upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-04-21 22:28:41 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 14
haproxy/src/vars.c

1454 lines
43 KiB
C
Raw Normal View History

MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
#include <ctype.h>
REORG: include: update all files to use haproxy/api.h or api-t.h if needed All files that were including one of the following include files have been updated to only include haproxy/api.h or haproxy/api-t.h once instead: - common/config.h - common/compat.h - common/compiler.h - common/defaults.h - common/initcall.h - common/tools.h The choice is simple: if the file only requires type definitions, it includes api-t.h, otherwise it includes the full api.h. In addition, in these files, explicit includes for inttypes.h and limits.h were dropped since these are now covered by api.h and api-t.h. No other change was performed, given that this patch is large and affects 201 files. At least one (tools.h) was already freestanding and didn't get the new one added.
2020-05-27 06:58:42 -04:00
#include <haproxy/api.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/arg.h>
MINOR: vars/cli: add a "get var" CLI command to retrieve global variables Process-wide variables can now be displayed from the CLI using "get var" followed by the variable name. They must all start with "proc." otherwise they will not be found. The output is very similar to the one of the debug converter, with a type and value being reported for the embedded sample. This command is limited to clients with the level "operator" or higher, since it can possibly expose traffic-related data.
2021-03-26 09:51:31 -04:00
#include <haproxy/buf.h>
REORG: include: move cfgparse.h to haproxy/cfgparse.h There's no point splitting the file in two since only cfgparse uses the types defined there. A few call places were updated and cleaned up. All of them were in C files which register keywords. There is nothing left in common/ now so this directory must not be used anymore.
2020-06-04 18:00:29 -04:00
#include <haproxy/cfgparse.h>
REORG: include: move checks.h to haproxy/check{,-t}.h All includes that were not absolutely necessary were removed because checks.h happens to very often be part of dependency loops. A warning was added about this in check-t.h. The fields, enums and structs were a bit tidied because it's particularly tedious to find anything there. It would make sense to split this in two or more files (at least extract tcp-checks). The file was renamed to the singular because it was one of the rare exceptions to have an "s" appended to its name compared to the struct name.
2020-06-04 12:21:56 -04:00
#include <haproxy/check.h>
MINOR: vars/cli: add a "get var" CLI command to retrieve global variables Process-wide variables can now be displayed from the CLI using "get var" followed by the variable name. They must all start with "proc." otherwise they will not be found. The output is very similar to the one of the debug converter, with a type and value being reported for the embedded sample. This command is limited to clients with the level "operator" or higher, since it can possibly expose traffic-related data.
2021-03-26 09:51:31 -04:00
#include <haproxy/cli.h>
REORG: include: move stream.h to haproxy/stream{,-t}.h This one was not easy because it was embarking many includes with it, which other files would automatically find. At least global.h, arg.h and tools.h were identified. 93 total locations were identified, 8 additional includes had to be added. In the rare files where it was possible to finalize the sorting of includes by adjusting only one or two extra lines, it was done. But all files would need to be rechecked and cleaned up now. It was the last set of files in types/ and proto/ and these directories must not be reused anymore.
2020-06-04 17:46:14 -04:00
#include <haproxy/global.h>
REORG: include: split common/http.h into haproxy/http{,-t}.h So the enums and structs were placed into http-t.h and the functions into http.h. This revealed that several files were dependeng on http.h but not including it, as it was silently inherited via other files.
2020-06-02 13:11:26 -04:00
#include <haproxy/http.h>
REORG: include: move http_rules.h to haproxy/http_rules.h There was no include file. This one still includes types/proxy.h.
2020-06-04 05:40:28 -04:00
#include <haproxy/http_rules.h>
REORG: include: split mini-clist into haproxy/list and list-t.h Half of the users of this include only need the type definitions and not the manipulation macros nor the inline functions. Moves the various types into mini-clist-t.h makes the files cleaner. The other one had all its includes grouped at the top. A few files continued to reference it without using it and were cleaned. In addition it was about time that we'd rename that file, it's not "mini" anymore and contains a bit more than just circular lists.
2020-05-27 12:01:47 -04:00
#include <haproxy/list.h>
REORG: include: move the error reporting functions to from log.h to errors.h Most of the files dealing with error reports have to include log.h in order to access ha_alert(), ha_warning() etc. But while these functions don't depend on anything, log.h depends on a lot of stuff because it deals with log-formats and samples. As a result it's impossible not to embark long dependencies when using ha_warning() or qfprintf(). This patch moves these low-level functions to errors.h, which already defines the error codes used at the same places. About half of the users of log.h could be adjusted, sometimes revealing other issues such as missing tools.h. Interestingly the total preprocessed size shrunk by 4%.
2020-06-05 11:27:29 -04:00
#include <haproxy/log.h>
REORG: include: move sample.h to haproxy/sample{,-t}.h This one is particularly tricky to move because everyone uses it and it depends on a lot of other types. For example it cannot include arg-t.h and must absolutely only rely on forward declarations to avoid dependency loops between vars -> sample_data -> arg. In order to address this one, it would be nice to split the sample_data part out of sample.h.
2020-06-04 09:33:47 -04:00
#include <haproxy/sample.h>
MINOR: vars: add a "set-var-fmt" directive to the global section Just like the set-var-fmt action for tcp/http rules, the set-var-fmt directive in global sections allows to pre-set process-wide variables using a format string instead of a sample expression. This is often more convenient when it is required to concatenate multiple fields, or when emitting just one word.
2021-09-03 03:02:47 -04:00
#include <haproxy/session.h>
REORG: include: move stream.h to haproxy/stream{,-t}.h This one was not easy because it was embarking many includes with it, which other files would automatically find. At least global.h, arg.h and tools.h were identified. 93 total locations were identified, 8 additional includes had to be added. In the rare files where it was possible to finalize the sorting of includes by adjusting only one or two extra lines, it was done. But all files would need to be rechecked and cleaned up now. It was the last set of files in types/ and proto/ and these directories must not be reused anymore.
2020-06-04 17:46:14 -04:00
#include <haproxy/stream-t.h>
REORG: include: move tcp_rules.h to haproxy/tcp_rules.h There's no type file on this one which is pretty simple.
2020-06-04 11:42:48 -04:00
#include <haproxy/tcp_rules.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/tcpcheck.h>
BUILD: vars: include tools.h in vars.c A number of functions from tools.h are used there but the file was not included.
2021-05-08 07:56:31 -04:00
#include <haproxy/tools.h>
REORG: include: move vars.h to haproxy/vars{,-t}.h A few includes (sessions.h, stream.h, api-t.h) were added for arguments that were first declared in function prototypes.
2020-06-04 10:25:31 -04:00
#include <haproxy/vars.h>
BUILD: vars: need to include xxhash It's needed for XXH3(), and it used to get it through other includes.
2021-10-06 11:11:51 -04:00
#include <haproxy/xxhash.h>
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
/* This contains a pool of struct vars */
MEDIUM: init: use initcall for all fixed size pool creations This commit replaces the explicit pool creation that are made in constructors with a pool registration. Not only this simplifies the pools declaration (it can be done on a single line after the head is declared), but it also removes references to pools from within constructors. The only remaining create_pool() calls are those performed in init functions after the config is parsed, so there is no more user of potentially uninitialized pool now. It has been the opportunity to remove no less than 12 constructors and 6 init functions.
2018-11-26 05:58:30 -05:00
DECLARE_STATIC_POOL(var_pool, "vars", sizeof(struct var));
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
REORG: vars: move the "proc" scope variables out of the global struct The presence of this field causes a long dependency chain because almost everyone includes global-t.h, and vars include sample_data which include some system includes as well as HTTP parts. There is absolutely no reason for having the process-wide variables in the global struct, let's just move them into vars.c and vars.h. This reduces from ~190k to ~170k the preprocessed output of version.c.
2021-05-08 05:41:28 -04:00
/* list of variables for the process scope. */
struct vars proc_vars THREAD_ALIGNED(64);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
/* This array of int contains the system limits per context. */
static unsigned int var_global_limit = 0;
MEDIUM: vars: Add a per-process scope for variables Now it is possible to use variables attached to a process. The scope name is 'proc'. These variables are released only when HAProxy is stopped. 'tune.vars.proc-max-size' directive has been added to confiure the maximum amount of memory used by "proc" variables. And because memory accounting is hierachical for variables, memory for "proc" vars includes memory for "sess" vars.
2016-11-09 05:36:17 -05:00
static unsigned int var_proc_limit = 0;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
static unsigned int var_sess_limit = 0;
static unsigned int var_txn_limit = 0;
static unsigned int var_reqres_limit = 0;
MINOR: checks/vars: Add a check scope for variables Add a dedicated vars scope for checks. This scope is considered as part of the session scope for accounting purposes. The scope can be addressed by a valid session, even embryonic. The stream is not necessary. The scope is initialized after the check session is created. All variables are then pruned before the session is destroyed.
2020-02-21 12:13:44 -05:00
static unsigned int var_check_limit = 0;
MINOR: vars: preset a random seed to hash variables names Variables names will be hashed, but for this we need a random seed. The XXH3() algorithms is bijective over the whole 64-bit space, which is great as it guarantees no collision for 1..8 byte names. But above that even if the risk is extremely faint, it theoretically exists and since variables may be set from Lua we'd rather do our best to limit the risk of controlled collision, hence the random seed.
2021-08-31 02:48:55 -04:00
static uint64_t var_name_hash_seed = 0;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
MINOR: vars: Parse optional conditions passed to the set-var converter This patch adds the parsing of the optional condition parameters that can be passed to the set-var converter. Those conditions will not be taken into account yet in the var_set function so conditions passed as parameters will not have any effect. This is true for any condition apart from the "ifexists" one that is also used to replace the VF_UPDATEONLY flag that was used to prevent proc scope variable creation from a LUA module.
2021-12-16 11:14:37 -05:00
/* Structure and array matching set-var conditions to their respective flag
* value.
*/
struct var_set_condition {
const char *cond_str;
uint flag;
};
static struct var_set_condition conditions_array[] = {
{ "ifexists", VF_COND_IFEXISTS },
{ "ifnotexists", VF_COND_IFNOTEXISTS },
{ "ifempty", VF_COND_IFEMPTY },
{ "ifnotempty", VF_COND_IFNOTEMPTY },
{ "ifset", VF_COND_IFSET },
{ "ifnotset", VF_COND_IFNOTSET },
{ "ifgt", VF_COND_IFGT },
{ "iflt", VF_COND_IFLT },
{ NULL, 0 }
};
BUG/MEDIUM: vars: make sure the scope is always valid when accessing vars Patrick Hemmer reported that a simple tcp rule involving a variable like this is enough to crash haproxy : frontend foo bind :8001 tcp-request session set-var(txn.foo) src The tests on the variables scopes is not strict enough, it needs to always verify if the stream is valid when accessing a req/res/txn variable. This patch does this by adding a new get_vars() function which does the job instead of open-coding all the lookups everywhere. It must be backported to all versions supporting set-var and "tcp-request session" so at least 1.9 and 1.8.
2019-06-04 10:27:36 -04:00
/* returns the struct vars pointer for a session, stream and scope, or NULL if
* it does not exist.
*/
static inline struct vars *get_vars(struct session *sess, struct stream *strm, enum vars_scope scope)
{
switch (scope) {
case SCOPE_PROC:
REORG: vars: move the "proc" scope variables out of the global struct The presence of this field causes a long dependency chain because almost everyone includes global-t.h, and vars include sample_data which include some system includes as well as HTTP parts. There is absolutely no reason for having the process-wide variables in the global struct, let's just move them into vars.c and vars.h. This reduces from ~190k to ~170k the preprocessed output of version.c.
2021-05-08 05:41:28 -04:00
return &proc_vars;
BUG/MEDIUM: vars: make sure the scope is always valid when accessing vars Patrick Hemmer reported that a simple tcp rule involving a variable like this is enough to crash haproxy : frontend foo bind :8001 tcp-request session set-var(txn.foo) src The tests on the variables scopes is not strict enough, it needs to always verify if the stream is valid when accessing a req/res/txn variable. This patch does this by adding a new get_vars() function which does the job instead of open-coding all the lookups everywhere. It must be backported to all versions supporting set-var and "tcp-request session" so at least 1.9 and 1.8.
2019-06-04 10:27:36 -04:00
case SCOPE_SESS:
MINOR: vars: make get_vars() allow the session to be null In order to support manipulating variables from outside a session, let's make get_vars() not assume that the session is always set.
2021-03-26 06:27:59 -04:00
return sess ? &sess->vars : NULL;
MINOR: checks/vars: Add a check scope for variables Add a dedicated vars scope for checks. This scope is considered as part of the session scope for accounting purposes. The scope can be addressed by a valid session, even embryonic. The stream is not necessary. The scope is initialized after the check session is created. All variables are then pruned before the session is destroyed.
2020-02-21 12:13:44 -05:00
case SCOPE_CHECK: {
BUG/MINOR: vars: Be sure to have a session to get checks variables It is now possible to get any variables from the cli. Concretely, only variables in the PROC scope can be retrieved because there is neither stream nor session defined. But, nothing forbids anyone to try to get a variable in any scope. No value will be found, but it is allowed. Thus, we must be sure to not rely on an undefined session or stream in that case. Especially, the session must be tested before retrieving variables in CHECK scope. This patch should fix the issue #1249. It must be backported to 2.4.
2021-06-02 05:48:42 -04:00
struct check *check = sess ? objt_check(sess->origin) : NULL;
MINOR: checks/vars: Add a check scope for variables Add a dedicated vars scope for checks. This scope is considered as part of the session scope for accounting purposes. The scope can be addressed by a valid session, even embryonic. The stream is not necessary. The scope is initialized after the check session is created. All variables are then pruned before the session is destroyed.
2020-02-21 12:13:44 -05:00
MINOR: checks: Use the check as origin when a session is created Before, the server was used as origin during session creation. It was only used to get the check associated to the server when a variable is get or set in the check scope or when a check sample fetch was called. So it seems easier to use the check as origin of a session. It is also more logical becaues the session is created by the health-check itself and not its server.
2020-04-21 05:53:32 -04:00
return check ? &check->vars : NULL;
MINOR: checks/vars: Add a check scope for variables Add a dedicated vars scope for checks. This scope is considered as part of the session scope for accounting purposes. The scope can be addressed by a valid session, even embryonic. The stream is not necessary. The scope is initialized after the check session is created. All variables are then pruned before the session is destroyed.
2020-02-21 12:13:44 -05:00
}
BUG/MEDIUM: vars: make sure the scope is always valid when accessing vars Patrick Hemmer reported that a simple tcp rule involving a variable like this is enough to crash haproxy : frontend foo bind :8001 tcp-request session set-var(txn.foo) src The tests on the variables scopes is not strict enough, it needs to always verify if the stream is valid when accessing a req/res/txn variable. This patch does this by adding a new get_vars() function which does the job instead of open-coding all the lookups everywhere. It must be backported to all versions supporting set-var and "tcp-request session" so at least 1.9 and 1.8.
2019-06-04 10:27:36 -04:00
case SCOPE_TXN:
return strm ? &strm->vars_txn : NULL;
case SCOPE_REQ:
case SCOPE_RES:
default:
return strm ? &strm->vars_reqres : NULL;
}
}
MINOR: vars: make the accounting not depend on the stream We'll need to move the session variables to the session. For this, the accounting must not depend on the stream. Instead we pass the pointers to the different lists.
2015-06-19 05:21:56 -04:00
/* This function adds or remove memory size from the accounting. The inner
* pointers may be null when setting the outer ones only.
*/
MINOR: vars: replace static functions with global ones The OpenTracing filter uses several internal HAProxy functions to work with variables and therefore requires two static local HAProxy functions, var_accounting_diff() and var_clear(), to be declared global. In fact, the var_clear() function was not originally defined as static, but it lacked a declaration.
2020-12-09 10:34:29 -05:00
void var_accounting_diff(struct vars *vars, struct session *sess, struct stream *strm, int size)
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
{
switch (vars->scope) {
case SCOPE_REQ:
case SCOPE_RES:
OPTIM: vars: do not keep variables usage stats if no limit is set The sole purpose of the variable's usage accounting is to enforce limits at the session or process level, but very commonly these are not set, yet the bookkeeping (especially at the process level) is extremely expensive. Let's simply disable it when the limits are not set. This further increases the performance of 12 variables on 16-thread from 1.06M to 1.24M req/s.
2021-09-08 09:51:06 -04:00
if (var_reqres_limit && strm)
BUG/MEDIUM: vars: make sure the scope is always valid when accessing vars Patrick Hemmer reported that a simple tcp rule involving a variable like this is enough to crash haproxy : frontend foo bind :8001 tcp-request session set-var(txn.foo) src The tests on the variables scopes is not strict enough, it needs to always verify if the stream is valid when accessing a req/res/txn variable. This patch does this by adding a new get_vars() function which does the job instead of open-coding all the lookups everywhere. It must be backported to all versions supporting set-var and "tcp-request session" so at least 1.9 and 1.8.
2019-06-04 10:27:36 -04:00
_HA_ATOMIC_ADD(&strm->vars_reqres.size, size);
BUG/MAJOR: vars: always retrieve the stream and session from the sample This is the continuation of previous patch called "BUG/MAJOR: samples: check smp->strm before using it". It happens that variables may have a session-wide scope, and that their session is retrieved by dereferencing the stream. But nothing prevents them from being used from a streamless context such as tcp-request connection, thus crashing the process. Example : tcp-request connection accept if { src,set-var(sess.foo) -m found } In order to fix this, we have to always ensure that variable manipulation only happens via the sample, which contains the correct owner and context, and that we never use one from a different source. This results in quite a large change since a lot of functions are inderctly involved in the call chain, but the change is easy to follow. This fix must be backported to 1.6, and requires the last two patches.
2016-03-10 10:33:04 -05:00
/* fall through */
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
case SCOPE_TXN:
OPTIM: vars: do not keep variables usage stats if no limit is set The sole purpose of the variable's usage accounting is to enforce limits at the session or process level, but very commonly these are not set, yet the bookkeeping (especially at the process level) is extremely expensive. Let's simply disable it when the limits are not set. This further increases the performance of 12 variables on 16-thread from 1.06M to 1.24M req/s.
2021-09-08 09:51:06 -04:00
if (var_txn_limit && strm)
BUG/MEDIUM: vars: make sure the scope is always valid when accessing vars Patrick Hemmer reported that a simple tcp rule involving a variable like this is enough to crash haproxy : frontend foo bind :8001 tcp-request session set-var(txn.foo) src The tests on the variables scopes is not strict enough, it needs to always verify if the stream is valid when accessing a req/res/txn variable. This patch does this by adding a new get_vars() function which does the job instead of open-coding all the lookups everywhere. It must be backported to all versions supporting set-var and "tcp-request session" so at least 1.9 and 1.8.
2019-06-04 10:27:36 -04:00
_HA_ATOMIC_ADD(&strm->vars_txn.size, size);
MINOR: checks/vars: Add a check scope for variables Add a dedicated vars scope for checks. This scope is considered as part of the session scope for accounting purposes. The scope can be addressed by a valid session, even embryonic. The stream is not necessary. The scope is initialized after the check session is created. All variables are then pruned before the session is destroyed.
2020-02-21 12:13:44 -05:00
goto scope_sess;
OPTIM: vars: do not keep variables usage stats if no limit is set The sole purpose of the variable's usage accounting is to enforce limits at the session or process level, but very commonly these are not set, yet the bookkeeping (especially at the process level) is extremely expensive. Let's simply disable it when the limits are not set. This further increases the performance of 12 variables on 16-thread from 1.06M to 1.24M req/s.
2021-09-08 09:51:06 -04:00
case SCOPE_CHECK:
if (var_check_limit) {
MINOR: checks: Use the check as origin when a session is created Before, the server was used as origin during session creation. It was only used to get the check associated to the server when a variable is get or set in the check scope or when a check sample fetch was called. So it seems easier to use the check as origin of a session. It is also more logical becaues the session is created by the health-check itself and not its server.
2020-04-21 05:53:32 -04:00
struct check *check = objt_check(sess->origin);
MINOR: checks/vars: Add a check scope for variables Add a dedicated vars scope for checks. This scope is considered as part of the session scope for accounting purposes. The scope can be addressed by a valid session, even embryonic. The stream is not necessary. The scope is initialized after the check session is created. All variables are then pruned before the session is destroyed.
2020-02-21 12:13:44 -05:00
MINOR: checks: Use the check as origin when a session is created Before, the server was used as origin during session creation. It was only used to get the check associated to the server when a variable is get or set in the check scope or when a check sample fetch was called. So it seems easier to use the check as origin of a session. It is also more logical becaues the session is created by the health-check itself and not its server.
2020-04-21 05:53:32 -04:00
if (check)
_HA_ATOMIC_ADD(&check->vars.size, size);
MINOR: checks/vars: Add a check scope for variables Add a dedicated vars scope for checks. This scope is considered as part of the session scope for accounting purposes. The scope can be addressed by a valid session, even embryonic. The stream is not necessary. The scope is initialized after the check session is created. All variables are then pruned before the session is destroyed.
2020-02-21 12:13:44 -05:00
}
BUG/MAJOR: vars: always retrieve the stream and session from the sample This is the continuation of previous patch called "BUG/MAJOR: samples: check smp->strm before using it". It happens that variables may have a session-wide scope, and that their session is retrieved by dereferencing the stream. But nothing prevents them from being used from a streamless context such as tcp-request connection, thus crashing the process. Example : tcp-request connection accept if { src,set-var(sess.foo) -m found } In order to fix this, we have to always ensure that variable manipulation only happens via the sample, which contains the correct owner and context, and that we never use one from a different source. This results in quite a large change since a lot of functions are inderctly involved in the call chain, but the change is easy to follow. This fix must be backported to 1.6, and requires the last two patches.
2016-03-10 10:33:04 -05:00
/* fall through */
MINOR: checks/vars: Add a check scope for variables Add a dedicated vars scope for checks. This scope is considered as part of the session scope for accounting purposes. The scope can be addressed by a valid session, even embryonic. The stream is not necessary. The scope is initialized after the check session is created. All variables are then pruned before the session is destroyed.
2020-02-21 12:13:44 -05:00
scope_sess:
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
case SCOPE_SESS:
OPTIM: vars: do not keep variables usage stats if no limit is set The sole purpose of the variable's usage accounting is to enforce limits at the session or process level, but very commonly these are not set, yet the bookkeeping (especially at the process level) is extremely expensive. Let's simply disable it when the limits are not set. This further increases the performance of 12 variables on 16-thread from 1.06M to 1.24M req/s.
2021-09-08 09:51:06 -04:00
if (var_sess_limit)
_HA_ATOMIC_ADD(&sess->vars.size, size);
MEDIUM: vars: Add a per-process scope for variables Now it is possible to use variables attached to a process. The scope name is 'proc'. These variables are released only when HAProxy is stopped. 'tune.vars.proc-max-size' directive has been added to confiure the maximum amount of memory used by "proc" variables. And because memory accounting is hierachical for variables, memory for "proc" vars includes memory for "sess" vars.
2016-11-09 05:36:17 -05:00
/* fall through */
case SCOPE_PROC:
OPTIM: vars: do not keep variables usage stats if no limit is set The sole purpose of the variable's usage accounting is to enforce limits at the session or process level, but very commonly these are not set, yet the bookkeeping (especially at the process level) is extremely expensive. Let's simply disable it when the limits are not set. This further increases the performance of 12 variables on 16-thread from 1.06M to 1.24M req/s.
2021-09-08 09:51:06 -04:00
if (var_proc_limit || var_global_limit)
_HA_ATOMIC_ADD(&proc_vars.size, size);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
}
/* This function returns 1 if the <size> is available in the var
CLEANUP: fix typos in the comments of the vars subsystem Those are mostly misspells of the words available and variable.
2018-11-15 12:19:50 -05:00
* pool <vars>, otherwise returns 0. If the space is available,
MINOR: vars: make the accounting not depend on the stream We'll need to move the session variables to the session. For this, the accounting must not depend on the stream. Instead we pass the pointers to the different lists.
2015-06-19 05:21:56 -04:00
* the size is reserved. The inner pointers may be null when setting
BUG/MAJOR: vars: always retrieve the stream and session from the sample This is the continuation of previous patch called "BUG/MAJOR: samples: check smp->strm before using it". It happens that variables may have a session-wide scope, and that their session is retrieved by dereferencing the stream. But nothing prevents them from being used from a streamless context such as tcp-request connection, thus crashing the process. Example : tcp-request connection accept if { src,set-var(sess.foo) -m found } In order to fix this, we have to always ensure that variable manipulation only happens via the sample, which contains the correct owner and context, and that we never use one from a different source. This results in quite a large change since a lot of functions are inderctly involved in the call chain, but the change is easy to follow. This fix must be backported to 1.6, and requires the last two patches.
2016-03-10 10:33:04 -05:00
* the outer ones only. The accounting uses either <sess> or <strm>
* depending on the scope. <strm> may be NULL when no stream is known
* and only the session exists (eg: tcp-request connection).
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
*/
BUG/MAJOR: vars: always retrieve the stream and session from the sample This is the continuation of previous patch called "BUG/MAJOR: samples: check smp->strm before using it". It happens that variables may have a session-wide scope, and that their session is retrieved by dereferencing the stream. But nothing prevents them from being used from a streamless context such as tcp-request connection, thus crashing the process. Example : tcp-request connection accept if { src,set-var(sess.foo) -m found } In order to fix this, we have to always ensure that variable manipulation only happens via the sample, which contains the correct owner and context, and that we never use one from a different source. This results in quite a large change since a lot of functions are inderctly involved in the call chain, but the change is easy to follow. This fix must be backported to 1.6, and requires the last two patches.
2016-03-10 10:33:04 -05:00
static int var_accounting_add(struct vars *vars, struct session *sess, struct stream *strm, int size)
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
{
switch (vars->scope) {
case SCOPE_REQ:
case SCOPE_RES:
BUG/MEDIUM: vars: make sure the scope is always valid when accessing vars Patrick Hemmer reported that a simple tcp rule involving a variable like this is enough to crash haproxy : frontend foo bind :8001 tcp-request session set-var(txn.foo) src The tests on the variables scopes is not strict enough, it needs to always verify if the stream is valid when accessing a req/res/txn variable. This patch does this by adding a new get_vars() function which does the job instead of open-coding all the lookups everywhere. It must be backported to all versions supporting set-var and "tcp-request session" so at least 1.9 and 1.8.
