted before the end. So -1 for the queue time means the request was never dequeued. For fragmented frames it is harder to know when the interruption happened. For now, messages are logged using the same logger than the backend of the stream which initiated the request.
2018-03-22 04:07:41 -04:00
struct spoe_config *conf = FLT_CONF(ctx->filter);
struct spoe_agent *agent = conf->agent;
MEDIUM: spoe/rules: Process "send-spoe-group" action The messages processing is done using existing functions. So here, the main task is to find the SPOE engine to use. To do so, we loop on all filter instances attached to the stream. For each, we check if it is a SPOE filter and, if yes, if its name is the one used to declare the "send-spoe-group" action. We also take care to return an error if the action processing is interrupted by HAProxy (because of a timeout or an error at the HAProxy level). This is done by checking if the flag ACT_FLAG_FINAL is set. The function spoe_send_group is the action_ptr callback ot
2017-09-22 04:20:13 -04:00
int ret;
if (LIST_ISEMPTY(&group->messages))
return 1;
ret = spoe_process_messages(s, ctx, &group->messages, dir, SPOE_MSGS_BY_GROUP);
MINOR: spoe: Add metrics in to know time spent in the SPOE Following metrics are added for each event or group of messages processed in the SPOE: * processing time: the delay to process the event or the group. From the stream point of view, it is the latency added by the SPOE processing. * request time : It is the encoding time. It includes ACLs processing, if any. For fragmented frames, it is the sum of all fragments. * queue time : the delay before the request gets out the sending queue. For fragmented frames, it is the sum of all fragments. * waiting time: the delay before the reponse is received. No fragmentation supported here. * response time: the delay to process the response. No fragmentation supported here. * total time: (unused for now). It is the sum of all events or groups processed by the SPOE for a specific threads. Log messages has been updated. Before, only errors was logged (status_code != 0). Now every processing is logged, following this format: SPOE: [AGENT] <TYPE:NAME> sid=STREAM-ID st=STATUC-CODE reqT/qT/wT/resT/pT where: AGENT is the agent name TYPE is EVENT of GROUP NAME is the event or the group name STREAM-ID is an integer, the unique id of the stream STATUS_CODE is the processing's status code reqT/qT/wT/resT/pT are delays descrive above For all these delays, -1 means the processing was interrupted before the end. So -1 for the queue time means the request was never dequeued. For fragmented frames it is harder to know when the interruption happened. For now, messages are logged using the same logger than the backend of the stream which initiated the request.
2018-03-22 04:07:41 -04:00
if (ret && ctx->stats.t_process != -1) {
MINOR: spoe: Move all stuff regarding the filter/applet in the C file Structures describing the SPOE applet context, the SPOE filter configuration and context and the SPOE messages and groups are moved in the C file. In spoe-t.h file, it remains the structure describing an SPOE agent and flags used by both sides. In addition, the SPOE frontend, created for a given SPOE engine, is moved from the SPOE filter configuration to the SPOE agent structure. The related issue is #2502.
2024-07-04 05:14:11 -04:00
if (ctx->status_code || !(agent->fe.options2 & PR_O2_NOLOGNORM))
send_log(&agent->fe, (!ctx->status_code ? LOG_NOTICE : LOG_WARNING),
MAJOR: spoe: Remove idle applets and pipelining support Management of idle applets is removed. Consequently, the pipelining support is also removed. It is a huge change but it should be transparent for the agents, except regarding the performances. Of course, being able to reuse already openned connections and being able to multiplex frames on a given connection is a must have. These features will be restored later. hello and idle timeout are not longer used. Because an applet is spawned to process a NOTIFY frame and closed after receiving the ACK reply, the processing timeout is the only one required. In addition, the parameters to limit the SPOE applet creation are no longer used too. The related issue is #2502.
2024-06-17 12:17:11 -04:00
"SPOE: [%s] <GROUP:%s> sid=%u st=%u %ld %llu/%llu\n",
agent->id, group->id, s->uniq_id, ctx->status_code, ctx->stats.t_process,
MINOR: spoe: Add counters to log info about SPOE agents In addition to metrics about time spent in the SPOE, following counters have been added: * applets : number of SPOE applets. * idles : number of idle applets. * nb_sending : number of streams waiting to send data. * nb_waiting : number of streams waiting for a ack. * nb_processed : number of events/groups processed by the SPOE (from the stream point of view). * nb_errors : number of errors during the processing (from the stream point of view). Log messages has been updated to report these counters. Following pattern has been added at the end of the log message: ... <idles>/<applets> <nb_sending>/<nb_waiting> <nb_error>/<nb_processed>
2018-04-04 04:25:50 -04:00
agent->counters.nb_errors, agent->counters.nb_processed);
MINOR: spoe: Add metrics in to know time spent in the SPOE Following metrics are added for each event or group of messages processed in the SPOE: * processing time: the delay to process the event or the group. From the stream point of view, it is the latency added by the SPOE processing. * request time : It is the encoding time. It includes ACLs processing, if any. For fragmented frames, it is the sum of all fragments. * queue time : the delay before the request gets out the sending queue. For fragmented frames, it is the sum of all fragments. * waiting time: the delay before the reponse is received. No fragmentation supported here. * response time: the delay to process the response. No fragmentation supported here. * total time: (unused for now). It is the sum of all events or groups processed by the SPOE for a specific threads. Log messages has been updated. Before, only errors was logged (status_code != 0). Now every processing is logged, following this format: SPOE: [AGENT] <TYPE:NAME> sid=STREAM-ID st=STATUC-CODE reqT/qT/wT/resT/pT where: AGENT is the agent name TYPE is EVENT of GROUP NAME is the event or the group name STREAM-ID is an integer, the unique id of the stream STATUS_CODE is the processing's status code reqT/qT/wT/resT/pT are delays descrive above For all these delays, -1 means the processing was interrupted before the end. So -1 for the queue time means the request was never dequeued. For fragmented frames it is harder to know when the interruption happened. For now, messages are logged using the same logger than the backend of the stream which initiated the request.
2018-03-22 04:07:41 -04:00
}
MEDIUM: spoe/rules: Process "send-spoe-group" action The messages processing is done using existing functions. So here, the main task is to find the SPOE engine to use. To do so, we loop on all filter instances attached to the stream. For each, we check if it is a SPOE filter and, if yes, if its name is the one used to declare the "send-spoe-group" action. We also take care to return an error if the action processing is interrupted by HAProxy (because of a timeout or an error at the HAProxy level). This is done by checking if the flag ACT_FLAG_FINAL is set. The function spoe_send_group is the action_ptr callback ot
2017-09-22 04:20:13 -04:00
return ret;
}
MINOR: spoe: Add a generic function to encode a list of SPOE message So it will be possible to encode messages chained by event or by group. For now, it is only possible to do it by event.
2017-09-21 10:57:24 -04:00
/* Process a SPOE event, ie the list of messages attached to the event <ev>.
* See spoe_process_message for details. */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int spoe_process_event(struct stream *s, struct spoe_context *ctx,
enum spoe_event ev)
MINOR: spoe: Add a generic function to encode a list of SPOE message So it will be possible to encode messages chained by event or by group. For now, it is only possible to do it by event.
2017-09-21 10:57:24 -04:00
{
MINOR: spoe: Add metrics in to know time spent in the SPOE Following metrics are added for each event or group of messages processed in the SPOE: * processing time: the delay to process the event or the group. From the stream point of view, it is the latency added by the SPOE processing. * request time : It is the encoding time. It includes ACLs processing, if any. For fragmented frames, it is the sum of all fragments. * queue time : the delay before the request gets out the sending queue. For fragmented frames, it is the sum of all fragments. * waiting time: the delay before the reponse is received. No fragmentation supported here. * response time: the delay to process the response. No fragmentation supported here. * total time: (unused for now). It is the sum of all events or groups processed by the SPOE for a specific threads. Log messages has been updated. Before, only errors was logged (status_code != 0). Now every processing is logged, following this format: SPOE: [AGENT] <TYPE:NAME> sid=STREAM-ID st=STATUC-CODE reqT/qT/wT/resT/pT where: AGENT is the agent name TYPE is EVENT of GROUP NAME is the event or the group name STREAM-ID is an integer, the unique id of the stream STATUS_CODE is the processing's status code reqT/qT/wT/resT/pT are delays descrive above For all these delays, -1 means the processing was interrupted before the end. So -1 for the queue time means the request was never dequeued. For fragmented frames it is harder to know when the interruption happened. For now, messages are logged using the same logger than the backend of the stream which initiated the request.
2018-03-22 04:07:41 -04:00
struct spoe_config *conf = FLT_CONF(ctx->filter);
struct spoe_agent *agent = conf->agent;
MINOR: spoe: Add a generic function to encode a list of SPOE message So it will be possible to encode messages chained by event or by group. For now, it is only possible to do it by event.
2017-09-21 10:57:24 -04:00
int dir, ret;
dir = ((ev < SPOE_EV_ON_SERVER_SESS) ? SMP_OPT_DIR_REQ : SMP_OPT_DIR_RES);
if (LIST_ISEMPTY(&(ctx->events[ev])))
return 1;
ret = spoe_process_messages(s, ctx, &(ctx->events[ev]), dir, SPOE_MSGS_BY_EVENT);
MINOR: spoe: Add metrics in to know time spent in the SPOE Following metrics are added for each event or group of messages processed in the SPOE: * processing time: the delay to process the event or the group. From the stream point of view, it is the latency added by the SPOE processing. * request time : It is the encoding time. It includes ACLs processing, if any. For fragmented frames, it is the sum of all fragments. * queue time : the delay before the request gets out the sending queue. For fragmented frames, it is the sum of all fragments. * waiting time: the delay before the reponse is received. No fragmentation supported here. * response time: the delay to process the response. No fragmentation supported here. * total time: (unused for now). It is the sum of all events or groups processed by the SPOE for a specific threads. Log messages has been updated. Before, only errors was logged (status_code != 0). Now every processing is logged, following this format: SPOE: [AGENT] <TYPE:NAME> sid=STREAM-ID st=STATUC-CODE reqT/qT/wT/resT/pT where: AGENT is the agent name TYPE is EVENT of GROUP NAME is the event or the group name STREAM-ID is an integer, the unique id of the stream STATUS_CODE is the processing's status code reqT/qT/wT/resT/pT are delays descrive above For all these delays, -1 means the processing was interrupted before the end. So -1 for the queue time means the request was never dequeued. For fragmented frames it is harder to know when the interruption happened. For now, messages are logged using the same logger than the backend of the stream which initiated the request.
2018-03-22 04:07:41 -04:00
if (ret && ctx->stats.t_process != -1) {
MINOR: spoe: Move all stuff regarding the filter/applet in the C file Structures describing the SPOE applet context, the SPOE filter configuration and context and the SPOE messages and groups are moved in the C file. In spoe-t.h file, it remains the structure describing an SPOE agent and flags used by both sides. In addition, the SPOE frontend, created for a given SPOE engine, is moved from the SPOE filter configuration to the SPOE agent structure. The related issue is #2502.
2024-07-04 05:14:11 -04:00
if (ctx->status_code || !(agent->fe.options2 & PR_O2_NOLOGNORM))
send_log(&agent->fe, (!ctx->status_code ? LOG_NOTICE : LOG_WARNING),
MAJOR: spoe: Remove idle applets and pipelining support Management of idle applets is removed. Consequently, the pipelining support is also removed. It is a huge change but it should be transparent for the agents, except regarding the performances. Of course, being able to reuse already openned connections and being able to multiplex frames on a given connection is a must have. These features will be restored later. hello and idle timeout are not longer used. Because an applet is spawned to process a NOTIFY frame and closed after receiving the ACK reply, the processing timeout is the only one required. In addition, the parameters to limit the SPOE applet creation are no longer used too. The related issue is #2502.
2024-06-17 12:17:11 -04:00
"SPOE: [%s] <EVENT:%s> sid=%u st=%u %ld %llu/%llu\n",
agent->id, spoe_event_str[ev], s->uniq_id, ctx->status_code, ctx->stats.t_process,
MINOR: spoe: Add counters to log info about SPOE agents In addition to metrics about time spent in the SPOE, following counters have been added: * applets : number of SPOE applets. * idles : number of idle applets. * nb_sending : number of streams waiting to send data. * nb_waiting : number of streams waiting for a ack. * nb_processed : number of events/groups processed by the SPOE (from the stream point of view). * nb_errors : number of errors during the processing (from the stream point of view). Log messages has been updated to report these counters. Following pattern has been added at the end of the log message: ... <idles>/<applets> <nb_sending>/<nb_waiting> <nb_error>/<nb_processed>
2018-04-04 04:25:50 -04:00
agent->counters.nb_errors, agent->counters.nb_processed);
MINOR: spoe: Add metrics in to know time spent in the SPOE Following metrics are added for each event or group of messages processed in the SPOE: * processing time: the delay to process the event or the group. From the stream point of view, it is the latency added by the SPOE processing. * request time : It is the encoding time. It includes ACLs processing, if any. For fragmented frames, it is the sum of all fragments. * queue time : the delay before the request gets out the sending queue. For fragmented frames, it is the sum of all fragments. * waiting time: the delay before the reponse is received. No fragmentation supported here. * response time: the delay to process the response. No fragmentation supported here. * total time: (unused for now). It is the sum of all events or groups processed by the SPOE for a specific threads. Log messages has been updated. Before, only errors was logged (status_code != 0). Now every processing is logged, following this format: SPOE: [AGENT] <TYPE:NAME> sid=STREAM-ID st=STATUC-CODE reqT/qT/wT/resT/pT where: AGENT is the agent name TYPE is EVENT of GROUP NAME is the event or the group name STREAM-ID is an integer, the unique id of the stream STATUS_CODE is the processing's status code reqT/qT/wT/resT/pT are delays descrive above For all these delays, -1 means the processing was interrupted before the end. So -1 for the queue time means the request was never dequeued. For fragmented frames it is harder to know when the interruption happened. For now, messages are logged using the same logger than the backend of the stream which initiated the request.
2018-03-22 04:07:41 -04:00
}
BUG/MEDIUM: spoe: Properly abort processing on client abort Client abort when abortonclose is configured was ignored when messges were sent on event while it works properly when messages are sent via an "send-spoe-group" action. To fix the issue, when the SPOE filter is waiting for the SPOE applet response, it must check if a client abort was reported and if so, must interrupt its processing. This patch should be backported as far as 3.1.
2026-03-16 02:59:24 -04:00
else if (ret == 0) {
if ((s->scf->flags & SC_FL_ERROR) ||
BUG/MINOR: http-ana: Only consider client abort for abortonclose When abortonclose option is enabled (by default since 3.3), the HTTP rules can no longer yield if the client aborts. However, stream aborts were also considered. So it was possible to interrupt yielding rules, especially on the response processing, while the client was still waiting for the response. So now, when abortonclose option is enabled, we now take care to only consider client aborts to prevent HTTP rules to yield. Many thanks to @DirkyJerky for his detailed analysis. This patch should fix the issue #3306. It should be backported as far as 2.8.
2026-03-27 06:18:39 -04:00
((s->scf->flags & SC_FL_EOS) && proxy_abrt_close_def(s->be, 1))) {
BUG/MEDIUM: spoe: Properly abort processing on client abort Client abort when abortonclose is configured was ignored when messges were sent on event while it works properly when messages are sent via an "send-spoe-group" action. To fix the issue, when the SPOE filter is waiting for the SPOE applet response, it must check if a client abort was reported and if so, must interrupt its processing. This patch should be backported as far as 3.1.
2026-03-16 02:59:24 -04:00
ctx->status_code = SPOE_CTX_ERR_INTERRUPT;
spoe_stop_processing(agent, ctx);
spoe_handle_processing_error(s, agent, ctx, dir);
ret = 1;
}
}
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
return ret;
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
/***************************************************************************
* Functions that create/destroy SPOE contexts
**************************************************************************/
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int spoe_acquire_buffer(struct buffer *buf, struct buffer_wait *buffer_wait)
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
{
MAJOR: buffer: finalize buffer detachment Now the buffers only contain the header and a pointer to the storage area which can be anywhere. This will significantly simplify buffer swapping and will make it possible to map chunks on buffers as well. The buf_empty variable was removed, as now it's enough to have size==0 and area==NULL to designate the empty buffer (thus a non-allocated head is the empty buffer by default). buf_wanted for now is indicated by size==0 and area==(void *)1. The channels and the checks now embed the buffer's head, and the only pointer is to the storage area. This slightly increases the unallocated buffer size (3 extra ints for the empty buffer) but considerably simplifies dynamic buffer management. It will also later permit to detach unused checks. The way the struct buffer is arranged has proven quite efficient on a number of tests, which makes sense given that size is always accessed and often first, followed by the othe ones.
2018-07-10 11:43:27 -04:00
if (buf->size)
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
return 1;
MEDIUM: dynbuf: generalize the use of b_dequeue() to detach buffer_wait Now thanks to this the bufq_map field is expected to remain accurate.
2024-04-24 12:44:03 -04:00
b_dequeue(buffer_wait);
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
MINOR: dynbuf: pass a criticality argument to b_alloc() The goal is to indicate how critical the allocation is, between the least one (growing an existing buffer ring) and the topmost one (boot time allocation for the life of the process). The 3 tcp-based muxes (h1, h2, fcgi) use a common allocation function to try to allocate otherwise subscribe. There's currently no distinction of direction nor part that tries to allocate, and this should be revisited to improve this situation, particularly when we consider that mux-h2 can reduce its Tx allocations if needed. For now, 4 main levels are planned, to translate how the data travels inside haproxy from a producer to a consumer: - MUX_RX: buffer used to receive data from the OS - SE_RX: buffer used to place a transformation of the RX data for a mux, or to produce a response for an applet - CHANNEL: the channel buffer for sync recv - MUX_TX: buffer used to transfer data from the channel to the outside, generally a mux but there can be a few specificities (e.g. http client's response buffer passed to the application, which also gets a transformation of the channel data). The other levels are a bit different in that they don't strictly need to allocate for the first two ones, or they're permanent for the last one (used by compression).
2024-04-16 02:55:20 -04:00
if (b_alloc(buf, DB_CHANNEL))
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
return 1;
MINOR: dynbuf: use the b_queue()/b_requeue() functions everywhere The code places that were used to manipulate the buffer_wq manually now just call b_queue() or b_requeue(). This will simplify the multiple list management later.
2024-04-24 11:02:23 -04:00
b_requeue(DB_CHANNEL, buffer_wait);
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
return 0;
}
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static void spoe_release_buffer(struct buffer *buf, struct buffer_wait *buffer_wait)
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
{
MEDIUM: dynbuf: generalize the use of b_dequeue() to detach buffer_wait Now thanks to this the bufq_map field is expected to remain accurate.
2024-04-24 12:44:03 -04:00
b_dequeue(buffer_wait);
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
/* Release the buffer if needed */
MAJOR: buffer: finalize buffer detachment Now the buffers only contain the header and a pointer to the storage area which can be anywhere. This will significantly simplify buffer swapping and will make it possible to map chunks on buffers as well. The buf_empty variable was removed, as now it's enough to have size==0 and area==NULL to designate the empty buffer (thus a non-allocated head is the empty buffer by default). buf_wanted for now is indicated by size==0 and area==(void *)1. The channels and the checks now embed the buffer's head, and the only pointer is to the storage area. This slightly increases the unallocated buffer size (3 extra ints for the empty buffer) but considerably simplifies dynamic buffer management. It will also later permit to detach unused checks. The way the struct buffer is arranged has proven quite efficient on a number of tests, which makes sense given that size is always accessed and often first, followed by the othe ones.
2018-07-10 11:43:27 -04:00
if (buf->size) {
MEDIUM: spoe: Be sure to wakeup the good entity waiting for a buffer This happens when buffer allocation failed. In the SPOE context, buffers are allocated by streams and SPOE applets at different time. First, by streams, when messages need to be encoded before sending them in a NOTIFY frame. Then, by SPOE applets, when a ACK frame is received. The first case works as expected, we wake up the stream. But for the second one, we must wake up the waiting SPOE applet.
2017-01-11 08:05:19 -05:00
b_free(buf);
MINOR: dynbuf: pass offer_buffers() the number of buffers instead of a threshold Historically this function would try to wake the most accurate number of process_stream() waiters. But since the introduction of filters which could also require buffers (e.g. for compression), things started not to be as accurate anymore. Nowadays muxes and transport layers also use buffers, so the runqueue size has nothing to do anymore with the number of supposed users to come. In addition to this, the threshold was compared to the number of free buffer calculated as allocated minus used, but this didn't work anymore with local pools since these counts are not updated upon alloc/free! Let's clean this up and pass the number of released buffers instead, and consider that each waiter successfully called counts as one buffer. This is not rocket science and will not suddenly fix everything, but at least it cannot be as wrong as it is today. This could have been marked as a bug given that the current situation is totally broken regarding this, but this probably doesn't completely fix it, it only goes in a better direction. It is possible however that it makes sense in the future to backport this as part of a larger series if the situation significantly improves.
2021-02-20 06:02:46 -05:00
offer_buffers(buffer_wait->target, 1);
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
}
}
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int spoe_wakeup_context(struct spoe_context *ctx)
BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled When an entity tries to get a buffer, if it cannot be allocted, for example because the number of buffers which may be allocated per process is limited, this entity is added in a list (called <buffer_wq>) and wait for an available buffer. Historically, the <buffer_wq> list was logically attached to streams because it were the only entities likely to be added in it. Now, applets can also be waiting for a free buffer. And with filters, we could imagine to have more other entities waiting for a buffer. So it make sense to have a generic list. Anyway, with the current design there is a bug. When an applet failed to get a buffer, it will wait. But we add the stream attached to the applet in <buffer_wq>, instead of the applet itself. So when a buffer is available, we wake up the stream and not the waiting applet. So, it is possible to have waiting applets and never awakened. So, now, <buffer_wq> is independant from streams. And we really add the waiting entity in <buffer_wq>. To be generic, the entity is responsible to define the callback used to awaken it. In addition, applets will still request an input buffer when they become active. But they will not be sleeped anymore if no buffer are available. So this is the responsibility to the applet I/O handler to check if this buffer is allocated or not. This way, an applet can decide if this buffer is required or not and can do additional processing if not. [wt: backport to 1.7 and 1.6]
2016-12-09 11:30:18 -05:00
{
task_wakeup(ctx->strm->task, TASK_WOKEN_MSG);
return 1;
}
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static struct spoe_context *spoe_create_context(struct stream *s, struct filter *filter)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
struct spoe_config *conf = FLT_CONF(filter);
struct spoe_context *ctx;
CLEANUP: spoe: use pool_zalloc() instead of pool_alloc+memset Two places used to alloc then zero the area, let's have the allocator do it.