2019-06-04 10:27:36 -04:00
if (var_reqres_limit && strm && strm->vars_reqres.size + size > var_reqres_limit)
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
return 0;
BUG/MAJOR: vars: always retrieve the stream and session from the sample This is the continuation of previous patch called "BUG/MAJOR: samples: check smp->strm before using it". It happens that variables may have a session-wide scope, and that their session is retrieved by dereferencing the stream. But nothing prevents them from being used from a streamless context such as tcp-request connection, thus crashing the process. Example : tcp-request connection accept if { src,set-var(sess.foo) -m found } In order to fix this, we have to always ensure that variable manipulation only happens via the sample, which contains the correct owner and context, and that we never use one from a different source. This results in quite a large change since a lot of functions are inderctly involved in the call chain, but the change is easy to follow. This fix must be backported to 1.6, and requires the last two patches.
2016-03-10 10:33:04 -05:00
/* fall through */
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
case SCOPE_TXN:
BUG/MEDIUM: vars: make sure the scope is always valid when accessing vars Patrick Hemmer reported that a simple tcp rule involving a variable like this is enough to crash haproxy : frontend foo bind :8001 tcp-request session set-var(txn.foo) src The tests on the variables scopes is not strict enough, it needs to always verify if the stream is valid when accessing a req/res/txn variable. This patch does this by adding a new get_vars() function which does the job instead of open-coding all the lookups everywhere. It must be backported to all versions supporting set-var and "tcp-request session" so at least 1.9 and 1.8.
2019-06-04 10:27:36 -04:00
if (var_txn_limit && strm && strm->vars_txn.size + size > var_txn_limit)
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
return 0;
MINOR: checks/vars: Add a check scope for variables Add a dedicated vars scope for checks. This scope is considered as part of the session scope for accounting purposes. The scope can be addressed by a valid session, even embryonic. The stream is not necessary. The scope is initialized after the check session is created. All variables are then pruned before the session is destroyed.
2020-02-21 12:13:44 -05:00
goto scope_sess;
case SCOPE_CHECK: {
MINOR: checks: Use the check as origin when a session is created Before, the server was used as origin during session creation. It was only used to get the check associated to the server when a variable is get or set in the check scope or when a check sample fetch was called. So it seems easier to use the check as origin of a session. It is also more logical becaues the session is created by the health-check itself and not its server.
2020-04-21 05:53:32 -04:00
struct check *check = objt_check(sess->origin);
MINOR: checks/vars: Add a check scope for variables Add a dedicated vars scope for checks. This scope is considered as part of the session scope for accounting purposes. The scope can be addressed by a valid session, even embryonic. The stream is not necessary. The scope is initialized after the check session is created. All variables are then pruned before the session is destroyed.
2020-02-21 12:13:44 -05:00
MINOR: checks: Use the check as origin when a session is created Before, the server was used as origin during session creation. It was only used to get the check associated to the server when a variable is get or set in the check scope or when a check sample fetch was called. So it seems easier to use the check as origin of a session. It is also more logical becaues the session is created by the health-check itself and not its server.
2020-04-21 05:53:32 -04:00
if (var_check_limit && check && check->vars.size + size > var_check_limit)
MINOR: checks/vars: Add a check scope for variables Add a dedicated vars scope for checks. This scope is considered as part of the session scope for accounting purposes. The scope can be addressed by a valid session, even embryonic. The stream is not necessary. The scope is initialized after the check session is created. All variables are then pruned before the session is destroyed.
2020-02-21 12:13:44 -05:00
return 0;
}
BUG/MAJOR: vars: always retrieve the stream and session from the sample This is the continuation of previous patch called "BUG/MAJOR: samples: check smp->strm before using it". It happens that variables may have a session-wide scope, and that their session is retrieved by dereferencing the stream. But nothing prevents them from being used from a streamless context such as tcp-request connection, thus crashing the process. Example : tcp-request connection accept if { src,set-var(sess.foo) -m found } In order to fix this, we have to always ensure that variable manipulation only happens via the sample, which contains the correct owner and context, and that we never use one from a different source. This results in quite a large change since a lot of functions are inderctly involved in the call chain, but the change is easy to follow. This fix must be backported to 1.6, and requires the last two patches.
2016-03-10 10:33:04 -05:00
/* fall through */
MINOR: checks/vars: Add a check scope for variables Add a dedicated vars scope for checks. This scope is considered as part of the session scope for accounting purposes. The scope can be addressed by a valid session, even embryonic. The stream is not necessary. The scope is initialized after the check session is created. All variables are then pruned before the session is destroyed.
2020-02-21 12:13:44 -05:00
scope_sess:
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
case SCOPE_SESS:
BUG/MAJOR: vars: always retrieve the stream and session from the sample This is the continuation of previous patch called "BUG/MAJOR: samples: check smp->strm before using it". It happens that variables may have a session-wide scope, and that their session is retrieved by dereferencing the stream. But nothing prevents them from being used from a streamless context such as tcp-request connection, thus crashing the process. Example : tcp-request connection accept if { src,set-var(sess.foo) -m found } In order to fix this, we have to always ensure that variable manipulation only happens via the sample, which contains the correct owner and context, and that we never use one from a different source. This results in quite a large change since a lot of functions are inderctly involved in the call chain, but the change is easy to follow. This fix must be backported to 1.6, and requires the last two patches.
2016-03-10 10:33:04 -05:00
if (var_sess_limit && sess->vars.size + size > var_sess_limit)
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
return 0;
MEDIUM: vars: Add a per-process scope for variables Now it is possible to use variables attached to a process. The scope name is 'proc'. These variables are released only when HAProxy is stopped. 'tune.vars.proc-max-size' directive has been added to confiure the maximum amount of memory used by "proc" variables. And because memory accounting is hierachical for variables, memory for "proc" vars includes memory for "sess" vars.
2016-11-09 05:36:17 -05:00
/* fall through */
case SCOPE_PROC:
OPTIM: vars: remove internal bookkeeping for vars_global_size Right now we have a per-process max variable size and a per-scope one, with the proc scope covering all others. As such, the per-process global one is always exactly equal to the per-proc-scope one. And bookkeeping on these process-wide variables is extremely expensive (up to 38% CPU seen in var_accounting_diff() just for them). Let's kill vars_global_size and only rely on the proc one. Doing this increased the request rate from 770k to 1.06M in a config having only 12 variables on a 16-thread machine.
2021-09-08 09:40:58 -04:00
/* note: scope proc collects all others and is currently identical to the
* global limit.
*/
REORG: vars: move the "proc" scope variables out of the global struct The presence of this field causes a long dependency chain because almost everyone includes global-t.h, and vars include sample_data which include some system includes as well as HTTP parts. There is absolutely no reason for having the process-wide variables in the global struct, let's just move them into vars.c and vars.h. This reduces from ~190k to ~170k the preprocessed output of version.c.
2021-05-08 05:41:28 -04:00
if (var_proc_limit && proc_vars.size + size > var_proc_limit)
MEDIUM: vars: Add a per-process scope for variables Now it is possible to use variables attached to a process. The scope name is 'proc'. These variables are released only when HAProxy is stopped. 'tune.vars.proc-max-size' directive has been added to confiure the maximum amount of memory used by "proc" variables. And because memory accounting is hierachical for variables, memory for "proc" vars includes memory for "sess" vars.
2016-11-09 05:36:17 -05:00
return 0;
OPTIM: vars: remove internal bookkeeping for vars_global_size Right now we have a per-process max variable size and a per-scope one, with the proc scope covering all others. As such, the per-process global one is always exactly equal to the per-proc-scope one. And bookkeeping on these process-wide variables is extremely expensive (up to 38% CPU seen in var_accounting_diff() just for them). Let's kill vars_global_size and only rely on the proc one. Doing this increased the request rate from 770k to 1.06M in a config having only 12 variables on a 16-thread machine.
2021-09-08 09:40:58 -04:00
if (var_global_limit && proc_vars.size + size > var_global_limit)
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
return 0;
}
BUG/MAJOR: vars: always retrieve the stream and session from the sample This is the continuation of previous patch called "BUG/MAJOR: samples: check smp->strm before using it". It happens that variables may have a session-wide scope, and that their session is retrieved by dereferencing the stream. But nothing prevents them from being used from a streamless context such as tcp-request connection, thus crashing the process. Example : tcp-request connection accept if { src,set-var(sess.foo) -m found } In order to fix this, we have to always ensure that variable manipulation only happens via the sample, which contains the correct owner and context, and that we never use one from a different source. This results in quite a large change since a lot of functions are inderctly involved in the call chain, but the change is easy to follow. This fix must be backported to 1.6, and requires the last two patches.
2016-03-10 10:33:04 -05:00
var_accounting_diff(vars, sess, strm, size);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
return 1;
}
MEDIUM: vars: make var_clear() only reset VF_PERMANENT variables We certainly do not want that a permanent variable (one that is listed in the configuration) be erased by accident by an "unset-var" action. Let's make sure these ones are only reset to an empty sample, like at the moment of their initial registration. One trick is that the same function is used to purge the memory at the end and to delete, so we need to add an extra "force" argument to make the choice.
2021-09-08 09:03:58 -04:00
/* This function removes a variable from the list and frees the memory it was
* using. If the variable is marked "VF_PERMANENT", the sample_data is only
* reset to SMP_T_ANY unless <force> is non nul. Returns the freed size.
*/
unsigned int var_clear(struct var *var, int force)
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
{
unsigned int size = 0;
if (var->data.type == SMP_T_STR || var->data.type == SMP_T_BIN) {
CLEANUP: vars: always zero the pointers after a free() In sample_store(), depending on the new sample types, the area pointer was not always zeroed after being freed. Let's make sure it's always the case to avoid the risk of dangling pointers being misused.
2021-02-26 15:19:53 -05:00
ha_free(&var->data.u.str.area);
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
size += var->data.u.str.data;
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
}
MINOR: samples: Don't allocate memory for SMP_T_METH sample when method is known For known methods (GET,POST...), in samples, an enum is used instead of a chunk to reference the method. So there is no needs to allocate memory when a variable is stored with this kind of sample.
2017-07-24 10:24:39 -04:00
else if (var->data.type == SMP_T_METH && var->data.u.meth.meth == HTTP_METH_OTHER) {
CLEANUP: vars: always zero the pointers after a free() In sample_store(), depending on the new sample types, the area pointer was not always zeroed after being freed. Let's make sure it's always the case to avoid the risk of dangling pointers being misused.
2021-02-26 15:19:53 -05:00
ha_free(&var->data.u.meth.str.area);
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
size += var->data.u.meth.str.data;
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
}
MEDIUM: vars: make var_clear() only reset VF_PERMANENT variables We certainly do not want that a permanent variable (one that is listed in the configuration) be erased by accident by an "unset-var" action. Let's make sure these ones are only reset to an empty sample, like at the moment of their initial registration. One trick is that the same function is used to purge the memory at the end and to delete, so we need to add an extra "force" argument to make the choice.
2021-09-08 09:03:58 -04:00
/* wipe the sample */
var->data.type = SMP_T_ANY;
if (!(var->flags & VF_PERMANENT) || force) {
LIST_DELETE(&var->l);
pool_free(var_pool, var);
size += sizeof(struct var);
}
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
return size;
}
CLEANUP: fix typos in the comments of the vars subsystem Those are mostly misspells of the words available and variable.
2018-11-15 12:19:50 -05:00
/* This function free all the memory used by all the variables
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
* in the list.
*/
BUG/MAJOR: vars: always retrieve the stream and session from the sample This is the continuation of previous patch called "BUG/MAJOR: samples: check smp->strm before using it". It happens that variables may have a session-wide scope, and that their session is retrieved by dereferencing the stream. But nothing prevents them from being used from a streamless context such as tcp-request connection, thus crashing the process. Example : tcp-request connection accept if { src,set-var(sess.foo) -m found } In order to fix this, we have to always ensure that variable manipulation only happens via the sample, which contains the correct owner and context, and that we never use one from a different source. This results in quite a large change since a lot of functions are inderctly involved in the call chain, but the change is easy to follow. This fix must be backported to 1.6, and requires the last two patches.
2016-03-10 10:33:04 -05:00
void vars_prune(struct vars *vars, struct session *sess, struct stream *strm)
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
{
struct var *var, *tmp;
MINOR: vars: make the accounting not depend on the stream We'll need to move the session variables to the session. For this, the accounting must not depend on the stream. Instead we pass the pointers to the different lists.
2015-06-19 05:21:56 -04:00
unsigned int size = 0;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
MINOR: vars: centralize the lock/unlock into static inlines The goal it to simplify the variables locking in order to later simplify it.
2021-09-08 09:19:57 -04:00
vars_wrlock(vars);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
list_for_each_entry_safe(var, tmp, &vars->head, l) {
MEDIUM: vars: make var_clear() only reset VF_PERMANENT variables We certainly do not want that a permanent variable (one that is listed in the configuration) be erased by accident by an "unset-var" action. Let's make sure these ones are only reset to an empty sample, like at the moment of their initial registration. One trick is that the same function is used to purge the memory at the end and to delete, so we need to add an extra "force" argument to make the choice.
2021-09-08 09:03:58 -04:00
size += var_clear(var, 1);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
MINOR: vars: centralize the lock/unlock into static inlines The goal it to simplify the variables locking in order to later simplify it.
2021-09-08 09:19:57 -04:00
vars_wrunlock(vars);
BUG/MAJOR: vars: always retrieve the stream and session from the sample This is the continuation of previous patch called "BUG/MAJOR: samples: check smp->strm before using it". It happens that variables may have a session-wide scope, and that their session is retrieved by dereferencing the stream. But nothing prevents them from being used from a streamless context such as tcp-request connection, thus crashing the process. Example : tcp-request connection accept if { src,set-var(sess.foo) -m found } In order to fix this, we have to always ensure that variable manipulation only happens via the sample, which contains the correct owner and context, and that we never use one from a different source. This results in quite a large change since a lot of functions are inderctly involved in the call chain, but the change is easy to follow. This fix must be backported to 1.6, and requires the last two patches.
2016-03-10 10:33:04 -05:00
var_accounting_diff(vars, sess, strm, -size);
MEDIUM: vars: move the session variables to the session, not the stream It's important that the session-wide variables are in the session and not in the stream.
2015-06-19 05:59:02 -04:00
}
/* This function frees all the memory used by all the session variables in the
* list starting at <vars>.
*/
void vars_prune_per_sess(struct vars *vars)
{
struct var *var, *tmp;
unsigned int size = 0;
MINOR: vars: centralize the lock/unlock into static inlines The goal it to simplify the variables locking in order to later simplify it.
2021-09-08 09:19:57 -04:00
vars_wrlock(vars);
MEDIUM: vars: move the session variables to the session, not the stream It's important that the session-wide variables are in the session and not in the stream.
2015-06-19 05:59:02 -04:00
list_for_each_entry_safe(var, tmp, &vars->head, l) {
MEDIUM: vars: make var_clear() only reset VF_PERMANENT variables We certainly do not want that a permanent variable (one that is listed in the configuration) be erased by accident by an "unset-var" action. Let's make sure these ones are only reset to an empty sample, like at the moment of their initial registration. One trick is that the same function is used to purge the memory at the end and to delete, so we need to add an extra "force" argument to make the choice.
2021-09-08 09:03:58 -04:00
size += var_clear(var, 1);
MEDIUM: vars: move the session variables to the session, not the stream It's important that the session-wide variables are in the session and not in the stream.
2015-06-19 05:59:02 -04:00
}
MINOR: vars: centralize the lock/unlock into static inlines The goal it to simplify the variables locking in order to later simplify it.
2021-09-08 09:19:57 -04:00
vars_wrunlock(vars);
MEDIUM: thread/vars: Make vars thread-safe A RW lock has been added to the vars structure to protect each list of variables. And a global RW lock is used to protect registered names. When a varibable is fetched, we duplicate sample data because the variable could be modified by another thread.
2017-07-24 10:30:34 -04:00
OPTIM: vars: do not keep variables usage stats if no limit is set The sole purpose of the variable's usage accounting is to enforce limits at the session or process level, but very commonly these are not set, yet the bookkeeping (especially at the process level) is extremely expensive. Let's simply disable it when the limits are not set. This further increases the performance of 12 variables on 16-thread from 1.06M to 1.24M req/s.
2021-09-08 09:51:06 -04:00
if (var_sess_limit)
_HA_ATOMIC_SUB(&vars->size, size);
if (var_proc_limit || var_global_limit)
_HA_ATOMIC_SUB(&proc_vars.size, size);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
MINOR: vars: rename vars_init() to vars_init_head() The vars_init() name is particularly confusing as it does not initialize the variables code but the head of a list of variables passed in arguments. And we'll soon need to have proper initialization code, so let's rename it now.
2021-08-31 02:13:25 -04:00
/* This function initializes a variables list head */
void vars_init_head(struct vars *vars, enum vars_scope scope)
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
{
LIST_INIT(&vars->head);
vars->scope = scope;
vars->size = 0;
BUILD: threads: Rename SPIN/RWLOCK macros using HA_ prefix This remove any name conflicts, especially on Solaris.
2017-11-07 04:42:54 -05:00
HA_RWLOCK_INIT(&vars->rwlock);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
/* This function returns a hash value and a scope for a variable name of a
* specified length. It makes sure that the scope is valid. It returns non-zero
* on success, 0 on failure. Neither hash nor scope may be NULL.
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
*/
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
static int vars_hash_name(const char *name, int len, enum vars_scope *scope,
uint64_t *hash, char **err)
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
{
const char *tmp;
/* Check length. */
if (len == 0) {
memprintf(err, "Empty variable name cannot be accepted");
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
return 0;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
/* Check scope. */
MEDIUM: vars: Add a per-process scope for variables Now it is possible to use variables attached to a process. The scope name is 'proc'. These variables are released only when HAProxy is stopped. 'tune.vars.proc-max-size' directive has been added to confiure the maximum amount of memory used by "proc" variables. And because memory accounting is hierachical for variables, memory for "proc" vars includes memory for "sess" vars.
2016-11-09 05:36:17 -05:00
if (len > 5 && strncmp(name, "proc.", 5) == 0) {
name += 5;
len -= 5;
*scope = SCOPE_PROC;
}
else if (len > 5 && strncmp(name, "sess.", 5) == 0) {
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
name += 5;
len -= 5;
*scope = SCOPE_SESS;
}
else if (len > 4 && strncmp(name, "txn.", 4) == 0) {
name += 4;
len -= 4;
*scope = SCOPE_TXN;
}
else if (len > 4 && strncmp(name, "req.", 4) == 0) {
name += 4;
len -= 4;
*scope = SCOPE_REQ;
}
else if (len > 4 && strncmp(name, "res.", 4) == 0) {
name += 4;
len -= 4;
*scope = SCOPE_RES;
}
MINOR: checks/vars: Add a check scope for variables Add a dedicated vars scope for checks. This scope is considered as part of the session scope for accounting purposes. The scope can be addressed by a valid session, even embryonic. The stream is not necessary. The scope is initialized after the check session is created. All variables are then pruned before the session is destroyed.
2020-02-21 12:13:44 -05:00
else if (len > 6 && strncmp(name, "check.", 6) == 0) {
name += 6;
len -= 6;
*scope = SCOPE_CHECK;
}
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
else {
BUG/MINOR: vars: truncate the variable name in error reports about scope. When a variable starts with the wrong scope, it is named without stripping the extra characters that follow it, which usually are closing parenthesis. Let's make sure we only report what is expected. This may be backported to 2.4.
2021-09-03 04:12:55 -04:00
memprintf(err, "invalid variable name '%.*s'. A variable name must be start by its scope. "
"The scope can be 'proc', 'sess', 'txn', 'req', 'res' or 'check'", len, name);
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
return 0;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
/* Check variable name syntax. */
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
for (tmp = name; tmp < name + len; tmp++) {
BUILD: general: always pass unsigned chars to is* functions The isalnum(), isalpha(), isdigit() etc functions from ctype.h are supposed to take an int in argument which must either reflect an unsigned char or EOF. In practice on some platforms they're implemented as macros referencing an array, and when passed a char, they either cause a warning "array subscript has type 'char'" when lucky, or cause random segfaults when unlucky. It's quite unconvenient by the way since none of them may return true for negative values. The recent introduction of cygwin to the list of regularly tested build platforms revealed a lot of breakage there due to the same issues again. So this patch addresses the problem all over the code at once. It adds unsigned char casts to every valid use case, and also drops the unneeded double cast to int that was sometimes added on top of it. It may be backported by dropping irrelevant changes if that helps better support uncommon platforms. It's unlikely to fix bugs on platforms which would already not emit any warning though.
2020-02-25 02:16:33 -05:00
if (!isalnum((unsigned char)*tmp) && *tmp != '_' && *tmp != '.') {
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
memprintf(err, "invalid syntax at char '%s'", tmp);
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
return 0;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
}
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
*hash = XXH3(name, len, var_name_hash_seed);
return 1;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
/* This function returns the variable from the given list that matches
* <name_hash> or returns NULL if not found. It's only a linked list since it
* is not expected to have many variables per scope (a few tens at best).
* The caller is responsible for ensuring that <vars> is properly locked.
*/
static struct var *var_get(struct vars *vars, uint64_t name_hash)
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
{
struct var *var;
list_for_each_entry(var, &vars->head, l)
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
if (var->name_hash == name_hash)
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
return var;
return NULL;
}
/* Returns 0 if fails, else returns 1. */
static int smp_fetch_var(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
const struct var_desc *var_desc = &args[0].data.var;
MINOR: vars: make the vars() sample fetch function support a default value It is quite common to see in configurations constructions like the following one: http-request set-var(txn.bodylen) 0 http-request set-var(txn.bodylen) req.hdr(content-length) ... http-request set-header orig-len %[var(txn.bodylen)] The set-var() rules are almost always duplicated when manipulating integers or any other value that is mandatory along operations. This is a problem because it makes the configurations complicated to maintain and slower than needed. And it becomes even more complicated when several conditions may set the same variable because the risk of forgetting to initialize it or to accidentally reset it is high. This patch extends the var() sample fetch function to take an optional argument which contains a default value to be returned if the variable was not set. This way it becomes much simpler to use the variable, just set it where needed, and read it with a fall back to the default value: http-request set-var(txn.bodylen) req.hdr(content-length) ... http-request set-header orig-len %[var(txn.bodylen,0)] The default value is always passed as a string, thus it will experience a cast to the output type. It doesn't seem userful to complicate the configuration to pass an explicit type at this point. The vars.vtc regtest was updated accordingly.
2021-09-03 06:00:13 -04:00
const struct buffer *def = NULL;
MEDIUM: thread/vars: Make vars thread-safe A RW lock has been added to the vars structure to protect each list of variables. And a global RW lock is used to protect registered names. When a varibable is fetched, we duplicate sample data because the variable could be modified by another thread.
2017-07-24 10:30:34 -04:00
MINOR: vars: make the vars() sample fetch function support a default value It is quite common to see in configurations constructions like the following one: http-request set-var(txn.bodylen) 0 http-request set-var(txn.bodylen) req.hdr(content-length) ... http-request set-header orig-len %[var(txn.bodylen)] The set-var() rules are almost always duplicated when manipulating integers or any other value that is mandatory along operations. This is a problem because it makes the configurations complicated to maintain and slower than needed. And it becomes even more complicated when several conditions may set the same variable because the risk of forgetting to initialize it or to accidentally reset it is high. This patch extends the var() sample fetch function to take an optional argument which contains a default value to be returned if the variable was not set. This way it becomes much simpler to use the variable, just set it where needed, and read it with a fall back to the default value: http-request set-var(txn.bodylen) req.hdr(content-length) ... http-request set-header orig-len %[var(txn.bodylen,0)] The default value is always passed as a string, thus it will experience a cast to the output type. It doesn't seem userful to complicate the configuration to pass an explicit type at this point. The vars.vtc regtest was updated accordingly.
2021-09-03 06:00:13 -04:00
if (args[1].type == ARGT_STR)
def = &args[1].data.str;
return vars_get_by_desc(var_desc, smp, def);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
MINOR: vars: Delay variable content freeing in var_set function When calling var_set on a variable of type string (SMP_T_STR, SMP_T_BIN or SMP_T_METH), the contents of the variable were freed directly. When adding conditions to set-var calls we might have cases in which the contents of an existing variable should be kept unchanged so the freeing of the internal buffers is delayed in the var_set function (so that we can bypass it later).
2021-12-16 11:14:36 -05:00
/*
* Clear the contents of a variable so that it can be reset directly.
* This function is used just before a variable is filled out of a sample's
* content.
*/
static inline void var_clear_buffer(struct sample *smp, struct vars *vars, struct var *var, int var_type)
{
if (var_type == SMP_T_STR || var_type == SMP_T_BIN) {
ha_free(&var->data.u.str.area);
var_accounting_diff(vars, smp->sess, smp->strm,
-var->data.u.str.data);
}
else if (var_type == SMP_T_METH && var->data.u.meth.meth == HTTP_METH_OTHER) {
ha_free(&var->data.u.meth.str.area);
var_accounting_diff(vars, smp->sess, smp->strm,
-var->data.u.meth.str.data);
}
}
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
/* This function tries to create a variable whose name hash is <name_hash> in
* scope <scope> and store sample <smp> as its value.
*
* The stream and session are extracted from <smp>, whose stream may be NULL
* when scope is SCOPE_SESS. In case there wouldn't be enough memory to store
* the sample while the variable was already created, it would be changed to
* a bool (which is memory-less).
MEDIUM: vars: make the ifexist variant of set-var only apply to the proc scope When setting variables, there are currently two variants, one which will always create the variable, and another one, "ifexist", which will only create or update a variable if a similarly named variable in any scope already existed before. The goal was to limit the risk of injecting random names in the proc scope, but it was achieved by making use of the somewhat limited name indexing model, which explains the scope-agnostic restriction. With this change, we're moving the check downwards in the chain, at the variable level, and only variables under the scope "proc" will be subject to the restriction. A new set of VF_* flags was added to adjust how variables are set, and VF_UPDATEONLY is used to mention this restriction. In this exact state of affairs, this is not completely exact, as if a similar name was not known in any scope, the variable will continue to be rejected like before, but this will change soon.
2021-09-07 08:24:07 -04:00
*
* Flags is a bitfield that may contain one of the following flags:
MINOR: vars: add a VF_CREATEONLY flag for creation Passing this flag to var_set() will result in the variable to only be created if it did not exist, otherwise nothing is done (it's not even updated). This will be used for pre-registering names.
2021-09-08 05:38:25 -04:00
* - VF_CREATEONLY: do nothing if the variable already exists (success).
MINOR: vars: store flags into variables and add VF_PERMANENT In order to continue to honor the ifexist Lua option and prevent rogue SPOA agents from creating too many variables, we'll need to keep the ability to mark certain proc.* variables as permanent when they're known from the config file. Let's add a flag there for this. It's added to the variable when the variable is created with this flag set by the caller. Another approach could have been to use a distinct list or distinct scope but that sounds complicated and bug-prone.
2021-09-08 05:07:32 -04:00
* - VF_PERMANENT: this flag will be passed to the variable upon creation
MEDIUM: vars: make the ifexist variant of set-var only apply to the proc scope When setting variables, there are currently two variants, one which will always create the variable, and another one, "ifexist", which will only create or update a variable if a similarly named variable in any scope already existed before. The goal was to limit the risk of injecting random names in the proc scope, but it was achieved by making use of the somewhat limited name indexing model, which explains the scope-agnostic restriction. With this change, we're moving the check downwards in the chain, at the variable level, and only variables under the scope "proc" will be subject to the restriction. A new set of VF_* flags was added to adjust how variables are set, and VF_UPDATEONLY is used to mention this restriction. In this exact state of affairs, this is not completely exact, as if a similar name was not known in any scope, the variable will continue to be rejected like before, but this will change soon.
2021-09-07 08:24:07 -04:00
*
MINOR: vars: Parse optional conditions passed to the set-var converter This patch adds the parsing of the optional condition parameters that can be passed to the set-var converter. Those conditions will not be taken into account yet in the var_set function so conditions passed as parameters will not have any effect. This is true for any condition apart from the "ifexists" one that is also used to replace the VF_UPDATEONLY flag that was used to prevent proc scope variable creation from a LUA module.
2021-12-16 11:14:37 -05:00
* - VF_COND_IFEXISTS: only set variable if it already exists
* - VF_COND_IFNOTEXISTS: only set variable if it did not exist yet
* - VF_COND_IFEMPTY: only set variable if sample is empty
* - VF_COND_IFNOTEMPTY: only set variable if sample is not empty
* - VF_COND_IFSET: only set variable if its type is not SMP_TYPE_ANY
* - VF_COND_IFNOTSET: only set variable if its type is ANY
* - VF_COND_IFGT: only set variable if its value is greater than the sample's
CLEANUP: assorted typo fixes in the code and comments This is 29th iteration of typo fixes
2021-12-25 01:45:52 -05:00
* - VF_COND_IFLT: only set variable if its value is less than the sample's
MINOR: vars: Parse optional conditions passed to the set-var converter This patch adds the parsing of the optional condition parameters that can be passed to the set-var converter. Those conditions will not be taken into account yet in the var_set function so conditions passed as parameters will not have any effect. This is true for any condition apart from the "ifexists" one that is also used to replace the VF_UPDATEONLY flag that was used to prevent proc scope variable creation from a LUA module.
2021-12-16 11:14:37 -05:00
*
REORG: vars: remerge sample_store{,_stream}() into var_set() The names for these two functions are totally misleading, they have nothing to do with samples, they're purely dedicated to variables. The former is only used by the second one and makes no sense by itself, so it cannot even get a meaningful name. Let's remerge them into a single one called "var_set()" which, as its name tries to imply, sets a variable to a given value.
2021-09-07 05:37:37 -04:00
* It returns 0 on failure, non-zero on success.
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
*/
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
static int var_set(uint64_t name_hash, enum vars_scope scope, struct sample *smp, uint flags)
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
{
REORG: vars: remerge sample_store{,_stream}() into var_set() The names for these two functions are totally misleading, they have nothing to do with samples, they're purely dedicated to variables. The former is only used by the second one and makes no sense by itself, so it cannot even get a meaningful name. Let's remerge them into a single one called "var_set()" which, as its name tries to imply, sets a variable to a given value.
2021-09-07 05:37:37 -04:00
struct vars *vars;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
struct var *var;
REORG: vars: remerge sample_store{,_stream}() into var_set() The names for these two functions are totally misleading, they have nothing to do with samples, they're purely dedicated to variables. The former is only used by the second one and makes no sense by itself, so it cannot even get a meaningful name. Let's remerge them into a single one called "var_set()" which, as its name tries to imply, sets a variable to a given value.
2021-09-07 05:37:37 -04:00
int ret = 0;
MINOR: vars: Delay variable content freeing in var_set function When calling var_set on a variable of type string (SMP_T_STR, SMP_T_BIN or SMP_T_METH), the contents of the variable were freed directly. When adding conditions to set-var calls we might have cases in which the contents of an existing variable should be kept unchanged so the freeing of the internal buffers is delayed in the var_set function (so that we can bypass it later).
2021-12-16 11:14:36 -05:00
int previous_type = SMP_T_ANY;
REORG: vars: remerge sample_store{,_stream}() into var_set() The names for these two functions are totally misleading, they have nothing to do with samples, they're purely dedicated to variables. The former is only used by the second one and makes no sense by itself, so it cannot even get a meaningful name. Let's remerge them into a single one called "var_set()" which, as its name tries to imply, sets a variable to a given value.
2021-09-07 05:37:37 -04:00
vars = get_vars(smp->sess, smp->strm, scope);
if (!vars || vars->scope != scope)
return 0;
MINOR: vars: centralize the lock/unlock into static inlines The goal it to simplify the variables locking in order to later simplify it.
2021-09-08 09:19:57 -04:00
vars_wrlock(vars);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
/* Look for existing variable name. */
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
var = var_get(vars, name_hash);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
if (var) {
MINOR: vars: add a VF_CREATEONLY flag for creation Passing this flag to var_set() will result in the variable to only be created if it did not exist, otherwise nothing is done (it's not even updated). This will be used for pre-registering names.
2021-09-08 05:38:25 -04:00
if (flags & VF_CREATEONLY) {
ret = 1;
goto unlock;
}
MEDIUM: vars: Enable optional conditions to set-var converter and actions This patch adds the possibility to add a set of conditions to a set-var call, be it a converter or an action (http-request or http-response action for instance). The conditions must all be true for the given set-var call for the variable to actually be set. If any of the conditions is false, the variable is left untouched. The managed conditions are the following : "ifexists", "ifnotexists", "ifempty", "ifnotempty", "ifset", "ifnotset", "ifgt", "iflt". It is possible to combine multiple conditions in a single set-var call since some of them apply to the variable itself, and some others to the input. This patch does not change the fact that variables of scope proc are still created during configuration parsing, regardless of the conditions that might be added to the set-var calls in which they are mentioned. For instance, such a line : http-request set-var(proc.foo,ifexists) int(5) would not prevent the creation of the variable during init, and when actually reaching this line during runtime, the proc.foo variable would already exist. This is specific to the proc scope. These new conditions mean that a set-var could "fail" for other reasons than memory allocation failures but without clearing the contents of the variable.
2021-12-16 11:14:39 -05:00
if (flags & VF_COND_IFNOTEXISTS)
goto unlock;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
} else {
MINOR: vars: Parse optional conditions passed to the set-var converter This patch adds the parsing of the optional condition parameters that can be passed to the set-var converter. Those conditions will not be taken into account yet in the var_set function so conditions passed as parameters will not have any effect. This is true for any condition apart from the "ifexists" one that is also used to replace the VF_UPDATEONLY flag that was used to prevent proc scope variable creation from a LUA module.
2021-12-16 11:14:37 -05:00
if (flags & VF_COND_IFEXISTS)
MEDIUM: vars: make the ifexist variant of set-var only apply to the proc scope When setting variables, there are currently two variants, one which will always create the variable, and another one, "ifexist", which will only create or update a variable if a similarly named variable in any scope already existed before. The goal was to limit the risk of injecting random names in the proc scope, but it was achieved by making use of the somewhat limited name indexing model, which explains the scope-agnostic restriction. With this change, we're moving the check downwards in the chain, at the variable level, and only variables under the scope "proc" will be subject to the restriction. A new set of VF_* flags was added to adjust how variables are set, and VF_UPDATEONLY is used to mention this restriction. In this exact state of affairs, this is not completely exact, as if a similar name was not known in any scope, the variable will continue to be rejected like before, but this will change soon.
2021-09-07 08:24:07 -04:00
goto unlock;
CLEANUP: fix typos in the comments of the vars subsystem Those are mostly misspells of the words available and variable.
2018-11-15 12:19:50 -05:00
/* Check memory available. */
BUG/MAJOR: vars: always retrieve the stream and session from the sample This is the continuation of previous patch called "BUG/MAJOR: samples: check smp->strm before using it". It happens that variables may have a session-wide scope, and that their session is retrieved by dereferencing the stream. But nothing prevents them from being used from a streamless context such as tcp-request connection, thus crashing the process. Example : tcp-request connection accept if { src,set-var(sess.foo) -m found } In order to fix this, we have to always ensure that variable manipulation only happens via the sample, which contains the correct owner and context, and that we never use one from a different source. This results in quite a large change since a lot of functions are inderctly involved in the call chain, but the change is easy to follow. This fix must be backported to 1.6, and requires the last two patches.
2016-03-10 10:33:04 -05:00
if (!var_accounting_add(vars, smp->sess, smp->strm, sizeof(struct var)))
REORG: vars: remerge sample_store{,_stream}() into var_set() The names for these two functions are totally misleading, they have nothing to do with samples, they're purely dedicated to variables. The former is only used by the second one and makes no sense by itself, so it cannot even get a meaningful name. Let's remerge them into a single one called "var_set()" which, as its name tries to imply, sets a variable to a given value.
2021-09-07 05:37:37 -04:00
goto unlock;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
/* Create new entry. */
CLEANUP: pools: rename all pool functions and pointers to remove this "2" During the migration to the second version of the pools, the new functions and pool pointers were all called "pool_something2()" and "pool2_something". Now there's no more pool v1 code and it's a real pain to still have to deal with this. Let's clean this up now by removing the "2" everywhere, and by renaming the pool heads "pool_head_something".
2017-11-24 11:34:44 -05:00
var = pool_alloc(var_pool);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
if (!var)
REORG: vars: remerge sample_store{,_stream}() into var_set() The names for these two functions are totally misleading, they have nothing to do with samples, they're purely dedicated to variables. The former is only used by the second one and makes no sense by itself, so it cannot even get a meaningful name. Let's remerge them into a single one called "var_set()" which, as its name tries to imply, sets a variable to a given value.
2021-09-07 05:37:37 -04:00
goto unlock;
CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion The current "ADD" vs "ADDQ" is confusing because when thinking in terms of appending at the end of a list, "ADD" naturally comes to mind, but here it does the opposite, it inserts. Several times already it's been incorrectly used where ADDQ was expected, the latest of which was a fortunate accident explained in 6fa922562 ("CLEANUP: stream: explain why we queue the stream at the head of the server list"). Let's use more explicit (but slightly longer) names now: LIST_ADD -> LIST_INSERT LIST_ADDQ -> LIST_APPEND LIST_ADDED -> LIST_INLIST LIST_DEL -> LIST_DELETE The same is true for MT_LISTs, including their "TRY" variant. LIST_DEL_INIT keeps its short name to encourage to use it instead of the lazier LIST_DELETE which is often less safe. The change is large (~674 non-comment entries) but is mechanical enough to remain safe. No permutation was performed, so any out-of-tree code can easily map older names to new ones. The list doc was updated.
2021-04-21 01:32:39 -04:00
LIST_APPEND(&vars->head, &var->l);
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
var->name_hash = name_hash;
MINOR: vars: store flags into variables and add VF_PERMANENT In order to continue to honor the ifexist Lua option and prevent rogue SPOA agents from creating too many variables, we'll need to keep the ability to mark certain proc.* variables as permanent when they're known from the config file. Let's add a flag there for this. It's added to the variable when the variable is created with this flag set by the caller. Another approach could have been to use a distinct list or distinct scope but that sounds complicated and bug-prone.
2021-09-08 05:07:32 -04:00
var->flags = flags & VF_PERMANENT;
MINOR: vars: Set variable type to ANY upon creation The type of a newly created variable was not initialized. This patch sets it to SMP_T_ANY by default. This will be required when conditions can be added to a set-var call because we might end up creating a variable without setting it yet.
2021-12-16 11:14:35 -05:00
var->data.type = SMP_T_ANY;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
MEDIUM: vars: Enable optional conditions to set-var converter and actions This patch adds the possibility to add a set of conditions to a set-var call, be it a converter or an action (http-request or http-response action for instance). The conditions must all be true for the given set-var call for the variable to actually be set. If any of the conditions is false, the variable is left untouched. The managed conditions are the following : "ifexists", "ifnotexists", "ifempty", "ifnotempty", "ifset", "ifnotset", "ifgt", "iflt". It is possible to combine multiple conditions in a single set-var call since some of them apply to the variable itself, and some others to the input. This patch does not change the fact that variables of scope proc are still created during configuration parsing, regardless of the conditions that might be added to the set-var calls in which they are mentioned. For instance, such a line : http-request set-var(proc.foo,ifexists) int(5) would not prevent the creation of the variable during init, and when actually reaching this line during runtime, the proc.foo variable would already exist. This is specific to the proc scope. These new conditions mean that a set-var could "fail" for other reasons than memory allocation failures but without clearing the contents of the variable.
2021-12-16 11:14:39 -05:00
/* A variable of type SMP_T_ANY is considered as unset (either created
* and never set or unset-var was called on it).
*/
if ((flags & VF_COND_IFSET && var->data.type == SMP_T_ANY) ||
(flags & VF_COND_IFNOTSET && var->data.type != SMP_T_ANY))
goto unlock;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
/* Set type. */
MINOR: vars: Delay variable content freeing in var_set function When calling var_set on a variable of type string (SMP_T_STR, SMP_T_BIN or SMP_T_METH), the contents of the variable were freed directly. When adding conditions to set-var calls we might have cases in which the contents of an existing variable should be kept unchanged so the freeing of the internal buffers is delayed in the var_set function (so that we can bypass it later).
2021-12-16 11:14:36 -05:00
previous_type = var->data.type;
MEDIUM: samples: Use the "struct sample_data" in the "struct sample" This patch remove the struct information stored both in the struct sample_data and in the striuct sample. Now, only thestruct sample_data contains data, and the struct sample use the struct sample_data for storing his own data.
2015-08-19 03:00:18 -04:00
var->data.type = smp->data.type;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
MEDIUM: vars: Enable optional conditions to set-var converter and actions This patch adds the possibility to add a set of conditions to a set-var call, be it a converter or an action (http-request or http-response action for instance). The conditions must all be true for the given set-var call for the variable to actually be set. If any of the conditions is false, the variable is left untouched. The managed conditions are the following : "ifexists", "ifnotexists", "ifempty", "ifnotempty", "ifset", "ifnotset", "ifgt", "iflt". It is possible to combine multiple conditions in a single set-var call since some of them apply to the variable itself, and some others to the input. This patch does not change the fact that variables of scope proc are still created during configuration parsing, regardless of the conditions that might be added to the set-var calls in which they are mentioned. For instance, such a line : http-request set-var(proc.foo,ifexists) int(5) would not prevent the creation of the variable during init, and when actually reaching this line during runtime, the proc.foo variable would already exist. This is specific to the proc scope. These new conditions mean that a set-var could "fail" for other reasons than memory allocation failures but without clearing the contents of the variable.
2021-12-16 11:14:39 -05:00
if (flags & VF_COND_IFEMPTY) {
switch(smp->data.type) {
case SMP_T_ANY:
case SMP_T_STR:
case SMP_T_BIN:
/* The actual test on the contents of the sample will be
* performed later.
*/
break;
default:
/* The sample cannot be empty since it has a scalar type. */
var->data.type = previous_type;
goto unlock;
}
}
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
/* Copy data. If the data needs memory, the function can fail. */
switch (var->data.type) {
case SMP_T_BOOL:
MEDIUM: vars: Enable optional conditions to set-var converter and actions This patch adds the possibility to add a set of conditions to a set-var call, be it a converter or an action (http-request or http-response action for instance). The conditions must all be true for the given set-var call for the variable to actually be set. If any of the conditions is false, the variable is left untouched. The managed conditions are the following : "ifexists", "ifnotexists", "ifempty", "ifnotempty", "ifset", "ifnotset", "ifgt", "iflt". It is possible to combine multiple conditions in a single set-var call since some of them apply to the variable itself, and some others to the input. This patch does not change the fact that variables of scope proc are still created during configuration parsing, regardless of the conditions that might be added to the set-var calls in which they are mentioned. For instance, such a line : http-request set-var(proc.foo,ifexists) int(5) would not prevent the creation of the variable during init, and when actually reaching this line during runtime, the proc.foo variable would already exist. This is specific to the proc scope. These new conditions mean that a set-var could "fail" for other reasons than memory allocation failures but without clearing the contents of the variable.
2021-12-16 11:14:39 -05:00
var_clear_buffer(smp, vars, var, previous_type);
var->data.u.sint = smp->data.u.sint;
break;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
case SMP_T_SINT:
MEDIUM: vars: Enable optional conditions to set-var converter and actions This patch adds the possibility to add a set of conditions to a set-var call, be it a converter or an action (http-request or http-response action for instance). The conditions must all be true for the given set-var call for the variable to actually be set. If any of the conditions is false, the variable is left untouched. The managed conditions are the following : "ifexists", "ifnotexists", "ifempty", "ifnotempty", "ifset", "ifnotset", "ifgt", "iflt". It is possible to combine multiple conditions in a single set-var call since some of them apply to the variable itself, and some others to the input. This patch does not change the fact that variables of scope proc are still created during configuration parsing, regardless of the conditions that might be added to the set-var calls in which they are mentioned. For instance, such a line : http-request set-var(proc.foo,ifexists) int(5) would not prevent the creation of the variable during init, and when actually reaching this line during runtime, the proc.foo variable would already exist. This is specific to the proc scope. These new conditions mean that a set-var could "fail" for other reasons than memory allocation failures but without clearing the contents of the variable.
2021-12-16 11:14:39 -05:00
if (previous_type == var->data.type) {
if (((flags & VF_COND_IFGT) && !(var->data.u.sint > smp->data.u.sint)) ||
((flags & VF_COND_IFLT) && !(var->data.u.sint < smp->data.u.sint)))
goto unlock;
}
MINOR: vars: Delay variable content freeing in var_set function When calling var_set on a variable of type string (SMP_T_STR, SMP_T_BIN or SMP_T_METH), the contents of the variable were freed directly. When adding conditions to set-var calls we might have cases in which the contents of an existing variable should be kept unchanged so the freeing of the internal buffers is delayed in the var_set function (so that we can bypass it later).
2021-12-16 11:14:36 -05:00
var_clear_buffer(smp, vars, var, previous_type);
MINOR: samples: rename union from "data" to "u" The union name "data" is a little bit heavy while we read the source code because we can read "data.data.sint". The rename from "data" to "u" makes the read easiest like "data.u.sint".
2015-08-19 03:07:19 -04:00
var->data.u.sint = smp->data.u.sint;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
break;
case SMP_T_IPV4:
MINOR: vars: Delay variable content freeing in var_set function When calling var_set on a variable of type string (SMP_T_STR, SMP_T_BIN or SMP_T_METH), the contents of the variable were freed directly. When adding conditions to set-var calls we might have cases in which the contents of an existing variable should be kept unchanged so the freeing of the internal buffers is delayed in the var_set function (so that we can bypass it later).
2021-12-16 11:14:36 -05:00
var_clear_buffer(smp, vars, var, previous_type);
MINOR: samples: rename union from "data" to "u" The union name "data" is a little bit heavy while we read the source code because we can read "data.data.sint". The rename from "data" to "u" makes the read easiest like "data.u.sint".
2015-08-19 03:07:19 -04:00
var->data.u.ipv4 = smp->data.u.ipv4;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
break;
case SMP_T_IPV6:
MINOR: vars: Delay variable content freeing in var_set function When calling var_set on a variable of type string (SMP_T_STR, SMP_T_BIN or SMP_T_METH), the contents of the variable were freed directly. When adding conditions to set-var calls we might have cases in which the contents of an existing variable should be kept unchanged so the freeing of the internal buffers is delayed in the var_set function (so that we can bypass it later).
2021-12-16 11:14:36 -05:00
var_clear_buffer(smp, vars, var, previous_type);
MINOR: samples: rename union from "data" to "u" The union name "data" is a little bit heavy while we read the source code because we can read "data.data.sint". The rename from "data" to "u" makes the read easiest like "data.u.sint".
2015-08-19 03:07:19 -04:00
var->data.u.ipv6 = smp->data.u.ipv6;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
break;
case SMP_T_STR:
case SMP_T_BIN:
MEDIUM: vars: Enable optional conditions to set-var converter and actions This patch adds the possibility to add a set of conditions to a set-var call, be it a converter or an action (http-request or http-response action for instance). The conditions must all be true for the given set-var call for the variable to actually be set. If any of the conditions is false, the variable is left untouched. The managed conditions are the following : "ifexists", "ifnotexists", "ifempty", "ifnotempty", "ifset", "ifnotset", "ifgt", "iflt". It is possible to combine multiple conditions in a single set-var call since some of them apply to the variable itself, and some others to the input. This patch does not change the fact that variables of scope proc are still created during configuration parsing, regardless of the conditions that might be added to the set-var calls in which they are mentioned. For instance, such a line : http-request set-var(proc.foo,ifexists) int(5) would not prevent the creation of the variable during init, and when actually reaching this line during runtime, the proc.foo variable would already exist. This is specific to the proc scope. These new conditions mean that a set-var could "fail" for other reasons than memory allocation failures but without clearing the contents of the variable.
2021-12-16 11:14:39 -05:00
if ((flags & VF_COND_IFNOTEMPTY && !smp->data.u.str.data) ||
(flags & VF_COND_IFEMPTY && smp->data.u.str.data)) {
var->data.type = previous_type;
goto unlock;
}
MINOR: vars: Delay variable content freeing in var_set function When calling var_set on a variable of type string (SMP_T_STR, SMP_T_BIN or SMP_T_METH), the contents of the variable were freed directly. When adding conditions to set-var calls we might have cases in which the contents of an existing variable should be kept unchanged so the freeing of the internal buffers is delayed in the var_set function (so that we can bypass it later).
2021-12-16 11:14:36 -05:00
var_clear_buffer(smp, vars, var, previous_type);
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
if (!var_accounting_add(vars, smp->sess, smp->strm, smp->data.u.str.data)) {
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
var->data.type = SMP_T_BOOL; /* This type doesn't use additional memory. */
REORG: vars: remerge sample_store{,_stream}() into var_set() The names for these two functions are totally misleading, they have nothing to do with samples, they're purely dedicated to variables. The former is only used by the second one and makes no sense by itself, so it cannot even get a meaningful name. Let's remerge them into a single one called "var_set()" which, as its name tries to imply, sets a variable to a given value.
2021-09-07 05:37:37 -04:00
goto unlock;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
REORG: vars: remerge sample_store{,_stream}() into var_set() The names for these two functions are totally misleading, they have nothing to do with samples, they're purely dedicated to variables. The former is only used by the second one and makes no sense by itself, so it cannot even get a meaningful name. Let's remerge them into a single one called "var_set()" which, as its name tries to imply, sets a variable to a given value.
2021-09-07 05:37:37 -04:00
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
var->data.u.str.area = malloc(smp->data.u.str.data);
if (!var->data.u.str.area) {
var_accounting_diff(vars, smp->sess, smp->strm,
-smp->data.u.str.data);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
var->data.type = SMP_T_BOOL; /* This type doesn't use additional memory. */
REORG: vars: remerge sample_store{,_stream}() into var_set() The names for these two functions are totally misleading, they have nothing to do with samples, they're purely dedicated to variables. The former is only used by the second one and makes no sense by itself, so it cannot even get a meaningful name. Let's remerge them into a single one called "var_set()" which, as its name tries to imply, sets a variable to a given value.
2021-09-07 05:37:37 -04:00
goto unlock;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
var->data.u.str.data = smp->data.u.str.data;
memcpy(var->data.u.str.area, smp->data.u.str.area,
var->data.u.str.data);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
break;
case SMP_T_METH:
MINOR: vars: Delay variable content freeing in var_set function When calling var_set on a variable of type string (SMP_T_STR, SMP_T_BIN or SMP_T_METH), the contents of the variable were freed directly. When adding conditions to set-var calls we might have cases in which the contents of an existing variable should be kept unchanged so the freeing of the internal buffers is delayed in the var_set function (so that we can bypass it later).
2021-12-16 11:14:36 -05:00
var_clear_buffer(smp, vars, var, previous_type);
MINOR: samples: Don't allocate memory for SMP_T_METH sample when method is known For known methods (GET,POST...), in samples, an enum is used instead of a chunk to reference the method. So there is no needs to allocate memory when a variable is stored with this kind of sample.
2017-07-24 10:24:39 -04:00
var->data.u.meth.meth = smp->data.u.meth.meth;
if (smp->data.u.meth.meth != HTTP_METH_OTHER)
break;
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
if (!var_accounting_add(vars, smp->sess, smp->strm, smp->data.u.meth.str.data)) {
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
var->data.type = SMP_T_BOOL; /* This type doesn't use additional memory. */
REORG: vars: remerge sample_store{,_stream}() into var_set() The names for these two functions are totally misleading, they have nothing to do with samples, they're purely dedicated to variables. The former is only used by the second one and makes no sense by itself, so it cannot even get a meaningful name. Let's remerge them into a single one called "var_set()" which, as its name tries to imply, sets a variable to a given value.