2021-03-22 16:04:50 -04:00
ctx = pool_zalloc(pool_head_spoe_ctx);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
if (ctx == NULL) {
return NULL;
}
MINOR: spoe: Add status code in error variable instead of hardcoded value Now, when option "set-on-error" is enabled, we set a status code representing the error occurred instead of "true". For values under 256, it represents an error coming from the engine. Below 256, it reports a SPOP error. In this case, to retrieve the right SPOP status code, you must remove 256 to this value. Here are possible values: * 1: a timeout occurred during the event processing. * 2: an error was triggered during the ressources allocation. * 255: an unknown error occurred during the event processing. * 256+N: a SPOP error occurred during the event processing.
2017-01-04 10:39:11 -05:00
ctx->filter = filter;
ctx->state = SPOE_CTX_ST_NONE;
ctx->status_code = SPOE_CTX_ERR_NONE;
ctx->flags = 0;
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
ctx->events = conf->agent->events;
MEDIUM: spoe/rules: Add "send-spoe-group" action for tcp/http rules This action is used to trigger sending of a group of SPOE messages. To do so, the SPOE engine used to send messages must be defined, as well as the SPOE group to send. Of course, the SPOE engine must refer to an existing SPOE filter. If not engine name is provided on the SPOE filter line, the SPOE agent name must be used. For example: http-request send-spoe-group my-engine some-group This action is available for "tcp-request content", "tcp-response content", "http-request" and "http-response" rulesets. It cannot be used for tcp connection/session rulesets because actions for these rulesets cannot yield. For now, the action keyword is parsed and checked. But it does nothing. Its processing will be added in another patch.
2017-09-21 05:03:52 -04:00
ctx->groups = &conf->agent->groups;
MAJOR: buffer: finalize buffer detachment Now the buffers only contain the header and a pointer to the storage area which can be anywhere. This will significantly simplify buffer swapping and will make it possible to map chunks on buffers as well. The buf_empty variable was removed, as now it's enough to have size==0 and area==NULL to designate the empty buffer (thus a non-allocated head is the empty buffer by default). buf_wanted for now is indicated by size==0 and area==(void *)1. The channels and the checks now embed the buffer's head, and the only pointer is to the storage area. This slightly increases the unallocated buffer size (3 extra ints for the empty buffer) but considerably simplifies dynamic buffer management. It will also later permit to detach unused checks. The way the struct buffer is arranged has proven quite efficient on a number of tests, which makes sense given that size is always accessed and often first, followed by the othe ones.
2018-07-10 11:43:27 -04:00
ctx->buffer = BUF_NULL;
MINOR: dynbuf: use regular lists instead of mt_lists for buffer_wait There's no point anymore in keeping mt_lists for the buffer_wait and buffer_wq since it's thread-local now.
2021-02-20 05:49:49 -05:00
LIST_INIT(&ctx->buffer_wait.list);
BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled When an entity tries to get a buffer, if it cannot be allocted, for example because the number of buffers which may be allocated per process is limited, this entity is added in a list (called <buffer_wq>) and wait for an available buffer. Historically, the <buffer_wq> list was logically attached to streams because it were the only entities likely to be added in it. Now, applets can also be waiting for a free buffer. And with filters, we could imagine to have more other entities waiting for a buffer. So it make sense to have a generic list. Anyway, with the current design there is a bug. When an applet failed to get a buffer, it will wait. But we add the stream attached to the applet in <buffer_wq>, instead of the applet itself. So when a buffer is available, we wake up the stream and not the waiting applet. So, it is possible to have waiting applets and never awakened. So, now, <buffer_wq> is independant from streams. And we really add the waiting entity in <buffer_wq>. To be generic, the entity is responsible to define the callback used to awaken it. In addition, applets will still request an input buffer when they become active. But they will not be sleeped anymore if no buffer are available. So this is the responsibility to the applet I/O handler to check if this buffer is allocated or not. This way, an applet can decide if this buffer is required or not and can do additional processing if not. [wt: backport to 1.7 and 1.6]
2016-12-09 11:30:18 -05:00
ctx->buffer_wait.target = ctx;
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
ctx->buffer_wait.wakeup_cb = (int (*)(void *))spoe_wakeup_context;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MINOR: spoe: Add 'timeout processing' option to limit time to process an event It is a way to set the maximum time to wait for a stream to process an event, i.e to acquire a stream to talk with an agent, to encode all messages, to send the NOTIFY frame, to receive the corrsponding acknowledgement and to process all actions. It is applied on the stream that handle the client and the server sessions.
2016-11-10 09:04:51 -05:00
ctx->stream_id = 0;
ctx->frame_id = 1;
ctx->process_exp = TICK_ETERNITY;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MINOR: spoe: switch the timeval-based timestamps to nanosecond timestamps Various points were collected during a request/response and were stored using timeval. Let's now switch them to nanosecond based timestamps.
2023-04-27 05:54:11 -04:00
ctx->stats.start_ts = 0;
MINOR: spoe: Add metrics in to know time spent in the SPOE Following metrics are added for each event or group of messages processed in the SPOE: * processing time: the delay to process the event or the group. From the stream point of view, it is the latency added by the SPOE processing. * request time : It is the encoding time. It includes ACLs processing, if any. For fragmented frames, it is the sum of all fragments. * queue time : the delay before the request gets out the sending queue. For fragmented frames, it is the sum of all fragments. * waiting time: the delay before the reponse is received. No fragmentation supported here. * response time: the delay to process the response. No fragmentation supported here. * total time: (unused for now). It is the sum of all events or groups processed by the SPOE for a specific threads. Log messages has been updated. Before, only errors was logged (status_code != 0). Now every processing is logged, following this format: SPOE: [AGENT] <TYPE:NAME> sid=STREAM-ID st=STATUC-CODE reqT/qT/wT/resT/pT where: AGENT is the agent name TYPE is EVENT of GROUP NAME is the event or the group name STREAM-ID is an integer, the unique id of the stream STATUS_CODE is the processing's status code reqT/qT/wT/resT/pT are delays descrive above For all these delays, -1 means the processing was interrupted before the end. So -1 for the queue time means the request was never dequeued. For fragmented frames it is harder to know when the interruption happened. For now, messages are logged using the same logger than the backend of the stream which initiated the request.
2018-03-22 04:07:41 -04:00
ctx->stats.t_process = -1;
ctx->stats.t_total = 0;
MINOR: spoe: Replace sending_rate by a frequency counter sending_rate was a counter used to evaluate the SPOE capacity to process frames. Because it was not really accurrate, it has been replaced by a frequency counter representing the number of frames handled by the SPOE per second. We just check this counter is higher than the number of streams waiting for a reply. If not, a new applet is created.
2018-01-24 10:13:48 -05:00
ctx->strm = s;
ctx->state = SPOE_CTX_ST_READY;
filter->ctx = ctx;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
return ctx;
}
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static void spoe_destroy_context(struct filter *filter)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
MINOR: spoe: Replace sending_rate by a frequency counter sending_rate was a counter used to evaluate the SPOE capacity to process frames. Because it was not really accurrate, it has been replaced by a frequency counter representing the number of frames handled by the SPOE per second. We just check this counter is higher than the number of streams waiting for a reply. If not, a new applet is created.
2018-01-24 10:13:48 -05:00
struct spoe_config *conf = FLT_CONF(filter);
struct spoe_context *ctx = filter->ctx;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
if (!ctx)
return;
BUG/MEDIUM: spoe: Improve error detection in SPOE applet on client abort It is possible to interrupt a SPOE applet without reporting an error. For instance, when the client of the parent stream aborts. Thanks to this patch, we take care to report an error on the SPOE applet to be sure to interrupt the processing. It is especially important if the connection to the agent is queued. Thanks to 886a248be ("BUG/MEDIUM: mux-spop: Reject connection attempts from a non-spop frontend"), it is no longer an issue. But there is no reason to continue to process if the parent stream is gone. In addition, in the SPOE filter, if the processing is interrupted when the filter is destroyed, no specific status code was set. It is not a big deal because it cannot be logged at this stage. But it can be used to notify the SPOE applet. So better to set it. This patch should be backported as far as 3.1.
2025-08-26 09:49:15 -04:00
if (ctx->state != SPOE_CTX_ST_NONE || ctx->state == SPOE_CTX_ST_READY) {
ctx->status_code = SPOE_CTX_ERR_INTERRUPT;
_HA_ATOMIC_INC(&conf->agent->counters.nb_errors);
}
MINOR: spoe: Replace sending_rate by a frequency counter sending_rate was a counter used to evaluate the SPOE capacity to process frames. Because it was not really accurrate, it has been replaced by a frequency counter representing the number of frames handled by the SPOE per second. We just check this counter is higher than the number of streams waiting for a reply. If not, a new applet is created.
2018-01-24 10:13:48 -05:00
spoe_stop_processing(conf->agent, ctx);
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
pool_free(pool_head_spoe_ctx, ctx);
MINOR: spoe: Replace sending_rate by a frequency counter sending_rate was a counter used to evaluate the SPOE capacity to process frames. Because it was not really accurrate, it has been replaced by a frequency counter representing the number of frames handled by the SPOE per second. We just check this counter is higher than the number of streams waiting for a reply. If not, a new applet is created.
2018-01-24 10:13:48 -05:00
filter->ctx = NULL;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static void spoe_reset_context(struct spoe_context *ctx)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
ctx->state = SPOE_CTX_ST_READY;
MEDIUM: spoe: Remove fragmentation support It is the first patch of a long series to refactor the SPOE filter. The idea is to rely on a dedicated multiplexer instead of hakcing HAProxy with a list of applets processing a message queue. First of all, optionnal features will be removed. Some will be restored at the end, some others will just be removed. It is the case here. The frame fragmentation support is removed. The only purpose of this feature is to be able to support the streaming. Because it is out of the scope of this refactoring, the fragmentation is removed. The related issue is #2502.
2024-06-13 05:03:14 -04:00
ctx->flags &= ~SPOE_CTX_FL_PROCESS;
MINOR: spoe: Add metrics in to know time spent in the SPOE Following metrics are added for each event or group of messages processed in the SPOE: * processing time: the delay to process the event or the group. From the stream point of view, it is the latency added by the SPOE processing. * request time : It is the encoding time. It includes ACLs processing, if any. For fragmented frames, it is the sum of all fragments. * queue time : the delay before the request gets out the sending queue. For fragmented frames, it is the sum of all fragments. * waiting time: the delay before the reponse is received. No fragmentation supported here. * response time: the delay to process the response. No fragmentation supported here. * total time: (unused for now). It is the sum of all events or groups processed by the SPOE for a specific threads. Log messages has been updated. Before, only errors was logged (status_code != 0). Now every processing is logged, following this format: SPOE: [AGENT] <TYPE:NAME> sid=STREAM-ID st=STATUC-CODE reqT/qT/wT/resT/pT where: AGENT is the agent name TYPE is EVENT of GROUP NAME is the event or the group name STREAM-ID is an integer, the unique id of the stream STATUS_CODE is the processing's status code reqT/qT/wT/resT/pT are delays descrive above For all these delays, -1 means the processing was interrupted before the end. So -1 for the queue time means the request was never dequeued. For fragmented frames it is harder to know when the interruption happened. For now, messages are logged using the same logger than the backend of the stream which initiated the request.
2018-03-22 04:07:41 -04:00
MINOR: spoe: switch the timeval-based timestamps to nanosecond timestamps Various points were collected during a request/response and were stored using timeval. Let's now switch them to nanosecond based timestamps.
2023-04-27 05:54:11 -04:00
ctx->stats.start_ts = 0;
MINOR: spoe: Add metrics in to know time spent in the SPOE Following metrics are added for each event or group of messages processed in the SPOE: * processing time: the delay to process the event or the group. From the stream point of view, it is the latency added by the SPOE processing. * request time : It is the encoding time. It includes ACLs processing, if any. For fragmented frames, it is the sum of all fragments. * queue time : the delay before the request gets out the sending queue. For fragmented frames, it is the sum of all fragments. * waiting time: the delay before the reponse is received. No fragmentation supported here. * response time: the delay to process the response. No fragmentation supported here. * total time: (unused for now). It is the sum of all events or groups processed by the SPOE for a specific threads. Log messages has been updated. Before, only errors was logged (status_code != 0). Now every processing is logged, following this format: SPOE: [AGENT] <TYPE:NAME> sid=STREAM-ID st=STATUC-CODE reqT/qT/wT/resT/pT where: AGENT is the agent name TYPE is EVENT of GROUP NAME is the event or the group name STREAM-ID is an integer, the unique id of the stream STATUS_CODE is the processing's status code reqT/qT/wT/resT/pT are delays descrive above For all these delays, -1 means the processing was interrupted before the end. So -1 for the queue time means the request was never dequeued. For fragmented frames it is harder to know when the interruption happened. For now, messages are logged using the same logger than the backend of the stream which initiated the request.
2018-03-22 04:07:41 -04:00
ctx->stats.t_process = -1;
ctx->stats.t_total = 0;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
/***************************************************************************
* Hooks that manage the filter lifecycle (init/check/deinit)
**************************************************************************/
/* Initialize the SPOE filter. Returns -1 on error, else 0. */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int spoe_init(struct proxy *px, struct flt_conf *fconf)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
struct spoe_config *conf = fconf->conf;
MINOR: spoe: Move all stuff regarding the filter/applet in the C file Structures describing the SPOE applet context, the SPOE filter configuration and context and the SPOE messages and groups are moved in the C file. In spoe-t.h file, it remains the structure describing an SPOE agent and flags used by both sides. In addition, the SPOE frontend, created for a given SPOE engine, is moved from the SPOE filter configuration to the SPOE agent structure. The related issue is #2502.
2024-07-04 05:14:11 -04:00
/* conf->agent->fe was already initialized during the config
MINOR: spoe: Add loggers dedicated to the SPOE agent Now it is possible to configure a logger in a spoe-agent section using a "log" line, as for a proxy. "no log", "log global" and "log <address> ..." syntaxes are supported.
2018-03-26 11:19:01 -04:00
* parsing. Finish initialization. */
MAJOR: spoe: Rewrite SPOE applet to use the SPOP mux It is the huge part of the series. The patch is not so huge, it removes functions to produce or consume frames. The SPOE applet is pretty light now. But since this patch, the SPOP multiplexer is now used. The SPOP mode is now automatically ised for SPOP backends. So if there are bugs in the SPOP multiplexer, they will be visible now. The related issue is #2502.
2024-07-04 08:54:01 -04:00
conf->agent->fe.mode = PR_MODE_SPOP;
MINOR: spoe: Move all stuff regarding the filter/applet in the C file Structures describing the SPOE applet context, the SPOE filter configuration and context and the SPOE messages and groups are moved in the C file. In spoe-t.h file, it remains the structure describing an SPOE agent and flags used by both sides. In addition, the SPOE frontend, created for a given SPOE engine, is moved from the SPOE filter configuration to the SPOE agent structure. The related issue is #2502.
2024-07-04 05:14:11 -04:00
conf->agent->fe.maxconn = 0;
conf->agent->fe.options2 |= PR_O2_INDEPSTR;
conf->agent->fe.conn_retries = CONN_RETRIES;
conf->agent->fe.accept = frontend_accept;
conf->agent->fe.srv = NULL;
conf->agent->fe.timeout.client = TICK_ETERNITY;
conf->agent->fe.fe_req_ana = AN_REQ_SWITCHING_RULES;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MINOR: proxies: Add a per-thread group field to struct proxy. Add a per-thread group field to struct proxy, that will contain a struct queue, as well as a new field, "queueslength". This is currently unused, so should change nothing. Please note that proxy_init_per_thr() must now be called for each proxy once the thread groups number is known.
2025-01-15 10:10:43 -05:00
proxy_init_per_thr(&conf->agent->fe);
MINOR: spoe: Use only a global engine-id per agent Because the async mode was removed, it is no longer mandatory to announce a different engine identifiers per thread for a given SPOE agent. This was used to be sure requests and the corresponding responses are stuck on the same thread. So, now, a SPOE agent only announces one engine identifier on all connections. No changes should be expected for agents. The related issue is #2502.
2024-06-17 01:49:09 -04:00
conf->agent->engine_id = generate_pseudo_uuid();
if (conf->agent->engine_id == NULL)
return -1;
MINOR: spoe: Make the SPOE filter compatible with HTX proxies There is any specific HTTP processing in the SPOE. So there is no reason to not use it on HTX proxies. This patch may be backported to 1.9.
2019-01-09 09:05:10 -05:00
fconf->flags |= FLT_CFG_FL_HTX;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
return 0;
}
CLEANUP: assorted typo fixes in the code and comments This is sixth iteration of typo fixes
2020-04-02 06:25:26 -04:00
/* Free resources allocated by the SPOE filter. */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static void spoe_deinit(struct proxy *px, struct flt_conf *fconf)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
struct spoe_config *conf = fconf->conf;
if (conf) {
struct spoe_agent *agent = conf->agent;
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
spoe_release_agent(agent);
MINOR: spoe: Check uniqness of SPOE engine names during config parsing The engine name is now kept in "spoe_config" struture. Because a SPOE filter can be declared without engine name, we use the SPOE agent name by default. Then, its uniqness is checked against all others SPOE engines configured for the same proxy. * TODO: Add documentation
2017-09-19 05:08:28 -04:00
free(conf->id);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
free(conf);
}
fconf->conf = NULL;
}
/* Check configuration of a SPOE filter for a specified proxy.
* Return 1 on error, else 0. */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int spoe_check(struct proxy *px, struct flt_conf *fconf)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
MINOR: spoe: Check uniqness of SPOE engine names during config parsing The engine name is now kept in "spoe_config" struture. Because a SPOE filter can be declared without engine name, we use the SPOE agent name by default. Then, its uniqness is checked against all others SPOE engines configured for the same proxy. * TODO: Add documentation
2017-09-19 05:08:28 -04:00
struct flt_conf *f;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
struct spoe_config *conf = fconf->conf;
struct proxy *target;
MINOR: spoe: Check uniqness of SPOE engine names during config parsing The engine name is now kept in "spoe_config" struture. Because a SPOE filter can be declared without engine name, we use the SPOE agent name by default. Then, its uniqness is checked against all others SPOE engines configured for the same proxy. * TODO: Add documentation
2017-09-19 05:08:28 -04:00
/* Check all SPOE filters for proxy <px> to be sure all SPOE agent names
* are uniq */
list_for_each_entry(f, &px->filter_configs, list) {
struct spoe_config *c = f->conf;
/* This is not an SPOE filter */
if (f->id != spoe_filter_id)
continue;
/* This is the current SPOE filter */
if (f == fconf)
continue;
/* Check engine Id. It should be uniq */
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(conf->id, c->id) == 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Proxy %s : duplicated name for SPOE engine '%s'.\n",
px->id, conf->id);
MINOR: spoe: Check uniqness of SPOE engine names during config parsing The engine name is now kept in "spoe_config" struture. Because a SPOE filter can be declared without engine name, we use the SPOE agent name by default. Then, its uniqness is checked against all others SPOE engines configured for the same proxy. * TODO: Add documentation
2017-09-19 05:08:28 -04:00
return 1;
}
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
target = proxy_be_by_name(conf->agent->b.name);
if (target == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Proxy %s : unknown backend '%s' used by SPOE agent '%s'"
" declared at %s:%d.\n",
px->id, conf->agent->b.name, conf->agent->id,
conf->agent->conf.file, conf->agent->conf.line);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
return 1;
}
MAJOR: spoe: Rewrite SPOE applet to use the SPOP mux It is the huge part of the series. The patch is not so huge, it removes functions to produce or consume frames. The SPOE applet is pretty light now. But since this patch, the SPOP multiplexer is now used. The SPOP mode is now automatically ised for SPOP backends. So if there are bugs in the SPOP multiplexer, they will be visible now. The related issue is #2502.
2024-07-04 08:54:01 -04:00
if (target->mode == PR_MODE_TCP) {
/* Convert legacy SPOP backend by added the right mode */
target->mode = PR_MODE_SPOP;
}
if (target->mode != PR_MODE_SPOP) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Proxy %s : backend '%s' used by SPOE agent '%s' declared"
MAJOR: spoe: Rewrite SPOE applet to use the SPOP mux It is the huge part of the series. The patch is not so huge, it removes functions to produce or consume frames. The SPOE applet is pretty light now. But since this patch, the SPOP multiplexer is now used. The SPOP mode is now automatically ised for SPOP backends. So if there are bugs in the SPOP multiplexer, they will be visible now. The related issue is #2502.
2024-07-04 08:54:01 -04:00
" at %s:%d must use SPOP mode.\n",
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
px->id, target->id, conf->agent->id,
conf->agent->conf.file, conf->agent->conf.line);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
return 1;
}
MINOR: spoe: Move all stuff regarding the filter/applet in the C file Structures describing the SPOE applet context, the SPOE filter configuration and context and the SPOE messages and groups are moved in the C file. In spoe-t.h file, it remains the structure describing an SPOE agent and flags used by both sides. In addition, the SPOE frontend, created for a given SPOE engine, is moved from the SPOE filter configuration to the SPOE agent structure. The related issue is #2502.
2024-07-04 05:14:11 -04:00
if (postresolve_logger_list(NULL, &conf->agent->fe.loggers, "SPOE agent", conf->agent->id) & ERR_CODE)
MEDIUM: spoe-agent: properly postresolve log rings Now that we have sink_postresolve_logsrvs() function, we make use of it for spoe-agent log postparsing logic. This will allow this kind of config to work: |spoe-agent test | log tcp@127.0.0.1:514 local0 | use-backend xxx Plus, consistency checks will also be performed as for regular log directives used from global, log-forward or proxy sections.
2023-07-04 11:49:19 -04:00
return 1;
BUG/MEDIUM: spoe: Resolve the sink if a SPOE logs in a ring buffer If a SPOE filter is configured to send its logs to a ring buffer, the corresponding sink must be resolved during the configuration post parsing. Otherwise, the sink is undefined when a log message is emitted, crashing HAProxy. This patch must be backported as far as 2.2.
2021-02-19 04:56:41 -05:00
CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) This makes the code more readable and less prone to copy-paste errors. In addition, it allows to place some __builtin_constant_p() predicates to trigger a link-time error in case the compiler knows that the freed area is constant. It will also produce compile-time error if trying to free something that is not a regular pointer (e.g. a function). The DEBUG_MEM_STATS macro now also defines an instance for ha_free() so that all these calls can be checked. 178 occurrences were converted. The vast majority of them were handled by the following Coccinelle script, some slightly refined to better deal with "&*x" or with long lines: @ rule @ expression E; @@ - free(E); - E = NULL; + ha_free(&E); It was verified that the resulting code is the same, more or less a handful of cases where the compiler optimized slightly differently the temporary variable that holds the copy of the pointer. A non-negligible amount of {free(str);str=NULL;str_len=0;} are still present in the config part (mostly header names in proxies). These ones should also be cleaned for the same reasons, and probably be turned into ist strings.