2021-09-07 05:37:37 -04:00
goto unlock;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
REORG: vars: remerge sample_store{,_stream}() into var_set() The names for these two functions are totally misleading, they have nothing to do with samples, they're purely dedicated to variables. The former is only used by the second one and makes no sense by itself, so it cannot even get a meaningful name. Let's remerge them into a single one called "var_set()" which, as its name tries to imply, sets a variable to a given value.
2021-09-07 05:37:37 -04:00
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
var->data.u.meth.str.area = malloc(smp->data.u.meth.str.data);
if (!var->data.u.meth.str.area) {
var_accounting_diff(vars, smp->sess, smp->strm,
-smp->data.u.meth.str.data);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
var->data.type = SMP_T_BOOL; /* This type doesn't use additional memory. */
REORG: vars: remerge sample_store{,_stream}() into var_set() The names for these two functions are totally misleading, they have nothing to do with samples, they're purely dedicated to variables. The former is only used by the second one and makes no sense by itself, so it cannot even get a meaningful name. Let's remerge them into a single one called "var_set()" which, as its name tries to imply, sets a variable to a given value.
2021-09-07 05:37:37 -04:00
goto unlock;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
MEDIUM: chunks: make the chunk struct's fields match the buffer struct Chunks are only a subset of a buffer (a non-wrapping version with no head offset). Despite this we still carry a lot of duplicated code between buffers and chunks. Replacing chunks with buffers would significantly reduce the maintenance efforts. This first patch renames the chunk's fields to match the name and types used by struct buffers, with the goal of isolating the code changes from the declaration changes. Most of the changes were made with spatch using this coccinelle script : @rule_d1@ typedef chunk; struct chunk chunk; @@ - chunk.str + chunk.area @rule_d2@ typedef chunk; struct chunk chunk; @@ - chunk.len + chunk.data @rule_i1@ typedef chunk; struct chunk *chunk; @@ - chunk->str + chunk->area @rule_i2@ typedef chunk; struct chunk *chunk; @@ - chunk->len + chunk->data Some minor updates to 3 http functions had to be performed to take size_t ints instead of ints in order to match the unsigned length here.
2018-07-13 04:54:26 -04:00
var->data.u.meth.str.data = smp->data.u.meth.str.data;
var->data.u.meth.str.size = smp->data.u.meth.str.data;
memcpy(var->data.u.meth.str.area, smp->data.u.meth.str.area,
var->data.u.meth.str.data);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
break;
}
REORG: vars: remerge sample_store{,_stream}() into var_set() The names for these two functions are totally misleading, they have nothing to do with samples, they're purely dedicated to variables. The former is only used by the second one and makes no sense by itself, so it cannot even get a meaningful name. Let's remerge them into a single one called "var_set()" which, as its name tries to imply, sets a variable to a given value.
2021-09-07 05:37:37 -04:00
/* OK, now done */
ret = 1;
unlock:
MINOR: vars: centralize the lock/unlock into static inlines The goal it to simplify the variables locking in order to later simplify it.
2021-09-08 09:19:57 -04:00
vars_wrunlock(vars);
MEDIUM: thread/vars: Make vars thread-safe A RW lock has been added to the vars structure to protect each list of variables. And a global RW lock is used to protect registered names. When a varibable is fetched, we duplicate sample data because the variable could be modified by another thread.
2017-07-24 10:30:34 -04:00
return ret;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
/* Deletes a variable matching name hash <name_hash> and scope <scope> for the
* session and stream found in <smp>. Note that stream may be null for
* SCOPE_SESS. Returns 0 if the scope was not found otherwise 1.
CLEANUP: vars: rename sample_clear_stream() to var_unset() This name was quite misleading, as it has nothing to do with samples nor streams. This function's sole purpose is to unset a variable, so let's call it "var_unset()" and document it a little bit.
2021-09-07 05:44:41 -04:00
*/
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
static int var_unset(uint64_t name_hash, enum vars_scope scope, struct sample *smp)
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
{
struct vars *vars;
struct var *var;
unsigned int size = 0;
BUG/MEDIUM: vars: make sure the scope is always valid when accessing vars Patrick Hemmer reported that a simple tcp rule involving a variable like this is enough to crash haproxy : frontend foo bind :8001 tcp-request session set-var(txn.foo) src The tests on the variables scopes is not strict enough, it needs to always verify if the stream is valid when accessing a req/res/txn variable. This patch does this by adding a new get_vars() function which does the job instead of open-coding all the lookups everywhere. It must be backported to all versions supporting set-var and "tcp-request session" so at least 1.9 and 1.8.
2019-06-04 10:27:36 -04:00
vars = get_vars(smp->sess, smp->strm, scope);
if (!vars || vars->scope != scope)
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
return 0;
/* Look for existing variable name. */
MINOR: vars: centralize the lock/unlock into static inlines The goal it to simplify the variables locking in order to later simplify it.
2021-09-08 09:19:57 -04:00
vars_wrlock(vars);
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
var = var_get(vars, name_hash);
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
if (var) {
MEDIUM: vars: make var_clear() only reset VF_PERMANENT variables We certainly do not want that a permanent variable (one that is listed in the configuration) be erased by accident by an "unset-var" action. Let's make sure these ones are only reset to an empty sample, like at the moment of their initial registration. One trick is that the same function is used to purge the memory at the end and to delete, so we need to add an extra "force" argument to make the choice.
2021-09-08 09:03:58 -04:00
size = var_clear(var, 0);
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
var_accounting_diff(vars, smp->sess, smp->strm, -size);
}
MINOR: vars: centralize the lock/unlock into static inlines The goal it to simplify the variables locking in order to later simplify it.
2021-09-08 09:19:57 -04:00
vars_wrunlock(vars);
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
return 1;
}
MINOR: vars: Parse optional conditions passed to the set-var converter This patch adds the parsing of the optional condition parameters that can be passed to the set-var converter. Those conditions will not be taken into account yet in the var_set function so conditions passed as parameters will not have any effect. This is true for any condition apart from the "ifexists" one that is also used to replace the VF_UPDATEONLY flag that was used to prevent proc scope variable creation from a LUA module.
2021-12-16 11:14:37 -05:00
/*
* Convert a string set-var condition into its numerical value.
* The corresponding bit is set in the <cond_bitmap> parameter if the
* <cond> is known.
* Returns 1 in case of success.
*/
static int vars_parse_cond_param(const struct buffer *cond, uint *cond_bitmap, char **err)
{
struct var_set_condition *cond_elt = &conditions_array[0];
/* The conditions array is NULL terminated. */
while (cond_elt->cond_str) {
if (chunk_strcmp(cond, cond_elt->cond_str) == 0) {
*cond_bitmap |= cond_elt->flag;
break;
}
++cond_elt;
}
if (cond_elt->cond_str == NULL && err)
memprintf(err, "unknown condition \"%.*s\"", (int)cond->data, cond->area);
return cond_elt->cond_str != NULL;
}
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
/* Returns 0 if fails, else returns 1. */
static int smp_conv_store(const struct arg *args, struct sample *smp, void *private)
{
MINOR: vars: Parse optional conditions passed to the set-var converter This patch adds the parsing of the optional condition parameters that can be passed to the set-var converter. Those conditions will not be taken into account yet in the var_set function so conditions passed as parameters will not have any effect. This is true for any condition apart from the "ifexists" one that is also used to replace the VF_UPDATEONLY flag that was used to prevent proc scope variable creation from a LUA module.
2021-12-16 11:14:37 -05:00
uint conditions = 0;
int cond_idx = 1;
while (args[cond_idx].type == ARGT_STR) {
if (vars_parse_cond_param(&args[cond_idx++].data.str, &conditions, NULL) == 0)
break;
}
return var_set(args[0].data.var.name_hash, args[0].data.var.scope, smp, conditions);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
/* Returns 0 if fails, else returns 1. */
static int smp_conv_clear(const struct arg *args, struct sample *smp, void *private)
{
BUG/MINOR: vars: Fix the set-var and unset-var converters In commit 3a4bedccc6 the variable logic was changed. Instead of accessing variables by their name during runtime, the variable tables are now indexed by a hash of the name. But the set-var and unset-var converters try to access the correct variable by calculating a hash on the sample instead of the already calculated variable hash. It should be backported to 2.5.
2021-11-26 12:08:39 -05:00
return var_unset(args[0].data.var.name_hash, args[0].data.var.scope, smp);
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
}
CLEANUP: fix typos in the comments of the vars subsystem Those are mostly misspells of the words available and variable.
2018-11-15 12:19:50 -05:00
/* This functions check an argument entry and fill it with a variable
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
* type. The argumen must be a string. If the variable lookup fails,
CLEANUP: fix typos in the comments of the vars subsystem Those are mostly misspells of the words available and variable.
2018-11-15 12:19:50 -05:00
* the function returns 0 and fill <err>, otherwise it returns 1.
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
*/
int vars_check_arg(struct arg *arg, char **err)
{
enum vars_scope scope;
MEDIUM: vars: pre-create parsed SCOPE_PROC variables as permanent ones All variables whose names are parsed by the config parser, the command-line parser or the SPOE's register-var-names parser are now preset as permanent. This will guarantee that these variables will exist through out all the process' life, and that it will be possible to implement the "ifexist" feature by looking them up. This was marked medium because pre-setting a variable with an empty value may always have side effects, even though none was spotted at this stage.
2021-09-08 05:07:32 -04:00
struct sample empty_smp = { };
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
uint64_t hash;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
/* Check arg type. */
if (arg->type != ARGT_STR) {
memprintf(err, "unexpected argument type");
return 0;
}
/* Register new variable name. */
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
if (!vars_hash_name(arg->data.str.area, arg->data.str.data, &scope, &hash, err))
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
return 0;
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
if (scope == SCOPE_PROC && !var_set(hash, scope, &empty_smp, VF_CREATEONLY|VF_PERMANENT))
MEDIUM: vars: pre-create parsed SCOPE_PROC variables as permanent ones All variables whose names are parsed by the config parser, the command-line parser or the SPOE's register-var-names parser are now preset as permanent. This will guarantee that these variables will exist through out all the process' life, and that it will be possible to implement the "ifexist" feature by looking them up. This was marked medium because pre-setting a variable with an empty value may always have side effects, even though none was spotted at this stage.
2021-09-08 05:07:32 -04:00
return 0;
BUG/MINOR: vars: Fix memory leak in vars_check_arg vars_check_arg previously leaked the string containing the variable name: Consider this config: frontend fe1 mode http bind :8080 http-request set-header X %[var(txn.host)] Starting HAProxy and immediately stopping it by sending a SIGINT makes Valgrind report this leak: ==7795== 9 bytes in 1 blocks are definitely lost in loss record 15 of 71 ==7795== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7795== by 0x4AA2AD: my_strndup (standard.c:2227) ==7795== by 0x51FCC5: make_arg_list (arg.c:146) ==7795== by 0x4CF095: sample_parse_expr (sample.c:897) ==7795== by 0x4BA7D7: add_sample_to_logformat_list (log.c:495) ==7795== by 0x4BBB62: parse_logformat_string (log.c:688) ==7795== by 0x4E70A9: parse_http_req_cond (http_rules.c:239) ==7795== by 0x41CD7B: cfg_parse_listen (cfgparse-listen.c:1466) ==7795== by 0x480383: readcfgfile (cfgparse.c:2089) ==7795== by 0x47A081: init (haproxy.c:1581) ==7795== by 0x4049F2: main (haproxy.c:2591) This leak can be detected even in HAProxy 1.6, this patch thus should be backported to all supported branches [Cf: This fix was reverted because the chunk's area was inconditionnaly released, making haproxy to crash when spoe was enabled. Now the chunk is released by calling chunk_destroy(). This function takes care of the chunk's size to release it or not. It is the responsibility of callers to set or not the chunk's size.]
2019-05-13 04:53:29 -04:00
/* properly destroy the chunk */
chunk_destroy(&arg->data.str);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
/* Use the global variable name pointer. */
arg->type = ARGT_VAR;
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
arg->data.var.name_hash = hash;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
arg->data.var.scope = scope;
return 1;
}
MINOR: vars: Move UPDATEONLY flag test to vars_set_ifexist The vars_set_by_name_ifexist function was created to avoid creating too many variables from a LUA module. This was made thanks to the VF_UPDATEONLY flags which prevented variable creation in the var_set function. Since commit 3a4bedccc ("MEDIUM: vars: replace the global name index with a hash") this limitation was restricted to 'proc' scope variables only. This patch simply moves the scope test to the vars_set_by_name_ifexist function instead of the var_set function.
2021-12-16 11:14:34 -05:00
/* This function stores a sample in a variable unless it is of type "proc" and
* not defined yet.
MINOR: vars: Make vars_(un|)set_by_name(_ifexist|) return a success value Change the return type from `void` to `int` and return whether setting the variable was successful.
2020-05-19 07:49:40 -04:00
* Returns zero on failure and non-zero otherwise. The variable not being
* defined is treated as a failure.
MINOR: vars: Add vars_set_by_name_ifexist function This function, unsurprisingly, sets a variable value only if it already exists. In other words, this function will succeed only if the variable was found somewhere in the configuration during HAProxy startup. It will be used by SPOE filter. So an agent will be able to set a value only for existing variables. This prevents an agent to create a very large number of unused variables to flood HAProxy and exhaust the memory reserved to variables..
2016-10-31 06:05:37 -04:00
*/
MINOR: vars: Make vars_(un|)set_by_name(_ifexist|) return a success value Change the return type from `void` to `int` and return whether setting the variable was successful.
2020-05-19 07:49:40 -04:00
int vars_set_by_name_ifexist(const char *name, size_t len, struct sample *smp)
MINOR: vars: Add vars_set_by_name_ifexist function This function, unsurprisingly, sets a variable value only if it already exists. In other words, this function will succeed only if the variable was found somewhere in the configuration during HAProxy startup. It will be used by SPOE filter. So an agent will be able to set a value only for existing variables. This prevents an agent to create a very large number of unused variables to flood HAProxy and exhaust the memory reserved to variables..
2016-10-31 06:05:37 -04:00
{
enum vars_scope scope;
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
uint64_t hash;
MINOR: vars: Add vars_set_by_name_ifexist function This function, unsurprisingly, sets a variable value only if it already exists. In other words, this function will succeed only if the variable was found somewhere in the configuration during HAProxy startup. It will be used by SPOE filter. So an agent will be able to set a value only for existing variables. This prevents an agent to create a very large number of unused variables to flood HAProxy and exhaust the memory reserved to variables..
2016-10-31 06:05:37 -04:00
/* Resolve name and scope. */
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
if (!vars_hash_name(name, len, &scope, &hash, NULL))
MINOR: vars: Make vars_(un|)set_by_name(_ifexist|) return a success value Change the return type from `void` to `int` and return whether setting the variable was successful.
2020-05-19 07:49:40 -04:00
return 0;
MINOR: vars: Add vars_set_by_name_ifexist function This function, unsurprisingly, sets a variable value only if it already exists. In other words, this function will succeed only if the variable was found somewhere in the configuration during HAProxy startup. It will be used by SPOE filter. So an agent will be able to set a value only for existing variables. This prevents an agent to create a very large number of unused variables to flood HAProxy and exhaust the memory reserved to variables..
2016-10-31 06:05:37 -04:00
MINOR: vars: Move UPDATEONLY flag test to vars_set_ifexist The vars_set_by_name_ifexist function was created to avoid creating too many variables from a LUA module. This was made thanks to the VF_UPDATEONLY flags which prevented variable creation in the var_set function. Since commit 3a4bedccc ("MEDIUM: vars: replace the global name index with a hash") this limitation was restricted to 'proc' scope variables only. This patch simply moves the scope test to the vars_set_by_name_ifexist function instead of the var_set function.
2021-12-16 11:14:34 -05:00
/* Variable creation is allowed for all scopes apart from the PROC one. */
MINOR: vars: Parse optional conditions passed to the set-var converter This patch adds the parsing of the optional condition parameters that can be passed to the set-var converter. Those conditions will not be taken into account yet in the var_set function so conditions passed as parameters will not have any effect. This is true for any condition apart from the "ifexists" one that is also used to replace the VF_UPDATEONLY flag that was used to prevent proc scope variable creation from a LUA module.
2021-12-16 11:14:37 -05:00
return var_set(hash, scope, smp, (scope == SCOPE_PROC) ? VF_COND_IFEXISTS : 0);
MINOR: vars: Add vars_set_by_name_ifexist function This function, unsurprisingly, sets a variable value only if it already exists. In other words, this function will succeed only if the variable was found somewhere in the configuration during HAProxy startup. It will be used by SPOE filter. So an agent will be able to set a value only for existing variables. This prevents an agent to create a very large number of unused variables to flood HAProxy and exhaust the memory reserved to variables..
2016-10-31 06:05:37 -04:00
}
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
/* This function stores a sample in a variable.
MINOR: vars: Make vars_(un|)set_by_name(_ifexist|) return a success value Change the return type from `void` to `int` and return whether setting the variable was successful.
2020-05-19 07:49:40 -04:00
* Returns zero on failure and non-zero otherwise.
MINOR: vars: adds get and set functions This patch adds two functions used for variable acces using the variable full name. If the variable doesn't exists in the variable pool name, it is created.
2015-06-09 06:27:17 -04:00
*/
MINOR: vars: Make vars_(un|)set_by_name(_ifexist|) return a success value Change the return type from `void` to `int` and return whether setting the variable was successful.
2020-05-19 07:49:40 -04:00
int vars_set_by_name(const char *name, size_t len, struct sample *smp)
MINOR: vars: adds get and set functions This patch adds two functions used for variable acces using the variable full name. If the variable doesn't exists in the variable pool name, it is created.
2015-06-09 06:27:17 -04:00
{
enum vars_scope scope;
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
uint64_t hash;
MINOR: vars: adds get and set functions This patch adds two functions used for variable acces using the variable full name. If the variable doesn't exists in the variable pool name, it is created.
2015-06-09 06:27:17 -04:00
/* Resolve name and scope. */
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
if (!vars_hash_name(name, len, &scope, &hash, NULL))
MINOR: vars: Make vars_(un|)set_by_name(_ifexist|) return a success value Change the return type from `void` to `int` and return whether setting the variable was successful.
2020-05-19 07:49:40 -04:00
return 0;
MINOR: vars: adds get and set functions This patch adds two functions used for variable acces using the variable full name. If the variable doesn't exists in the variable pool name, it is created.
2015-06-09 06:27:17 -04:00
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
return var_set(hash, scope, smp, 0);
MINOR: vars: adds get and set functions This patch adds two functions used for variable acces using the variable full name. If the variable doesn't exists in the variable pool name, it is created.
2015-06-09 06:27:17 -04:00
}
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
/* This function unsets a variable if it was already defined.
MINOR: vars: Make vars_(un|)set_by_name(_ifexist|) return a success value Change the return type from `void` to `int` and return whether setting the variable was successful.
2020-05-19 07:49:40 -04:00
* Returns zero on failure and non-zero otherwise.
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
*/
MINOR: vars: Make vars_(un|)set_by_name(_ifexist|) return a success value Change the return type from `void` to `int` and return whether setting the variable was successful.
2020-05-19 07:49:40 -04:00
int vars_unset_by_name_ifexist(const char *name, size_t len, struct sample *smp)
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
{
enum vars_scope scope;
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
uint64_t hash;
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
/* Resolve name and scope. */
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
if (!vars_hash_name(name, len, &scope, &hash, NULL))
MINOR: vars: Make vars_(un|)set_by_name(_ifexist|) return a success value Change the return type from `void` to `int` and return whether setting the variable was successful.
2020-05-19 07:49:40 -04:00
return 0;
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
return var_unset(hash, scope, smp);
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
}
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
/* This retrieves variable whose hash matches <name_hash> from variables <vars>,
* and if found and not empty, duplicates the result into sample <smp>.
* smp_dup() is used in order to release the variables lock ASAP (so a pre-
* allocated chunk is obtained via get_trash_shunk()). The variables' lock is
* used for reads.
CLEANUP: vars: factor out common code from vars_get_by_{desc,name} The two functions vars_get_by_name() and vars_get_by_scope() perform almost the same operations except that they differ from the way the name and scope are retrieved. The second part in common is more complex and involves locking, so better factor this one out into a new function. There is no other change than refactoring.
2021-09-03 05:40:58 -04:00
*
MINOR: vars: make vars_get_by_* support an optional default value In preparation for support default values when fetching variables, we need to update the internal API to pass an extra argument to functions vars_get_by_{name,desc} to provide an optional default value. This patch does this and always passes NULL in this argument. var_to_smp() was extended to fall back to this value when available.
2021-09-03 05:52:38 -04:00
* The function returns 0 if the variable was not found and no default
* value was provided in <def>, otherwise 1 with the sample filled.
* Default values are always returned as strings.
CLEANUP: vars: factor out common code from vars_get_by_{desc,name} The two functions vars_get_by_name() and vars_get_by_scope() perform almost the same operations except that they differ from the way the name and scope are retrieved. The second part in common is more complex and involves locking, so better factor this one out into a new function. There is no other change than refactoring.
2021-09-03 05:40:58 -04:00
*/
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
static int var_to_smp(struct vars *vars, uint64_t name_hash, struct sample *smp, const struct buffer *def)
CLEANUP: vars: factor out common code from vars_get_by_{desc,name} The two functions vars_get_by_name() and vars_get_by_scope() perform almost the same operations except that they differ from the way the name and scope are retrieved. The second part in common is more complex and involves locking, so better factor this one out into a new function. There is no other change than refactoring.
2021-09-03 05:40:58 -04:00
{
struct var *var;
/* Get the variable entry. */
MINOR: vars: centralize the lock/unlock into static inlines The goal it to simplify the variables locking in order to later simplify it.
2021-09-08 09:19:57 -04:00
vars_rdlock(vars);
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
var = var_get(vars, name_hash);
MINOR: vars: support storing empty sample data with a variable Storing an unset sample (SMP_T_ANY == 0) will be used to only reserve the variable's space but associate no value. We need to slightly adjust var_to_smp() for this so that it considers a value-less variable as non existent and falls back to the default value.
2021-09-08 07:58:19 -04:00
if (!var || !var->data.type) {
MINOR: vars: make vars_get_by_* support an optional default value In preparation for support default values when fetching variables, we need to update the internal API to pass an extra argument to functions vars_get_by_{name,desc} to provide an optional default value. This patch does this and always passes NULL in this argument. var_to_smp() was extended to fall back to this value when available.
2021-09-03 05:52:38 -04:00
if (!def) {
MINOR: vars: centralize the lock/unlock into static inlines The goal it to simplify the variables locking in order to later simplify it.
2021-09-08 09:19:57 -04:00
vars_rdunlock(vars);
MINOR: vars: make vars_get_by_* support an optional default value In preparation for support default values when fetching variables, we need to update the internal API to pass an extra argument to functions vars_get_by_{name,desc} to provide an optional default value. This patch does this and always passes NULL in this argument. var_to_smp() was extended to fall back to this value when available.
2021-09-03 05:52:38 -04:00
return 0;
}
/* not found but we have a default value */
smp->data.type = SMP_T_STR;
smp->data.u.str = *def;
CLEANUP: vars: factor out common code from vars_get_by_{desc,name} The two functions vars_get_by_name() and vars_get_by_scope() perform almost the same operations except that they differ from the way the name and scope are retrieved. The second part in common is more complex and involves locking, so better factor this one out into a new function. There is no other change than refactoring.
2021-09-03 05:40:58 -04:00
}
MINOR: vars: make vars_get_by_* support an optional default value In preparation for support default values when fetching variables, we need to update the internal API to pass an extra argument to functions vars_get_by_{name,desc} to provide an optional default value. This patch does this and always passes NULL in this argument. var_to_smp() was extended to fall back to this value when available.
2021-09-03 05:52:38 -04:00
else
smp->data = var->data;
CLEANUP: vars: factor out common code from vars_get_by_{desc,name} The two functions vars_get_by_name() and vars_get_by_scope() perform almost the same operations except that they differ from the way the name and scope are retrieved. The second part in common is more complex and involves locking, so better factor this one out into a new function. There is no other change than refactoring.
2021-09-03 05:40:58 -04:00
/* Copy sample. */
smp_dup(smp);
MINOR: vars: centralize the lock/unlock into static inlines The goal it to simplify the variables locking in order to later simplify it.
2021-09-08 09:19:57 -04:00
vars_rdunlock(vars);
CLEANUP: vars: factor out common code from vars_get_by_{desc,name} The two functions vars_get_by_name() and vars_get_by_scope() perform almost the same operations except that they differ from the way the name and scope are retrieved. The second part in common is more complex and involves locking, so better factor this one out into a new function. There is no other change than refactoring.
2021-09-03 05:40:58 -04:00
return 1;
}
BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe This patch adds a lock to functions vars_get_by_name() and vars_get_by_desc() to protect accesses to the list of variables. After the variable is fetched, a sample data is duplicated by using smp_dup() because the variable may be modified by another thread. This should be backported to all versions supporting vars along with "BUG/MINOR: sample: secure convs that accept base64 string and var name as args" which this patch depends on.
2021-02-22 11:20:01 -05:00
/* This function fills a sample with the variable content.
*
* Keep in mind that a sample content is duplicated by using smp_dup()
* and it therefore uses a pre-allocated trash chunk as returned by
* get_trash_chunk().
*
MINOR: vars: make vars_get_by_* support an optional default value In preparation for support default values when fetching variables, we need to update the internal API to pass an extra argument to functions vars_get_by_{name,desc} to provide an optional default value. This patch does this and always passes NULL in this argument. var_to_smp() was extended to fall back to this value when available.
2021-09-03 05:52:38 -04:00
* If the variable is not valid in this scope, 0 is always returned.
* If the variable is valid but not found, either the default value
* <def> is returned if not NULL, or zero is returned.
*
BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe This patch adds a lock to functions vars_get_by_name() and vars_get_by_desc() to protect accesses to the list of variables. After the variable is fetched, a sample data is duplicated by using smp_dup() because the variable may be modified by another thread. This should be backported to all versions supporting vars along with "BUG/MINOR: sample: secure convs that accept base64 string and var name as args" which this patch depends on.
2021-02-22 11:20:01 -05:00
* Returns 1 if the sample is filled, otherwise it returns 0.
MINOR: vars: adds get and set functions This patch adds two functions used for variable acces using the variable full name. If the variable doesn't exists in the variable pool name, it is created.