2021-02-20 04:46:51 -05:00
ha_free(&conf->agent->b.name);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
conf->agent->b.be = target;
return 0;
}
/**************************************************************************
* Hooks attached to a stream
*************************************************************************/
/* Called when a filter instance is created and attach to a stream. It creates
* the context that will be used to process this stream. */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int spoe_start(struct stream *s, struct filter *filter)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
MINOR: spoe: Send a log message when an error occurred during event processing
2017-01-04 10:39:41 -05:00
struct spoe_config *conf = FLT_CONF(filter);
struct spoe_agent *agent = conf->agent;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
struct spoe_context *ctx;
MINOR: spoe: Replace sending_rate by a frequency counter sending_rate was a counter used to evaluate the SPOE capacity to process frames. Because it was not really accurrate, it has been replaced by a frequency counter representing the number of frames handled by the SPOE per second. We just check this counter is higher than the number of streams waiting for a reply. If not, a new applet is created.
2018-01-24 10:13:48 -05:00
if ((ctx = spoe_create_context(s, filter)) == NULL) {
MINOR: spoe: Move all stuff regarding the filter/applet in the C file Structures describing the SPOE applet context, the SPOE filter configuration and context and the SPOE messages and groups are moved in the C file. In spoe-t.h file, it remains the structure describing an SPOE agent and flags used by both sides. In addition, the SPOE frontend, created for a given SPOE engine, is moved from the SPOE filter configuration to the SPOE agent structure. The related issue is #2502.
2024-07-04 05:14:11 -04:00
send_log(&agent->fe, LOG_EMERG,
MINOR: spoe: Send a log message when an error occurred during event processing
2017-01-04 10:39:41 -05:00
"SPOE: [%s] failed to create SPOE context\n",
agent->id);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
return 0;
}
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
if (!LIST_ISEMPTY(&ctx->events[SPOE_EV_ON_TCP_REQ_FE]))
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
filter->pre_analyzers |= AN_REQ_INSPECT_FE;
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
if (!LIST_ISEMPTY(&ctx->events[SPOE_EV_ON_TCP_REQ_BE]))
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
filter->pre_analyzers |= AN_REQ_INSPECT_BE;
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
if (!LIST_ISEMPTY(&ctx->events[SPOE_EV_ON_TCP_RSP]))
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
filter->pre_analyzers |= AN_RES_INSPECT;
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
if (!LIST_ISEMPTY(&ctx->events[SPOE_EV_ON_HTTP_REQ_FE]))
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
filter->pre_analyzers |= AN_REQ_HTTP_PROCESS_FE;
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
if (!LIST_ISEMPTY(&ctx->events[SPOE_EV_ON_HTTP_REQ_BE]))
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
filter->pre_analyzers |= AN_REQ_HTTP_PROCESS_BE;
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
if (!LIST_ISEMPTY(&ctx->events[SPOE_EV_ON_HTTP_RSP]))
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
filter->pre_analyzers |= AN_RES_HTTP_PROCESS_FE;
return 1;
}
/* Called when a filter instance is detached from a stream. It release the
* attached SPOE context. */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static void spoe_stop(struct stream *s, struct filter *filter)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
MINOR: spoe: Replace sending_rate by a frequency counter sending_rate was a counter used to evaluate the SPOE capacity to process frames. Because it was not really accurrate, it has been replaced by a frequency counter representing the number of frames handled by the SPOE per second. We just check this counter is higher than the number of streams waiting for a reply. If not, a new applet is created.
2018-01-24 10:13:48 -05:00
spoe_destroy_context(filter);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
MINOR: spoe: Add 'timeout processing' option to limit time to process an event It is a way to set the maximum time to wait for a stream to process an event, i.e to acquire a stream to talk with an agent, to encode all messages, to send the NOTIFY frame, to receive the corrsponding acknowledgement and to process all actions. It is applied on the stream that handle the client and the server sessions.
2016-11-10 09:04:51 -05:00
/*
* Called when the stream is woken up because of expired timer.
*/
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static void spoe_check_timeouts(struct stream *s, struct filter *filter)
MINOR: spoe: Add 'timeout processing' option to limit time to process an event It is a way to set the maximum time to wait for a stream to process an event, i.e to acquire a stream to talk with an agent, to encode all messages, to send the NOTIFY frame, to receive the corrsponding acknowledgement and to process all actions. It is applied on the stream that handle the client and the server sessions.
2016-11-10 09:04:51 -05:00
{
struct spoe_context *ctx = filter->ctx;
BUG/MINOR: spoe: Don't release the context buffer in .check_timeouts callbaclk It is better to let spoe_stop_processing release this buffer because, in .check_timeouts callback, we lack information to know if it should be release or not. For instance, if the processing timeout is reached while the SPOE applet receives the reply, it is preferable to ignore the timeout and process the result. This patch should be backported in 1.8.
2018-03-20 11:09:20 -04:00
if (tick_is_expired(ctx->process_exp, now_ms))
MEDIUM: stream: Map task wake up reasons to dedicated stream events To fix thread-safety issues when a stream must be shut, three new task states were added. These states are generic (UEVT1, UEVT2 and UEVT3), the task callback function is responsible to know what to do with them. However, it is not really scalable. The best is to use an atomic field in the stream structure itself to deal with these dedicated events. There is already the "pending_events" field that save wake up reasons (TASK_WOKEN_*) to not loose them if process_stream() is interrupted before it had a chance to handle them. So the idea is to introduce a new field to handle streams dedicated events and merged them with the task's wake up reasons used by the stream. This means a mapping must be performed between some task wake up reasons and streams events. Note that not all task wake up reasons will be mapped. In this patch, the "new_events" field is introduced. It is an atomic bit-field. Streams events (STRM_EVT_*) are also introduced to map the task wake up reasons used by process_stream(). Only TASK_WOKEN_TIMER and TASK_WOKEN_MSG are mapped, in addition to TASK_F_UEVT* flags. In process_stream(), "pending_events" field is now filled with new stream events and the mapping of the wake up reasons.
2025-01-27 12:38:40 -05:00
s->pending_events |= STRM_EVT_MSG;
MINOR: spoe: Add 'timeout processing' option to limit time to process an event It is a way to set the maximum time to wait for a stream to process an event, i.e to acquire a stream to talk with an agent, to encode all messages, to send the NOTIFY frame, to receive the corrsponding acknowledgement and to process all actions. It is applied on the stream that handle the client and the server sessions.
2016-11-10 09:04:51 -05:00
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
/* Called when we are ready to filter data on a channel */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int spoe_start_analyze(struct stream *s, struct filter *filter, struct channel *chn)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
struct spoe_context *ctx = filter->ctx;
int ret = 1;
MINOR: spoe: Add status code in error variable instead of hardcoded value Now, when option "set-on-error" is enabled, we set a status code representing the error occurred instead of "true". For values under 256, it represents an error coming from the engine. Below 256, it reports a SPOP error. In this case, to retrieve the right SPOP status code, you must remove 256 to this value. Here are possible values: * 1: a timeout occurred during the event processing. * 2: an error was triggered during the ressources allocation. * 255: an unknown error occurred during the event processing. * 256+N: a SPOP error occurred during the event processing.
2017-01-04 10:39:11 -05:00
if (ctx->state == SPOE_CTX_ST_NONE)
goto out;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
if (!(chn->flags & CF_ISRESP)) {
if (filter->pre_analyzers & AN_REQ_INSPECT_FE)
chn->analysers |= AN_REQ_INSPECT_FE;
if (filter->pre_analyzers & AN_REQ_INSPECT_BE)
chn->analysers |= AN_REQ_INSPECT_BE;
if (ctx->flags & SPOE_CTX_FL_CLI_CONNECTED)
goto out;
ctx->stream_id = s->uniq_id;
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
ret = spoe_process_event(s, ctx, SPOE_EV_ON_CLIENT_SESS);
MINOR: spoe: Add status code in error variable instead of hardcoded value Now, when option "set-on-error" is enabled, we set a status code representing the error occurred instead of "true". For values under 256, it represents an error coming from the engine. Below 256, it reports a SPOP error. In this case, to retrieve the right SPOP status code, you must remove 256 to this value. Here are possible values: * 1: a timeout occurred during the event processing. * 2: an error was triggered during the ressources allocation. * 255: an unknown error occurred during the event processing. * 256+N: a SPOP error occurred during the event processing.
2017-01-04 10:39:11 -05:00
if (!ret)
goto out;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
ctx->flags |= SPOE_CTX_FL_CLI_CONNECTED;
}
else {
BUG/MINOR: spoe: correction of setting bits for analyzer When a SPOE filter starts the response analyze, the wrong flag is tested on the pre_analyzers bit field. AN_RES_INSPECT must be tested instead of SPOE_EV_ON_TCP_RSP. This patch must be backported to all versions with the SPOE support, i.e as far as 1.7.
2020-06-19 16:17:17 -04:00
if (filter->pre_analyzers & AN_RES_INSPECT)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
chn->analysers |= AN_RES_INSPECT;
if (ctx->flags & SPOE_CTX_FL_SRV_CONNECTED)
goto out;
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
ret = spoe_process_event(s, ctx, SPOE_EV_ON_SERVER_SESS);
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
if (!ret) {
channel_dont_read(chn);
channel_dont_close(chn);
MINOR: spoe: Add status code in error variable instead of hardcoded value Now, when option "set-on-error" is enabled, we set a status code representing the error occurred instead of "true". For values under 256, it represents an error coming from the engine. Below 256, it reports a SPOP error. In this case, to retrieve the right SPOP status code, you must remove 256 to this value. Here are possible values: * 1: a timeout occurred during the event processing. * 2: an error was triggered during the ressources allocation. * 255: an unknown error occurred during the event processing. * 256+N: a SPOP error occurred during the event processing.
2017-01-04 10:39:11 -05:00
goto out;
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
}
MINOR: spoe: Add status code in error variable instead of hardcoded value Now, when option "set-on-error" is enabled, we set a status code representing the error occurred instead of "true". For values under 256, it represents an error coming from the engine. Below 256, it reports a SPOP error. In this case, to retrieve the right SPOP status code, you must remove 256 to this value. Here are possible values: * 1: a timeout occurred during the event processing. * 2: an error was triggered during the ressources allocation. * 255: an unknown error occurred during the event processing. * 256+N: a SPOP error occurred during the event processing.
2017-01-04 10:39:11 -05:00
ctx->flags |= SPOE_CTX_FL_SRV_CONNECTED;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
out:
return ret;
}
/* Called before a processing happens on a given channel */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int spoe_chn_pre_analyze(struct stream *s, struct filter *filter,
struct channel *chn, unsigned an_bit)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
struct spoe_context *ctx = filter->ctx;
int ret = 1;
MINOR: spoe: Add status code in error variable instead of hardcoded value Now, when option "set-on-error" is enabled, we set a status code representing the error occurred instead of "true". For values under 256, it represents an error coming from the engine. Below 256, it reports a SPOP error. In this case, to retrieve the right SPOP status code, you must remove 256 to this value. Here are possible values: * 1: a timeout occurred during the event processing. * 2: an error was triggered during the ressources allocation. * 255: an unknown error occurred during the event processing. * 256+N: a SPOP error occurred during the event processing.
2017-01-04 10:39:11 -05:00
if (ctx->state == SPOE_CTX_ST_NONE)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
goto out;
switch (an_bit) {
case AN_REQ_INSPECT_FE:
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
ret = spoe_process_event(s, ctx, SPOE_EV_ON_TCP_REQ_FE);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
break;
case AN_REQ_INSPECT_BE:
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
ret = spoe_process_event(s, ctx, SPOE_EV_ON_TCP_REQ_BE);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
break;
case AN_RES_INSPECT:
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
ret = spoe_process_event(s, ctx, SPOE_EV_ON_TCP_RSP);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
break;
case AN_REQ_HTTP_PROCESS_FE:
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
ret = spoe_process_event(s, ctx, SPOE_EV_ON_HTTP_REQ_FE);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
break;
case AN_REQ_HTTP_PROCESS_BE:
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
ret = spoe_process_event(s, ctx, SPOE_EV_ON_HTTP_REQ_BE);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
break;
case AN_RES_HTTP_PROCESS_FE:
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
ret = spoe_process_event(s, ctx, SPOE_EV_ON_HTTP_RSP);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
break;
}
out:
BUG/MEDIUM: spoe: Allow producer to read and to forward shutdown on request side This is mandatory to correctly set right timeout on the stream. Else the client timeout is never set. So only SPOE processing timeout will be evaluated. If it is not defined (ie infinity), the stream can be blocked for a while, waiting the SPOA reply. Of course, this is not a good idea to let the SPOE processing timeout undefined, but it can happen. This patch must be backported in 1.8.
2018-02-01 02:45:45 -05:00
if (!ret && (chn->flags & CF_ISRESP)) {
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
channel_dont_read(chn);
channel_dont_close(chn);
}
return ret;
}
/* Called when the filtering on the channel ends. */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int spoe_end_analyze(struct stream *s, struct filter *filter, struct channel *chn)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
struct spoe_context *ctx = filter->ctx;
if (!(ctx->flags & SPOE_CTX_FL_PROCESS)) {
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
spoe_reset_context(ctx);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
return 1;
}
/********************************************************************
* Functions that manage the filter initialization
********************************************************************/
struct flt_ops spoe_ops = {
/* Manage SPOE filter, called for each filter declaration */
.init = spoe_init,
.deinit = spoe_deinit,
.check = spoe_check,
/* Handle start/stop of SPOE */
MINOR: spoe: Add 'timeout processing' option to limit time to process an event It is a way to set the maximum time to wait for a stream to process an event, i.e to acquire a stream to talk with an agent, to encode all messages, to send the NOTIFY frame, to receive the corrsponding acknowledgement and to process all actions. It is applied on the stream that handle the client and the server sessions.
2016-11-10 09:04:51 -05:00
.attach = spoe_start,
.detach = spoe_stop,
.check_timeouts = spoe_check_timeouts,
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
/* Handle channels activity */
.channel_start_analyze = spoe_start_analyze,
.channel_pre_analyze = spoe_chn_pre_analyze,
.channel_end_analyze = spoe_end_analyze,
};
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int cfg_parse_spoe_agent(const char *file, int linenum, char **args, int kwm)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
const char *err;
int i, err_code = 0;
if ((cfg_scope == NULL && curengine != NULL) ||
(cfg_scope != NULL && curengine == NULL) ||
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
(curengine != NULL && cfg_scope != NULL && strcmp(curengine, cfg_scope) != 0))
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
goto out;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(args[0], "spoe-agent") == 0) { /* new spoe-agent section */
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
if (!*args[1]) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : missing name for spoe-agent section.\n",
file, linenum);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing
2017-02-23 16:52:39 -05:00
if (alertif_too_many_args(1, file, linenum, args, &err_code)) {
err_code |= ERR_ABORT;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
goto out;
}
err = invalid_char(args[1]);
if (err) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : character '%c' is not permitted in '%s' name '%s'.\n",
file, linenum, *err, args[0], args[1]);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
if (curagent != NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : another spoe-agent section previously defined.\n",
file, linenum);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
if ((curagent = calloc(1, sizeof(*curagent))) == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
curagent->id = strdup(args[1]);
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
curagent->conf.file = strdup(file);
curagent->conf.line = linenum;
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
MINOR: spoe: Add 'timeout processing' option to limit time to process an event It is a way to set the maximum time to wait for a stream to process an event, i.e to acquire a stream to talk with an agent, to encode all messages, to send the NOTIFY frame, to receive the corrsponding acknowledgement and to process all actions. It is applied on the stream that handle the client and the server sessions.
2016-11-10 09:04:51 -05:00
curagent->timeout.processing = TICK_ETERNITY;
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents Now, HAProxy and agents can announce the support for "pipelining" and/or "async" capabilities during the HELLO handshake. For now, HAProxy always announces the support of both. In addition, in its HELLO frames. HAproxy adds the "engine-id" key. It is a uniq string that identify a SPOE engine. The "pipelining" capability is the ability for a peer to decouple NOTIFY and ACK frames. This is a symmectical capability. To be used, it must be supported by HAproxy and agents. Unlike HTTP pipelining, the ACK frames can be send in any order, but always on the same TCP connection used for the corresponding NOTIFY frame. The "async" capability is similar to the pipelining, but here any TCP connection established between HAProxy and the agent can be used to send ACK frames. if an agent accepts connections from multiple HAProxy, it can use the "engine-id" value to group TCP connections.
2016-12-21 02:58:06 -05:00
curagent->var_pfx = NULL;
curagent->var_on_error = NULL;
MINOR: spoe: Add options to store processing times in variables "set-process-time" and "set-total-time" options have been added to store processing times in the transaction scope, at each event and group processing, the current one and the total one. So it is possible to get them. TODO: documentation
2018-03-22 04:08:20 -04:00
curagent->var_t_process = NULL;
curagent->var_t_total = NULL;
MEDIUM: spoe: Remove async mode support The support for asynchronous mode, the ability to send messages on a connection and receive the responses on any other connections, is removed. It appears this feature was a bit overkill. And it is a problem for this refactoring. This feature is removed and will not be restored at the end. It is not a big deal for agent supporting the async mode because it is usable if it is announced on both sides. HAProxy stops to announce it. This should be transparent for agents. The related issue is #2502.
2024-06-13 05:10:33 -04:00
curagent->flags = SPOE_FL_PIPELINING;
MINOR: spoe: Rename some flags and constant to use SPOP prefix A SPOP multiplexer will be added. Many flags, constants and structures will be remove from the applet scope. So the "SPOP" prefix is used instead of "SPOE", to be consistent. The related issue is #2502.
2024-07-04 04:53:43 -04:00
curagent->max_frame_size = SPOP_MAX_FRAME_SIZE;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MINOR: spoe: Dynamically alloc the message list per event of an agent The inline array used to store, the configured messages per event in the SPOE agent structure, is replaced by a dynamic array, allocated during the configuration parsing. The main purpose of this change is to be able to move all stuff regarding the SPOE filter and applet in the C file. The related issue is #2502.
2024-07-04 04:57:29 -04:00
if ((curagent->events = calloc(SPOE_EV_EVENTS, sizeof(*curagent->events))) == NULL) {
ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
for (i = 0; i < SPOE_EV_EVENTS; ++i)
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
LIST_INIT(&curagent->events[i]);
LIST_INIT(&curagent->groups);
LIST_INIT(&curagent->messages);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[0], "use-backend") == 0) {
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
if (!*args[1]) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : '%s' expects a backend name.\n",
file, linenum, args[0]);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing
2017-02-23 16:52:39 -05:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
goto out;
free(curagent->b.name);
curagent->b.name = strdup(args[1]);
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[0], "messages") == 0) {
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
int cur_arg = 1;
while (*args[cur_arg]) {
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
struct spoe_placeholder *ph = NULL;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
list_for_each_entry(ph, &curmphs, list) {
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(ph->id, args[cur_arg]) == 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d]: spoe-message '%s' already used.\n",
file, linenum, args[cur_arg]);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
if ((ph = calloc(1, sizeof(*ph))) == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
ph->id = strdup(args[cur_arg]);
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_APPEND(&curmphs, &ph->list);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
cur_arg++;
}
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[0], "groups") == 0) {
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
int cur_arg = 1;
while (*args[cur_arg]) {
struct spoe_placeholder *ph = NULL;
list_for_each_entry(ph, &curgphs, list) {
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(ph->id, args[cur_arg]) == 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d]: spoe-group '%s' already used.\n",
file, linenum, args[cur_arg]);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
if ((ph = calloc(1, sizeof(*ph))) == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
ph->id = strdup(args[cur_arg]);
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_APPEND(&curgphs, &ph->list);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
cur_arg++;
}
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[0], "timeout") == 0) {
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
unsigned int *tv = NULL;
const char *res;
unsigned timeout;
if (!*args[1]) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : 'timeout' expects 'hello', 'idle' and 'processing'.\n",
file, linenum);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing
2017-02-23 16:52:39 -05:00
if (alertif_too_many_args(2, file, linenum, args, &err_code))
goto out;
MAJOR: spoe: Remove idle applets and pipelining support Management of idle applets is removed. Consequently, the pipelining support is also removed. It is a huge change but it should be transparent for the agents, except regarding the performances. Of course, being able to reuse already openned connections and being able to multiplex frames on a given connection is a must have. These features will be restored later. hello and idle timeout are not longer used. Because an applet is spawned to process a NOTIFY frame and closed after receiving the ACK reply, the processing timeout is the only one required. In addition, the parameters to limit the SPOE applet creation are no longer used too. The related issue is #2502.
2024-06-17 12:17:11 -04:00
if (strcmp(args[1], "hello") == 0) {
/* TODO: Add a warning or a diag ? Ignore it for now */
goto out;
}
else if (strcmp(args[1], "idle") == 0) {
/* TODO: Add a warning or a diag ? Ignore it for now */
goto out;
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[1], "processing") == 0)
MINOR: spoe: Add 'timeout processing' option to limit time to process an event It is a way to set the maximum time to wait for a stream to process an event, i.e to acquire a stream to talk with an agent, to encode all messages, to send the NOTIFY frame, to receive the corrsponding acknowledgement and to process all actions. It is applied on the stream that handle the client and the server sessions.
2016-11-10 09:04:51 -05:00
tv = &curagent->timeout.processing;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
else {
MAJOR: spoe: Remove idle applets and pipelining support Management of idle applets is removed. Consequently, the pipelining support is also removed. It is a huge change but it should be transparent for the agents, except regarding the performances. Of course, being able to reuse already openned connections and being able to multiplex frames on a given connection is a must have. These features will be restored later. hello and idle timeout are not longer used. Because an applet is spawned to process a NOTIFY frame and closed after receiving the ACK reply, the processing timeout is the only one required. In addition, the parameters to limit the SPOE applet creation are no longer used too. The related issue is #2502.
2024-06-17 12:17:11 -04:00
ha_alert("parsing [%s:%d] : 'timeout' supports 'processing' (got %s).\n",
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
file, linenum, args[1]);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (!*args[2]) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : 'timeout %s' expects an integer value (in milliseconds).\n",
file, linenum, args[1]);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
res = parse_time_err(args[2], &timeout, TIME_UNIT_MS);
MEDIUM: tools: improve time format error detection As reported in GH issue #109 and in discourse issue https://discourse.haproxy.org/t/haproxy-returns-408-or-504-error-when-timeout-client-value-is-every-25d the time parser doesn't error on overflows nor underflows. This is a recurring problem which additionally has the bad taste of taking a long time before hitting the user. This patch makes parse_time_err() return special error codes for overflows and underflows, and adds the control in the call places to report suitable errors depending on the requested unit. In practice, underflows are almost never returned as the parsing function takes care of rounding values up, so this might possibly happen on 64-bit overflows returning exactly zero after rounding though. It is not really possible to cut the patch into pieces as it changes the function's API, hence all callers. Tests were run on about every relevant part (cookie maxlife/maxidle, server inter, stats timeout, timeout*, cli's set timeout command, tcp-request/response inspect-delay).
2019-06-07 13:00:37 -04:00
if (res == PARSE_TIME_OVER) {
ha_alert("parsing [%s:%d]: timer overflow in argument <%s> to <%s %s>, maximum value is 2147483647 ms (~24.8 days).\n",
file, linenum, args[2], args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
else if (res == PARSE_TIME_UNDER) {
ha_alert("parsing [%s:%d]: timer underflow in argument <%s> to <%s %s>, minimum non-null value is 1 ms.\n",
file, linenum, args[2], args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
else if (res) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : unexpected character '%c' in 'timeout %s'.\n",
file, linenum, *res, args[1]);
MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing
2017-02-23 16:52:39 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
goto out;
}
*tv = MS_TO_TICKS(timeout);
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[0], "option") == 0) {
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
if (!*args[1]) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d]: '%s' expects an option name.\n",
file, linenum, args[0]);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: spoe: Add support of negation for options in SPOE configuration file For now, no options support negation (using "no" keyword). So it always returns an error.
2017-02-23 09:06:26 -05:00
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(args[1], "pipelining") == 0) {
MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing
2017-02-23 16:52:39 -05:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
MINOR: spoe: Add "pipelining" and "async" options in spoe-agent section These options can be used to enable or to disable (prefixing the option line with the "no" keyword), respectively, pipelined and asynchronous exchanged between HAproxy and agents. By default, pipelining and async options are enabled.
2017-02-23 10:17:53 -05:00
goto out;
if (kwm == 1)
curagent->flags &= ~SPOE_FL_PIPELINING;
else
curagent->flags |= SPOE_FL_PIPELINING;
goto out;
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[1], "async") == 0) {
MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing
2017-02-23 16:52:39 -05:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
MINOR: spoe: Add "pipelining" and "async" options in spoe-agent section These options can be used to enable or to disable (prefixing the option line with the "no" keyword), respectively, pipelined and asynchronous exchanged between HAproxy and agents. By default, pipelining and async options are enabled.
2017-02-23 10:17:53 -05:00
goto out;
MEDIUM: spoe: Remove async mode support The support for asynchronous mode, the ability to send messages on a connection and receive the responses on any other connections, is removed. It appears this feature was a bit overkill. And it is a problem for this refactoring. This feature is removed and will not be restored at the end. It is not a big deal for agent supporting the async mode because it is usable if it is announced on both sides. HAProxy stops to announce it. This should be transparent for agents. The related issue is #2502.
2024-06-13 05:10:33 -04:00
/* TODO: Add a warning or a diag ? Ignore it for now */
MINOR: spoe: Add "pipelining" and "async" options in spoe-agent section These options can be used to enable or to disable (prefixing the option line with the "no" keyword), respectively, pipelined and asynchronous exchanged between HAproxy and agents. By default, pipelining and async options are enabled.
2017-02-23 10:17:53 -05:00
goto out;
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[1], "send-frag-payload") == 0) {
MINOR: spoe: Add "send-frag-payload" option in spoe-agent section This option can be used to enable or to disable (prefixing the option line with the "no" keyword) the sending of fragmented payload to agents. By default, this option is enabled.
2017-02-24 16:11:21 -05:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MEDIUM: spoe: Remove fragmentation support It is the first patch of a long series to refactor the SPOE filter. The idea is to rely on a dedicated multiplexer instead of hakcing HAProxy with a list of applets processing a message queue. First of all, optionnal features will be removed. Some will be restored at the end, some others will just be removed. It is the case here. The frame fragmentation support is removed. The only purpose of this feature is to be able to support the streaming. Because it is out of the scope of this refactoring, the fragmentation is removed. The related issue is #2502.
2024-06-13 05:03:14 -04:00
/* TODO: Add a warning or a diag ? Ignore it for now */
MINOR: spoe: Add "send-frag-payload" option in spoe-agent section This option can be used to enable or to disable (prefixing the option line with the "no" keyword) the sending of fragmented payload to agents. By default, this option is enabled.
2017-02-24 16:11:21 -05:00
goto out;
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[1], "dontlog-normal") == 0) {
MINOR: spoe: Add support for option dontlog-normal in the SPOE agent section It does the same than for proxies.
2018-03-26 11:20:36 -04:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
if (kwm == 1)
curpxopts2 &= ~PR_O2_NOLOGNORM;
else
curpxopts2 |= PR_O2_NOLOGNORM;
BUG/MINOR: spoe: Fix parsing of dontlog-normal option A missing goto led to a parsing error when line "option dontlog-normal" was parsed.
2018-04-26 05:36:34 -04:00
goto out;
MINOR: spoe: Add support for option dontlog-normal in the SPOE agent section It does the same than for proxies.
2018-03-26 11:20:36 -04:00
}
MINOR: spoe: Add "pipelining" and "async" options in spoe-agent section These options can be used to enable or to disable (prefixing the option line with the "no" keyword), respectively, pipelined and asynchronous exchanged between HAproxy and agents. By default, pipelining and async options are enabled.
2017-02-23 10:17:53 -05:00
MINOR: spoe: Add support of negation for options in SPOE configuration file For now, no options support negation (using "no" keyword). So it always returns an error.
2017-02-23 09:06:26 -05:00
/* Following options does not support negation */
if (kwm == 1) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d]: negation is not supported for option '%s'.\n",
file, linenum, args[1]);
MINOR: spoe: Add support of negation for options in SPOE configuration file For now, no options support negation (using "no" keyword). So it always returns an error.
2017-02-23 09:06:26 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(args[1], "var-prefix") == 0) {
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
char *tmp;
if (!*args[2]) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d]: '%s %s' expects a value.\n",
file, linenum, args[0],
args[1]);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing
2017-02-23 16:52:39 -05:00
if (alertif_too_many_args(2, file, linenum, args, &err_code))
goto out;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
tmp = args[2];
while (*tmp) {
BUILD: general: always pass unsigned chars to is* functions The isalnum(), isalpha(), isdigit() etc functions from ctype.h are supposed to take an int in argument which must either reflect an unsigned char or EOF. In practice on some platforms they're implemented as macros referencing an array, and when passed a char, they either cause a warning "array subscript has type 'char'" when lucky, or cause random segfaults when unlucky. It's quite unconvenient by the way since none of them may return true for negative values. The recent introduction of cygwin to the list of regularly tested build platforms revealed a lot of breakage there due to the same issues again. So this patch addresses the problem all over the code at once. It adds unsigned char casts to every valid use case, and also drops the unneeded double cast to int that was sometimes added on top of it. It may be backported by dropping irrelevant changes if that helps better support uncommon platforms. It's unlikely to fix bugs on platforms which would already not emit any warning though.
2020-02-25 02:16:33 -05:00
if (!isalnum((unsigned char)*tmp) && *tmp != '_' && *tmp != '.') {
BUG/MINOR: spoe: Mistake in error message about SPOE configuration The announced accepted chars are "[a-zA-Z_-.]", but the real accepted alphabet is "[a-zA-Z0-9_.]". Numbers are supported and "-" is not supported. This patch should be backported to 1.8 and 1.7
2018-05-10 10:41:26 -04:00
ha_alert("parsing [%s:%d]: '%s %s' only supports [a-zA-Z0-9_.] chars.\n",
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
file, linenum, args[0], args[1]);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tmp++;
}
curagent->var_pfx = strdup(args[2]);
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[1], "force-set-var") == 0) {
MINOR: spoe: add force-set-var option in spoe-agent configuration For security reasons, the spoe filter was only able to change values of existing variables. In specific cases (ex : with LUA code), the name of variables are unknown at the configuration parsing phase. The force-set-var option can be enabled to register all variables.
2017-12-14 04:36:40 -05:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
curagent->flags |= SPOE_FL_FORCE_SET_VAR;
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[1], "continue-on-error") == 0) {
MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing
2017-02-23 16:52:39 -05:00
if (alertif_too_many_args(1, file, linenum, args, &err_code))
MINOR: spoe: Add 'option continue-on-error' statement in spoe-agent section By default, for a specific stream, when an abnormal/unexpected error occurs, the SPOE is disabled for all the transaction. So if you have several events configured, such error on an event will disabled all followings. For TCP streams, this will disable the SPOE for the whole session. For HTTP streams, this will disable it for the transaction (request and response). To bypass this behaviour, you can set 'continue-on-error' option in 'spoe-agent' section. With this option, only the current event will be ignored.
2016-11-14 04:54:21 -05:00
goto out;
curagent->flags |= SPOE_FL_CONT_ON_ERR;
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[1], "set-on-error") == 0) {
MINOR: spoe: Add "option set-on-error" statement It defines the variable to set when an error occurred during an event processing. It will only be set when an error occurred in the scope of the transaction. As for all other variables define by the SPOE, it will be prefixed. So, if your variable name is "error" and your prefix is "my_spoe_pfx", the variable will be "txn.my_spoe_pfx.error". When set, the variable is the boolean "true". Note that if "option continue-on-error" is set, the variable is not automatically removed between events processing.
2016-11-16 09:36:19 -05:00
char *tmp;
if (!*args[2]) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d]: '%s %s' expects a value.\n",
file, linenum, args[0],
args[1]);
MINOR: spoe: Add "option set-on-error" statement It defines the variable to set when an error occurred during an event processing. It will only be set when an error occurred in the scope of the transaction. As for all other variables define by the SPOE, it will be prefixed. So, if your variable name is "error" and your prefix is "my_spoe_pfx", the variable will be "txn.my_spoe_pfx.error". When set, the variable is the boolean "true". Note that if "option continue-on-error" is set, the variable is not automatically removed between events processing.
2016-11-16 09:36:19 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing
2017-02-23 16:52:39 -05:00
if (alertif_too_many_args(2, file, linenum, args, &err_code))
goto out;
MINOR: spoe: Add "option set-on-error" statement It defines the variable to set when an error occurred during an event processing. It will only be set when an error occurred in the scope of the transaction. As for all other variables define by the SPOE, it will be prefixed. So, if your variable name is "error" and your prefix is "my_spoe_pfx", the variable will be "txn.my_spoe_pfx.error". When set, the variable is the boolean "true". Note that if "option continue-on-error" is set, the variable is not automatically removed between events processing.
2016-11-16 09:36:19 -05:00
tmp = args[2];
while (*tmp) {
BUILD: general: always pass unsigned chars to is* functions The isalnum(), isalpha(), isdigit() etc functions from ctype.h are supposed to take an int in argument which must either reflect an unsigned char or EOF. In practice on some platforms they're implemented as macros referencing an array, and when passed a char, they either cause a warning "array subscript has type 'char'" when lucky, or cause random segfaults when unlucky. It's quite unconvenient by the way since none of them may return true for negative values. The recent introduction of cygwin to the list of regularly tested build platforms revealed a lot of breakage there due to the same issues again. So this patch addresses the problem all over the code at once. It adds unsigned char casts to every valid use case, and also drops the unneeded double cast to int that was sometimes added on top of it. It may be backported by dropping irrelevant changes if that helps better support uncommon platforms. It's unlikely to fix bugs on platforms which would already not emit any warning though.
2020-02-25 02:16:33 -05:00
if (!isalnum((unsigned char)*tmp) && *tmp != '_' && *tmp != '.') {
BUG/MINOR: spoe: Mistake in error message about SPOE configuration The announced accepted chars are "[a-zA-Z_-.]", but the real accepted alphabet is "[a-zA-Z0-9_.]". Numbers are supported and "-" is not supported. This patch should be backported to 1.8 and 1.7
2018-05-10 10:41:26 -04:00
ha_alert("parsing [%s:%d]: '%s %s' only supports [a-zA-Z0-9_.] chars.\n",
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
file, linenum, args[0], args[1]);
MINOR: spoe: Add "option set-on-error" statement It defines the variable to set when an error occurred during an event processing. It will only be set when an error occurred in the scope of the transaction. As for all other variables define by the SPOE, it will be prefixed. So, if your variable name is "error" and your prefix is "my_spoe_pfx", the variable will be "txn.my_spoe_pfx.error". When set, the variable is the boolean "true". Note that if "option continue-on-error" is set, the variable is not automatically removed between events processing.
2016-11-16 09:36:19 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tmp++;
}
curagent->var_on_error = strdup(args[2]);
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[1], "set-process-time") == 0) {
MINOR: spoe: Add options to store processing times in variables "set-process-time" and "set-total-time" options have been added to store processing times in the transaction scope, at each event and group processing, the current one and the total one. So it is possible to get them. TODO: documentation
2018-03-22 04:08:20 -04:00
char *tmp;
if (!*args[2]) {
ha_alert("parsing [%s:%d]: '%s %s' expects a value.\n",
file, linenum, args[0],
args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (alertif_too_many_args(2, file, linenum, args, &err_code))
goto out;
tmp = args[2];
while (*tmp) {
BUILD: general: always pass unsigned chars to is* functions The isalnum(), isalpha(), isdigit() etc functions from ctype.h are supposed to take an int in argument which must either reflect an unsigned char or EOF. In practice on some platforms they're implemented as macros referencing an array, and when passed a char, they either cause a warning "array subscript has type 'char'" when lucky, or cause random segfaults when unlucky. It's quite unconvenient by the way since none of them may return true for negative values. The recent introduction of cygwin to the list of regularly tested build platforms revealed a lot of breakage there due to the same issues again. So this patch addresses the problem all over the code at once. It adds unsigned char casts to every valid use case, and also drops the unneeded double cast to int that was sometimes added on top of it. It may be backported by dropping irrelevant changes if that helps better support uncommon platforms. It's unlikely to fix bugs on platforms which would already not emit any warning though.
2020-02-25 02:16:33 -05:00
if (!isalnum((unsigned char)*tmp) && *tmp != '_' && *tmp != '.') {
BUG/MINOR: spoe: Mistake in error message about SPOE configuration The announced accepted chars are "[a-zA-Z_-.]", but the real accepted alphabet is "[a-zA-Z0-9_.]". Numbers are supported and "-" is not supported. This patch should be backported to 1.8 and 1.7
2018-05-10 10:41:26 -04:00
ha_alert("parsing [%s:%d]: '%s %s' only supports [a-zA-Z0-9_.] chars.\n",
MINOR: spoe: Add options to store processing times in variables "set-process-time" and "set-total-time" options have been added to store processing times in the transaction scope, at each event and group processing, the current one and the total one. So it is possible to get them. TODO: documentation
2018-03-22 04:08:20 -04:00
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tmp++;
}
curagent->var_t_process = strdup(args[2]);
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[1], "set-total-time") == 0) {
MINOR: spoe: Add options to store processing times in variables "set-process-time" and "set-total-time" options have been added to store processing times in the transaction scope, at each event and group processing, the current one and the total one. So it is possible to get them. TODO: documentation
2018-03-22 04:08:20 -04:00
char *tmp;
if (!*args[2]) {
ha_alert("parsing [%s:%d]: '%s %s' expects a value.\n",
file, linenum, args[0],
args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (alertif_too_many_args(2, file, linenum, args, &err_code))
goto out;
tmp = args[2];
while (*tmp) {
BUILD: general: always pass unsigned chars to is* functions The isalnum(), isalpha(), isdigit() etc functions from ctype.h are supposed to take an int in argument which must either reflect an unsigned char or EOF. In practice on some platforms they're implemented as macros referencing an array, and when passed a char, they either cause a warning "array subscript has type 'char'" when lucky, or cause random segfaults when unlucky. It's quite unconvenient by the way since none of them may return true for negative values. The recent introduction of cygwin to the list of regularly tested build platforms revealed a lot of breakage there due to the same issues again. So this patch addresses the problem all over the code at once. It adds unsigned char casts to every valid use case, and also drops the unneeded double cast to int that was sometimes added on top of it. It may be backported by dropping irrelevant changes if that helps better support uncommon platforms. It's unlikely to fix bugs on platforms which would already not emit any warning though.
2020-02-25 02:16:33 -05:00
if (!isalnum((unsigned char)*tmp) && *tmp != '_' && *tmp != '.') {
BUG/MINOR: spoe: Mistake in error message about SPOE configuration The announced accepted chars are "[a-zA-Z_-.]", but the real accepted alphabet is "[a-zA-Z0-9_.]". Numbers are supported and "-" is not supported. This patch should be backported to 1.8 and 1.7
2018-05-10 10:41:26 -04:00
ha_alert("parsing [%s:%d]: '%s %s' only supports [a-zA-Z0-9_.] chars.\n",
MINOR: spoe: Add options to store processing times in variables "set-process-time" and "set-total-time" options have been added to store processing times in the transaction scope, at each event and group processing, the current one and the total one. So it is possible to get them. TODO: documentation
2018-03-22 04:08:20 -04:00
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
tmp++;
}
curagent->var_t_total = strdup(args[2]);
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
else {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d]: option '%s' is not supported.\n",
file, linenum, args[1]);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[0], "maxconnrate") == 0) {
MINOR: spoe: Add "maxconnrate" and "maxerrrate" statements "maxconnrate" is the maximum number of connections per second. The SPOE will stop to open new connections if the maximum is reached and will wait to acquire an existing one. "maxerrrate" is the maximum number of errors per second. The SPOE will stop its processing if the maximum is reached. These options replace hardcoded macros MAX_NEW_SPOE_APPLETS and MAX_NEW_SPOE_APPLET_ERRS. We use it to limit SPOE activity, especially when servers are down..
2016-11-16 09:01:12 -05:00
if (!*args[1]) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : '%s' expects an integer argument.\n",
file, linenum, args[0]);
MINOR: spoe: Add "maxconnrate" and "maxerrrate" statements "maxconnrate" is the maximum number of connections per second. The SPOE will stop to open new connections if the maximum is reached and will wait to acquire an existing one. "maxerrrate" is the maximum number of errors per second. The SPOE will stop its processing if the maximum is reached. These options replace hardcoded macros MAX_NEW_SPOE_APPLETS and MAX_NEW_SPOE_APPLET_ERRS. We use it to limit SPOE activity, especially when servers are down..
2016-11-16 09:01:12 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MAJOR: spoe: Remove idle applets and pipelining support Management of idle applets is removed. Consequently, the pipelining support is also removed. It is a huge change but it should be transparent for the agents, except regarding the performances. Of course, being able to reuse already openned connections and being able to multiplex frames on a given connection is a must have. These features will be restored later. hello and idle timeout are not longer used. Because an applet is spawned to process a NOTIFY frame and closed after receiving the ACK reply, the processing timeout is the only one required. In addition, the parameters to limit the SPOE applet creation are no longer used too. The related issue is #2502.
2024-06-17 12:17:11 -04:00
/* TODO: Add a warning or a diag ? Ignore it for now */
MINOR: spoe: Add "maxconnrate" and "maxerrrate" statements "maxconnrate" is the maximum number of connections per second. The SPOE will stop to open new connections if the maximum is reached and will wait to acquire an existing one. "maxerrrate" is the maximum number of errors per second. The SPOE will stop its processing if the maximum is reached. These options replace hardcoded macros MAX_NEW_SPOE_APPLETS and MAX_NEW_SPOE_APPLET_ERRS. We use it to limit SPOE activity, especially when servers are down..
2016-11-16 09:01:12 -05:00
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[0], "maxerrrate") == 0) {
MINOR: spoe: Add "maxconnrate" and "maxerrrate" statements "maxconnrate" is the maximum number of connections per second. The SPOE will stop to open new connections if the maximum is reached and will wait to acquire an existing one. "maxerrrate" is the maximum number of errors per second. The SPOE will stop its processing if the maximum is reached. These options replace hardcoded macros MAX_NEW_SPOE_APPLETS and MAX_NEW_SPOE_APPLET_ERRS. We use it to limit SPOE activity, especially when servers are down..
2016-11-16 09:01:12 -05:00
if (!*args[1]) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : '%s' expects an integer argument.\n",
file, linenum, args[0]);
MINOR: spoe: Add "maxconnrate" and "maxerrrate" statements "maxconnrate" is the maximum number of connections per second. The SPOE will stop to open new connections if the maximum is reached and will wait to acquire an existing one. "maxerrrate" is the maximum number of errors per second. The SPOE will stop its processing if the maximum is reached. These options replace hardcoded macros MAX_NEW_SPOE_APPLETS and MAX_NEW_SPOE_APPLET_ERRS. We use it to limit SPOE activity, especially when servers are down..
2016-11-16 09:01:12 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MAJOR: spoe: Remove idle applets and pipelining support Management of idle applets is removed. Consequently, the pipelining support is also removed. It is a huge change but it should be transparent for the agents, except regarding the performances. Of course, being able to reuse already openned connections and being able to multiplex frames on a given connection is a must have. These features will be restored later. hello and idle timeout are not longer used. Because an applet is spawned to process a NOTIFY frame and closed after receiving the ACK reply, the processing timeout is the only one required. In addition, the parameters to limit the SPOE applet creation are no longer used too. The related issue is #2502.
2024-06-17 12:17:11 -04:00
/* TODO: Add a warning or a diag ? Ignore it for now */
MINOR: spoe: Add "maxconnrate" and "maxerrrate" statements "maxconnrate" is the maximum number of connections per second. The SPOE will stop to open new connections if the maximum is reached and will wait to acquire an existing one. "maxerrrate" is the maximum number of errors per second. The SPOE will stop its processing if the maximum is reached. These options replace hardcoded macros MAX_NEW_SPOE_APPLETS and MAX_NEW_SPOE_APPLET_ERRS. We use it to limit SPOE activity, especially when servers are down..
2016-11-16 09:01:12 -05:00
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[0], "max-frame-size") == 0) {
MINOR: spoe: Add "max-frame-size" statement in spoe-agent section As its named said, this statement customize the maximum allowed size for frames exchanged between HAProxy and SPOAs. It should be greater than or equal to 256 and less than or equal to (tune.bufsize - 4) (4 bytes are reserved to the frame length).