2015-06-09 06:27:17 -04:00
*/
MINOR: vars: make vars_get_by_* support an optional default value In preparation for support default values when fetching variables, we need to update the internal API to pass an extra argument to functions vars_get_by_{name,desc} to provide an optional default value. This patch does this and always passes NULL in this argument. var_to_smp() was extended to fall back to this value when available.
2021-09-03 05:52:38 -04:00
int vars_get_by_name(const char *name, size_t len, struct sample *smp, const struct buffer *def)
MINOR: vars: adds get and set functions This patch adds two functions used for variable acces using the variable full name. If the variable doesn't exists in the variable pool name, it is created.
2015-06-09 06:27:17 -04:00
{
struct vars *vars;
enum vars_scope scope;
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
uint64_t hash;
MINOR: vars: adds get and set functions This patch adds two functions used for variable acces using the variable full name. If the variable doesn't exists in the variable pool name, it is created.
2015-06-09 06:27:17 -04:00
/* Resolve name and scope. */
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
if (!vars_hash_name(name, len, &scope, &hash, NULL))
MINOR: vars: adds get and set functions This patch adds two functions used for variable acces using the variable full name. If the variable doesn't exists in the variable pool name, it is created.
2015-06-09 06:27:17 -04:00
return 0;
/* Select "vars" pool according with the scope. */
BUG/MEDIUM: vars: make sure the scope is always valid when accessing vars Patrick Hemmer reported that a simple tcp rule involving a variable like this is enough to crash haproxy : frontend foo bind :8001 tcp-request session set-var(txn.foo) src The tests on the variables scopes is not strict enough, it needs to always verify if the stream is valid when accessing a req/res/txn variable. This patch does this by adding a new get_vars() function which does the job instead of open-coding all the lookups everywhere. It must be backported to all versions supporting set-var and "tcp-request session" so at least 1.9 and 1.8.
2019-06-04 10:27:36 -04:00
vars = get_vars(smp->sess, smp->strm, scope);
if (!vars || vars->scope != scope)
MINOR: vars: adds get and set functions This patch adds two functions used for variable acces using the variable full name. If the variable doesn't exists in the variable pool name, it is created.
2015-06-09 06:27:17 -04:00
return 0;
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
return var_to_smp(vars, hash, smp, def);
MINOR: vars: returns variable content This patch copy the content of a variable in a sample. The function returns 0 if the variable is not found.
2015-07-07 15:20:42 -04:00
}
BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe This patch adds a lock to functions vars_get_by_name() and vars_get_by_desc() to protect accesses to the list of variables. After the variable is fetched, a sample data is duplicated by using smp_dup() because the variable may be modified by another thread. This should be backported to all versions supporting vars along with "BUG/MINOR: sample: secure convs that accept base64 string and var name as args" which this patch depends on.
2021-02-22 11:20:01 -05:00
/* This function fills a sample with the content of the variable described
* by <var_desc>.
*
* Keep in mind that a sample content is duplicated by using smp_dup()
* and it therefore uses a pre-allocated trash chunk as returned by
* get_trash_chunk().
*
MINOR: vars: make vars_get_by_* support an optional default value In preparation for support default values when fetching variables, we need to update the internal API to pass an extra argument to functions vars_get_by_{name,desc} to provide an optional default value. This patch does this and always passes NULL in this argument. var_to_smp() was extended to fall back to this value when available.
2021-09-03 05:52:38 -04:00
* If the variable is not valid in this scope, 0 is always returned.
* If the variable is valid but not found, either the default value
* <def> is returned if not NULL, or zero is returned.
*
BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe This patch adds a lock to functions vars_get_by_name() and vars_get_by_desc() to protect accesses to the list of variables. After the variable is fetched, a sample data is duplicated by using smp_dup() because the variable may be modified by another thread. This should be backported to all versions supporting vars along with "BUG/MINOR: sample: secure convs that accept base64 string and var name as args" which this patch depends on.
2021-02-22 11:20:01 -05:00
* Returns 1 if the sample is filled, otherwise it returns 0.
MINOR: vars: returns variable content This patch copy the content of a variable in a sample. The function returns 0 if the variable is not found.
2015-07-07 15:20:42 -04:00
*/
MINOR: vars: make vars_get_by_* support an optional default value In preparation for support default values when fetching variables, we need to update the internal API to pass an extra argument to functions vars_get_by_{name,desc} to provide an optional default value. This patch does this and always passes NULL in this argument. var_to_smp() was extended to fall back to this value when available.
2021-09-03 05:52:38 -04:00
int vars_get_by_desc(const struct var_desc *var_desc, struct sample *smp, const struct buffer *def)
MINOR: vars: returns variable content This patch copy the content of a variable in a sample. The function returns 0 if the variable is not found.
2015-07-07 15:20:42 -04:00
{
struct vars *vars;
/* Select "vars" pool according with the scope. */
BUG/MEDIUM: vars: make sure the scope is always valid when accessing vars Patrick Hemmer reported that a simple tcp rule involving a variable like this is enough to crash haproxy : frontend foo bind :8001 tcp-request session set-var(txn.foo) src The tests on the variables scopes is not strict enough, it needs to always verify if the stream is valid when accessing a req/res/txn variable. This patch does this by adding a new get_vars() function which does the job instead of open-coding all the lookups everywhere. It must be backported to all versions supporting set-var and "tcp-request session" so at least 1.9 and 1.8.
2019-06-04 10:27:36 -04:00
vars = get_vars(smp->sess, smp->strm, var_desc->scope);
MINOR: vars: returns variable content This patch copy the content of a variable in a sample. The function returns 0 if the variable is not found.
2015-07-07 15:20:42 -04:00
CLEANUP: fix typos in the comments of the vars subsystem Those are mostly misspells of the words available and variable.
2018-11-15 12:19:50 -05:00
/* Check if the scope is available a this point of processing. */
BUG/MEDIUM: vars: make sure the scope is always valid when accessing vars Patrick Hemmer reported that a simple tcp rule involving a variable like this is enough to crash haproxy : frontend foo bind :8001 tcp-request session set-var(txn.foo) src The tests on the variables scopes is not strict enough, it needs to always verify if the stream is valid when accessing a req/res/txn variable. This patch does this by adding a new get_vars() function which does the job instead of open-coding all the lookups everywhere. It must be backported to all versions supporting set-var and "tcp-request session" so at least 1.9 and 1.8.
2019-06-04 10:27:36 -04:00
if (!vars || vars->scope != var_desc->scope)
MINOR: vars: returns variable content This patch copy the content of a variable in a sample. The function returns 0 if the variable is not found.
2015-07-07 15:20:42 -04:00
return 0;
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
return var_to_smp(vars, var_desc->name_hash, smp, def);
MINOR: vars: adds get and set functions This patch adds two functions used for variable acces using the variable full name. If the variable doesn't exists in the variable pool name, it is created.
2015-06-09 06:27:17 -04:00
}
MINOR: actions: Remove wrappers Now the prototype for each action from each section are the same, and a discriminant for determining for each section we are called are added. So, this patch removes the wrappers for the action functions called from more than one section. This patch removes 132 lines of useless code.
2015-08-06 12:25:56 -04:00
/* Always returns ACT_RET_CONT even if an error occurs. */
static enum act_return action_store(struct act_rule *rule, struct proxy *px,
MEDIUM: actions: pass a new "flags" argument to custom actions Since commit bc4c1ac ("MEDIUM: http/tcp: permit to resume http and tcp custom actions"), some actions may yield and be called back when new information are available. Unfortunately some of them may continue to yield because they simply don't know that it's the last call from the rule set. For this reason we'll need to pass a flag to the custom action to pass such information and possibly other at the same time.
2015-09-27 04:00:49 -04:00
struct session *sess, struct stream *s, int flags)
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
{
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
struct buffer *fmtstr = NULL;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
struct sample smp;
MINOR: actions: Remove wrappers Now the prototype for each action from each section are the same, and a discriminant for determining for each section we are called are added. So, this patch removes the wrappers for the action functions called from more than one section. This patch removes 132 lines of useless code.
2015-08-06 12:25:56 -04:00
int dir;
switch (rule->from) {
MINOR: vars: add "set-var" for "tcp-request connection" rules. Session struct is already allocated when "tcp-request connection" rules are evaluated so session-scoped variables turned out easy to support. This resolves github issue #1408.
2021-11-02 11:56:05 -04:00
case ACT_F_TCP_REQ_CON: dir = SMP_OPT_DIR_REQ; break;
MEDIUM: tcp: add registration and processing of TCP L5 rules This commit introduces "tcp-request session" rules. These are very much like "tcp-request connection" rules except that they're processed after the handshake, so it is possible to consider SSL information and addresses rewritten by the proxy protocol header in actions. This is particularly useful to track proxied sources as this was not possible before, given that tcp-request content rules are processed after each HTTP request. Similarly it is possible to assign the proxied source address or the client's cert to a variable.
2016-10-21 10:37:51 -04:00
case ACT_F_TCP_REQ_SES: dir = SMP_OPT_DIR_REQ; break;
MINOR: actions: Remove wrappers Now the prototype for each action from each section are the same, and a discriminant for determining for each section we are called are added. So, this patch removes the wrappers for the action functions called from more than one section. This patch removes 132 lines of useless code.
2015-08-06 12:25:56 -04:00
case ACT_F_TCP_REQ_CNT: dir = SMP_OPT_DIR_REQ; break;
case ACT_F_TCP_RES_CNT: dir = SMP_OPT_DIR_RES; break;
case ACT_F_HTTP_REQ: dir = SMP_OPT_DIR_REQ; break;
case ACT_F_HTTP_RES: dir = SMP_OPT_DIR_RES; break;
MINOR: checks: Add support to set-var and unset-var rules in tcp-checks Evaluate the registered action_ptr associated with each CHK_ACTION_KW rules from a ruleset. Currently only the 'set-var' and 'unset-var' are parsed by the tcp-check parser. Thus it is now possible to set or unset variables. It is possible to use such rules before the first connect of the ruleset.
2020-02-24 11:34:11 -05:00
case ACT_F_TCP_CHK: dir = SMP_OPT_DIR_REQ; break;
MINOR: action: add a new ACT_F_CFG_PARSER origin designation In order to process samples from the config file we'll need rules as well, and these rules will have to be marked as coming from the config parser. This new origin is used for this.
2021-03-26 06:11:34 -04:00
case ACT_F_CFG_PARSER: dir = SMP_OPT_DIR_REQ; break; /* not used anyway */
MINOR: action: add a new ACT_F_CLI_PARSER origin designation In order to process samples from the command line interface we'll need rules as well, and these rules will have to be marked as coming from the CLI parser. This new origin is used for this.
2021-03-26 10:36:44 -04:00
case ACT_F_CLI_PARSER: dir = SMP_OPT_DIR_REQ; break; /* not used anyway */
MINOR: actions: Remove wrappers Now the prototype for each action from each section are the same, and a discriminant for determining for each section we are called are added. So, this patch removes the wrappers for the action functions called from more than one section. This patch removes 132 lines of useless code.
2015-08-06 12:25:56 -04:00
default:
send_log(px, LOG_ERR, "Vars: internal error while execute action store.");
if (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE))
CLEANUP: log: Rename Alert/Warning in ha_alert/ha_warning
2017-11-24 10:50:31 -05:00
ha_alert("Vars: internal error while execute action store.\n");
MINOR: actions: Remove wrappers Now the prototype for each action from each section are the same, and a discriminant for determining for each section we are called are added. So, this patch removes the wrappers for the action functions called from more than one section. This patch removes 132 lines of useless code.
2015-08-06 12:25:56 -04:00
return ACT_RET_CONT;
}
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
/* Process the expression. */
memset(&smp, 0, sizeof(smp));
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
if (!LIST_ISEMPTY(&rule->arg.vars.fmt)) {
/* a format-string is used */
fmtstr = alloc_trash_chunk();
if (!fmtstr) {
send_log(px, LOG_ERR, "Vars: memory allocation failure while processing store rule.");
if (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE))
ha_alert("Vars: memory allocation failure while processing store rule.\n");
return ACT_RET_CONT;
}
/* execute the log-format expression */
fmtstr->data = sess_build_logline(sess, s, fmtstr->area, fmtstr->size, &rule->arg.vars.fmt);
/* convert it to a sample of type string as it's what the vars
* API consumes, and store it.
*/
smp_set_owner(&smp, px, sess, s, 0);
smp.data.type = SMP_T_STR;
smp.data.u.str = *fmtstr;
MEDIUM: vars: Enable optional conditions to set-var converter and actions This patch adds the possibility to add a set of conditions to a set-var call, be it a converter or an action (http-request or http-response action for instance). The conditions must all be true for the given set-var call for the variable to actually be set. If any of the conditions is false, the variable is left untouched. The managed conditions are the following : "ifexists", "ifnotexists", "ifempty", "ifnotempty", "ifset", "ifnotset", "ifgt", "iflt". It is possible to combine multiple conditions in a single set-var call since some of them apply to the variable itself, and some others to the input. This patch does not change the fact that variables of scope proc are still created during configuration parsing, regardless of the conditions that might be added to the set-var calls in which they are mentioned. For instance, such a line : http-request set-var(proc.foo,ifexists) int(5) would not prevent the creation of the variable during init, and when actually reaching this line during runtime, the proc.foo variable would already exist. This is specific to the proc scope. These new conditions mean that a set-var could "fail" for other reasons than memory allocation failures but without clearing the contents of the variable.
2021-12-16 11:14:39 -05:00
var_set(rule->arg.vars.name_hash, rule->arg.vars.scope, &smp, rule->arg.vars.conditions);
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
}
else {
/* an expression is used */
if (!sample_process(px, sess, s, dir|SMP_OPT_FINAL,
rule->arg.vars.expr, &smp))
return ACT_RET_CONT;
}
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
/* Store the sample, and ignore errors. */
MEDIUM: vars: Enable optional conditions to set-var converter and actions This patch adds the possibility to add a set of conditions to a set-var call, be it a converter or an action (http-request or http-response action for instance). The conditions must all be true for the given set-var call for the variable to actually be set. If any of the conditions is false, the variable is left untouched. The managed conditions are the following : "ifexists", "ifnotexists", "ifempty", "ifnotempty", "ifset", "ifnotset", "ifgt", "iflt". It is possible to combine multiple conditions in a single set-var call since some of them apply to the variable itself, and some others to the input. This patch does not change the fact that variables of scope proc are still created during configuration parsing, regardless of the conditions that might be added to the set-var calls in which they are mentioned. For instance, such a line : http-request set-var(proc.foo,ifexists) int(5) would not prevent the creation of the variable during init, and when actually reaching this line during runtime, the proc.foo variable would already exist. This is specific to the proc scope. These new conditions mean that a set-var could "fail" for other reasons than memory allocation failures but without clearing the contents of the variable.
2021-12-16 11:14:39 -05:00
var_set(rule->arg.vars.name_hash, rule->arg.vars.scope, &smp, rule->arg.vars.conditions);
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
free_trash_chunk(fmtstr);
MEDIUM: actions: Add standard return code for the action API Action function can return 3 status: - error if the action encounter fatal error (like out of memory) - yield if the action must terminate his work later - continue in other cases
2015-08-06 02:52:53 -04:00
return ACT_RET_CONT;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
/* Always returns ACT_RET_CONT even if an error occurs. */
static enum act_return action_clear(struct act_rule *rule, struct proxy *px,
struct session *sess, struct stream *s, int flags)
{
struct sample smp;
memset(&smp, 0, sizeof(smp));
smp_set_owner(&smp, px, sess, s, SMP_OPT_FINAL);
/* Clear the variable using the sample context, and ignore errors. */
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
var_unset(rule->arg.vars.name_hash, rule->arg.vars.scope, &smp);
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
return ACT_RET_CONT;
}
BUG/MAJOR: vars: Fix bogus free() during deinit() for http-request rules We cannot simply `release_sample_expr(rule->arg.vars.expr)` for a `struct act_rule`, because `rule->arg` is a union that might not contain valid `vars`. This leads to a crash on a configuration using `http-request redirect` and possibly others: frontend http mode http bind 127.0.0.1:80 http-request redirect scheme https Instead a `struct act_rule` has a `release_ptr` that must be used to properly free any additional storage allocated. This patch fixes a regression in commit ff78fcdd7f15c8626c7e70add7a935221ee2920c. It must be backported to whereever that patch is backported. It has be verified that the configuration above no longer crashes. It has also been verified that the configuration in ff78fcdd7f15c8626c7e70add7a935221ee2920c does not leak.
2020-06-14 11:27:36 -04:00
static void release_store_rule(struct act_rule *rule)
{
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
struct logformat_node *lf, *lfb;
BUG/MEDIUM: vars: run over the correct list in release_store_rules() In commit 9a621ae76 ("MEDIUM: vars: add a new "set-var-fmt" action") we introduced the support for format strings in variables with the ability to release them on exit, except that it's the wrong list that was being scanned for the rule (http vs vars), resulting in random crashes during deinit. This was a recent commit in 2.5-dev, no backport is needed.
2021-09-03 04:58:07 -04:00
list_for_each_entry_safe(lf, lfb, &rule->arg.vars.fmt, list) {
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
LIST_DELETE(&lf->list);
release_sample_expr(lf->expr);
free(lf->arg);
free(lf);
}
BUG/MAJOR: vars: Fix bogus free() during deinit() for http-request rules We cannot simply `release_sample_expr(rule->arg.vars.expr)` for a `struct act_rule`, because `rule->arg` is a union that might not contain valid `vars`. This leads to a crash on a configuration using `http-request redirect` and possibly others: frontend http mode http bind 127.0.0.1:80 http-request redirect scheme https Instead a `struct act_rule` has a `release_ptr` that must be used to properly free any additional storage allocated. This patch fixes a regression in commit ff78fcdd7f15c8626c7e70add7a935221ee2920c. It must be backported to whereever that patch is backported. It has be verified that the configuration above no longer crashes. It has also been verified that the configuration in ff78fcdd7f15c8626c7e70add7a935221ee2920c does not leak.
2020-06-14 11:27:36 -04:00
release_sample_expr(rule->arg.vars.expr);
}
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
/* This two function checks the variable name and replace the
* configuration string name by the global string name. its
* the same string, but the global pointer can be easy to
MINOR: vars: make vars_get_by_* support an optional default value In preparation for support default values when fetching variables, we need to update the internal API to pass an extra argument to functions vars_get_by_{name,desc} to provide an optional default value. This patch does this and always passes NULL in this argument. var_to_smp() was extended to fall back to this value when available.
2021-09-03 05:52:38 -04:00
* compare. They return non-zero on success, zero on failure.
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
*
* The first function checks a sample-fetch and the second
* checks a converter.
*/
static int smp_check_var(struct arg *args, char **err)
{
return vars_check_arg(&args[0], err);
}
static int conv_check_var(struct arg *args, struct sample_conv *conv,
const char *file, int line, char **err_msg)
{
MINOR: vars: Parse optional conditions passed to the set-var converter This patch adds the parsing of the optional condition parameters that can be passed to the set-var converter. Those conditions will not be taken into account yet in the var_set function so conditions passed as parameters will not have any effect. This is true for any condition apart from the "ifexists" one that is also used to replace the VF_UPDATEONLY flag that was used to prevent proc scope variable creation from a LUA module.
2021-12-16 11:14:37 -05:00
int cond_idx = 1;
uint conditions = 0;
int retval = vars_check_arg(&args[0], err_msg);
while (retval && args[cond_idx].type == ARGT_STR)
retval = vars_parse_cond_param(&args[cond_idx++].data.str, &conditions, err_msg);
return retval;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
/* This function is a common parser for using variables. It understands
* the format:
*
MINOR: vars: Parse optional conditions passed to the set-var actions This patch adds the parsing of the optional condition parameters that can be passed to the set-var and set-var-fmt actions (http as well as tcp). Those conditions will not be taken into account yet in the var_set function so conditions passed as parameters will not have any effect. Since actions do not benefit from the parameter preparsing that converters have, parsing conditions needed to be done by hand.
2021-12-16 11:14:38 -05:00
* set-var-fmt(<variable-name>[,<cond> ...]) <format-string>
* set-var(<variable-name>[,<cond> ...]) <expression>
BUG/MEDIUM: vars: make the tcp/http unset-var() action support conditions Patrick Hemmer reported that http-request unset-var(foo) if ... fails to parse. The reason is that it reuses the same parser as "set-var(foo)" which makes a special case of the arguments, supposed to be a sample expression for set-var, but which must not exist for unset-var. Unfortunately the parser finds "if" or "unless" and believes it's an expression. Let's simply drop the test so that the outer rule parser deals with potential extraneous keywords. This should be backported to all versions supporting unset-var().
2019-06-04 10:43:29 -04:00
* unset-var(<variable-name>)
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
*
MINOR: actions: Remove wrappers Now the prototype for each action from each section are the same, and a discriminant for determining for each section we are called are added. So, this patch removes the wrappers for the action functions called from more than one section. This patch removes 132 lines of useless code.
2015-08-06 12:25:56 -04:00
* It returns ACT_RET_PRS_ERR if fails and <err> is filled with an error
* message. Otherwise, it returns ACT_RET_PRS_OK and the variable <expr>
MEDIUM: vars: add support for a "set-var" global directive While we do support process-wide variables ("proc.<name>"), there was no way to preset them from the configuration. This was particularly limiting their usefulness since configs involving them always had to first check if the variable was set prior to performing an operation. This patch adds a new "set-var" directive in the global section that supports setting the proc.<name> variables from an expression, like other set-var actions do. The syntax however follows what is already being done for setenv, which consists in having one argument for the variable name and another one for the expression. Only "constant" expressions are allowed here, such as "int", "str" etc, combined with arithmetic or string converters, and variable lookups. A few extra sample fetch keywords like "date", "rand" and "uuid" are also part of the constant expressions and may make sense to allow to create a random key or differentiate processes. The way it was done consists in parsing a dummy rule an executing the expression in the CFG_PARSE context, then releasing the expression. This is safe because the sample that variables store does not hold a back pointer to expression that created them.
2021-03-26 06:38:08 -04:00
* is filled with the pointer to the expression to execute. The proxy is
* only used to retrieve the ->conf entries.
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
*/
MINOR: actions: Remove wrappers Now the prototype for each action from each section are the same, and a discriminant for determining for each section we are called are added. So, this patch removes the wrappers for the action functions called from more than one section. This patch removes 132 lines of useless code.
2015-08-06 12:25:56 -04:00
static enum act_parse_ret parse_store(const char **args, int *arg, struct proxy *px,
struct act_rule *rule, char **err)
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
{
const char *var_name = args[*arg-1];
int var_len;
MINOR: vars: reduce the code size of some wrappers Some function are just a wrappers. This patch reduce the size of this wrapper for improving the readability. One check is moved from the wrapper to the main function, and some middle vars are removed.
2015-07-28 13:00:28 -04:00
const char *kw_name;
BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags When the sample validity flags are computed to check if a sample is used in a valid scope, the flags depending on the proxy capabilities must be cumulated. Historically, for a sample on the request, only the frontend capability was used to set the sample validity flags while for a sample on the response only the backend was used. But it is a problem for listen or defaults proxies. For those proxies, all frontend and backend samples should be valid. However, at many place, only frontend ones are possible. For instance, it is impossible to set the backend name (be_name) into a variable from a listen proxy. This bug exists on all stable versions. Thus this patch should probably be backported. But with some caution because the code has probably changed serveral times. Note that nobody has ever noticed this issue. So the need to backport this patch must be evaluated for each branch.
2021-10-13 11:22:17 -04:00
int flags = 0, set_var = 0; /* 0=unset-var, 1=set-var, 2=set-var-fmt */
MEDIUM: vars: pre-create parsed SCOPE_PROC variables as permanent ones All variables whose names are parsed by the config parser, the command-line parser or the SPOE's register-var-names parser are now preset as permanent. This will guarantee that these variables will exist through out all the process' life, and that it will be possible to implement the "ifexist" feature by looking them up. This was marked medium because pre-setting a variable with an empty value may always have side effects, even though none was spotted at this stage.
2021-09-08 05:07:32 -04:00
struct sample empty_smp = { };
MINOR: vars: Parse optional conditions passed to the set-var actions This patch adds the parsing of the optional condition parameters that can be passed to the set-var and set-var-fmt actions (http as well as tcp). Those conditions will not be taken into account yet in the var_set function so conditions passed as parameters will not have any effect. Since actions do not benefit from the parameter preparsing that converters have, parsing conditions needed to be done by hand.
2021-12-16 11:14:38 -05:00
struct ist condition = IST_NULL;
struct ist var = IST_NULL;
struct ist varname_ist = IST_NULL;
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
if (strncmp(var_name, "set-var-fmt", 11) == 0) {
var_name += 11;
set_var = 2;
}
else if (strncmp(var_name, "set-var", 7) == 0) {
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
var_name += 7;
set_var = 1;
}
BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser The parser checks first for "set-var" then "unset-var" from the updated offset instead of testing it only when the other one fails, so it validates this rule as "unset-var": http-request set-varunset-var(proc.a) This should be backported everywhere relevant, though it's mostly harmless as it's unlikely that some users are purposely writing this in their conf!
2021-09-02 12:46:22 -04:00
else if (strncmp(var_name, "unset-var", 9) == 0) {
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
var_name += 9;
set_var = 0;
}
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
if (*var_name != '(') {
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
memprintf(err, "invalid or incomplete action '%s'. Expects 'set-var(<var-name>)', 'set-var-fmt(<var-name>)' or 'unset-var(<var-name>)'",
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
args[*arg-1]);
MINOR: actions: Remove wrappers Now the prototype for each action from each section are the same, and a discriminant for determining for each section we are called are added. So, this patch removes the wrappers for the action functions called from more than one section. This patch removes 132 lines of useless code.
2015-08-06 12:25:56 -04:00
return ACT_RET_PRS_ERR;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
var_name++; /* jump the '(' */
var_len = strlen(var_name);
var_len--; /* remove the ')' */
if (var_name[var_len] != ')') {
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
memprintf(err, "incomplete argument after action '%s'. Expects 'set-var(<var-name>)', 'set-var-fmt(<var-name>)' or 'unset-var(<var-name>)'",
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
args[*arg-1]);
MINOR: actions: Remove wrappers Now the prototype for each action from each section are the same, and a discriminant for determining for each section we are called are added. So, this patch removes the wrappers for the action functions called from more than one section. This patch removes 132 lines of useless code.