2017-02-27 03:40:34 -05:00
if (!*args[1]) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : '%s' expects an integer argument.\n",
file, linenum, args[0]);
MINOR: spoe: Add "max-frame-size" statement in spoe-agent section As its named said, this statement customize the maximum allowed size for frames exchanged between HAProxy and SPOAs. It should be greater than or equal to 256 and less than or equal to (tune.bufsize - 4) (4 bytes are reserved to the frame length).
2017-02-27 03:40:34 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
curagent->max_frame_size = atol(args[1]);
MINOR: spoe: Rename some flags and constant to use SPOP prefix A SPOP multiplexer will be added. Many flags, constants and structures will be remove from the applet scope. So the "SPOP" prefix is used instead of "SPOE", to be consistent. The related issue is #2502.
2024-07-04 04:53:43 -04:00
if (curagent->max_frame_size < SPOP_MIN_FRAME_SIZE ||
curagent->max_frame_size > SPOP_MAX_FRAME_SIZE) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : '%s' expects a positive integer argument in the range [%d, %d].\n",
MINOR: spoe: Rename some flags and constant to use SPOP prefix A SPOP multiplexer will be added. Many flags, constants and structures will be remove from the applet scope. So the "SPOP" prefix is used instead of "SPOE", to be consistent. The related issue is #2502.
2024-07-04 04:53:43 -04:00
file, linenum, args[0], SPOP_MIN_FRAME_SIZE, SPOP_MAX_FRAME_SIZE);
MINOR: spoe: Add "max-frame-size" statement in spoe-agent section As its named said, this statement customize the maximum allowed size for frames exchanged between HAProxy and SPOAs. It should be greater than or equal to 256 and less than or equal to (tune.bufsize - 4) (4 bytes are reserved to the frame length).
2017-02-27 03:40:34 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[0], "max-waiting-frames") == 0) {
MINOR: spoe: Add max-waiting-frames directive in spoe-agent configuration This is the maximum number of frames waiting for an acknowledgement on the same connection. This value is only used when the pipelinied or asynchronus exchanges between HAProxy and SPOA are enabled. By default, it is set to 20.
2018-01-25 09:32:22 -05:00
if (!*args[1]) {
ha_alert("parsing [%s:%d] : '%s' expects an integer argument.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
if (alertif_too_many_args(1, file, linenum, args, &err_code))
goto out;
MAJOR: spoe: Remove idle applets and pipelining support Management of idle applets is removed. Consequently, the pipelining support is also removed. It is a huge change but it should be transparent for the agents, except regarding the performances. Of course, being able to reuse already openned connections and being able to multiplex frames on a given connection is a must have. These features will be restored later. hello and idle timeout are not longer used. Because an applet is spawned to process a NOTIFY frame and closed after receiving the ACK reply, the processing timeout is the only one required. In addition, the parameters to limit the SPOE applet creation are no longer used too. The related issue is #2502.
2024-06-17 12:17:11 -04:00
/* TODO: Add a warning or a diag ? Ignore it for now */
MINOR: spoe: Add max-waiting-frames directive in spoe-agent configuration This is the maximum number of frames waiting for an acknowledgement on the same connection. This value is only used when the pipelinied or asynchronus exchanges between HAProxy and SPOA are enabled. By default, it is set to 20.
2018-01-25 09:32:22 -05:00
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[0], "register-var-names") == 0) {
MINOR: spoe: add register-var-names directive in spoe-agent configuration In addition to "option force-set-var", recently added, this directive can be used to selectivelly register unknown variable names, without totally relaxing their registration during the runtime, like "option force-set-var" does. So there is no way for a malicious agent to exhaust memory by defining a too high number of variable names. In other hand, you need to enumerate all variable names. This could be painfull in some circumstances. Remember, this directive is only usefull when the variable names are not referenced anywhere in the HAProxy configuration or the SPOE one. Thanks to Etienne Carrire for his help on this part.
2017-12-22 04:00:55 -05:00
int cur_arg;
if (!*args[1]) {
ha_alert("parsing [%s:%d] : '%s' expects one or more variable names.\n",
file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
cur_arg = 1;
while (*args[cur_arg]) {
struct spoe_var_placeholder *vph;
if ((vph = calloc(1, sizeof(*vph))) == NULL) {
ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
if ((vph->name = strdup(args[cur_arg])) == NULL) {
BUG/MINOR: spoe: Fix memory leak if failing to allocate memory Technically harmless, but it annoys clang analyzer. This bug was introduced in 336d3ef0e77192582c98b3c578927a529ceadd9b. This fix should be backported to HAProxy 1.9+.
2019-06-23 16:10:13 -04:00
free(vph);
MINOR: spoe: add register-var-names directive in spoe-agent configuration In addition to "option force-set-var", recently added, this directive can be used to selectivelly register unknown variable names, without totally relaxing their registration during the runtime, like "option force-set-var" does. So there is no way for a malicious agent to exhaust memory by defining a too high number of variable names. In other hand, you need to enumerate all variable names. This could be painfull in some circumstances. Remember, this directive is only usefull when the variable names are not referenced anywhere in the HAProxy configuration or the SPOE one. Thanks to Etienne Carrire for his help on this part.
2017-12-22 04:00:55 -05:00
ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum);
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_APPEND(&curvars, &vph->list);
MINOR: spoe: add register-var-names directive in spoe-agent configuration In addition to "option force-set-var", recently added, this directive can be used to selectivelly register unknown variable names, without totally relaxing their registration during the runtime, like "option force-set-var" does. So there is no way for a malicious agent to exhaust memory by defining a too high number of variable names. In other hand, you need to enumerate all variable names. This could be painfull in some circumstances. Remember, this directive is only usefull when the variable names are not referenced anywhere in the HAProxy configuration or the SPOE one. Thanks to Etienne Carrire for his help on this part.
2017-12-22 04:00:55 -05:00
cur_arg++;
}
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[0], "log") == 0) {
MINOR: spoe: Add loggers dedicated to the SPOE agent Now it is possible to configure a logger in a spoe-agent section using a "log" line, as for a proxy. "no log", "log global" and "log <address> ..." syntaxes are supported.
2018-03-26 11:19:01 -04:00
char *errmsg = NULL;
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
if (!parse_logger(args, &curloggers, (kwm == 1), file, linenum, &errmsg)) {
MINOR: spoe: Add loggers dedicated to the SPOE agent Now it is possible to configure a logger in a spoe-agent section using a "log" line, as for a proxy. "no log", "log global" and "log <address> ..." syntaxes are supported.
2018-03-26 11:19:01 -04:00
ha_alert("parsing [%s:%d] : %s : %s\n", file, linenum, args[0], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
else if (*args[0]) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : unknown keyword '%s' in spoe-agent section.\n",
file, linenum, args[0]);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
out:
return err_code;
}
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int cfg_parse_spoe_group(const char *file, int linenum, char **args, int kwm)
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
{
struct spoe_group *grp;
const char *err;
int err_code = 0;
if ((cfg_scope == NULL && curengine != NULL) ||
(cfg_scope != NULL && curengine == NULL) ||
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
(curengine != NULL && cfg_scope != NULL && strcmp(curengine, cfg_scope) != 0))
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
goto out;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(args[0], "spoe-group") == 0) { /* new spoe-group section */
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
if (!*args[1]) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : missing name for spoe-group section.\n",
file, linenum);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
if (alertif_too_many_args(1, file, linenum, args, &err_code)) {
err_code |= ERR_ABORT;
goto out;
}
err = invalid_char(args[1]);
if (err) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : character '%c' is not permitted in '%s' name '%s'.\n",
file, linenum, *err, args[0], args[1]);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
list_for_each_entry(grp, &curgrps, list) {
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(grp->id, args[1]) == 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d]: spoe-group section '%s' has the same"
" name as another one declared at %s:%d.\n",
file, linenum, args[1], grp->conf.file, grp->conf.line);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
if ((curgrp = calloc(1, sizeof(*curgrp))) == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
curgrp->id = strdup(args[1]);
curgrp->conf.file = strdup(file);
curgrp->conf.line = linenum;
LIST_INIT(&curgrp->phs);
LIST_INIT(&curgrp->messages);
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_APPEND(&curgrps, &curgrp->list);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[0], "messages") == 0) {
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
int cur_arg = 1;
while (*args[cur_arg]) {
struct spoe_placeholder *ph = NULL;
list_for_each_entry(ph, &curgrp->phs, list) {
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(ph->id, args[cur_arg]) == 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d]: spoe-message '%s' already used.\n",
file, linenum, args[cur_arg]);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
if ((ph = calloc(1, sizeof(*ph))) == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
ph->id = strdup(args[cur_arg]);
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_APPEND(&curgrp->phs, &ph->list);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
cur_arg++;
}
}
else if (*args[0]) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : unknown keyword '%s' in spoe-group section.\n",
file, linenum, args[0]);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
out:
return err_code;
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int cfg_parse_spoe_message(const char *file, int linenum, char **args, int kwm)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
struct spoe_message *msg;
struct spoe_arg *arg;
const char *err;
char *errmsg = NULL;
int err_code = 0;
if ((cfg_scope == NULL && curengine != NULL) ||
(cfg_scope != NULL && curengine == NULL) ||
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
(curengine != NULL && cfg_scope != NULL && strcmp(curengine, cfg_scope) != 0))
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
goto out;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(args[0], "spoe-message") == 0) { /* new spoe-message section */
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
if (!*args[1]) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : missing name for spoe-message section.\n",
file, linenum);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing
2017-02-23 16:52:39 -05:00
if (alertif_too_many_args(1, file, linenum, args, &err_code)) {
err_code |= ERR_ABORT;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
goto out;
}
err = invalid_char(args[1]);
if (err) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : character '%c' is not permitted in '%s' name '%s'.\n",
file, linenum, *err, args[0], args[1]);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
list_for_each_entry(msg, &curmsgs, list) {
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(msg->id, args[1]) == 0) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d]: spoe-message section '%s' has the same"
" name as another one declared at %s:%d.\n",
file, linenum, args[1], msg->conf.file, msg->conf.line);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
if ((curmsg = calloc(1, sizeof(*curmsg))) == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
curmsg->id = strdup(args[1]);
curmsg->id_len = strlen(curmsg->id);
curmsg->event = SPOE_EV_NONE;
curmsg->conf.file = strdup(file);
curmsg->conf.line = linenum;
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames Now, agents can announce the support for the "fragmentation" capability during the HELLO handshake. HAProxy will never announce it because fragmented frame decoding is not implemented yet. But it can send such kind of frames. So, if an agent supports this capability, payloads exceeding the frame size will be split. A fragemented payload consists of several frames with the FIN bit clear and terminated by a single frame with the FIN bit set. All these frames must share the same STREAM-ID and FRAME-ID. Note that an unfragemnted payload consists of a single frame with the FIN bit set. And HELLO and DISCONNECT frames cannot be fragmented. This means that only NOTIFY frames can transport fragmented payload for now.
2017-01-19 04:01:12 -05:00
curmsg->nargs = 0;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
LIST_INIT(&curmsg->args);
MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages Now, it is possible to conditionnaly send a SPOE message by adding an ACL-based condition on the "event" line, in a "spoe-message" section. Here is the example coming for the SPOE documentation: spoe-message get-ip-reputation args ip=src event on-client-session if ! { src -f /etc/haproxy/whitelist.lst } To avoid mixin with proxy's ACLs, each SPOE message has its private ACL list. It possible to declare named ACLs in "spoe-message" section, using the same syntax than for proxies. So we can rewrite the previous example to use a named ACL: spoe-message get-ip-reputation args ip=src acl ip-whitelisted src -f /etc/haproxy/whitelist.lst event on-client-session if ! ip-whitelisted ACL-based conditions are executed in the context of the stream that handle the client and the server connections.
2017-09-04 09:41:09 -04:00
LIST_INIT(&curmsg->acls);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
LIST_INIT(&curmsg->by_evt);
LIST_INIT(&curmsg->by_grp);
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_APPEND(&curmsgs, &curmsg->list);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[0], "args") == 0) {
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
int cur_arg = 1;
curproxy->conf.args.ctx = ARGC_SPOE;
curproxy->conf.args.file = file;
curproxy->conf.args.line = linenum;
while (*args[cur_arg]) {
char *delim = strchr(args[cur_arg], '=');
int idx = 0;
if ((arg = calloc(1, sizeof(*arg))) == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
if (!delim) {
arg->name = NULL;
arg->name_len = 0;
delim = args[cur_arg];
}
else {
arg->name = my_strndup(args[cur_arg], delim - args[cur_arg]);
arg->name_len = delim - args[cur_arg];
delim++;
}
BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section The array of pointers passed to sample_parse_expr was not really an array but a pointer to pointer. So it can easily lead to a segfault during the configuration parsing.
2017-02-23 16:41:09 -05:00
arg->expr = sample_parse_expr((char*[]){delim, NULL},
&idx, file, linenum, &errmsg,
MINOR: sample: make sample_parse_expr() able to return an end pointer When an end pointer is passed, instead of complaining that a comma is missing after a keyword, sample_parse_expr() will silently return the pointer to the current location into this return pointer so that the caller can continue its parsing. This will be used by more complex expressions which embed sample expressions, and may even permit to embed sample expressions into arguments of other expressions.
2020-02-14 10:50:14 -05:00
&curproxy->conf.args, NULL);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
if (arg->expr == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : '%s': %s.\n", file, linenum, args[0], errmsg);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
free(arg->name);
free(arg);
goto out;
}
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames Now, agents can announce the support for the "fragmentation" capability during the HELLO handshake. HAProxy will never announce it because fragmented frame decoding is not implemented yet. But it can send such kind of frames. So, if an agent supports this capability, payloads exceeding the frame size will be split. A fragemented payload consists of several frames with the FIN bit clear and terminated by a single frame with the FIN bit set. All these frames must share the same STREAM-ID and FRAME-ID. Note that an unfragemnted payload consists of a single frame with the FIN bit set. And HELLO and DISCONNECT frames cannot be fragmented. This means that only NOTIFY frames can transport fragmented payload for now.
2017-01-19 04:01:12 -05:00
curmsg->nargs++;
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_APPEND(&curmsg->args, &arg->list);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
cur_arg++;
}
curproxy->conf.args.file = NULL;
curproxy->conf.args.line = 0;
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[0], "acl") == 0) {
MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages Now, it is possible to conditionnaly send a SPOE message by adding an ACL-based condition on the "event" line, in a "spoe-message" section. Here is the example coming for the SPOE documentation: spoe-message get-ip-reputation args ip=src event on-client-session if ! { src -f /etc/haproxy/whitelist.lst } To avoid mixin with proxy's ACLs, each SPOE message has its private ACL list. It possible to declare named ACLs in "spoe-message" section, using the same syntax than for proxies. So we can rewrite the previous example to use a named ACL: spoe-message get-ip-reputation args ip=src acl ip-whitelisted src -f /etc/haproxy/whitelist.lst event on-client-session if ! ip-whitelisted ACL-based conditions are executed in the context of the stream that handle the client and the server connections.
2017-09-04 09:41:09 -04:00
err = invalid_char(args[1]);
if (err) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : character '%c' is not permitted in acl name '%s'.\n",
file, linenum, *err, args[1]);
MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages Now, it is possible to conditionnaly send a SPOE message by adding an ACL-based condition on the "event" line, in a "spoe-message" section. Here is the example coming for the SPOE documentation: spoe-message get-ip-reputation args ip=src event on-client-session if ! { src -f /etc/haproxy/whitelist.lst } To avoid mixin with proxy's ACLs, each SPOE message has its private ACL list. It possible to declare named ACLs in "spoe-message" section, using the same syntax than for proxies. So we can rewrite the previous example to use a named ACL: spoe-message get-ip-reputation args ip=src acl ip-whitelisted src -f /etc/haproxy/whitelist.lst event on-client-session if ! ip-whitelisted ACL-based conditions are executed in the context of the stream that handle the client and the server connections.
2017-09-04 09:41:09 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MINOR: acl: Warn when an ACL is named 'or' Consider a configuration like this: > acl t always_true > acl or always_false > > http-response set-header Foo Bar if t or t The 'or' within the condition will be treated as a logical disjunction and the header will be set, despite the ACL 'or' being falsy. This patch makes it an error to declare such an ACL that will never work. This patch may be backported to stable releases, turning the error into a warning only (the code was written in a way to make this trivial). It should not break anything and might improve the users' lifes.
2020-02-05 15:00:50 -05:00
if (strcasecmp(args[1], "or") == 0) {
BUG/MINOR: acl: Fix type of log message when an acl is named 'or' The patch adding this check initially only issued a warning, instead of being fatal. It was changed before committing. However when making this change the type of the log message was not changed from `ha_warning` to `ha-alert`. This patch makes this forgotten adjustment. see 0cf811a5f941261176b67046dbc542d0479ff4a7 No backport needed. The initial patch was backported as a warning, thus the log message type is correct.
2020-02-06 16:04:03 -05:00
ha_alert("parsing [%s:%d] : acl name '%s' will never match. 'or' is used to express a "
MINOR: acl: Warn when an ACL is named 'or' Consider a configuration like this: > acl t always_true > acl or always_false > > http-response set-header Foo Bar if t or t The 'or' within the condition will be treated as a logical disjunction and the header will be set, despite the ACL 'or' being falsy. This patch makes it an error to declare such an ACL that will never work. This patch may be backported to stable releases, turning the error into a warning only (the code was written in a way to make this trivial). It should not break anything and might improve the users' lifes.
2020-02-05 15:00:50 -05:00
"logical disjunction within a condition.\n",
file, linenum, args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages Now, it is possible to conditionnaly send a SPOE message by adding an ACL-based condition on the "event" line, in a "spoe-message" section. Here is the example coming for the SPOE documentation: spoe-message get-ip-reputation args ip=src event on-client-session if ! { src -f /etc/haproxy/whitelist.lst } To avoid mixin with proxy's ACLs, each SPOE message has its private ACL list. It possible to declare named ACLs in "spoe-message" section, using the same syntax than for proxies. So we can rewrite the previous example to use a named ACL: spoe-message get-ip-reputation args ip=src acl ip-whitelisted src -f /etc/haproxy/whitelist.lst event on-client-session if ! ip-whitelisted ACL-based conditions are executed in the context of the stream that handle the client and the server connections.
2017-09-04 09:41:09 -04:00
if (parse_acl((const char **)args + 1, &curmsg->acls, &errmsg, &curproxy->conf.args, file, linenum) == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : error detected while parsing ACL '%s' : %s.\n",
file, linenum, args[1], errmsg);
MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages Now, it is possible to conditionnaly send a SPOE message by adding an ACL-based condition on the "event" line, in a "spoe-message" section. Here is the example coming for the SPOE documentation: spoe-message get-ip-reputation args ip=src event on-client-session if ! { src -f /etc/haproxy/whitelist.lst } To avoid mixin with proxy's ACLs, each SPOE message has its private ACL list. It possible to declare named ACLs in "spoe-message" section, using the same syntax than for proxies. So we can rewrite the previous example to use a named ACL: spoe-message get-ip-reputation args ip=src acl ip-whitelisted src -f /etc/haproxy/whitelist.lst event on-client-session if ! ip-whitelisted ACL-based conditions are executed in the context of the stream that handle the client and the server connections.
2017-09-04 09:41:09 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[0], "event") == 0) {
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
if (!*args[1]) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : missing event name.\n", file, linenum);
MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing
2017-02-23 16:52:39 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
goto out;
}
MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages Now, it is possible to conditionnaly send a SPOE message by adding an ACL-based condition on the "event" line, in a "spoe-message" section. Here is the example coming for the SPOE documentation: spoe-message get-ip-reputation args ip=src event on-client-session if ! { src -f /etc/haproxy/whitelist.lst } To avoid mixin with proxy's ACLs, each SPOE message has its private ACL list. It possible to declare named ACLs in "spoe-message" section, using the same syntax than for proxies. So we can rewrite the previous example to use a named ACL: spoe-message get-ip-reputation args ip=src acl ip-whitelisted src -f /etc/haproxy/whitelist.lst event on-client-session if ! ip-whitelisted ACL-based conditions are executed in the context of the stream that handle the client and the server connections.
2017-09-04 09:41:09 -04:00
/* if (alertif_too_many_args(1, file, linenum, args, &err_code)) */
/* goto out; */
MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing
2017-02-23 16:52:39 -05:00
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(args[1], spoe_event_str[SPOE_EV_ON_CLIENT_SESS]) == 0)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
curmsg->event = SPOE_EV_ON_CLIENT_SESS;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[1], spoe_event_str[SPOE_EV_ON_SERVER_SESS]) == 0)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
curmsg->event = SPOE_EV_ON_SERVER_SESS;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[1], spoe_event_str[SPOE_EV_ON_TCP_REQ_FE]) == 0)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
curmsg->event = SPOE_EV_ON_TCP_REQ_FE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[1], spoe_event_str[SPOE_EV_ON_TCP_REQ_BE]) == 0)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
curmsg->event = SPOE_EV_ON_TCP_REQ_BE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[1], spoe_event_str[SPOE_EV_ON_TCP_RSP]) == 0)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
curmsg->event = SPOE_EV_ON_TCP_RSP;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[1], spoe_event_str[SPOE_EV_ON_HTTP_REQ_FE]) == 0)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
curmsg->event = SPOE_EV_ON_HTTP_REQ_FE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[1], spoe_event_str[SPOE_EV_ON_HTTP_REQ_BE]) == 0)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
curmsg->event = SPOE_EV_ON_HTTP_REQ_BE;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[1], spoe_event_str[SPOE_EV_ON_HTTP_RSP]) == 0)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
curmsg->event = SPOE_EV_ON_HTTP_RSP;
else {
MINOR: Fix a typo in a warning message in the spoe subsystem Fix a typo in a user-facing message of the spoe subsystem.
2018-11-15 16:49:02 -05:00
ha_alert("parsing [%s:%d] : unknown event '%s'.\n",
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
file, linenum, args[1]);
MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing
2017-02-23 16:52:39 -05:00
err_code |= ERR_ALERT | ERR_FATAL;
MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages Now, it is possible to conditionnaly send a SPOE message by adding an ACL-based condition on the "event" line, in a "spoe-message" section. Here is the example coming for the SPOE documentation: spoe-message get-ip-reputation args ip=src event on-client-session if ! { src -f /etc/haproxy/whitelist.lst } To avoid mixin with proxy's ACLs, each SPOE message has its private ACL list. It possible to declare named ACLs in "spoe-message" section, using the same syntax than for proxies. So we can rewrite the previous example to use a named ACL: spoe-message get-ip-reputation args ip=src acl ip-whitelisted src -f /etc/haproxy/whitelist.lst event on-client-session if ! ip-whitelisted ACL-based conditions are executed in the context of the stream that handle the client and the server connections.