2015-08-06 12:25:56 -04:00
return ACT_RET_PRS_ERR;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
MINOR: vars: Parse optional conditions passed to the set-var actions This patch adds the parsing of the optional condition parameters that can be passed to the set-var and set-var-fmt actions (http as well as tcp). Those conditions will not be taken into account yet in the var_set function so conditions passed as parameters will not have any effect. Since actions do not benefit from the parameter preparsing that converters have, parsing conditions needed to be done by hand.
2021-12-16 11:14:38 -05:00
/* Parse the optional conditions. */
var = ist2(var_name, var_len);
varname_ist = istsplit(&var, ',');
var_len = istlen(varname_ist);
condition = istsplit(&var, ',');
if (istlen(condition) && set_var == 0) {
memprintf(err, "unset-var does not expect parameters after the variable name. Only \"set-var\" and \"set-var-fmt\" manage conditions");
return ACT_RET_PRS_ERR;
}
while (istlen(condition)) {
struct buffer cond = {};
chunk_initlen(&cond, istptr(condition), 0, istlen(condition));
if (vars_parse_cond_param(&cond, &rule->arg.vars.conditions, err) == 0)
return ACT_RET_PRS_ERR;
condition = istsplit(&var, ',');
}
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
LIST_INIT(&rule->arg.vars.fmt);
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
if (!vars_hash_name(var_name, var_len, &rule->arg.vars.scope, &rule->arg.vars.name_hash, err))
MINOR: actions: Remove wrappers Now the prototype for each action from each section are the same, and a discriminant for determining for each section we are called are added. So, this patch removes the wrappers for the action functions called from more than one section. This patch removes 132 lines of useless code.
2015-08-06 12:25:56 -04:00
return ACT_RET_PRS_ERR;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
MEDIUM: vars: pre-create parsed SCOPE_PROC variables as permanent ones All variables whose names are parsed by the config parser, the command-line parser or the SPOE's register-var-names parser are now preset as permanent. This will guarantee that these variables will exist through out all the process' life, and that it will be possible to implement the "ifexist" feature by looking them up. This was marked medium because pre-setting a variable with an empty value may always have side effects, even though none was spotted at this stage.
2021-09-08 05:07:32 -04:00
if (rule->arg.vars.scope == SCOPE_PROC &&
MEDIUM: vars: replace the global name index with a hash The global table of known variables names can only grow and was designed for static names that are registered at boot. Nowadays it's possible to set dynamic variable names from Lua or from the CLI, which causes a real problem that was partially addressed in 2.2 with commit 4e172c93f ("MEDIUM: lua: Add `ifexist` parameter to `set_var`"). Please see github issue #624 for more context. This patch simplifies all this by removing the need for a central registry of known names, and storing 64-bit hashes instead. This is highly sufficient given the low number of variables in each context. The hash is calculated using XXH64() which is bijective over the 64-bit space thus is guaranteed collision-free for 1..8 chars. Above that the risk remains around 1/2^64 per extra 8 chars so in practice this is highly sufficient for our usage. A random seed is used at boot to seed the hash so that it's not attackable from Lua for example. There's one particular nit though. The "ifexist" hack mentioned above is now limited to variables of scope "proc" only, and will only match variables that were already created or declared, but will now verify the scope as well. This may affect some bogus Lua scripts and SPOE agents which used to accidentally work because a similarly named variable used to exist in a different scope. These ones may need to be fixed to comply with the doc. Now we can sum up the situation as this one: - ephemeral variables (scopes sess, txn, req, res) will always be usable, regardless of any prior declaration. This effectively addresses the most problematic change from the commit above that in order to work well could have required some script auditing ; - process-wide variables (scope proc) that are mentioned in the configuration, referenced in a "register-var-names" SPOE directive, or created via "set-var" in the global section or the CLI, are permanent and will always accept to be set, with or without the "ifexist" restriction (SPOE uses this internally as well). - process-wide variables (scope proc) that are only created via a set-var() tcp/http action, via Lua's set_var() calls, or via an SPOE with the "force-set-var" directive), will not be permanent but will always accept to be replaced once they are created, even if "ifexist" is present - process-wide variables (scope proc) that do not exist will only support being created via the set-var() tcp/http action, Lua's set_var() calls without "ifexist", or an SPOE declared with "force-set-var". This means that non-proc variables do not care about "ifexist" nor prior declaration, and that using "ifexist" should most often be reliable in Lua and that SPOE should most often work without any prior declaration. It may be doable to turn "ifexist" to 1 by default in Lua to further ease the transition. Note: regtests were adjusted. Cc: Tim Dsterhus <tim@bastelstu.be>
2021-08-31 02:51:02 -04:00
!var_set(rule->arg.vars.name_hash, rule->arg.vars.scope, &empty_smp, VF_CREATEONLY|VF_PERMANENT))
MEDIUM: vars: pre-create parsed SCOPE_PROC variables as permanent ones All variables whose names are parsed by the config parser, the command-line parser or the SPOE's register-var-names parser are now preset as permanent. This will guarantee that these variables will exist through out all the process' life, and that it will be possible to implement the "ifexist" feature by looking them up. This was marked medium because pre-setting a variable with an empty value may always have side effects, even though none was spotted at this stage.
2021-09-08 05:07:32 -04:00
return 0;
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
/* There is no fetch method when variable is unset. Just set the right
* action and return. */
if (!set_var) {
rule->action = ACT_CUSTOM;
rule->action_ptr = action_clear;
BUG/MAJOR: vars: Fix bogus free() during deinit() for http-request rules We cannot simply `release_sample_expr(rule->arg.vars.expr)` for a `struct act_rule`, because `rule->arg` is a union that might not contain valid `vars`. This leads to a crash on a configuration using `http-request redirect` and possibly others: frontend http mode http bind 127.0.0.1:80 http-request redirect scheme https Instead a `struct act_rule` has a `release_ptr` that must be used to properly free any additional storage allocated. This patch fixes a regression in commit ff78fcdd7f15c8626c7e70add7a935221ee2920c. It must be backported to whereever that patch is backported. It has be verified that the configuration above no longer crashes. It has also been verified that the configuration in ff78fcdd7f15c8626c7e70add7a935221ee2920c does not leak.
2020-06-14 11:27:36 -04:00
rule->release_ptr = release_store_rule;
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
return ACT_RET_PRS_OK;
}
MINOR: vars: reduce the code size of some wrappers Some function are just a wrappers. This patch reduce the size of this wrapper for improving the readability. One check is moved from the wrapper to the main function, and some middle vars are removed.
2015-07-28 13:00:28 -04:00
kw_name = args[*arg-1];
MINOR: actions: Remove wrappers Now the prototype for each action from each section are the same, and a discriminant for determining for each section we are called are added. So, this patch removes the wrappers for the action functions called from more than one section. This patch removes 132 lines of useless code.
2015-08-06 12:25:56 -04:00
switch (rule->from) {
MINOR: vars: add "set-var" for "tcp-request connection" rules. Session struct is already allocated when "tcp-request connection" rules are evaluated so session-scoped variables turned out easy to support. This resolves github issue #1408.
2021-11-02 11:56:05 -04:00
case ACT_F_TCP_REQ_CON:
flags = SMP_VAL_FE_CON_ACC;
px->conf.args.ctx = ARGC_TCO;
break;
BUG/MINOR: vars: improve accuracy of the rules used to check expression validity The set-var() expression naturally checks whether expressions are valid in the context of the rule, but it fails to differentiate frontends from backends. As such for tcp-content and http-request rules, it will only accept frontend-compatible sample-fetches, excluding those declared with SMP_UES_BKEND (a few such as be_id, be_name). For the response it accepts the backend-compatible expressions only, though it seems that there are no sample-fetch function that are valid only in the frontend's content, so that should not cause any problem. Note that while allowing valid configs to be used, the fix might also uncover some incorrect configurations where some expressions currently return nothing (e.g. something depending on frontend declared in a backend), and which could be rejected, but there does not seem to be any such keyword. Thus while it should be backported, better not backport it too far (2.4 and possibly 2.3 only).
2021-09-02 13:03:07 -04:00
case ACT_F_TCP_REQ_SES:
flags = SMP_VAL_FE_SES_ACC;
BUG/MINOR: vars: properly set the argument parsing context in the expression When the expression called in "set-var" uses argments that require late resolution, the context must be set. At the moment, any unknown argument is misleadingly reported as "ACL": frontend f bind :8080 mode http http-request set-var(proc.a) be_conn(foo) parsing [b1.cfg:4]: unable to find backend 'foo' referenced in arg 1 \ of ACL keyword 'be_conn' in proxy 'f'. Once the context is properly set, it now says the truth: parsing [b1.cfg:8]: unable to find backend 'foo' referenced in arg 1 \ of sample fetch keyword 'be_conn' in http-request expression in proxy 'f'. This may be backported but is not really important. If so, the preceeding patches "BUG/MINOR: vars: improve accuracy of the rules used to check expression validity" and "MINOR: sample: add missing ARGC_ entries" must be backported as well.
2021-09-02 13:46:08 -04:00
px->conf.args.ctx = ARGC_TSE;
BUG/MINOR: vars: improve accuracy of the rules used to check expression validity The set-var() expression naturally checks whether expressions are valid in the context of the rule, but it fails to differentiate frontends from backends. As such for tcp-content and http-request rules, it will only accept frontend-compatible sample-fetches, excluding those declared with SMP_UES_BKEND (a few such as be_id, be_name). For the response it accepts the backend-compatible expressions only, though it seems that there are no sample-fetch function that are valid only in the frontend's content, so that should not cause any problem. Note that while allowing valid configs to be used, the fix might also uncover some incorrect configurations where some expressions currently return nothing (e.g. something depending on frontend declared in a backend), and which could be rejected, but there does not seem to be any such keyword. Thus while it should be backported, better not backport it too far (2.4 and possibly 2.3 only).
2021-09-02 13:03:07 -04:00
break;
case ACT_F_TCP_REQ_CNT:
BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags When the sample validity flags are computed to check if a sample is used in a valid scope, the flags depending on the proxy capabilities must be cumulated. Historically, for a sample on the request, only the frontend capability was used to set the sample validity flags while for a sample on the response only the backend was used. But it is a problem for listen or defaults proxies. For those proxies, all frontend and backend samples should be valid. However, at many place, only frontend ones are possible. For instance, it is impossible to set the backend name (be_name) into a variable from a listen proxy. This bug exists on all stable versions. Thus this patch should probably be backported. But with some caution because the code has probably changed serveral times. Note that nobody has ever noticed this issue. So the need to backport this patch must be evaluated for each branch.
2021-10-13 11:22:17 -04:00
if (px->cap & PR_CAP_FE)
flags |= SMP_VAL_FE_REQ_CNT;
if (px->cap & PR_CAP_BE)
flags |= SMP_VAL_BE_REQ_CNT;
BUG/MINOR: vars: properly set the argument parsing context in the expression When the expression called in "set-var" uses argments that require late resolution, the context must be set. At the moment, any unknown argument is misleadingly reported as "ACL": frontend f bind :8080 mode http http-request set-var(proc.a) be_conn(foo) parsing [b1.cfg:4]: unable to find backend 'foo' referenced in arg 1 \ of ACL keyword 'be_conn' in proxy 'f'. Once the context is properly set, it now says the truth: parsing [b1.cfg:8]: unable to find backend 'foo' referenced in arg 1 \ of sample fetch keyword 'be_conn' in http-request expression in proxy 'f'. This may be backported but is not really important. If so, the preceeding patches "BUG/MINOR: vars: improve accuracy of the rules used to check expression validity" and "MINOR: sample: add missing ARGC_ entries" must be backported as well.
2021-09-02 13:46:08 -04:00
px->conf.args.ctx = ARGC_TRQ;
BUG/MINOR: vars: improve accuracy of the rules used to check expression validity The set-var() expression naturally checks whether expressions are valid in the context of the rule, but it fails to differentiate frontends from backends. As such for tcp-content and http-request rules, it will only accept frontend-compatible sample-fetches, excluding those declared with SMP_UES_BKEND (a few such as be_id, be_name). For the response it accepts the backend-compatible expressions only, though it seems that there are no sample-fetch function that are valid only in the frontend's content, so that should not cause any problem. Note that while allowing valid configs to be used, the fix might also uncover some incorrect configurations where some expressions currently return nothing (e.g. something depending on frontend declared in a backend), and which could be rejected, but there does not seem to be any such keyword. Thus while it should be backported, better not backport it too far (2.4 and possibly 2.3 only).
2021-09-02 13:03:07 -04:00
break;
case ACT_F_TCP_RES_CNT:
BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags When the sample validity flags are computed to check if a sample is used in a valid scope, the flags depending on the proxy capabilities must be cumulated. Historically, for a sample on the request, only the frontend capability was used to set the sample validity flags while for a sample on the response only the backend was used. But it is a problem for listen or defaults proxies. For those proxies, all frontend and backend samples should be valid. However, at many place, only frontend ones are possible. For instance, it is impossible to set the backend name (be_name) into a variable from a listen proxy. This bug exists on all stable versions. Thus this patch should probably be backported. But with some caution because the code has probably changed serveral times. Note that nobody has ever noticed this issue. So the need to backport this patch must be evaluated for each branch.
2021-10-13 11:22:17 -04:00
if (px->cap & PR_CAP_FE)
flags |= SMP_VAL_FE_RES_CNT;
if (px->cap & PR_CAP_BE)
flags |= SMP_VAL_BE_RES_CNT;
BUG/MINOR: vars: properly set the argument parsing context in the expression When the expression called in "set-var" uses argments that require late resolution, the context must be set. At the moment, any unknown argument is misleadingly reported as "ACL": frontend f bind :8080 mode http http-request set-var(proc.a) be_conn(foo) parsing [b1.cfg:4]: unable to find backend 'foo' referenced in arg 1 \ of ACL keyword 'be_conn' in proxy 'f'. Once the context is properly set, it now says the truth: parsing [b1.cfg:8]: unable to find backend 'foo' referenced in arg 1 \ of sample fetch keyword 'be_conn' in http-request expression in proxy 'f'. This may be backported but is not really important. If so, the preceeding patches "BUG/MINOR: vars: improve accuracy of the rules used to check expression validity" and "MINOR: sample: add missing ARGC_ entries" must be backported as well.
2021-09-02 13:46:08 -04:00
px->conf.args.ctx = ARGC_TRS;
BUG/MINOR: vars: improve accuracy of the rules used to check expression validity The set-var() expression naturally checks whether expressions are valid in the context of the rule, but it fails to differentiate frontends from backends. As such for tcp-content and http-request rules, it will only accept frontend-compatible sample-fetches, excluding those declared with SMP_UES_BKEND (a few such as be_id, be_name). For the response it accepts the backend-compatible expressions only, though it seems that there are no sample-fetch function that are valid only in the frontend's content, so that should not cause any problem. Note that while allowing valid configs to be used, the fix might also uncover some incorrect configurations where some expressions currently return nothing (e.g. something depending on frontend declared in a backend), and which could be rejected, but there does not seem to be any such keyword. Thus while it should be backported, better not backport it too far (2.4 and possibly 2.3 only).
2021-09-02 13:03:07 -04:00
break;
case ACT_F_HTTP_REQ:
BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags When the sample validity flags are computed to check if a sample is used in a valid scope, the flags depending on the proxy capabilities must be cumulated. Historically, for a sample on the request, only the frontend capability was used to set the sample validity flags while for a sample on the response only the backend was used. But it is a problem for listen or defaults proxies. For those proxies, all frontend and backend samples should be valid. However, at many place, only frontend ones are possible. For instance, it is impossible to set the backend name (be_name) into a variable from a listen proxy. This bug exists on all stable versions. Thus this patch should probably be backported. But with some caution because the code has probably changed serveral times. Note that nobody has ever noticed this issue. So the need to backport this patch must be evaluated for each branch.
2021-10-13 11:22:17 -04:00
if (px->cap & PR_CAP_FE)
flags |= SMP_VAL_FE_HRQ_HDR;
if (px->cap & PR_CAP_BE)
flags |= SMP_VAL_BE_HRQ_HDR;
BUG/MINOR: vars: properly set the argument parsing context in the expression When the expression called in "set-var" uses argments that require late resolution, the context must be set. At the moment, any unknown argument is misleadingly reported as "ACL": frontend f bind :8080 mode http http-request set-var(proc.a) be_conn(foo) parsing [b1.cfg:4]: unable to find backend 'foo' referenced in arg 1 \ of ACL keyword 'be_conn' in proxy 'f'. Once the context is properly set, it now says the truth: parsing [b1.cfg:8]: unable to find backend 'foo' referenced in arg 1 \ of sample fetch keyword 'be_conn' in http-request expression in proxy 'f'. This may be backported but is not really important. If so, the preceeding patches "BUG/MINOR: vars: improve accuracy of the rules used to check expression validity" and "MINOR: sample: add missing ARGC_ entries" must be backported as well.
2021-09-02 13:46:08 -04:00
px->conf.args.ctx = ARGC_HRQ;
BUG/MINOR: vars: improve accuracy of the rules used to check expression validity The set-var() expression naturally checks whether expressions are valid in the context of the rule, but it fails to differentiate frontends from backends. As such for tcp-content and http-request rules, it will only accept frontend-compatible sample-fetches, excluding those declared with SMP_UES_BKEND (a few such as be_id, be_name). For the response it accepts the backend-compatible expressions only, though it seems that there are no sample-fetch function that are valid only in the frontend's content, so that should not cause any problem. Note that while allowing valid configs to be used, the fix might also uncover some incorrect configurations where some expressions currently return nothing (e.g. something depending on frontend declared in a backend), and which could be rejected, but there does not seem to be any such keyword. Thus while it should be backported, better not backport it too far (2.4 and possibly 2.3 only).
2021-09-02 13:03:07 -04:00
break;
case ACT_F_HTTP_RES:
BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags When the sample validity flags are computed to check if a sample is used in a valid scope, the flags depending on the proxy capabilities must be cumulated. Historically, for a sample on the request, only the frontend capability was used to set the sample validity flags while for a sample on the response only the backend was used. But it is a problem for listen or defaults proxies. For those proxies, all frontend and backend samples should be valid. However, at many place, only frontend ones are possible. For instance, it is impossible to set the backend name (be_name) into a variable from a listen proxy. This bug exists on all stable versions. Thus this patch should probably be backported. But with some caution because the code has probably changed serveral times. Note that nobody has ever noticed this issue. So the need to backport this patch must be evaluated for each branch.
2021-10-13 11:22:17 -04:00
if (px->cap & PR_CAP_FE)
flags |= SMP_VAL_FE_HRS_HDR;
if (px->cap & PR_CAP_BE)
flags |= SMP_VAL_BE_HRS_HDR;
BUG/MINOR: vars: properly set the argument parsing context in the expression When the expression called in "set-var" uses argments that require late resolution, the context must be set. At the moment, any unknown argument is misleadingly reported as "ACL": frontend f bind :8080 mode http http-request set-var(proc.a) be_conn(foo) parsing [b1.cfg:4]: unable to find backend 'foo' referenced in arg 1 \ of ACL keyword 'be_conn' in proxy 'f'. Once the context is properly set, it now says the truth: parsing [b1.cfg:8]: unable to find backend 'foo' referenced in arg 1 \ of sample fetch keyword 'be_conn' in http-request expression in proxy 'f'. This may be backported but is not really important. If so, the preceeding patches "BUG/MINOR: vars: improve accuracy of the rules used to check expression validity" and "MINOR: sample: add missing ARGC_ entries" must be backported as well.
2021-09-02 13:46:08 -04:00
px->conf.args.ctx = ARGC_HRS;
BUG/MINOR: vars: improve accuracy of the rules used to check expression validity The set-var() expression naturally checks whether expressions are valid in the context of the rule, but it fails to differentiate frontends from backends. As such for tcp-content and http-request rules, it will only accept frontend-compatible sample-fetches, excluding those declared with SMP_UES_BKEND (a few such as be_id, be_name). For the response it accepts the backend-compatible expressions only, though it seems that there are no sample-fetch function that are valid only in the frontend's content, so that should not cause any problem. Note that while allowing valid configs to be used, the fix might also uncover some incorrect configurations where some expressions currently return nothing (e.g. something depending on frontend declared in a backend), and which could be rejected, but there does not seem to be any such keyword. Thus while it should be backported, better not backport it too far (2.4 and possibly 2.3 only).
2021-09-02 13:03:07 -04:00
break;
case ACT_F_TCP_CHK:
flags = SMP_VAL_BE_CHK_RUL;
BUG/MINOR: vars: properly set the argument parsing context in the expression When the expression called in "set-var" uses argments that require late resolution, the context must be set. At the moment, any unknown argument is misleadingly reported as "ACL": frontend f bind :8080 mode http http-request set-var(proc.a) be_conn(foo) parsing [b1.cfg:4]: unable to find backend 'foo' referenced in arg 1 \ of ACL keyword 'be_conn' in proxy 'f'. Once the context is properly set, it now says the truth: parsing [b1.cfg:8]: unable to find backend 'foo' referenced in arg 1 \ of sample fetch keyword 'be_conn' in http-request expression in proxy 'f'. This may be backported but is not really important. If so, the preceeding patches "BUG/MINOR: vars: improve accuracy of the rules used to check expression validity" and "MINOR: sample: add missing ARGC_ entries" must be backported as well.
2021-09-02 13:46:08 -04:00
px->conf.args.ctx = ARGC_TCK;
BUG/MINOR: vars: improve accuracy of the rules used to check expression validity The set-var() expression naturally checks whether expressions are valid in the context of the rule, but it fails to differentiate frontends from backends. As such for tcp-content and http-request rules, it will only accept frontend-compatible sample-fetches, excluding those declared with SMP_UES_BKEND (a few such as be_id, be_name). For the response it accepts the backend-compatible expressions only, though it seems that there are no sample-fetch function that are valid only in the frontend's content, so that should not cause any problem. Note that while allowing valid configs to be used, the fix might also uncover some incorrect configurations where some expressions currently return nothing (e.g. something depending on frontend declared in a backend), and which could be rejected, but there does not seem to be any such keyword. Thus while it should be backported, better not backport it too far (2.4 and possibly 2.3 only).
2021-09-02 13:03:07 -04:00
break;
case ACT_F_CFG_PARSER:
flags = SMP_VAL_CFG_PARSER;
BUG/MINOR: vars: properly set the argument parsing context in the expression When the expression called in "set-var" uses argments that require late resolution, the context must be set. At the moment, any unknown argument is misleadingly reported as "ACL": frontend f bind :8080 mode http http-request set-var(proc.a) be_conn(foo) parsing [b1.cfg:4]: unable to find backend 'foo' referenced in arg 1 \ of ACL keyword 'be_conn' in proxy 'f'. Once the context is properly set, it now says the truth: parsing [b1.cfg:8]: unable to find backend 'foo' referenced in arg 1 \ of sample fetch keyword 'be_conn' in http-request expression in proxy 'f'. This may be backported but is not really important. If so, the preceeding patches "BUG/MINOR: vars: improve accuracy of the rules used to check expression validity" and "MINOR: sample: add missing ARGC_ entries" must be backported as well.
2021-09-02 13:46:08 -04:00
px->conf.args.ctx = ARGC_CFG;
BUG/MINOR: vars: improve accuracy of the rules used to check expression validity The set-var() expression naturally checks whether expressions are valid in the context of the rule, but it fails to differentiate frontends from backends. As such for tcp-content and http-request rules, it will only accept frontend-compatible sample-fetches, excluding those declared with SMP_UES_BKEND (a few such as be_id, be_name). For the response it accepts the backend-compatible expressions only, though it seems that there are no sample-fetch function that are valid only in the frontend's content, so that should not cause any problem. Note that while allowing valid configs to be used, the fix might also uncover some incorrect configurations where some expressions currently return nothing (e.g. something depending on frontend declared in a backend), and which could be rejected, but there does not seem to be any such keyword. Thus while it should be backported, better not backport it too far (2.4 and possibly 2.3 only).
2021-09-02 13:03:07 -04:00
break;
case ACT_F_CLI_PARSER:
flags = SMP_VAL_CLI_PARSER;
BUG/MINOR: vars: properly set the argument parsing context in the expression When the expression called in "set-var" uses argments that require late resolution, the context must be set. At the moment, any unknown argument is misleadingly reported as "ACL": frontend f bind :8080 mode http http-request set-var(proc.a) be_conn(foo) parsing [b1.cfg:4]: unable to find backend 'foo' referenced in arg 1 \ of ACL keyword 'be_conn' in proxy 'f'. Once the context is properly set, it now says the truth: parsing [b1.cfg:8]: unable to find backend 'foo' referenced in arg 1 \ of sample fetch keyword 'be_conn' in http-request expression in proxy 'f'. This may be backported but is not really important. If so, the preceeding patches "BUG/MINOR: vars: improve accuracy of the rules used to check expression validity" and "MINOR: sample: add missing ARGC_ entries" must be backported as well.
2021-09-02 13:46:08 -04:00
px->conf.args.ctx = ARGC_CLI;
BUG/MINOR: vars: improve accuracy of the rules used to check expression validity The set-var() expression naturally checks whether expressions are valid in the context of the rule, but it fails to differentiate frontends from backends. As such for tcp-content and http-request rules, it will only accept frontend-compatible sample-fetches, excluding those declared with SMP_UES_BKEND (a few such as be_id, be_name). For the response it accepts the backend-compatible expressions only, though it seems that there are no sample-fetch function that are valid only in the frontend's content, so that should not cause any problem. Note that while allowing valid configs to be used, the fix might also uncover some incorrect configurations where some expressions currently return nothing (e.g. something depending on frontend declared in a backend), and which could be rejected, but there does not seem to be any such keyword. Thus while it should be backported, better not backport it too far (2.4 and possibly 2.3 only).
2021-09-02 13:03:07 -04:00
break;
MINOR: actions: Remove wrappers Now the prototype for each action from each section are the same, and a discriminant for determining for each section we are called are added. So, this patch removes the wrappers for the action functions called from more than one section. This patch removes 132 lines of useless code.
2015-08-06 12:25:56 -04:00
default:
memprintf(err,
"internal error, unexpected rule->from=%d, please report this bug!",
rule->from);
MEDIUM: actions: Normalize the return code of the configuration parsers This patch normalize the return code of the configuration parsers. Before these changes, the tcp action parser returned -1 if fail and 0 for the succes. The http action returned 0 if fail and 1 if succes. The normalisation does: - ACT_RET_PRS_OK for succes - ACT_RET_PRS_ERR for failure
2015-08-19 03:04:15 -04:00
return ACT_RET_PRS_ERR;
MINOR: actions: Remove wrappers Now the prototype for each action from each section are the same, and a discriminant for determining for each section we are called are added. So, this patch removes the wrappers for the action functions called from more than one section. This patch removes 132 lines of useless code.
2015-08-06 12:25:56 -04:00
}
BUG/MINOR: vars: properly set the argument parsing context in the expression When the expression called in "set-var" uses argments that require late resolution, the context must be set. At the moment, any unknown argument is misleadingly reported as "ACL": frontend f bind :8080 mode http http-request set-var(proc.a) be_conn(foo) parsing [b1.cfg:4]: unable to find backend 'foo' referenced in arg 1 \ of ACL keyword 'be_conn' in proxy 'f'. Once the context is properly set, it now says the truth: parsing [b1.cfg:8]: unable to find backend 'foo' referenced in arg 1 \ of sample fetch keyword 'be_conn' in http-request expression in proxy 'f'. This may be backported but is not really important. If so, the preceeding patches "BUG/MINOR: vars: improve accuracy of the rules used to check expression validity" and "MINOR: sample: add missing ARGC_ entries" must be backported as well.
2021-09-02 13:46:08 -04:00
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
if (set_var == 2) { /* set-var-fmt */
if (!parse_logformat_string(args[*arg], px, &rule->arg.vars.fmt, 0, flags, err))
return ACT_RET_PRS_ERR;
BUG/MINOR: vars: properly set the argument parsing context in the expression When the expression called in "set-var" uses argments that require late resolution, the context must be set. At the moment, any unknown argument is misleadingly reported as "ACL": frontend f bind :8080 mode http http-request set-var(proc.a) be_conn(foo) parsing [b1.cfg:4]: unable to find backend 'foo' referenced in arg 1 \ of ACL keyword 'be_conn' in proxy 'f'. Once the context is properly set, it now says the truth: parsing [b1.cfg:8]: unable to find backend 'foo' referenced in arg 1 \ of sample fetch keyword 'be_conn' in http-request expression in proxy 'f'. This may be backported but is not really important. If so, the preceeding patches "BUG/MINOR: vars: improve accuracy of the rules used to check expression validity" and "MINOR: sample: add missing ARGC_ entries" must be backported as well.
2021-09-02 13:46:08 -04:00
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
(*arg)++;
/* for late error reporting */
free(px->conf.lfs_file);
px->conf.lfs_file = strdup(px->conf.args.file);
px->conf.lfs_line = px->conf.args.line;
} else {
/* set-var */
rule->arg.vars.expr = sample_parse_expr((char **)args, arg, px->conf.args.file,
MINOR: tcpcheck: Support 2-steps args resolution in defaults sections With the commit eaba25dd9 ("BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing"), we restricted the use of sample fetch in tcpcheck rules defined in a defaults section to those depending on explicit arguments only. This means a tcpcheck rules defined in a defaults section cannot rely on argument unresolved during the configuration parsing. Thanks to recent changes, it is now possible again. This patch is mandatory to support TCP/HTTP rules in defaults sections.
2021-10-13 09:18:36 -04:00
px->conf.args.line, err, &px->conf.args, NULL);
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
if (!rule->arg.vars.expr)
return ACT_RET_PRS_ERR;
if (!(rule->arg.vars.expr->fetch->val & flags)) {
memprintf(err,
"fetch method '%s' extracts information from '%s', none of which is available here",
kw_name, sample_src_names(rule->arg.vars.expr->fetch->use));
free(rule->arg.vars.expr);
return ACT_RET_PRS_ERR;
}
MINOR: actions: Remove wrappers Now the prototype for each action from each section are the same, and a discriminant for determining for each section we are called are added. So, this patch removes the wrappers for the action functions called from more than one section. This patch removes 132 lines of useless code.
2015-08-06 12:25:56 -04:00
}
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
MEDIUM: actions: remove ACTION_STOP Before this patch, two type of custom actions exists: ACT_ACTION_CONT and ACT_ACTION_STOP. ACT_ACTION_CONT is a non terminal action and ACT_ACTION_STOP is a terminal action. Note that ACT_ACTION_STOP is not used in HAProxy. This patch remove this behavior. Only type type of custom action exists, and it is called ACT_CUSTOM. Now, the custion action can return a code indicating the required behavior. ACT_RET_CONT wants that HAProxy continue the current rule list evaluation, and ACT_RET_STOP wants that HAPRoxy stops the the current rule list evaluation.
2015-09-02 11:17:33 -04:00
rule->action = ACT_CUSTOM;
MINOR: actions: Remove wrappers Now the prototype for each action from each section are the same, and a discriminant for determining for each section we are called are added. So, this patch removes the wrappers for the action functions called from more than one section. This patch removes 132 lines of useless code.
2015-08-06 12:25:56 -04:00
rule->action_ptr = action_store;
BUG/MAJOR: vars: Fix bogus free() during deinit() for http-request rules We cannot simply `release_sample_expr(rule->arg.vars.expr)` for a `struct act_rule`, because `rule->arg` is a union that might not contain valid `vars`. This leads to a crash on a configuration using `http-request redirect` and possibly others: frontend http mode http bind 127.0.0.1:80 http-request redirect scheme https Instead a `struct act_rule` has a `release_ptr` that must be used to properly free any additional storage allocated. This patch fixes a regression in commit ff78fcdd7f15c8626c7e70add7a935221ee2920c. It must be backported to whereever that patch is backported. It has be verified that the configuration above no longer crashes. It has also been verified that the configuration in ff78fcdd7f15c8626c7e70add7a935221ee2920c does not leak.
2020-06-14 11:27:36 -04:00
rule->release_ptr = release_store_rule;
MEDIUM: actions: Normalize the return code of the configuration parsers This patch normalize the return code of the configuration parsers. Before these changes, the tcp action parser returned -1 if fail and 0 for the succes. The http action returned 0 if fail and 1 if succes. The normalisation does: - ACT_RET_PRS_OK for succes - ACT_RET_PRS_ERR for failure
2015-08-19 03:04:15 -04:00
return ACT_RET_PRS_OK;
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
}
MEDIUM: vars: add support for a "set-var" global directive While we do support process-wide variables ("proc.<name>"), there was no way to preset them from the configuration. This was particularly limiting their usefulness since configs involving them always had to first check if the variable was set prior to performing an operation. This patch adds a new "set-var" directive in the global section that supports setting the proc.<name> variables from an expression, like other set-var actions do. The syntax however follows what is already being done for setenv, which consists in having one argument for the variable name and another one for the expression. Only "constant" expressions are allowed here, such as "int", "str" etc, combined with arithmetic or string converters, and variable lookups. A few extra sample fetch keywords like "date", "rand" and "uuid" are also part of the constant expressions and may make sense to allow to create a random key or differentiate processes. The way it was done consists in parsing a dummy rule an executing the expression in the CFG_PARSE context, then releasing the expression. This is safe because the sample that variables store does not hold a back pointer to expression that created them.
2021-03-26 06:38:08 -04:00
/* parses a global "set-var" directive. It will create a temporary rule and
* expression that are parsed, processed, and released on the fly so that we
* respect the real set-var syntax. These directives take the following format:
* set-var <name> <expression>
MINOR: vars: add a "set-var-fmt" directive to the global section Just like the set-var-fmt action for tcp/http rules, the set-var-fmt directive in global sections allows to pre-set process-wide variables using a format string instead of a sample expression. This is often more convenient when it is required to concatenate multiple fields, or when emitting just one word.
2021-09-03 03:02:47 -04:00
* set-var-fmt <name> <fmt>
MEDIUM: vars: add support for a "set-var" global directive While we do support process-wide variables ("proc.<name>"), there was no way to preset them from the configuration. This was particularly limiting their usefulness since configs involving them always had to first check if the variable was set prior to performing an operation. This patch adds a new "set-var" directive in the global section that supports setting the proc.<name> variables from an expression, like other set-var actions do. The syntax however follows what is already being done for setenv, which consists in having one argument for the variable name and another one for the expression. Only "constant" expressions are allowed here, such as "int", "str" etc, combined with arithmetic or string converters, and variable lookups. A few extra sample fetch keywords like "date", "rand" and "uuid" are also part of the constant expressions and may make sense to allow to create a random key or differentiate processes. The way it was done consists in parsing a dummy rule an executing the expression in the CFG_PARSE context, then releasing the expression. This is safe because the sample that variables store does not hold a back pointer to expression that created them.
2021-03-26 06:38:08 -04:00
* Note that parse_store() expects "set-var(name) <expression>" so we have to
* temporarily replace the keyword here.
*/
static int vars_parse_global_set_var(char **args, int section_type, struct proxy *curpx,
const struct proxy *defpx, const char *file, int line,
char **err)
{
struct proxy px = {
CLEANUP: vars: name the temporary proxy "CFG" instead of "CLI" for global vars We're using a dummy temporary proxy when creating global variables in the configuration file, it was copied from the CLI's code and was mistakenly called "CLI", better name it "CFG". It should not appear anywhere except maybe when debugging cores.
2021-09-03 02:19:43 -04:00
.id = "CFG",
BUILD: vars: avoid overlapping field initialization Compiling vars.c with gcc 4.2 shows that we're initializing some local structs field members in a not really portable way: src/vars.c: In function 'vars_parse_cli_set_var': src/vars.c:1195: warning: initialized field overwritten src/vars.c:1195: warning: (near initialization for 'px.conf.args') src/vars.c:1195: warning: initialized field overwritten src/vars.c:1195: warning: (near initialization for 'px.conf') src/vars.c:1201: warning: initialized field overwritten src/vars.c:1201: warning: (near initialization for 'rule.conf') It's totally harmless anyway, but better clean this up.
2022-01-28 03:22:07 -05:00
.conf.args = { .file = file, .line = line, },
MEDIUM: vars: add support for a "set-var" global directive While we do support process-wide variables ("proc.<name>"), there was no way to preset them from the configuration. This was particularly limiting their usefulness since configs involving them always had to first check if the variable was set prior to performing an operation. This patch adds a new "set-var" directive in the global section that supports setting the proc.<name> variables from an expression, like other set-var actions do. The syntax however follows what is already being done for setenv, which consists in having one argument for the variable name and another one for the expression. Only "constant" expressions are allowed here, such as "int", "str" etc, combined with arithmetic or string converters, and variable lookups. A few extra sample fetch keywords like "date", "rand" and "uuid" are also part of the constant expressions and may make sense to allow to create a random key or differentiate processes. The way it was done consists in parsing a dummy rule an executing the expression in the CFG_PARSE context, then releasing the expression. This is safe because the sample that variables store does not hold a back pointer to expression that created them.
2021-03-26 06:38:08 -04:00
};
struct act_rule rule = {
.arg.vars.scope = SCOPE_PROC,
.from = ACT_F_CFG_PARSER,
BUILD: vars: avoid overlapping field initialization Compiling vars.c with gcc 4.2 shows that we're initializing some local structs field members in a not really portable way: src/vars.c: In function 'vars_parse_cli_set_var': src/vars.c:1195: warning: initialized field overwritten src/vars.c:1195: warning: (near initialization for 'px.conf.args') src/vars.c:1195: warning: initialized field overwritten src/vars.c:1195: warning: (near initialization for 'px.conf') src/vars.c:1201: warning: initialized field overwritten src/vars.c:1201: warning: (near initialization for 'rule.conf') It's totally harmless anyway, but better clean this up.
2022-01-28 03:22:07 -05:00
.conf = { .file = (char *)file, .line = line, },
MEDIUM: vars: add support for a "set-var" global directive While we do support process-wide variables ("proc.<name>"), there was no way to preset them from the configuration. This was particularly limiting their usefulness since configs involving them always had to first check if the variable was set prior to performing an operation. This patch adds a new "set-var" directive in the global section that supports setting the proc.<name> variables from an expression, like other set-var actions do. The syntax however follows what is already being done for setenv, which consists in having one argument for the variable name and another one for the expression. Only "constant" expressions are allowed here, such as "int", "str" etc, combined with arithmetic or string converters, and variable lookups. A few extra sample fetch keywords like "date", "rand" and "uuid" are also part of the constant expressions and may make sense to allow to create a random key or differentiate processes. The way it was done consists in parsing a dummy rule an executing the expression in the CFG_PARSE context, then releasing the expression. This is safe because the sample that variables store does not hold a back pointer to expression that created them.
2021-03-26 06:38:08 -04:00
};
MINOR: vars: add a "set-var-fmt" directive to the global section Just like the set-var-fmt action for tcp/http rules, the set-var-fmt directive in global sections allows to pre-set process-wide variables using a format string instead of a sample expression. This is often more convenient when it is required to concatenate multiple fields, or when emitting just one word.
2021-09-03 03:02:47 -04:00
enum obj_type objt = OBJ_TYPE_NONE;
struct session *sess = NULL;
MEDIUM: vars: add support for a "set-var" global directive While we do support process-wide variables ("proc.<name>"), there was no way to preset them from the configuration. This was particularly limiting their usefulness since configs involving them always had to first check if the variable was set prior to performing an operation. This patch adds a new "set-var" directive in the global section that supports setting the proc.<name> variables from an expression, like other set-var actions do. The syntax however follows what is already being done for setenv, which consists in having one argument for the variable name and another one for the expression. Only "constant" expressions are allowed here, such as "int", "str" etc, combined with arithmetic or string converters, and variable lookups. A few extra sample fetch keywords like "date", "rand" and "uuid" are also part of the constant expressions and may make sense to allow to create a random key or differentiate processes. The way it was done consists in parsing a dummy rule an executing the expression in the CFG_PARSE context, then releasing the expression. This is safe because the sample that variables store does not hold a back pointer to expression that created them.
2021-03-26 06:38:08 -04:00
enum act_parse_ret p_ret;
char *old_arg1;
char *tmp_arg1;
int arg = 2; // variable name
int ret = -1;
MINOR: vars: add a "set-var-fmt" directive to the global section Just like the set-var-fmt action for tcp/http rules, the set-var-fmt directive in global sections allows to pre-set process-wide variables using a format string instead of a sample expression. This is often more convenient when it is required to concatenate multiple fields, or when emitting just one word.
2021-09-03 03:02:47 -04:00
int use_fmt = 0;
MEDIUM: vars: add support for a "set-var" global directive While we do support process-wide variables ("proc.<name>"), there was no way to preset them from the configuration. This was particularly limiting their usefulness since configs involving them always had to first check if the variable was set prior to performing an operation. This patch adds a new "set-var" directive in the global section that supports setting the proc.<name> variables from an expression, like other set-var actions do. The syntax however follows what is already being done for setenv, which consists in having one argument for the variable name and another one for the expression. Only "constant" expressions are allowed here, such as "int", "str" etc, combined with arithmetic or string converters, and variable lookups. A few extra sample fetch keywords like "date", "rand" and "uuid" are also part of the constant expressions and may make sense to allow to create a random key or differentiate processes. The way it was done consists in parsing a dummy rule an executing the expression in the CFG_PARSE context, then releasing the expression. This is safe because the sample that variables store does not hold a back pointer to expression that created them.
2021-03-26 06:38:08 -04:00
LIST_INIT(&px.conf.args.list);
MINOR: vars: add a "set-var-fmt" directive to the global section Just like the set-var-fmt action for tcp/http rules, the set-var-fmt directive in global sections allows to pre-set process-wide variables using a format string instead of a sample expression. This is often more convenient when it is required to concatenate multiple fields, or when emitting just one word.
2021-09-03 03:02:47 -04:00
use_fmt = strcmp(args[0], "set-var-fmt") == 0;
MEDIUM: vars: add support for a "set-var" global directive While we do support process-wide variables ("proc.<name>"), there was no way to preset them from the configuration. This was particularly limiting their usefulness since configs involving them always had to first check if the variable was set prior to performing an operation. This patch adds a new "set-var" directive in the global section that supports setting the proc.<name> variables from an expression, like other set-var actions do. The syntax however follows what is already being done for setenv, which consists in having one argument for the variable name and another one for the expression. Only "constant" expressions are allowed here, such as "int", "str" etc, combined with arithmetic or string converters, and variable lookups. A few extra sample fetch keywords like "date", "rand" and "uuid" are also part of the constant expressions and may make sense to allow to create a random key or differentiate processes. The way it was done consists in parsing a dummy rule an executing the expression in the CFG_PARSE context, then releasing the expression. This is safe because the sample that variables store does not hold a back pointer to expression that created them.
2021-03-26 06:38:08 -04:00
if (!*args[1] || !*args[2]) {
MINOR: vars: add a "set-var-fmt" directive to the global section Just like the set-var-fmt action for tcp/http rules, the set-var-fmt directive in global sections allows to pre-set process-wide variables using a format string instead of a sample expression. This is often more convenient when it is required to concatenate multiple fields, or when emitting just one word.
2021-09-03 03:02:47 -04:00
if (use_fmt)
memprintf(err, "'%s' requires a process-wide variable name ('proc.<name>') and a format string.", args[0]);
else
memprintf(err, "'%s' requires a process-wide variable name ('proc.<name>') and a sample expression.", args[0]);
MEDIUM: vars: add support for a "set-var" global directive While we do support process-wide variables ("proc.<name>"), there was no way to preset them from the configuration. This was particularly limiting their usefulness since configs involving them always had to first check if the variable was set prior to performing an operation. This patch adds a new "set-var" directive in the global section that supports setting the proc.<name> variables from an expression, like other set-var actions do. The syntax however follows what is already being done for setenv, which consists in having one argument for the variable name and another one for the expression. Only "constant" expressions are allowed here, such as "int", "str" etc, combined with arithmetic or string converters, and variable lookups. A few extra sample fetch keywords like "date", "rand" and "uuid" are also part of the constant expressions and may make sense to allow to create a random key or differentiate processes. The way it was done consists in parsing a dummy rule an executing the expression in the CFG_PARSE context, then releasing the expression. This is safe because the sample that variables store does not hold a back pointer to expression that created them.
2021-03-26 06:38:08 -04:00
goto end;
}
tmp_arg1 = NULL;
MINOR: vars: add a "set-var-fmt" directive to the global section Just like the set-var-fmt action for tcp/http rules, the set-var-fmt directive in global sections allows to pre-set process-wide variables using a format string instead of a sample expression. This is often more convenient when it is required to concatenate multiple fields, or when emitting just one word.
2021-09-03 03:02:47 -04:00
if (!memprintf(&tmp_arg1, "set-var%s(%s)", use_fmt ? "-fmt" : "", args[1]))
MEDIUM: vars: add support for a "set-var" global directive While we do support process-wide variables ("proc.<name>"), there was no way to preset them from the configuration. This was particularly limiting their usefulness since configs involving them always had to first check if the variable was set prior to performing an operation. This patch adds a new "set-var" directive in the global section that supports setting the proc.<name> variables from an expression, like other set-var actions do. The syntax however follows what is already being done for setenv, which consists in having one argument for the variable name and another one for the expression. Only "constant" expressions are allowed here, such as "int", "str" etc, combined with arithmetic or string converters, and variable lookups. A few extra sample fetch keywords like "date", "rand" and "uuid" are also part of the constant expressions and may make sense to allow to create a random key or differentiate processes. The way it was done consists in parsing a dummy rule an executing the expression in the CFG_PARSE context, then releasing the expression. This is safe because the sample that variables store does not hold a back pointer to expression that created them.
2021-03-26 06:38:08 -04:00
goto end;
/* parse_store() will always return a message in <err> on error */
old_arg1 = args[1]; args[1] = tmp_arg1;
p_ret = parse_store((const char **)args, &arg, &px, &rule, err);
free(args[1]); args[1] = old_arg1;
if (p_ret != ACT_RET_PRS_OK)
goto end;
if (rule.arg.vars.scope != SCOPE_PROC) {
memprintf(err, "'%s': cannot set variable '%s', only scope 'proc' is permitted in the global section.", args[0], args[1]);
goto end;
}
if (smp_resolve_args(&px, err) != 0) {
release_sample_expr(rule.arg.vars.expr);
indent_msg(err, 2);
goto end;
}
MINOR: vars: add a "set-var-fmt" directive to the global section Just like the set-var-fmt action for tcp/http rules, the set-var-fmt directive in global sections allows to pre-set process-wide variables using a format string instead of a sample expression. This is often more convenient when it is required to concatenate multiple fields, or when emitting just one word.
2021-09-03 03:02:47 -04:00
if (use_fmt && !(sess = session_new(&px, NULL, &objt))) {
release_sample_expr(rule.arg.vars.expr);
memprintf(err, "'%s': out of memory when trying to set variable '%s' in the global section.", args[0], args[1]);
goto end;
}
action_store(&rule, &px, sess, NULL, 0);
MEDIUM: vars: add support for a "set-var" global directive While we do support process-wide variables ("proc.<name>"), there was no way to preset them from the configuration. This was particularly limiting their usefulness since configs involving them always had to first check if the variable was set prior to performing an operation. This patch adds a new "set-var" directive in the global section that supports setting the proc.<name> variables from an expression, like other set-var actions do. The syntax however follows what is already being done for setenv, which consists in having one argument for the variable name and another one for the expression. Only "constant" expressions are allowed here, such as "int", "str" etc, combined with arithmetic or string converters, and variable lookups. A few extra sample fetch keywords like "date", "rand" and "uuid" are also part of the constant expressions and may make sense to allow to create a random key or differentiate processes. The way it was done consists in parsing a dummy rule an executing the expression in the CFG_PARSE context, then releasing the expression. This is safe because the sample that variables store does not hold a back pointer to expression that created them.
2021-03-26 06:38:08 -04:00
release_sample_expr(rule.arg.vars.expr);
MINOR: vars: add a "set-var-fmt" directive to the global section Just like the set-var-fmt action for tcp/http rules, the set-var-fmt directive in global sections allows to pre-set process-wide variables using a format string instead of a sample expression. This is often more convenient when it is required to concatenate multiple fields, or when emitting just one word.
2021-09-03 03:02:47 -04:00
if (sess)
session_free(sess);
MEDIUM: vars: add support for a "set-var" global directive While we do support process-wide variables ("proc.<name>"), there was no way to preset them from the configuration. This was particularly limiting their usefulness since configs involving them always had to first check if the variable was set prior to performing an operation. This patch adds a new "set-var" directive in the global section that supports setting the proc.<name> variables from an expression, like other set-var actions do. The syntax however follows what is already being done for setenv, which consists in having one argument for the variable name and another one for the expression. Only "constant" expressions are allowed here, such as "int", "str" etc, combined with arithmetic or string converters, and variable lookups. A few extra sample fetch keywords like "date", "rand" and "uuid" are also part of the constant expressions and may make sense to allow to create a random key or differentiate processes. The way it was done consists in parsing a dummy rule an executing the expression in the CFG_PARSE context, then releasing the expression. This is safe because the sample that variables store does not hold a back pointer to expression that created them.
2021-03-26 06:38:08 -04:00
ret = 0;
end:
return ret;
}
MINOR: vars/cli: add a "get var" CLI command to retrieve global variables Process-wide variables can now be displayed from the CLI using "get var" followed by the variable name. They must all start with "proc." otherwise they will not be found. The output is very similar to the one of the debug converter, with a type and value being reported for the embedded sample. This command is limited to clients with the level "operator" or higher, since it can possibly expose traffic-related data.
2021-03-26 09:51:31 -04:00
/* parse CLI's "get var <name>" */
static int vars_parse_cli_get_var(char **args, char *payload, struct appctx *appctx, void *private)
{
struct vars *vars;
CLEANUP: vars: always pre-initialize smp in vars_parse_cli_get_var() In issue #1200 Coverity believes we may use an uninitialized field smp.sess here while it's not possible because the returned variable necessarily matches SCOPE_PROC hence smp.sess is not used. But it cannot see this and it could be confusing if the code later evolved into something more complex. That's not a critical path so let's first reset the sample.
2021-04-01 11:01:43 -04:00
struct sample smp = { };
MINOR: vars/cli: add a "get var" CLI command to retrieve global variables Process-wide variables can now be displayed from the CLI using "get var" followed by the variable name. They must all start with "proc." otherwise they will not be found. The output is very similar to the one of the debug converter, with a type and value being reported for the embedded sample. This command is limited to clients with the level "operator" or higher, since it can possibly expose traffic-related data.
2021-03-26 09:51:31 -04:00
int i;
if (!cli_has_level(appctx, ACCESS_LVL_OPER))
return 1;
if (!*args[2])
return cli_err(appctx, "Missing process-wide variable identifier.\n");
vars = get_vars(NULL, NULL, SCOPE_PROC);
if (!vars || vars->scope != SCOPE_PROC)
return 0;
MINOR: vars: make vars_get_by_* support an optional default value In preparation for support default values when fetching variables, we need to update the internal API to pass an extra argument to functions vars_get_by_{name,desc} to provide an optional default value. This patch does this and always passes NULL in this argument. var_to_smp() was extended to fall back to this value when available.
2021-09-03 05:52:38 -04:00
if (!vars_get_by_name(args[2], strlen(args[2]), &smp, NULL))
MINOR: vars/cli: add a "get var" CLI command to retrieve global variables Process-wide variables can now be displayed from the CLI using "get var" followed by the variable name. They must all start with "proc." otherwise they will not be found. The output is very similar to the one of the debug converter, with a type and value being reported for the embedded sample. This command is limited to clients with the level "operator" or higher, since it can possibly expose traffic-related data.
2021-03-26 09:51:31 -04:00
return cli_err(appctx, "Variable not found.\n");
/* the sample returned by vars_get_by_name() is allocated into a trash
* chunk so we have no constraint to manipulate it.