2017-09-04 09:41:09 -04:00
goto out;
}
if (strcmp(args[2], "if") == 0 || strcmp(args[2], "unless") == 0) {
struct acl_cond *cond;
cond = build_acl_cond(file, linenum, &curmsg->acls,
curproxy, (const char **)args+2,
&errmsg);
if (cond == NULL) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : error detected while "
"parsing an 'event %s' condition : %s.\n",
file, linenum, args[1], errmsg);
MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages Now, it is possible to conditionnaly send a SPOE message by adding an ACL-based condition on the "event" line, in a "spoe-message" section. Here is the example coming for the SPOE documentation: spoe-message get-ip-reputation args ip=src event on-client-session if ! { src -f /etc/haproxy/whitelist.lst } To avoid mixin with proxy's ACLs, each SPOE message has its private ACL list. It possible to declare named ACLs in "spoe-message" section, using the same syntax than for proxies. So we can rewrite the previous example to use a named ACL: spoe-message get-ip-reputation args ip=src acl ip-whitelisted src -f /etc/haproxy/whitelist.lst event on-client-session if ! ip-whitelisted ACL-based conditions are executed in the context of the stream that handle the client and the server connections.
2017-09-04 09:41:09 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
curmsg->cond = cond;
}
else if (*args[2]) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d]: 'event %s' expects either 'if' "
"or 'unless' followed by a condition but found '%s'.\n",
file, linenum, args[1], args[2]);
MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages Now, it is possible to conditionnaly send a SPOE message by adding an ACL-based condition on the "event" line, in a "spoe-message" section. Here is the example coming for the SPOE documentation: spoe-message get-ip-reputation args ip=src event on-client-session if ! { src -f /etc/haproxy/whitelist.lst } To avoid mixin with proxy's ACLs, each SPOE message has its private ACL list. It possible to declare named ACLs in "spoe-message" section, using the same syntax than for proxies. So we can rewrite the previous example to use a named ACL: spoe-message get-ip-reputation args ip=src acl ip-whitelisted src -f /etc/haproxy/whitelist.lst event on-client-session if ! ip-whitelisted ACL-based conditions are executed in the context of the stream that handle the client and the server connections.
2017-09-04 09:41:09 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
goto out;
}
}
else if (!*args[0]) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("parsing [%s:%d] : unknown keyword '%s' in spoe-message section.\n",
file, linenum, args[0]);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
out:
free(errmsg);
return err_code;
}
/* Return -1 on error, else 0 */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int parse_spoe_flt(char **args, int *cur_arg, struct proxy *px,
struct flt_conf *fconf, char **err, void *private)
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
{
struct list backup_sections;
struct spoe_config *conf;
struct spoe_message *msg, *msgback;
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
struct spoe_group *grp, *grpback;
struct spoe_placeholder *ph, *phback;
MINOR: spoe: add register-var-names directive in spoe-agent configuration In addition to "option force-set-var", recently added, this directive can be used to selectivelly register unknown variable names, without totally relaxing their registration during the runtime, like "option force-set-var" does. So there is no way for a malicious agent to exhaust memory by defining a too high number of variable names. In other hand, you need to enumerate all variable names. This could be painfull in some circumstances. Remember, this directive is only usefull when the variable names are not referenced anywhere in the HAProxy configuration or the SPOE one. Thanks to Etienne Carrire for his help on this part.
2017-12-22 04:00:55 -05:00
struct spoe_var_placeholder *vph, *vphback;
BUILD: spoe: fix build warning on older gcc around sub-struct initialization gcc-4.8 is unhappy with the cfg_file initialization: src/flt_spoe.c: In function 'parse_spoe_flt': src/flt_spoe.c:2202:9: warning: missing braces around initializer [-Wmissing-braces] struct cfgfile cfg_file = {0}; ^ src/flt_spoe.c:2202:9: warning: (near initialization for 'cfg_file.list') [-Wmissing-braces] This is due to the embedded list member. Initializing it to empty like we do almost everywhere else makes it happy. No backport is needed as this was changed in 3.1-dev5 only.
2024-10-23 09:10:45 -04:00
struct cfgfile cfg_file = { };
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
struct logger *logger, *loggerback;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
char *file = NULL, *engine = NULL;
int ret, pos = *cur_arg + 1;
BUG/MINOR: spoe: Initialize variables used during conf parsing before any check Some initializations must be done at the beginning of parse_spoe_flt to avoid segmentaion fault when first errors are catched, when the "filter spoe" line is parsed. This patch must be backported in 1.8. [cf: the variable "curvars" doesn't exist in 1.8. So the patch must be adapted.]
2018-03-23 09:37:14 -04:00
LIST_INIT(&curmsgs);
LIST_INIT(&curgrps);
LIST_INIT(&curmphs);
LIST_INIT(&curgphs);
LIST_INIT(&curvars);
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
LIST_INIT(&curloggers);
MINOR: spoe: Add support for option dontlog-normal in the SPOE agent section It does the same than for proxies.
2018-03-26 11:20:36 -04:00
curpxopts = 0;
curpxopts2 = 0;
BUG/MINOR: spoe: Initialize variables used during conf parsing before any check Some initializations must be done at the beginning of parse_spoe_flt to avoid segmentaion fault when first errors are catched, when the "filter spoe" line is parsed. This patch must be backported in 1.8. [cf: the variable "curvars" doesn't exist in 1.8. So the patch must be adapted.]
2018-03-23 09:37:14 -04:00
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
conf = calloc(1, sizeof(*conf));
if (conf == NULL) {
memprintf(err, "%s: out of memory", args[*cur_arg]);
goto error;
}
conf->proxy = px;
while (*args[pos]) {
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(args[pos], "config") == 0) {
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
if (!*args[pos+1]) {
memprintf(err, "'%s' : '%s' option without value",
args[*cur_arg], args[pos]);
goto error;
}
file = args[pos+1];
pos += 2;
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[pos], "engine") == 0) {
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
if (!*args[pos+1]) {
memprintf(err, "'%s' : '%s' option without value",
args[*cur_arg], args[pos]);
goto error;
}
engine = args[pos+1];
pos += 2;
}
else {
memprintf(err, "unknown keyword '%s'", args[pos]);
goto error;
}
}
if (file == NULL) {
memprintf(err, "'%s' : missing config file", args[*cur_arg]);
goto error;
}
/* backup sections and register SPOE sections */
LIST_INIT(&backup_sections);
cfg_backup_sections(&backup_sections);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
cfg_register_section("spoe-agent", cfg_parse_spoe_agent, NULL);
cfg_register_section("spoe-group", cfg_parse_spoe_group, NULL);
MEDIUM: cfgparse: post section callback This commit implements a post section callback. This callback will be used at the end of a section parsing. Every call to cfg_register_section must be modified to use the new prototype: int cfg_register_section(char *section_name, int (*section_parser)(const char *, int, char **, int), int (*post_section_parser)());
2017-10-16 05:06:50 -04:00
cfg_register_section("spoe-message", cfg_parse_spoe_message, NULL);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
/* Parse SPOE filter configuration file */
BUILD: cfgparse: keep a single "curproxy" Surprisingly, commit 00e00fb42 ("REORG: cfgparse: extract curproxy as a global variable") caused a build breakage on the CI but not on two developers' machines. It looks like it's dependent on the linker version used. What happens is that flt_spoe.c already has a curproxy struct which already is a copy of the one passed by the parser because it also needed it to be exported, so they now conflict. Let's just drop this unused copy.
2023-08-01 05:18:00 -04:00
BUG_ON(px != curproxy);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
curengine = engine;
curagent = NULL;
curmsg = NULL;
MEDIUM: startup: load and parse configs from memory Let's call load_cfg_in_ram() helper for each configuration file to load it's content in some area in memory. Adapt readcfgfile() parser function respectively. In order to limit changes in its scope we give as an argument a cfgfile structure, already filled in init_args() and in load_cfg_in_ram() with file metadata and content. Parser function (readcfgfile()) uses now fgets_from_mem() instead of standard fgets from libc implementations. SPOE filter parses its own configuration file, pointed by 'config' keyword in the configuration already loaded in memory. So, let's allocate and fill for this a supplementary cfgfile structure, which is not referenced in cfg_cfgfiles list. This structure and the memory with content of SPOE filter configuration are freed immediately in parse_spoe_flt(), when readcfgfile() returns. HAProxy OpenTracing filter also uses its own configuration file. So, let's follow the same logic as we do for SPOE filter.
2024-08-07 10:53:50 -04:00
/* load the content of SPOE config file from cfg_file.filename into some
* area in .heap. readcfgfile() now parses the content of config files
* stored in RAM as separate chunks (see struct cfgfile in cfgparse.h),
* these chunks chained in cfg_cfgfiles global list.
*/
cfg_file.filename = file;
cfg_file.size = load_cfg_in_mem(file, &cfg_file.content);
if (cfg_file.size < 0) {
goto error;
}
MINOR: startup: rename readcfgfile in parse_cfg As readcfgfile no longer opens configuration files and reads them with fgets, but performs only the parsing of provided data, let's rename it to parse_cfg by analogy with read_cfg in haproxy.c.
2024-08-05 04:04:03 -04:00
ret = parse_cfg(&cfg_file);
MEDIUM: startup: load and parse configs from memory Let's call load_cfg_in_ram() helper for each configuration file to load it's content in some area in memory. Adapt readcfgfile() parser function respectively. In order to limit changes in its scope we give as an argument a cfgfile structure, already filled in init_args() and in load_cfg_in_ram() with file metadata and content. Parser function (readcfgfile()) uses now fgets_from_mem() instead of standard fgets from libc implementations. SPOE filter parses its own configuration file, pointed by 'config' keyword in the configuration already loaded in memory. So, let's allocate and fill for this a supplementary cfgfile structure, which is not referenced in cfg_cfgfiles list. This structure and the memory with content of SPOE filter configuration are freed immediately in parse_spoe_flt(), when readcfgfile() returns. HAProxy OpenTracing filter also uses its own configuration file. So, let's follow the same logic as we do for SPOE filter.
2024-08-07 10:53:50 -04:00
ha_free(&cfg_file.content);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
/* unregister SPOE sections and restore previous sections */
cfg_unregister_sections();
cfg_restore_sections(&backup_sections);
if (ret == -1) {
memprintf(err, "Could not open configuration file %s : %s",
file, strerror(errno));
goto error;
}
if (ret & (ERR_ABORT|ERR_FATAL)) {
memprintf(err, "Error(s) found in configuration file %s", file);
goto error;
}
/* Check SPOE agent */
if (curagent == NULL) {
memprintf(err, "No SPOE agent found in file %s", file);
goto error;
}
if (curagent->b.name == NULL) {
memprintf(err, "No backend declared for SPOE agent '%s' declared at %s:%d",
curagent->id, curagent->conf.file, curagent->conf.line);
goto error;
}
MAJOR: spoe: Remove idle applets and pipelining support Management of idle applets is removed. Consequently, the pipelining support is also removed. It is a huge change but it should be transparent for the agents, except regarding the performances. Of course, being able to reuse already openned connections and being able to multiplex frames on a given connection is a must have. These features will be restored later. hello and idle timeout are not longer used. Because an applet is spawned to process a NOTIFY frame and closed after receiving the ACK reply, the processing timeout is the only one required. In addition, the parameters to limit the SPOE applet creation are no longer used too. The related issue is #2502.
2024-06-17 12:17:11 -04:00
if (curagent->timeout.processing == TICK_ETERNITY) {
ha_warning("Proxy '%s': missing 'processing' timeout for SPOE agent '%s' declare at %s:%d.\n"
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
" | While not properly invalid, you will certainly encounter various problems\n"
MAJOR: spoe: Remove idle applets and pipelining support Management of idle applets is removed. Consequently, the pipelining support is also removed. It is a huge change but it should be transparent for the agents, except regarding the performances. Of course, being able to reuse already openned connections and being able to multiplex frames on a given connection is a must have. These features will be restored later. hello and idle timeout are not longer used. Because an applet is spawned to process a NOTIFY frame and closed after receiving the ACK reply, the processing timeout is the only one required. In addition, the parameters to limit the SPOE applet creation are no longer used too. The related issue is #2502.
2024-06-17 12:17:11 -04:00
" | with such a configuration. To fix this, please ensure it is set to a non-zero value.\n",
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
px->id, curagent->id, curagent->conf.file, curagent->conf.line);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
if (curagent->var_pfx == NULL) {
char *tmp = curagent->id;
while (*tmp) {
BUILD: general: always pass unsigned chars to is* functions The isalnum(), isalpha(), isdigit() etc functions from ctype.h are supposed to take an int in argument which must either reflect an unsigned char or EOF. In practice on some platforms they're implemented as macros referencing an array, and when passed a char, they either cause a warning "array subscript has type 'char'" when lucky, or cause random segfaults when unlucky. It's quite unconvenient by the way since none of them may return true for negative values. The recent introduction of cygwin to the list of regularly tested build platforms revealed a lot of breakage there due to the same issues again. So this patch addresses the problem all over the code at once. It adds unsigned char casts to every valid use case, and also drops the unneeded double cast to int that was sometimes added on top of it. It may be backported by dropping irrelevant changes if that helps better support uncommon platforms. It's unlikely to fix bugs on platforms which would already not emit any warning though.
2020-02-25 02:16:33 -05:00
if (!isalnum((unsigned char)*tmp) && *tmp != '_' && *tmp != '.') {
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
memprintf(err, "Invalid variable prefix '%s' for SPOE agent '%s' declared at %s:%d. "
"Use 'option var-prefix' to set it. Only [a-zA-Z0-9_.] chars are supported.\n",
curagent->id, curagent->id, curagent->conf.file, curagent->conf.line);
goto error;
}
tmp++;
}
curagent->var_pfx = strdup(curagent->id);
}
BUG/MINOR: spoe: Register the variable to set when an error occurred Variables referenced in HAProxy's configuration file are registered during the configuration parsing (during parsing of "var", "set-var" or "unset-var" keywords). For the SPOE, you can use "register-var-names" directive to explicitly register variable names. All unknown variables will be rejected (unless you set "force-set-var" option). But, the variable set when an error occurred (when "set-on-error" option is defined) should also be regiestered by default. This is done with this patch.
2018-03-21 09:12:17 -04:00
if (curagent->var_on_error) {
struct arg arg;
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
trash.data = snprintf(trash.area, trash.size, "txn.%s.%s",
BUG/MINOR: spoe: Register the variable to set when an error occurred Variables referenced in HAProxy's configuration file are registered during the configuration parsing (during parsing of "var", "set-var" or "unset-var" keywords). For the SPOE, you can use "register-var-names" directive to explicitly register variable names. All unknown variables will be rejected (unless you set "force-set-var" option). But, the variable set when an error occurred (when "set-on-error" option is defined) should also be regiestered by default. This is done with this patch.
2018-03-21 09:12:17 -04:00
curagent->var_pfx, curagent->var_on_error);
arg.type = ARGT_STR;
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
arg.data.str.area = trash.area;
arg.data.str.data = trash.data;
CLEANUP: spoe: fix typo on `var_check_arg` comment there was an extra `s` added to the `var_check_arg` function Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-01-05 05:14:58 -05:00
arg.data.str.size = 0; /* Set it to 0 to not release it in vars_check_arg() */
BUG/MINOR: spoe: Register the variable to set when an error occurred Variables referenced in HAProxy's configuration file are registered during the configuration parsing (during parsing of "var", "set-var" or "unset-var" keywords). For the SPOE, you can use "register-var-names" directive to explicitly register variable names. All unknown variables will be rejected (unless you set "force-set-var" option). But, the variable set when an error occurred (when "set-on-error" option is defined) should also be regiestered by default. This is done with this patch.
2018-03-21 09:12:17 -04:00
if (!vars_check_arg(&arg, err)) {
memprintf(err, "SPOE agent '%s': failed to register variable %s.%s (%s)",
curagent->id, curagent->var_pfx, curagent->var_on_error, *err);
goto error;
}
}
MINOR: spoe: Add options to store processing times in variables "set-process-time" and "set-total-time" options have been added to store processing times in the transaction scope, at each event and group processing, the current one and the total one. So it is possible to get them. TODO: documentation
2018-03-22 04:08:20 -04:00
if (curagent->var_t_process) {
struct arg arg;
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
trash.data = snprintf(trash.area, trash.size, "txn.%s.%s",
MINOR: spoe: Add options to store processing times in variables "set-process-time" and "set-total-time" options have been added to store processing times in the transaction scope, at each event and group processing, the current one and the total one. So it is possible to get them. TODO: documentation
2018-03-22 04:08:20 -04:00
curagent->var_pfx, curagent->var_t_process);
arg.type = ARGT_STR;
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
arg.data.str.area = trash.area;
arg.data.str.data = trash.data;
CLEANUP: spoe: fix typo on `var_check_arg` comment there was an extra `s` added to the `var_check_arg` function Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-01-05 05:14:58 -05:00
arg.data.str.size = 0; /* Set it to 0 to not release it in vars_check_arg() */
MINOR: spoe: Add options to store processing times in variables "set-process-time" and "set-total-time" options have been added to store processing times in the transaction scope, at each event and group processing, the current one and the total one. So it is possible to get them. TODO: documentation
2018-03-22 04:08:20 -04:00
if (!vars_check_arg(&arg, err)) {
memprintf(err, "SPOE agent '%s': failed to register variable %s.%s (%s)",
curagent->id, curagent->var_pfx, curagent->var_t_process, *err);
goto error;
}
}
if (curagent->var_t_total) {
struct arg arg;
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
trash.data = snprintf(trash.area, trash.size, "txn.%s.%s",
MINOR: spoe: Add options to store processing times in variables "set-process-time" and "set-total-time" options have been added to store processing times in the transaction scope, at each event and group processing, the current one and the total one. So it is possible to get them. TODO: documentation
2018-03-22 04:08:20 -04:00
curagent->var_pfx, curagent->var_t_total);
arg.type = ARGT_STR;
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
arg.data.str.area = trash.area;
arg.data.str.data = trash.data;
CLEANUP: spoe: fix typo on `var_check_arg` comment there was an extra `s` added to the `var_check_arg` function Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-01-05 05:14:58 -05:00
arg.data.str.size = 0; /* Set it to 0 to not release it in vars_check_arg() */
MINOR: spoe: Add options to store processing times in variables "set-process-time" and "set-total-time" options have been added to store processing times in the transaction scope, at each event and group processing, the current one and the total one. So it is possible to get them. TODO: documentation
2018-03-22 04:08:20 -04:00
if (!vars_check_arg(&arg, err)) {
memprintf(err, "SPOE agent '%s': failed to register variable %s.%s (%s)",
curagent->id, curagent->var_pfx, curagent->var_t_process, *err);
goto error;
}
}
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
if (LIST_ISEMPTY(&curmphs) && LIST_ISEMPTY(&curgphs)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Proxy '%s': No message/group used by SPOE agent '%s' declared at %s:%d.\n",
px->id, curagent->id, curagent->conf.file, curagent->conf.line);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
goto finish;
}
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
/* Replace placeholders by the corresponding messages for the SPOE
* agent */
list_for_each_entry(ph, &curmphs, list) {
list_for_each_entry(msg, &curmsgs, list) {
MINOR: spoe: Check the scope of sample fetches used in SPOE messages If an error is triggered, the corresponding message is ignored and a warning is emitted.
2017-01-09 10:56:23 -05:00
struct spoe_arg *arg;
unsigned int where;
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(msg->id, ph->id) == 0) {
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
if ((px->cap & (PR_CAP_FE|PR_CAP_BE)) == (PR_CAP_FE|PR_CAP_BE)) {
if (msg->event == SPOE_EV_ON_TCP_REQ_BE)
msg->event = SPOE_EV_ON_TCP_REQ_FE;
if (msg->event == SPOE_EV_ON_HTTP_REQ_BE)
msg->event = SPOE_EV_ON_HTTP_REQ_FE;
}
if (!(px->cap & PR_CAP_FE) && (msg->event == SPOE_EV_ON_CLIENT_SESS ||
msg->event == SPOE_EV_ON_TCP_REQ_FE ||
msg->event == SPOE_EV_ON_HTTP_REQ_FE)) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Proxy '%s': frontend event used on a backend proxy at %s:%d.\n",
px->id, msg->conf.file, msg->conf.line);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
goto next_mph;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
if (msg->event == SPOE_EV_NONE) {
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_warning("Proxy '%s': Ignore SPOE message '%s' without event at %s:%d.\n",
px->id, msg->id, msg->conf.file, msg->conf.line);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
goto next_mph;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
MINOR: spoe: Check the scope of sample fetches used in SPOE messages If an error is triggered, the corresponding message is ignored and a warning is emitted.
2017-01-09 10:56:23 -05:00
where = 0;
switch (msg->event) {
case SPOE_EV_ON_CLIENT_SESS:
where |= SMP_VAL_FE_CON_ACC;
break;
case SPOE_EV_ON_TCP_REQ_FE:
where |= SMP_VAL_FE_REQ_CNT;
break;
case SPOE_EV_ON_HTTP_REQ_FE:
where |= SMP_VAL_FE_HRQ_HDR;
break;
case SPOE_EV_ON_TCP_REQ_BE:
if (px->cap & PR_CAP_FE)
where |= SMP_VAL_FE_REQ_CNT;
if (px->cap & PR_CAP_BE)
where |= SMP_VAL_BE_REQ_CNT;
break;
case SPOE_EV_ON_HTTP_REQ_BE:
if (px->cap & PR_CAP_FE)
where |= SMP_VAL_FE_HRQ_HDR;
if (px->cap & PR_CAP_BE)
where |= SMP_VAL_BE_HRQ_HDR;
break;
case SPOE_EV_ON_SERVER_SESS:
where |= SMP_VAL_BE_SRV_CON;
break;
case SPOE_EV_ON_TCP_RSP:
if (px->cap & PR_CAP_FE)
where |= SMP_VAL_FE_RES_CNT;
if (px->cap & PR_CAP_BE)
where |= SMP_VAL_BE_RES_CNT;
break;
case SPOE_EV_ON_HTTP_RSP:
if (px->cap & PR_CAP_FE)
where |= SMP_VAL_FE_HRS_HDR;
if (px->cap & PR_CAP_BE)
where |= SMP_VAL_BE_HRS_HDR;
break;
default:
break;
}
list_for_each_entry(arg, &msg->args, list) {
if (!(arg->expr->fetch->val & where)) {
MEDIUM: spoe/rules: Add "send-spoe-group" action for tcp/http rules This action is used to trigger sending of a group of SPOE messages. To do so, the SPOE engine used to send messages must be defined, as well as the SPOE group to send. Of course, the SPOE engine must refer to an existing SPOE filter. If not engine name is provided on the SPOE filter line, the SPOE agent name must be used. For example: http-request send-spoe-group my-engine some-group This action is available for "tcp-request content", "tcp-response content", "http-request" and "http-response" rulesets. It cannot be used for tcp connection/session rulesets because actions for these rulesets cannot yield. For now, the action keyword is parsed and checked. But it does nothing. Its processing will be added in another patch.
2017-09-21 05:03:52 -04:00
memprintf(err, "Ignore SPOE message '%s' at %s:%d: "
MINOR: spoe: Check the scope of sample fetches used in SPOE messages If an error is triggered, the corresponding message is ignored and a warning is emitted.
2017-01-09 10:56:23 -05:00
"some args extract information from '%s', "
MEDIUM: spoe/rules: Add "send-spoe-group" action for tcp/http rules This action is used to trigger sending of a group of SPOE messages. To do so, the SPOE engine used to send messages must be defined, as well as the SPOE group to send. Of course, the SPOE engine must refer to an existing SPOE filter. If not engine name is provided on the SPOE filter line, the SPOE agent name must be used. For example: http-request send-spoe-group my-engine some-group This action is available for "tcp-request content", "tcp-response content", "http-request" and "http-response" rulesets. It cannot be used for tcp connection/session rulesets because actions for these rulesets cannot yield. For now, the action keyword is parsed and checked. But it does nothing. Its processing will be added in another patch.
2017-09-21 05:03:52 -04:00
"none of which is available here ('%s')",
msg->id, msg->conf.file, msg->conf.line,
MINOR: spoe: Check the scope of sample fetches used in SPOE messages If an error is triggered, the corresponding message is ignored and a warning is emitted.
2017-01-09 10:56:23 -05:00
sample_ckp_names(arg->expr->fetch->use),
sample_ckp_names(where));
MEDIUM: spoe/rules: Add "send-spoe-group" action for tcp/http rules This action is used to trigger sending of a group of SPOE messages. To do so, the SPOE engine used to send messages must be defined, as well as the SPOE group to send. Of course, the SPOE engine must refer to an existing SPOE filter. If not engine name is provided on the SPOE filter line, the SPOE agent name must be used. For example: http-request send-spoe-group my-engine some-group This action is available for "tcp-request content", "tcp-response content", "http-request" and "http-response" rulesets. It cannot be used for tcp connection/session rulesets because actions for these rulesets cannot yield. For now, the action keyword is parsed and checked. But it does nothing. Its processing will be added in another patch.
2017-09-21 05:03:52 -04:00
goto error;
MINOR: spoe: Check the scope of sample fetches used in SPOE messages If an error is triggered, the corresponding message is ignored and a warning is emitted.
2017-01-09 10:56:23 -05:00
}
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
msg->agent = curagent;
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_APPEND(&curagent->events[msg->event], &msg->by_evt);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
goto next_mph;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
}
memprintf(err, "SPOE agent '%s' try to use undefined SPOE message '%s' at %s:%d",
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
curagent->id, ph->id, curagent->conf.file, curagent->conf.line);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
goto error;
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
next_mph:
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
continue;
}
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
/* Replace placeholders by the corresponding groups for the SPOE
* agent */
list_for_each_entry(ph, &curgphs, list) {
list_for_each_entry_safe(grp, grpback, &curgrps, list) {
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(grp->id, ph->id) == 0) {
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
grp->agent = curagent;
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&grp->list);
LIST_APPEND(&curagent->groups, &grp->list);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
goto next_aph;
}
}
memprintf(err, "SPOE agent '%s' try to use undefined SPOE group '%s' at %s:%d",
curagent->id, ph->id, curagent->conf.file, curagent->conf.line);
goto error;
next_aph:
continue;
}
/* Replace placeholders by the corresponding message for each SPOE
* group of the SPOE agent */
list_for_each_entry(grp, &curagent->groups, list) {
list_for_each_entry_safe(ph, phback, &grp->phs, list) {
list_for_each_entry(msg, &curmsgs, list) {
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(msg->id, ph->id) == 0) {
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
if (msg->group != NULL) {
memprintf(err, "SPOE message '%s' already belongs to "
"the SPOE group '%s' declare at %s:%d",
msg->id, msg->group->id,
msg->group->conf.file,
msg->group->conf.line);
goto error;
}
/* Scope for arguments are not checked for now. We will check
* them only if a rule use the corresponding SPOE group. */
msg->agent = curagent;
msg->group = grp;
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&ph->list);
LIST_APPEND(&grp->messages, &msg->by_grp);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
goto next_mph_grp;
}
}
memprintf(err, "SPOE group '%s' try to use undefined SPOE message '%s' at %s:%d",
grp->id, ph->id, curagent->conf.file, curagent->conf.line);
goto error;
next_mph_grp:
continue;
}
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
finish:
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
/* move curmsgs to the agent message list */
curmsgs.n->p = &curagent->messages;
curmsgs.p->n = &curagent->messages;
curagent->messages = curmsgs;
LIST_INIT(&curmsgs);
MINOR: spoe: Check uniqness of SPOE engine names during config parsing The engine name is now kept in "spoe_config" struture. Because a SPOE filter can be declared without engine name, we use the SPOE agent name by default. Then, its uniqness is checked against all others SPOE engines configured for the same proxy. * TODO: Add documentation
2017-09-19 05:08:28 -04:00
conf->id = strdup(engine ? engine : curagent->id);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
conf->agent = curagent;
MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure There was no way to access the SPOE filter configuration from the agent object. However it could be handy to have it. And in fact, this will be required to fix a bug.
2021-08-02 11:51:01 -04:00
curagent->spoe_conf = conf;
MINOR: spoe: Add loggers dedicated to the SPOE agent Now it is possible to configure a logger in a spoe-agent section using a "log" line, as for a proxy. "no log", "log global" and "log <address> ..." syntaxes are supported.
2018-03-26 11:19:01 -04:00
/* Start agent's proxy initialization here. It will be finished during
* the filter init. */
MINOR: spoe: Move all stuff regarding the filter/applet in the C file Structures describing the SPOE applet context, the SPOE filter configuration and context and the SPOE messages and groups are moved in the C file. In spoe-t.h file, it remains the structure describing an SPOE agent and flags used by both sides. In addition, the SPOE frontend, created for a given SPOE engine, is moved from the SPOE filter configuration to the SPOE agent structure. The related issue is #2502.
2024-07-04 05:14:11 -04:00
memset(&conf->agent->fe, 0, sizeof(conf->agent->fe));
MEDIUM: tree-wide: avoid manually initializing proxies In this patch we try to use the proxy API init functions as much as possible to avoid code redundancy and prevent proxy initialization errors. As such, we prefer using alloc_new_proxy() and setup_new_proxy() instead of manually allocating the proxy pointer and performing the base init ourselves.
2025-04-09 15:57:39 -04:00
if (!setup_new_proxy(&conf->agent->fe, conf->agent->id, PR_CAP_FE | PR_CAP_INT, err)) {
memprintf(err, "SPOE agent '%s': %s",
curagent->id, *err);
goto error;
}
MINOR: spoe: Move all stuff regarding the filter/applet in the C file Structures describing the SPOE applet context, the SPOE filter configuration and context and the SPOE messages and groups are moved in the C file. In spoe-t.h file, it remains the structure describing an SPOE agent and flags used by both sides. In addition, the SPOE frontend, created for a given SPOE engine, is moved from the SPOE filter configuration to the SPOE agent structure. The related issue is #2502.
2024-07-04 05:14:11 -04:00
conf->agent->fe.parent = conf->agent;
conf->agent->fe.options |= curpxopts;
conf->agent->fe.options2 |= curpxopts2;
MINOR: spoe: Add loggers dedicated to the SPOE agent Now it is possible to configure a logger in a spoe-agent section using a "log" line, as for a proxy. "no log", "log global" and "log <address> ..." syntaxes are supported.
2018-03-26 11:19:01 -04:00
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
list_for_each_entry_safe(logger, loggerback, &curloggers, list) {
LIST_DELETE(&logger->list);
MINOR: spoe: Move all stuff regarding the filter/applet in the C file Structures describing the SPOE applet context, the SPOE filter configuration and context and the SPOE messages and groups are moved in the C file. In spoe-t.h file, it remains the structure describing an SPOE agent and flags used by both sides. In addition, the SPOE frontend, created for a given SPOE engine, is moved from the SPOE filter configuration to the SPOE agent structure. The related issue is #2502.
2024-07-04 05:14:11 -04:00
LIST_APPEND(&conf->agent->fe.loggers, &logger->list);
MINOR: spoe: Add loggers dedicated to the SPOE agent Now it is possible to configure a logger in a spoe-agent section using a "log" line, as for a proxy. "no log", "log global" and "log <address> ..." syntaxes are supported.
2018-03-26 11:19:01 -04:00
}
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
list_for_each_entry_safe(ph, phback, &curmphs, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&ph->list);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
spoe_release_placeholder(ph);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
list_for_each_entry_safe(ph, phback, &curgphs, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&ph->list);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
spoe_release_placeholder(ph);
}
MINOR: spoe: add register-var-names directive in spoe-agent configuration In addition to "option force-set-var", recently added, this directive can be used to selectivelly register unknown variable names, without totally relaxing their registration during the runtime, like "option force-set-var" does. So there is no way for a malicious agent to exhaust memory by defining a too high number of variable names. In other hand, you need to enumerate all variable names. This could be painfull in some circumstances. Remember, this directive is only usefull when the variable names are not referenced anywhere in the HAProxy configuration or the SPOE one. Thanks to Etienne Carrire for his help on this part.
2017-12-22 04:00:55 -05:00
list_for_each_entry_safe(vph, vphback, &curvars, list) {
struct arg arg;
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
trash.data = snprintf(trash.area, trash.size, "proc.%s.%s",
MINOR: spoe: add register-var-names directive in spoe-agent configuration In addition to "option force-set-var", recently added, this directive can be used to selectivelly register unknown variable names, without totally relaxing their registration during the runtime, like "option force-set-var" does. So there is no way for a malicious agent to exhaust memory by defining a too high number of variable names. In other hand, you need to enumerate all variable names. This could be painfull in some circumstances. Remember, this directive is only usefull when the variable names are not referenced anywhere in the HAProxy configuration or the SPOE one. Thanks to Etienne Carrire for his help on this part.
2017-12-22 04:00:55 -05:00
curagent->var_pfx, vph->name);
arg.type = ARGT_STR;
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
arg.data.str.area = trash.area;
arg.data.str.data = trash.data;
CLEANUP: spoe: fix typo on `var_check_arg` comment there was an extra `s` added to the `var_check_arg` function Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-01-05 05:14:58 -05:00
arg.data.str.size = 0; /* Set it to 0 to not release it in vars_check_arg() */
MINOR: spoe: add register-var-names directive in spoe-agent configuration In addition to "option force-set-var", recently added, this directive can be used to selectivelly register unknown variable names, without totally relaxing their registration during the runtime, like "option force-set-var" does. So there is no way for a malicious agent to exhaust memory by defining a too high number of variable names. In other hand, you need to enumerate all variable names. This could be painfull in some circumstances. Remember, this directive is only usefull when the variable names are not referenced anywhere in the HAProxy configuration or the SPOE one. Thanks to Etienne Carrire for his help on this part.
2017-12-22 04:00:55 -05:00
if (!vars_check_arg(&arg, err)) {
memprintf(err, "SPOE agent '%s': failed to register variable %s.%s (%s)",
curagent->id, curagent->var_pfx, vph->name, *err);
goto error;
}
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&vph->list);
MINOR: spoe: add register-var-names directive in spoe-agent configuration In addition to "option force-set-var", recently added, this directive can be used to selectivelly register unknown variable names, without totally relaxing their registration during the runtime, like "option force-set-var" does. So there is no way for a malicious agent to exhaust memory by defining a too high number of variable names. In other hand, you need to enumerate all variable names. This could be painfull in some circumstances. Remember, this directive is only usefull when the variable names are not referenced anywhere in the HAProxy configuration or the SPOE one. Thanks to Etienne Carrire for his help on this part.
2017-12-22 04:00:55 -05:00
free(vph->name);
free(vph);
}
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
list_for_each_entry_safe(grp, grpback, &curgrps, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&grp->list);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
spoe_release_group(grp);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
*cur_arg = pos;
BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters During a soft stop, we need to wakeup all SPOE applets to stop them. So we loop on all proxies, and for each proxy, on all filters. But we must be sure to only handle SPOE filters here. To do so, we use a specific id.
2017-02-23 04:17:15 -05:00
fconf->id = spoe_filter_id;
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
fconf->ops = &spoe_ops;
fconf->conf = conf;
return 0;
error:
MEDIUM: startup: load and parse configs from memory Let's call load_cfg_in_ram() helper for each configuration file to load it's content in some area in memory. Adapt readcfgfile() parser function respectively. In order to limit changes in its scope we give as an argument a cfgfile structure, already filled in init_args() and in load_cfg_in_ram() with file metadata and content. Parser function (readcfgfile()) uses now fgets_from_mem() instead of standard fgets from libc implementations. SPOE filter parses its own configuration file, pointed by 'config' keyword in the configuration already loaded in memory. So, let's allocate and fill for this a supplementary cfgfile structure, which is not referenced in cfg_cfgfiles list. This structure and the memory with content of SPOE filter configuration are freed immediately in parse_spoe_flt(), when readcfgfile() returns. HAProxy OpenTracing filter also uses its own configuration file. So, let's follow the same logic as we do for SPOE filter.
2024-08-07 10:53:50 -04:00
ha_free(&cfg_file.content);
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
spoe_release_agent(curagent);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
list_for_each_entry_safe(ph, phback, &curmphs, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&ph->list);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
spoe_release_placeholder(ph);
}
list_for_each_entry_safe(ph, phback, &curgphs, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&ph->list);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
spoe_release_placeholder(ph);
}
MINOR: spoe: add register-var-names directive in spoe-agent configuration In addition to "option force-set-var", recently added, this directive can be used to selectivelly register unknown variable names, without totally relaxing their registration during the runtime, like "option force-set-var" does. So there is no way for a malicious agent to exhaust memory by defining a too high number of variable names. In other hand, you need to enumerate all variable names. This could be painfull in some circumstances. Remember, this directive is only usefull when the variable names are not referenced anywhere in the HAProxy configuration or the SPOE one. Thanks to Etienne Carrire for his help on this part.
2017-12-22 04:00:55 -05:00
list_for_each_entry_safe(vph, vphback, &curvars, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&vph->list);
MINOR: spoe: add register-var-names directive in spoe-agent configuration In addition to "option force-set-var", recently added, this directive can be used to selectivelly register unknown variable names, without totally relaxing their registration during the runtime, like "option force-set-var" does. So there is no way for a malicious agent to exhaust memory by defining a too high number of variable names. In other hand, you need to enumerate all variable names. This could be painfull in some circumstances. Remember, this directive is only usefull when the variable names are not referenced anywhere in the HAProxy configuration or the SPOE one. Thanks to Etienne Carrire for his help on this part.
2017-12-22 04:00:55 -05:00
free(vph->name);
free(vph);
}
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
list_for_each_entry_safe(grp, grpback, &curgrps, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&grp->list);
MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file For now, this section is only parsed. It should have the following format: spoe-group <grp-name> messages <msg-name> ... And then SPOE groups must be referenced in spoe-agent section: spoe-agnt <name> ... groups <grp-name> ... The purpose of these groups is to trigger messages sending from TCP or HTTP rules, directly from HAProxy configuration, and not on specific event. This part will be added in another patch. It is important to note that a message belongs at most to a group.
2017-09-21 04:23:10 -04:00
spoe_release_group(grp);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
list_for_each_entry_safe(msg, msgback, &curmsgs, list) {
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_DELETE(&msg->list);
MAJOR: spoe: refactor the filter to clean up the code The SPOE code is now pretty big and it was the good time to clean it up. It is not perfect, some parts remains a bit ugly. But it is far better now.
2017-02-20 16:56:03 -05:00
spoe_release_message(msg);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
}
MEDIUM: tree-wide: logsrv struct becomes logger When 'log' directive was implemented, the internal representation was named 'struct logsrv', because the 'log' directive would directly point to the log target, which used to be a (UDP) log server exclusively at that time, hence the name. But things have become more complex, since today 'log' directive can point to ring targets (implicit, or named) for example. Indeed, a 'log' directive does no longer reference the "final" server to which the log will be sent, but instead it describes which log API and parameters to use for transporting the log messages to the proper log destination. So now the term 'logsrv' is rather confusing and prevents us from introducing a new level of abstraction because they would be mixed with logsrv. So in order to better designate this 'log' directive, and make it more generic, we chose the word 'logger' which now replaces logsrv everywhere it was used in the code (including related comments). This is internal rewording, so no functional change should be expected on user-side.
2023-09-11 09:06:53 -04:00
list_for_each_entry_safe(logger, loggerback, &curloggers, list) {
LIST_DELETE(&logger->list);
free(logger);
MINOR: spoe: Add loggers dedicated to the SPOE agent Now it is possible to configure a logger in a spoe-agent section using a "log" line, as for a proxy. "no log", "log global" and "log <address> ..." syntaxes are supported.
2018-03-26 11:19:01 -04:00
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
free(conf);
return -1;
}
MEDIUM: spoe/rules: Process "send-spoe-group" action The messages processing is done using existing functions. So here, the main task is to find the SPOE engine to use. To do so, we loop on all filter instances attached to the stream. For each, we check if it is a SPOE filter and, if yes, if its name is the one used to declare the "send-spoe-group" action. We also take care to return an error if the action processing is interrupted by HAProxy (because of a timeout or an error at the HAProxy level). This is done by checking if the flag ACT_FLAG_FINAL is set. The function spoe_send_group is the action_ptr callback ot
2017-09-22 04:20:13 -04:00
/* Send message of a SPOE group. This is the action_ptr callback of a rule
* associated to a "send-spoe-group" action.
*
MINOR: actions: Use ACT_RET_CONT code to ignore an error from a custom action Some custom actions are just ignored and skipped when an error is encoutered. In that case, we jump to the next rule. To do so, most of them use the return code ACT_RET_ERR. Currently, for http rules and tcp content rules, it is not a problem because this code is handled the same way than ACT_RET_CONT. But, it means there is no way to handle the error as other actions. The custom actions must handle the error and return ACT_RET_DONE. For instance, when http-request rules are processed, an error when we try to replace a header value leads to a bad request and an error 400 is returned to the client. But when we fail to replace the URI, the error is silently ignored. This difference between the custom actions and the others is an obstacle to write new custom actions. So, in this first patch, ACT_RET_CONT is now returned from custom actions instead of ACT_RET_ERR when an error is encoutered if it should be ignored. The behavior remains the same but it is now possible to handle true errors using the return code ACT_RET_ERR. Some actions will probably be reviewed to determine if an error is fatal or not. Other patches will be pushed to trigger an error when a custom action returns the ACT_RET_ERR code. This patch is not tagged as a bug because it is just a design issue. But others will depends on it. So be careful during backports, if so.
2019-12-13 03:01:57 -05:00
* It returns ACT_RET_CONT if processing is finished (with error or not), it returns
* ACT_RET_YIELD if the action is in progress. */
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static enum act_return spoe_send_group(struct act_rule *rule, struct proxy *px,
struct session *sess, struct stream *s, int flags)
MEDIUM: spoe/rules: Add "send-spoe-group" action for tcp/http rules This action is used to trigger sending of a group of SPOE messages. To do so, the SPOE engine used to send messages must be defined, as well as the SPOE group to send. Of course, the SPOE engine must refer to an existing SPOE filter. If not engine name is provided on the SPOE filter line, the SPOE agent name must be used. For example: http-request send-spoe-group my-engine some-group This action is available for "tcp-request content", "tcp-response content", "http-request" and "http-response" rulesets. It cannot be used for tcp connection/session rulesets because actions for these rulesets cannot yield. For now, the action keyword is parsed and checked. But it does nothing. Its processing will be added in another patch.
2017-09-21 05:03:52 -04:00
{
struct filter *filter;
struct spoe_agent *agent = NULL;
struct spoe_group *group = NULL;
struct spoe_context *ctx = NULL;
int ret, dir;
list_for_each_entry(filter, &s->strm_flt.filters, list) {
if (filter->config == rule->arg.act.p[0]) {
agent = rule->arg.act.p[2];
group = rule->arg.act.p[3];
ctx = filter->ctx;
break;
}
}
if (agent == NULL || group == NULL || ctx == NULL)
MINOR: actions: Use ACT_RET_CONT code to ignore an error from a custom action Some custom actions are just ignored and skipped when an error is encoutered. In that case, we jump to the next rule. To do so, most of them use the return code ACT_RET_ERR. Currently, for http rules and tcp content rules, it is not a problem because this code is handled the same way than ACT_RET_CONT. But, it means there is no way to handle the error as other actions. The custom actions must handle the error and return ACT_RET_DONE. For instance, when http-request rules are processed, an error when we try to replace a header value leads to a bad request and an error 400 is returned to the client. But when we fail to replace the URI, the error is silently ignored. This difference between the custom actions and the others is an obstacle to write new custom actions. So, in this first patch, ACT_RET_CONT is now returned from custom actions instead of ACT_RET_ERR when an error is encoutered if it should be ignored. The behavior remains the same but it is now possible to handle true errors using the return code ACT_RET_ERR. Some actions will probably be reviewed to determine if an error is fatal or not. Other patches will be pushed to trigger an error when a custom action returns the ACT_RET_ERR code. This patch is not tagged as a bug because it is just a design issue. But others will depends on it. So be careful during backports, if so.
2019-12-13 03:01:57 -05:00
return ACT_RET_CONT;
MEDIUM: spoe/rules: Process "send-spoe-group" action The messages processing is done using existing functions. So here, the main task is to find the SPOE engine to use. To do so, we loop on all filter instances attached to the stream. For each, we check if it is a SPOE filter and, if yes, if its name is the one used to declare the "send-spoe-group" action. We also take care to return an error if the action processing is interrupted by HAProxy (because of a timeout or an error at the HAProxy level). This is done by checking if the flag ACT_FLAG_FINAL is set. The function spoe_send_group is the action_ptr callback ot
2017-09-22 04:20:13 -04:00
if (ctx->state == SPOE_CTX_ST_NONE)
return ACT_RET_CONT;
switch (rule->from) {
case ACT_F_TCP_REQ_SES: dir = SMP_OPT_DIR_REQ; break;
case ACT_F_TCP_REQ_CNT: dir = SMP_OPT_DIR_REQ; break;
case ACT_F_TCP_RES_CNT: dir = SMP_OPT_DIR_RES; break;
case ACT_F_HTTP_REQ: dir = SMP_OPT_DIR_REQ; break;
case ACT_F_HTTP_RES: dir = SMP_OPT_DIR_RES; break;
default:
send_log(px, LOG_ERR, "SPOE: [%s] internal error while execute spoe-send-group\n",
agent->id);
return ACT_RET_CONT;
}
MEDIUM: spoe/rules: Add "send-spoe-group" action for tcp/http rules This action is used to trigger sending of a group of SPOE messages. To do so, the SPOE engine used to send messages must be defined, as well as the SPOE group to send. Of course, the SPOE engine must refer to an existing SPOE filter. If not engine name is provided on the SPOE filter line, the SPOE agent name must be used. For example: http-request send-spoe-group my-engine some-group This action is available for "tcp-request content", "tcp-response content", "http-request" and "http-response" rulesets. It cannot be used for tcp connection/session rulesets because actions for these rulesets cannot yield. For now, the action keyword is parsed and checked. But it does nothing. Its processing will be added in another patch.
2017-09-21 05:03:52 -04:00
MEDIUM: spoe/rules: Process "send-spoe-group" action The messages processing is done using existing functions. So here, the main task is to find the SPOE engine to use. To do so, we loop on all filter instances attached to the stream. For each, we check if it is a SPOE filter and, if yes, if its name is the one used to declare the "send-spoe-group" action. We also take care to return an error if the action processing is interrupted by HAProxy (because of a timeout or an error at the HAProxy level). This is done by checking if the flag ACT_FLAG_FINAL is set. The function spoe_send_group is the action_ptr callback ot
2017-09-22 04:20:13 -04:00
ret = spoe_process_group(s, ctx, group, dir);
if (ret == 1)
return ACT_RET_CONT;
else if (ret == 0) {
MINOR: actions: Rename the act_flag enum into act_opt The flags in the act_flag enum have been renamed act_opt. It means ACT_OPT prefix is used instead of ACT_FLAG. The purpose of this patch is to reserve the action flags for the actions configuration.
2019-12-18 08:41:51 -05:00
if (flags & ACT_OPT_FINAL) {
MEDIUM: spoe/rules: Process "send-spoe-group" action The messages processing is done using existing functions. So here, the main task is to find the SPOE engine to use. To do so, we loop on all filter instances attached to the stream. For each, we check if it is a SPOE filter and, if yes, if its name is the one used to declare the "send-spoe-group" action. We also take care to return an error if the action processing is interrupted by HAProxy (because of a timeout or an error at the HAProxy level). This is done by checking if the flag ACT_FLAG_FINAL is set. The function spoe_send_group is the action_ptr callback ot
2017-09-22 04:20:13 -04:00
ctx->status_code = SPOE_CTX_ERR_INTERRUPT;
MINOR: spoe: Replace sending_rate by a frequency counter sending_rate was a counter used to evaluate the SPOE capacity to process frames. Because it was not really accurrate, it has been replaced by a frequency counter representing the number of frames handled by the SPOE per second. We just check this counter is higher than the number of streams waiting for a reply. If not, a new applet is created.
2018-01-24 10:13:48 -05:00
spoe_stop_processing(agent, ctx);
MINOR: spoe: Add counters to log info about SPOE agents In addition to metrics about time spent in the SPOE, following counters have been added: * applets : number of SPOE applets. * idles : number of idle applets. * nb_sending : number of streams waiting to send data. * nb_waiting : number of streams waiting for a ack. * nb_processed : number of events/groups processed by the SPOE (from the stream point of view). * nb_errors : number of errors during the processing (from the stream point of view). Log messages has been updated to report these counters. Following pattern has been added at the end of the log message: ... <idles>/<applets> <nb_sending>/<nb_waiting> <nb_error>/<nb_processed>
2018-04-04 04:25:50 -04:00
spoe_handle_processing_error(s, agent, ctx, dir);
MEDIUM: spoe/rules: Process "send-spoe-group" action The messages processing is done using existing functions. So here, the main task is to find the SPOE engine to use. To do so, we loop on all filter instances attached to the stream. For each, we check if it is a SPOE filter and, if yes, if its name is the one used to declare the "send-spoe-group" action. We also take care to return an error if the action processing is interrupted by HAProxy (because of a timeout or an error at the HAProxy level). This is done by checking if the flag ACT_FLAG_FINAL is set. The function spoe_send_group is the action_ptr callback ot
2017-09-22 04:20:13 -04:00
return ACT_RET_CONT;
}
return ACT_RET_YIELD;
}
else
MINOR: actions: Use ACT_RET_CONT code to ignore an error from a custom action Some custom actions are just ignored and skipped when an error is encoutered. In that case, we jump to the next rule. To do so, most of them use the return code ACT_RET_ERR. Currently, for http rules and tcp content rules, it is not a problem because this code is handled the same way than ACT_RET_CONT. But, it means there is no way to handle the error as other actions. The custom actions must handle the error and return ACT_RET_DONE. For instance, when http-request rules are processed, an error when we try to replace a header value leads to a bad request and an error 400 is returned to the client. But when we fail to replace the URI, the error is silently ignored. This difference between the custom actions and the others is an obstacle to write new custom actions. So, in this first patch, ACT_RET_CONT is now returned from custom actions instead of ACT_RET_ERR when an error is encoutered if it should be ignored. The behavior remains the same but it is now possible to handle true errors using the return code ACT_RET_ERR. Some actions will probably be reviewed to determine if an error is fatal or not. Other patches will be pushed to trigger an error when a custom action returns the ACT_RET_ERR code. This patch is not tagged as a bug because it is just a design issue. But others will depends on it. So be careful during backports, if so.
2019-12-13 03:01:57 -05:00
return ACT_RET_CONT;
MEDIUM: spoe/rules: Add "send-spoe-group" action for tcp/http rules This action is used to trigger sending of a group of SPOE messages. To do so, the SPOE engine used to send messages must be defined, as well as the SPOE group to send. Of course, the SPOE engine must refer to an existing SPOE filter. If not engine name is provided on the SPOE filter line, the SPOE agent name must be used. For example: http-request send-spoe-group my-engine some-group This action is available for "tcp-request content", "tcp-response content", "http-request" and "http-response" rulesets. It cannot be used for tcp connection/session rulesets because actions for these rulesets cannot yield. For now, the action keyword is parsed and checked. But it does nothing. Its processing will be added in another patch.
2017-09-21 05:03:52 -04:00
}
/* Check an "send-spoe-group" action. Here, we'll try to find the real SPOE
* group associated to <rule>. The format of an rule using 'send-spoe-group'
* action should be:
*
* (http|tcp)-(request|response) send-spoe-group <engine-id> <group-id>
*
* So, we'll loop on each configured SPOE filter for the proxy <px> to find the
* SPOE engine matching <engine-id>. And then, we'll try to find the good group
* matching <group-id>. Finally, we'll check all messages referenced by the SPOE
* group.
*
* The function returns 1 in success case, otherwise, it returns 0 and err is
* filled.
*/
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static int check_send_spoe_group(struct act_rule *rule, struct proxy *px, char **err)
MEDIUM: spoe/rules: Add "send-spoe-group" action for tcp/http rules This action is used to trigger sending of a group of SPOE messages. To do so, the SPOE engine used to send messages must be defined, as well as the SPOE group to send. Of course, the SPOE engine must refer to an existing SPOE filter. If not engine name is provided on the SPOE filter line, the SPOE agent name must be used. For example: http-request send-spoe-group my-engine some-group This action is available for "tcp-request content", "tcp-response content", "http-request" and "http-response" rulesets. It cannot be used for tcp connection/session rulesets because actions for these rulesets cannot yield. For now, the action keyword is parsed and checked. But it does nothing. Its processing will be added in another patch.
2017-09-21 05:03:52 -04:00
{
struct flt_conf *fconf;
struct spoe_config *conf;
struct spoe_agent *agent = NULL;
struct spoe_group *group;
struct spoe_message *msg;
char *engine_id = rule->arg.act.p[0];
char *group_id = rule->arg.act.p[1];
unsigned int where = 0;
switch (rule->from) {
case ACT_F_TCP_REQ_SES: where = SMP_VAL_FE_SES_ACC; break;
case ACT_F_TCP_REQ_CNT: where = SMP_VAL_FE_REQ_CNT; break;
case ACT_F_TCP_RES_CNT: where = SMP_VAL_BE_RES_CNT; break;
case ACT_F_HTTP_REQ: where = SMP_VAL_FE_HRQ_HDR; break;
case ACT_F_HTTP_RES: where = SMP_VAL_BE_HRS_HDR; break;
default:
memprintf(err,
"internal error, unexpected rule->from=%d, please report this bug!",
rule->from);
goto error;
}
/* Try to find the SPOE engine by checking all SPOE filters for proxy
* <px> */
list_for_each_entry(fconf, &px->filter_configs, list) {
conf = fconf->conf;
/* This is not an SPOE filter */
if (fconf->id != spoe_filter_id)
continue;
/* This is the good engine */
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(conf->id, engine_id) == 0) {
MEDIUM: spoe/rules: Add "send-spoe-group" action for tcp/http rules This action is used to trigger sending of a group of SPOE messages. To do so, the SPOE engine used to send messages must be defined, as well as the SPOE group to send. Of course, the SPOE engine must refer to an existing SPOE filter. If not engine name is provided on the SPOE filter line, the SPOE agent name must be used. For example: http-request send-spoe-group my-engine some-group This action is available for "tcp-request content", "tcp-response content", "http-request" and "http-response" rulesets. It cannot be used for tcp connection/session rulesets because actions for these rulesets cannot yield. For now, the action keyword is parsed and checked. But it does nothing. Its processing will be added in another patch.
2017-09-21 05:03:52 -04:00
agent = conf->agent;
break;
}
}
if (agent == NULL) {
memprintf(err, "unable to find SPOE engine '%s' used by the send-spoe-group '%s'",
engine_id, group_id);
goto error;
}
/* Try to find the right group */
list_for_each_entry(group, &agent->groups, list) {
/* This is the good group */
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
if (strcmp(group->id, group_id) == 0)
MEDIUM: spoe/rules: Add "send-spoe-group" action for tcp/http rules This action is used to trigger sending of a group of SPOE messages. To do so, the SPOE engine used to send messages must be defined, as well as the SPOE group to send. Of course, the SPOE engine must refer to an existing SPOE filter. If not engine name is provided on the SPOE filter line, the SPOE agent name must be used. For example: http-request send-spoe-group my-engine some-group This action is available for "tcp-request content", "tcp-response content", "http-request" and "http-response" rulesets. It cannot be used for tcp connection/session rulesets because actions for these rulesets cannot yield. For now, the action keyword is parsed and checked. But it does nothing. Its processing will be added in another patch.
2017-09-21 05:03:52 -04:00
break;
}
if (&group->list == &agent->groups) {
memprintf(err, "unable to find SPOE group '%s' into SPOE engine '%s' configuration",
group_id, engine_id);
goto error;
}
/* Ok, we found the group, we need to check messages and their
* arguments */
list_for_each_entry(msg, &group->messages, by_grp) {
struct spoe_arg *arg;
list_for_each_entry(arg, &msg->args, list) {
if (!(arg->expr->fetch->val & where)) {
memprintf(err, "Invalid SPOE message '%s' used by SPOE group '%s' at %s:%d: "
"some args extract information from '%s',"
"none of which is available here ('%s')",
msg->id, group->id, msg->conf.file, msg->conf.line,
sample_ckp_names(arg->expr->fetch->use),
sample_ckp_names(where));
goto error;
}
}
}
free(engine_id);
free(group_id);
rule->arg.act.p[0] = fconf; /* Associate filter config with the rule */
rule->arg.act.p[1] = conf; /* Associate SPOE config with the rule */
rule->arg.act.p[2] = agent; /* Associate SPOE agent with the rule */
rule->arg.act.p[3] = group; /* Associate SPOE group with the rule */
return 1;
error:
free(engine_id);
free(group_id);
return 0;
}
/* Parse 'send-spoe-group' action following the format:
*
* ... send-spoe-group <engine-id> <group-id>
*
* It returns ACT_RET_PRS_ERR if fails and <err> is filled with an error
* message. Otherwise, it returns ACT_RET_PRS_OK and parsing engine and group
* ids are saved and used later, when the rule will be checked.
*/
CLEANUP: spoe: Uniformize function definitions SPOE functions definitions were splitted on 2 or more lines, with the return type alone on the first line. It is unusual in the HAProxy code. The related issue is #2502.
2024-07-04 09:33:41 -04:00
static enum act_parse_ret parse_send_spoe_group(const char **args, int *orig_arg, struct proxy *px,
struct act_rule *rule, char **err)
MEDIUM: spoe/rules: Add "send-spoe-group" action for tcp/http rules This action is used to trigger sending of a group of SPOE messages. To do so, the SPOE engine used to send messages must be defined, as well as the SPOE group to send. Of course, the SPOE engine must refer to an existing SPOE filter. If not engine name is provided on the SPOE filter line, the SPOE agent name must be used. For example: http-request send-spoe-group my-engine some-group This action is available for "tcp-request content", "tcp-response content", "http-request" and "http-response" rulesets. It cannot be used for tcp connection/session rulesets because actions for these rulesets cannot yield. For now, the action keyword is parsed and checked. But it does nothing. Its processing will be added in another patch.
2017-09-21 05:03:52 -04:00
{
if (!*args[*orig_arg] || !*args[*orig_arg+1] ||
(*args[*orig_arg+2] && strcmp(args[*orig_arg+2], "if") != 0 && strcmp(args[*orig_arg+2], "unless") != 0)) {
memprintf(err, "expects 2 arguments: <engine-id> <group-id>");
return ACT_RET_PRS_ERR;
}
rule->arg.act.p[0] = strdup(args[*orig_arg]); /* Copy the SPOE engine id */
rule->arg.act.p[1] = strdup(args[*orig_arg+1]); /* Cope the SPOE group id */
(*orig_arg) += 2;
rule->action = ACT_CUSTOM;
rule->action_ptr = spoe_send_group;
rule->check_ptr = check_send_spoe_group;
return ACT_RET_PRS_OK;
}
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
MINOR: spoe: Add internal sample fetch to retrieve the SPOE engine ID The internal sample fetch "spoe.engine-id" is added. It may be used to retrieve the current engine identifier, but only if the client endpoint is an SPOE applet. For now, this sample is not documented. It will only be used to set the connection pool name for a specific engine. This way, several engine can use the same SPOP backend without sharing their idle connections. The documentation will be added later, mainly because other SPOE sample fetches will be added, and some changes are expected. The related issue is #2502.
2024-07-05 09:25:21 -04:00
/* returns the engine ID of the SPOE */
static int smp_fetch_spoe_engine_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
struct appctx *appctx;
struct spoe_agent *agent;
if (!smp->strm)
return 0;
appctx = sc_appctx(smp->strm->scf);
if (!appctx || appctx->applet != &spoe_applet)
return 0;
agent = spoe_appctx_agent(appctx);
if (!agent)
return 0;
smp->data.type = SMP_T_STR;
smp->data.u.str.area = agent->engine_id;
smp->data.u.str.data = strlen(agent->engine_id);
smp->flags = SMP_F_CONST;
return 1;
}
MEDIUM: spoe: Set a specific name for the connection pool of SPOP servers With this patch, we force the connection pool name of SPOP server to the SPOE engine identifier. This way, SPOP idle connections cannot be shared between diffrente engines. The related issue is #2502.
2024-07-05 09:27:23 -04:00
static int spoe_postcheck_spop_proxy(struct proxy *px)
{
struct server *srv;
int err_code = ERR_NONE;
if (!(px->cap & PR_CAP_BE) || px->mode != PR_MODE_SPOP)
goto out;
for (srv = px->srv; srv; srv = srv->next) {
if (srv->pool_conn_name) {
ha_free(&srv->pool_conn_name);
release_sample_expr(srv->pool_conn_name_expr);
}
srv->pool_conn_name = strdup("spoe.engine-id");
if (!srv->pool_conn_name) {
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
srv->pool_conn_name_expr = _parse_srv_expr(srv->pool_conn_name, &px->conf.args, NULL, 0, NULL);
if (!srv->pool_conn_name_expr) {
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
}
out:
return err_code;
}
REGISTER_POST_PROXY_CHECK(spoe_postcheck_spop_proxy);
MAJOR: spoe: Add an experimental Stream Processing Offload Engine SPOE makes possible the communication with external components to retrieve some info using an in-house binary protocol, the Stream Processing Offload Protocol (SPOP). In the long term, its aim is to allow any kind of offloading on the streams. This first version, besides being experimental, won't do lot of things. The most important today is to validate the protocol design and lay the foundations of what will, one day, be a full offload engine for the stream processing. So, for now, the SPOE can offload the stream processing before "tcp-request content", "tcp-response content", "http-request" and "http-response" rules. And it only supports variables creation/suppression. But, in spite of these limited features, we can easily imagine to implement a SSO solution, an ip reputation service or an ip geolocation service. Internally, the SPOE is implemented as a filter. So, to use it, you must use following line in a proxy proxy section: frontend my-front ... filter spoe [engine <name>] config <file> ... It uses its own configuration file to keep the HAProxy configuration clean. It is also a easy way to disable it by commenting out the filter line. See "doc/SPOE.txt" for all details about the SPOE configuration.
2016-10-27 16:29:49 -04:00
/* Declare the filter parser for "spoe" keyword */
static struct flt_kw_list flt_kws = { "SPOE", { }, {
{ "spoe", parse_spoe_flt, NULL },
{ NULL, NULL, NULL },
}
};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 13:14:37 -05:00
INITCALL1(STG_REGISTER, flt_register_keywords, &flt_kws);
MEDIUM: spoe/rules: Add "send-spoe-group" action for tcp/http rules This action is used to trigger sending of a group of SPOE messages. To do so, the SPOE engine used to send messages must be defined, as well as the SPOE group to send. Of course, the SPOE engine must refer to an existing SPOE filter. If not engine name is provided on the SPOE filter line, the SPOE agent name must be used. For example: http-request send-spoe-group my-engine some-group This action is available for "tcp-request content", "tcp-response content", "http-request" and "http-response" rulesets. It cannot be used for tcp connection/session rulesets because actions for these rulesets cannot yield. For now, the action keyword is parsed and checked. But it does nothing. Its processing will be added in another patch.
2017-09-21 05:03:52 -04:00
/* Delcate the action parser for "spoe-action" keyword */
static struct action_kw_list tcp_req_action_kws = { { }, {
{ "send-spoe-group", parse_send_spoe_group },
{ /* END */ },
}
};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 13:14:37 -05:00
INITCALL1(STG_REGISTER, tcp_req_cont_keywords_register, &tcp_req_action_kws);
MEDIUM: spoe/rules: Add "send-spoe-group" action for tcp/http rules This action is used to trigger sending of a group of SPOE messages. To do so, the SPOE engine used to send messages must be defined, as well as the SPOE group to send. Of course, the SPOE engine must refer to an existing SPOE filter. If not engine name is provided on the SPOE filter line, the SPOE agent name must be used. For example: http-request send-spoe-group my-engine some-group This action is available for "tcp-request content", "tcp-response content", "http-request" and "http-response" rulesets. It cannot be used for tcp connection/session rulesets because actions for these rulesets cannot yield. For now, the action keyword is parsed and checked. But it does nothing. Its processing will be added in another patch.
2017-09-21 05:03:52 -04:00
static struct action_kw_list tcp_res_action_kws = { { }, {
{ "send-spoe-group", parse_send_spoe_group },
{ /* END */ },
}
};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 13:14:37 -05:00
INITCALL1(STG_REGISTER, tcp_res_cont_keywords_register, &tcp_res_action_kws);
MEDIUM: spoe/rules: Add "send-spoe-group" action for tcp/http rules This action is used to trigger sending of a group of SPOE messages. To do so, the SPOE engine used to send messages must be defined, as well as the SPOE group to send. Of course, the SPOE engine must refer to an existing SPOE filter. If not engine name is provided on the SPOE filter line, the SPOE agent name must be used. For example: http-request send-spoe-group my-engine some-group This action is available for "tcp-request content", "tcp-response content", "http-request" and "http-response" rulesets. It cannot be used for tcp connection/session rulesets because actions for these rulesets cannot yield. For now, the action keyword is parsed and checked. But it does nothing. Its processing will be added in another patch.
2017-09-21 05:03:52 -04:00
static struct action_kw_list http_req_action_kws = { { }, {
{ "send-spoe-group", parse_send_spoe_group },
{ /* END */ },
}
};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 13:14:37 -05:00
INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_action_kws);
MEDIUM: spoe/rules: Add "send-spoe-group" action for tcp/http rules This action is used to trigger sending of a group of SPOE messages. To do so, the SPOE engine used to send messages must be defined, as well as the SPOE group to send. Of course, the SPOE engine must refer to an existing SPOE filter. If not engine name is provided on the SPOE filter line, the SPOE agent name must be used. For example: http-request send-spoe-group my-engine some-group This action is available for "tcp-request content", "tcp-response content", "http-request" and "http-response" rulesets. It cannot be used for tcp connection/session rulesets because actions for these rulesets cannot yield. For now, the action keyword is parsed and checked. But it does nothing. Its processing will be added in another patch.
2017-09-21 05:03:52 -04:00
static struct action_kw_list http_res_action_kws = { { }, {
{ "send-spoe-group", parse_send_spoe_group },
{ /* END */ },
}
};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 13:14:37 -05:00
INITCALL1(STG_REGISTER, http_res_keywords_register, &http_res_action_kws);
MINOR: spoe: Add internal sample fetch to retrieve the SPOE engine ID The internal sample fetch "spoe.engine-id" is added. It may be used to retrieve the current engine identifier, but only if the client endpoint is an SPOE applet. For now, this sample is not documented. It will only be used to set the connection pool name for a specific engine. This way, several engine can use the same SPOP backend without sharing their idle connections. The documentation will be added later, mainly because other SPOE sample fetches will be added, and some changes are expected. The related issue is #2502.
2024-07-05 09:25:21 -04:00
static struct sample_fetch_kw_list smp_kws = {ILH, {
{ "spoe.engine-id", smp_fetch_spoe_engine_id, 0, NULL, SMP_T_STR, SMP_USE_INTRN},
{},
}};
INITCALL1(STG_REGISTER, sample_register_fetches, &smp_kws);
Reference in a new issue Copy permalink