*/
chunk_printf(&trash, "%s: type=%s value=", args[2], smp_to_type[smp.data.type]);
if (!sample_casts[smp.data.type][SMP_T_STR] ||
!sample_casts[smp.data.type][SMP_T_STR](&smp)) {
chunk_appendf(&trash, "(undisplayable)");
} else {
/* Display the displayable chars*. */
b_putchr(&trash, '<');
for (i = 0; i < smp.data.u.str.data; i++) {
if (isprint((unsigned char)smp.data.u.str.area[i]))
b_putchr(&trash, smp.data.u.str.area[i]);
else
b_putchr(&trash, '.');
}
b_putchr(&trash, '>');
b_putchr(&trash, 0);
}
return cli_msg(appctx, LOG_INFO, trash.area);
}
MEDIUM: vars: also support format strings in CLI's "set var" command Most often "set var" on the CLI is used to set a string, and using only expressions is not always convenient, particularly when trying to concatenate variables sur as host names and paths. Now the "set var" command supports an optional keyword before the value to indicate its type. "expr" takes an expression just like before this patch, and "fmt" a format string, making it work like the "set-var-fmt" actions. The VTC was updated to include a test on the format string.
2021-09-03 03:47:37 -04:00
/* parse CLI's "set var <name>". It accepts:
* - set var <name> <expression>
* - set var <name> expr <expression>
* - set var <name> fmt <format>
*/
MEDIUM: cli: add a new experimental "set var" command set var <name> <expression> Allows to set or overwrite the process-wide variable 'name' with the result of expression <expression>. Only process-wide variables may be used, so the name must begin with 'proc.' otherwise no variable will be set. The <expression> may only involve "internal" sample fetch keywords and converters even though the most likely useful ones will be str('something') or int(). Note that the command line parser doesn't know about quotes, so any space in the expression must be preceeded by a backslash. This command requires levels "operator" or "admin". This command is only supported on a CLI connection running in experimental mode (see "experimental-mode on"). Just like for "set-var" in the global section, the command uses a temporary dummy proxy to create a temporary "set-var(name)" rule to assign the value. The reg test was updated to verify that an updated global variable is properly reflected in subsequent HTTP responses.
2021-03-26 10:19:50 -04:00
static int vars_parse_cli_set_var(char **args, char *payload, struct appctx *appctx, void *private)
{
struct proxy px = {
.id = "CLI",
BUILD: vars: avoid overlapping field initialization Compiling vars.c with gcc 4.2 shows that we're initializing some local structs field members in a not really portable way: src/vars.c: In function 'vars_parse_cli_set_var': src/vars.c:1195: warning: initialized field overwritten src/vars.c:1195: warning: (near initialization for 'px.conf.args') src/vars.c:1195: warning: initialized field overwritten src/vars.c:1195: warning: (near initialization for 'px.conf') src/vars.c:1201: warning: initialized field overwritten src/vars.c:1201: warning: (near initialization for 'rule.conf') It's totally harmless anyway, but better clean this up.
2022-01-28 03:22:07 -05:00
.conf.args = { .file = "CLI", .line = 0, },
MEDIUM: cli: add a new experimental "set var" command set var <name> <expression> Allows to set or overwrite the process-wide variable 'name' with the result of expression <expression>. Only process-wide variables may be used, so the name must begin with 'proc.' otherwise no variable will be set. The <expression> may only involve "internal" sample fetch keywords and converters even though the most likely useful ones will be str('something') or int(). Note that the command line parser doesn't know about quotes, so any space in the expression must be preceeded by a backslash. This command requires levels "operator" or "admin". This command is only supported on a CLI connection running in experimental mode (see "experimental-mode on"). Just like for "set-var" in the global section, the command uses a temporary dummy proxy to create a temporary "set-var(name)" rule to assign the value. The reg test was updated to verify that an updated global variable is properly reflected in subsequent HTTP responses.
2021-03-26 10:19:50 -04:00
};
struct act_rule rule = {
.arg.vars.scope = SCOPE_PROC,
.from = ACT_F_CLI_PARSER,
BUILD: vars: avoid overlapping field initialization Compiling vars.c with gcc 4.2 shows that we're initializing some local structs field members in a not really portable way: src/vars.c: In function 'vars_parse_cli_set_var': src/vars.c:1195: warning: initialized field overwritten src/vars.c:1195: warning: (near initialization for 'px.conf.args') src/vars.c:1195: warning: initialized field overwritten src/vars.c:1195: warning: (near initialization for 'px.conf') src/vars.c:1201: warning: initialized field overwritten src/vars.c:1201: warning: (near initialization for 'rule.conf') It's totally harmless anyway, but better clean this up.
2022-01-28 03:22:07 -05:00
.conf = { .file = "CLI", .line = 0, },
MEDIUM: cli: add a new experimental "set var" command set var <name> <expression> Allows to set or overwrite the process-wide variable 'name' with the result of expression <expression>. Only process-wide variables may be used, so the name must begin with 'proc.' otherwise no variable will be set. The <expression> may only involve "internal" sample fetch keywords and converters even though the most likely useful ones will be str('something') or int(). Note that the command line parser doesn't know about quotes, so any space in the expression must be preceeded by a backslash. This command requires levels "operator" or "admin". This command is only supported on a CLI connection running in experimental mode (see "experimental-mode on"). Just like for "set-var" in the global section, the command uses a temporary dummy proxy to create a temporary "set-var(name)" rule to assign the value. The reg test was updated to verify that an updated global variable is properly reflected in subsequent HTTP responses.
2021-03-26 10:19:50 -04:00
};
MEDIUM: vars: also support format strings in CLI's "set var" command Most often "set var" on the CLI is used to set a string, and using only expressions is not always convenient, particularly when trying to concatenate variables sur as host names and paths. Now the "set var" command supports an optional keyword before the value to indicate its type. "expr" takes an expression just like before this patch, and "fmt" a format string, making it work like the "set-var-fmt" actions. The VTC was updated to include a test on the format string.
2021-09-03 03:47:37 -04:00
enum obj_type objt = OBJ_TYPE_NONE;
struct session *sess = NULL;
MEDIUM: cli: add a new experimental "set var" command set var <name> <expression> Allows to set or overwrite the process-wide variable 'name' with the result of expression <expression>. Only process-wide variables may be used, so the name must begin with 'proc.' otherwise no variable will be set. The <expression> may only involve "internal" sample fetch keywords and converters even though the most likely useful ones will be str('something') or int(). Note that the command line parser doesn't know about quotes, so any space in the expression must be preceeded by a backslash. This command requires levels "operator" or "admin". This command is only supported on a CLI connection running in experimental mode (see "experimental-mode on"). Just like for "set-var" in the global section, the command uses a temporary dummy proxy to create a temporary "set-var(name)" rule to assign the value. The reg test was updated to verify that an updated global variable is properly reflected in subsequent HTTP responses.
2021-03-26 10:19:50 -04:00
enum act_parse_ret p_ret;
MEDIUM: vars: also support format strings in CLI's "set var" command Most often "set var" on the CLI is used to set a string, and using only expressions is not always convenient, particularly when trying to concatenate variables sur as host names and paths. Now the "set var" command supports an optional keyword before the value to indicate its type. "expr" takes an expression just like before this patch, and "fmt" a format string, making it work like the "set-var-fmt" actions. The VTC was updated to include a test on the format string.
2021-09-03 03:47:37 -04:00
const char *tmp_args[3];
int tmp_arg;
char *tmp_act;
MEDIUM: cli: add a new experimental "set var" command set var <name> <expression> Allows to set or overwrite the process-wide variable 'name' with the result of expression <expression>. Only process-wide variables may be used, so the name must begin with 'proc.' otherwise no variable will be set. The <expression> may only involve "internal" sample fetch keywords and converters even though the most likely useful ones will be str('something') or int(). Note that the command line parser doesn't know about quotes, so any space in the expression must be preceeded by a backslash. This command requires levels "operator" or "admin". This command is only supported on a CLI connection running in experimental mode (see "experimental-mode on"). Just like for "set-var" in the global section, the command uses a temporary dummy proxy to create a temporary "set-var(name)" rule to assign the value. The reg test was updated to verify that an updated global variable is properly reflected in subsequent HTTP responses.
2021-03-26 10:19:50 -04:00
char *err = NULL;
int nberr;
MEDIUM: vars: also support format strings in CLI's "set var" command Most often "set var" on the CLI is used to set a string, and using only expressions is not always convenient, particularly when trying to concatenate variables sur as host names and paths. Now the "set var" command supports an optional keyword before the value to indicate its type. "expr" takes an expression just like before this patch, and "fmt" a format string, making it work like the "set-var-fmt" actions. The VTC was updated to include a test on the format string.
2021-09-03 03:47:37 -04:00
int use_fmt = 0;
MEDIUM: cli: add a new experimental "set var" command set var <name> <expression> Allows to set or overwrite the process-wide variable 'name' with the result of expression <expression>. Only process-wide variables may be used, so the name must begin with 'proc.' otherwise no variable will be set. The <expression> may only involve "internal" sample fetch keywords and converters even though the most likely useful ones will be str('something') or int(). Note that the command line parser doesn't know about quotes, so any space in the expression must be preceeded by a backslash. This command requires levels "operator" or "admin". This command is only supported on a CLI connection running in experimental mode (see "experimental-mode on"). Just like for "set-var" in the global section, the command uses a temporary dummy proxy to create a temporary "set-var(name)" rule to assign the value. The reg test was updated to verify that an updated global variable is properly reflected in subsequent HTTP responses.
2021-03-26 10:19:50 -04:00
LIST_INIT(&px.conf.args.list);
if (!cli_has_level(appctx, ACCESS_LVL_OPER))
return 1;
MEDIUM: vars: also support format strings in CLI's "set var" command Most often "set var" on the CLI is used to set a string, and using only expressions is not always convenient, particularly when trying to concatenate variables sur as host names and paths. Now the "set var" command supports an optional keyword before the value to indicate its type. "expr" takes an expression just like before this patch, and "fmt" a format string, making it work like the "set-var-fmt" actions. The VTC was updated to include a test on the format string.
2021-09-03 03:47:37 -04:00
if (!*args[2])
return cli_err(appctx, "Missing process-wide variable identifier.\n");
if (!*args[3])
return cli_err(appctx, "Missing either 'expr', 'fmt' or expression.\n");
if (*args[4]) {
/* this is the long format */
if (strcmp(args[3], "fmt") == 0)
use_fmt = 1;
else if (strcmp(args[3], "expr") != 0) {
memprintf(&err, "'%s %s': arg type must be either 'expr' or 'fmt' but got '%s'.", args[0], args[1], args[3]);
goto fail;
}
}
MEDIUM: cli: add a new experimental "set var" command set var <name> <expression> Allows to set or overwrite the process-wide variable 'name' with the result of expression <expression>. Only process-wide variables may be used, so the name must begin with 'proc.' otherwise no variable will be set. The <expression> may only involve "internal" sample fetch keywords and converters even though the most likely useful ones will be str('something') or int(). Note that the command line parser doesn't know about quotes, so any space in the expression must be preceeded by a backslash. This command requires levels "operator" or "admin". This command is only supported on a CLI connection running in experimental mode (see "experimental-mode on"). Just like for "set-var" in the global section, the command uses a temporary dummy proxy to create a temporary "set-var(name)" rule to assign the value. The reg test was updated to verify that an updated global variable is properly reflected in subsequent HTTP responses.
2021-03-26 10:19:50 -04:00
MEDIUM: vars: also support format strings in CLI's "set var" command Most often "set var" on the CLI is used to set a string, and using only expressions is not always convenient, particularly when trying to concatenate variables sur as host names and paths. Now the "set var" command supports an optional keyword before the value to indicate its type. "expr" takes an expression just like before this patch, and "fmt" a format string, making it work like the "set-var-fmt" actions. The VTC was updated to include a test on the format string.
2021-09-03 03:47:37 -04:00
tmp_act = NULL;
if (!memprintf(&tmp_act, "set-var%s(%s)", use_fmt ? "-fmt" : "", args[2])) {
MEDIUM: cli: add a new experimental "set var" command set var <name> <expression> Allows to set or overwrite the process-wide variable 'name' with the result of expression <expression>. Only process-wide variables may be used, so the name must begin with 'proc.' otherwise no variable will be set. The <expression> may only involve "internal" sample fetch keywords and converters even though the most likely useful ones will be str('something') or int(). Note that the command line parser doesn't know about quotes, so any space in the expression must be preceeded by a backslash. This command requires levels "operator" or "admin". This command is only supported on a CLI connection running in experimental mode (see "experimental-mode on"). Just like for "set-var" in the global section, the command uses a temporary dummy proxy to create a temporary "set-var(name)" rule to assign the value. The reg test was updated to verify that an updated global variable is properly reflected in subsequent HTTP responses.
2021-03-26 10:19:50 -04:00
memprintf(&err, "memory allocation error.");
goto fail;
}
/* parse_store() will always return a message in <err> on error */
MEDIUM: vars: also support format strings in CLI's "set var" command Most often "set var" on the CLI is used to set a string, and using only expressions is not always convenient, particularly when trying to concatenate variables sur as host names and paths. Now the "set var" command supports an optional keyword before the value to indicate its type. "expr" takes an expression just like before this patch, and "fmt" a format string, making it work like the "set-var-fmt" actions. The VTC was updated to include a test on the format string.
2021-09-03 03:47:37 -04:00
tmp_args[0] = tmp_act;
tmp_args[1] = (*args[4]) ? args[4] : args[3];
tmp_args[2] = "";
tmp_arg = 1; // must point to the first arg after the action
p_ret = parse_store(tmp_args, &tmp_arg, &px, &rule, &err);
free(tmp_act);
MEDIUM: cli: add a new experimental "set var" command set var <name> <expression> Allows to set or overwrite the process-wide variable 'name' with the result of expression <expression>. Only process-wide variables may be used, so the name must begin with 'proc.' otherwise no variable will be set. The <expression> may only involve "internal" sample fetch keywords and converters even though the most likely useful ones will be str('something') or int(). Note that the command line parser doesn't know about quotes, so any space in the expression must be preceeded by a backslash. This command requires levels "operator" or "admin". This command is only supported on a CLI connection running in experimental mode (see "experimental-mode on"). Just like for "set-var" in the global section, the command uses a temporary dummy proxy to create a temporary "set-var(name)" rule to assign the value. The reg test was updated to verify that an updated global variable is properly reflected in subsequent HTTP responses.
2021-03-26 10:19:50 -04:00
if (p_ret != ACT_RET_PRS_OK)
goto fail;
if (rule.arg.vars.scope != SCOPE_PROC) {
BUG/MINOR: vars: do not talk about global section in CLI errors for set-var When attempting to set a variable does not start with the "proc" scope on the CLI, we used to emit "only proc is permitted in the global section" which obviously is a leftover from the initial code. This may be backported to 2.4.
2021-09-03 04:23:26 -04:00
memprintf(&err, "'%s %s': cannot set variable '%s', only scope 'proc' is permitted here.", args[0], args[1], args[2]);
MEDIUM: cli: add a new experimental "set var" command set var <name> <expression> Allows to set or overwrite the process-wide variable 'name' with the result of expression <expression>. Only process-wide variables may be used, so the name must begin with 'proc.' otherwise no variable will be set. The <expression> may only involve "internal" sample fetch keywords and converters even though the most likely useful ones will be str('something') or int(). Note that the command line parser doesn't know about quotes, so any space in the expression must be preceeded by a backslash. This command requires levels "operator" or "admin". This command is only supported on a CLI connection running in experimental mode (see "experimental-mode on"). Just like for "set-var" in the global section, the command uses a temporary dummy proxy to create a temporary "set-var(name)" rule to assign the value. The reg test was updated to verify that an updated global variable is properly reflected in subsequent HTTP responses.
2021-03-26 10:19:50 -04:00
goto fail;
}
err = NULL;
nberr = smp_resolve_args(&px, &err);
if (nberr) {
release_sample_expr(rule.arg.vars.expr);
indent_msg(&err, 2);
goto fail;
}
MEDIUM: vars: also support format strings in CLI's "set var" command Most often "set var" on the CLI is used to set a string, and using only expressions is not always convenient, particularly when trying to concatenate variables sur as host names and paths. Now the "set var" command supports an optional keyword before the value to indicate its type. "expr" takes an expression just like before this patch, and "fmt" a format string, making it work like the "set-var-fmt" actions. The VTC was updated to include a test on the format string.
2021-09-03 03:47:37 -04:00
if (use_fmt && !(sess = session_new(&px, NULL, &objt))) {
release_sample_expr(rule.arg.vars.expr);
memprintf(&err, "memory allocation error.");
goto fail;
}
action_store(&rule, &px, sess, NULL, 0);
MEDIUM: cli: add a new experimental "set var" command set var <name> <expression> Allows to set or overwrite the process-wide variable 'name' with the result of expression <expression>. Only process-wide variables may be used, so the name must begin with 'proc.' otherwise no variable will be set. The <expression> may only involve "internal" sample fetch keywords and converters even though the most likely useful ones will be str('something') or int(). Note that the command line parser doesn't know about quotes, so any space in the expression must be preceeded by a backslash. This command requires levels "operator" or "admin". This command is only supported on a CLI connection running in experimental mode (see "experimental-mode on"). Just like for "set-var" in the global section, the command uses a temporary dummy proxy to create a temporary "set-var(name)" rule to assign the value. The reg test was updated to verify that an updated global variable is properly reflected in subsequent HTTP responses.
2021-03-26 10:19:50 -04:00
release_sample_expr(rule.arg.vars.expr);
MEDIUM: vars: also support format strings in CLI's "set var" command Most often "set var" on the CLI is used to set a string, and using only expressions is not always convenient, particularly when trying to concatenate variables sur as host names and paths. Now the "set var" command supports an optional keyword before the value to indicate its type. "expr" takes an expression just like before this patch, and "fmt" a format string, making it work like the "set-var-fmt" actions. The VTC was updated to include a test on the format string.
2021-09-03 03:47:37 -04:00
if (sess)
session_free(sess);
MEDIUM: cli: add a new experimental "set var" command set var <name> <expression> Allows to set or overwrite the process-wide variable 'name' with the result of expression <expression>. Only process-wide variables may be used, so the name must begin with 'proc.' otherwise no variable will be set. The <expression> may only involve "internal" sample fetch keywords and converters even though the most likely useful ones will be str('something') or int(). Note that the command line parser doesn't know about quotes, so any space in the expression must be preceeded by a backslash. This command requires levels "operator" or "admin". This command is only supported on a CLI connection running in experimental mode (see "experimental-mode on"). Just like for "set-var" in the global section, the command uses a temporary dummy proxy to create a temporary "set-var(name)" rule to assign the value. The reg test was updated to verify that an updated global variable is properly reflected in subsequent HTTP responses.
2021-03-26 10:19:50 -04:00
appctx->st0 = CLI_ST_PROMPT;
return 0;
fail:
return cli_dynerr(appctx, err);
}
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
static int vars_max_size(char **args, int section_type, struct proxy *curpx,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
char **err, unsigned int *limit)
{
char *error;
*limit = strtol(args[1], &error, 10);
if (*error != 0) {
memprintf(err, "%s: '%s' is an invalid size", args[0], args[1]);
return -1;
}
return 0;
}
static int vars_max_size_global(char **args, int section_type, struct proxy *curpx,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
char **err)
{
return vars_max_size(args, section_type, curpx, defpx, file, line, err, &var_global_limit);
}
MEDIUM: vars: Add a per-process scope for variables Now it is possible to use variables attached to a process. The scope name is 'proc'. These variables are released only when HAProxy is stopped. 'tune.vars.proc-max-size' directive has been added to confiure the maximum amount of memory used by "proc" variables. And because memory accounting is hierachical for variables, memory for "proc" vars includes memory for "sess" vars.
2016-11-09 05:36:17 -05:00
static int vars_max_size_proc(char **args, int section_type, struct proxy *curpx,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MEDIUM: vars: Add a per-process scope for variables Now it is possible to use variables attached to a process. The scope name is 'proc'. These variables are released only when HAProxy is stopped. 'tune.vars.proc-max-size' directive has been added to confiure the maximum amount of memory used by "proc" variables. And because memory accounting is hierachical for variables, memory for "proc" vars includes memory for "sess" vars.
2016-11-09 05:36:17 -05:00
char **err)
{
return vars_max_size(args, section_type, curpx, defpx, file, line, err, &var_proc_limit);
}
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
static int vars_max_size_sess(char **args, int section_type, struct proxy *curpx,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
char **err)
{
return vars_max_size(args, section_type, curpx, defpx, file, line, err, &var_sess_limit);
}
static int vars_max_size_txn(char **args, int section_type, struct proxy *curpx,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
char **err)
{
return vars_max_size(args, section_type, curpx, defpx, file, line, err, &var_txn_limit);
}
static int vars_max_size_reqres(char **args, int section_type, struct proxy *curpx,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
char **err)
{
return vars_max_size(args, section_type, curpx, defpx, file, line, err, &var_reqres_limit);
}
MINOR: checks/vars: Add a check scope for variables Add a dedicated vars scope for checks. This scope is considered as part of the session scope for accounting purposes. The scope can be addressed by a valid session, even embryonic. The stream is not necessary. The scope is initialized after the check session is created. All variables are then pruned before the session is destroyed.
2020-02-21 12:13:44 -05:00
static int vars_max_size_check(char **args, int section_type, struct proxy *curpx,
CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy The default proxy was passed as a variable to all parsers instead of a const, which is not without risk, especially when some timeout parsers used to make some int pointers point to the default values for comparisons. We want to be certain that none of these parsers will modify the defaults sections by accident, so it's important to mark this proxy as const. This patch touches all occurrences found (89).
2021-03-09 03:53:46 -05:00
const struct proxy *defpx, const char *file, int line,
MINOR: checks/vars: Add a check scope for variables Add a dedicated vars scope for checks. This scope is considered as part of the session scope for accounting purposes. The scope can be addressed by a valid session, even embryonic. The stream is not necessary. The scope is initialized after the check session is created. All variables are then pruned before the session is destroyed.
2020-02-21 12:13:44 -05:00
char **err)
{
return vars_max_size(args, section_type, curpx, defpx, file, line, err, &var_check_limit);
}
MINOR: vars: preset a random seed to hash variables names Variables names will be hashed, but for this we need a random seed. The XXH3() algorithms is bijective over the whole 64-bit space, which is great as it guarantees no collision for 1..8 byte names. But above that even if the risk is extremely faint, it theoretically exists and since variables may be set from Lua we'd rather do our best to limit the risk of controlled collision, hence the random seed.
2021-08-31 02:48:55 -04:00
/* early boot initialization */
static void vars_init()
{
var_name_hash_seed = ha_random64();
CLEANUP: vars: move the per-process variables initialization to vars.c There's no point keeping the vars_init_head() call in init() when we already have a vars_init() registered at the right time to do that, and it complexifies the boot sequence, so let's move it there.
2022-02-17 10:47:03 -05:00
/* Initialize process vars */
vars_init_head(&proc_vars, SCOPE_PROC);
MINOR: vars: preset a random seed to hash variables names Variables names will be hashed, but for this we need a random seed. The XXH3() algorithms is bijective over the whole 64-bit space, which is great as it guarantees no collision for 1..8 byte names. But above that even if the risk is extremely faint, it theoretically exists and since variables may be set from Lua we'd rather do our best to limit the risk of controlled collision, hence the random seed.
2021-08-31 02:48:55 -04:00
}
INITCALL0(STG_PREPARE, vars_init);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
MEDIUM: vars: make the var() sample fetch function really return type ANY A long-standing issue was reported in issue #1215. In short, var() was initially internally declared as returning a string because it was not possible by then to return "any type". As such, users regularly get trapped thinking that when they're storing an integer there, then the integer matching method automatically applies. Except that this is not possible since this is related to the config parser and is decided at boot time where the variable's type is not known yet. As such, what is done is that the output being declared as type string, the string match will automatically apply, and any value will first be converted to a string. This results in several issues like: http-request set-var(txn.foo) int(-1) http-request deny if { var(txn.foo) lt 0 } not working. This is because the string match on the second line will in fact compare the string representation of the variable against strings "lt" and "0", none of which matches. The doc says that the matching method is mandatory, though that's not the case in the code due to that default string type being permissive. There's not even a warning when no explicit match is placed, because this happens very deep in the expression evaluator and making a special case just for "var" can reveal very complicated. The set-var() converter already mandates a matching method, as the following will be rejected: ... if { int(12),set-var(txn.truc) 12 } while this one will work: ... if { int(12),set-var(txn.truc) -m int 12 } As such, this patch this modifies var() to match the doc, returning the type "any", and mandating the matching method, implying that this bogus config which does not work: http-request set-var(txn.foo) int(-1) http-request deny if { var(txn.foo) lt 0 } will need to be written like this: http-request set-var(txn.foo) int(-1) http-request deny if { var(txn.foo) -m int lt 0 } This *will* break some configs (and even 3 of our regtests relied on this), but except those which already match string exclusively, all other ones are already broken and silently fail (and one of the 3 regtests, the one on FIX, was bogus regarding this). In order to fix existing configs, one can simply append "-m str" after a "var()" in an ACL or "if" expression: http-request deny unless { var(txn.jwt_alg) "ES" } must become: http-request deny unless { var(txn.jwt_alg) -m str "ES" } Most commonly, patterns such as "le", "lt", "ge", "gt", "eq", "ne" in front of a number indicate that the intent was to match an integer, and in this case "-m int" would be desired: tcp-response content reject if ! { var(res.size) gt 3800 } ought to become: tcp-response content reject if ! { var(res.size) -m int gt 3800 } This must not be backported, but if a solution is found to at least detect this exact condition in the generic expression parser and emit a warning, this could probably help spot configuration bugs. Link: https://www.mail-archive.com/haproxy@formilux.org/msg41341.html Cc: Christopher Faulet <cfaulet@haproxy.com> Cc: Tim Dsterhus <tim@bastelstu.be>
2021-11-02 12:08:15 -04:00
{ "var", smp_fetch_var, ARG2(1,STR,STR), smp_check_var, SMP_T_ANY, SMP_USE_CONST },
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
{ /* END */ },
}};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 13:14:37 -05:00
INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
static struct sample_conv_kw_list sample_conv_kws = {ILH, {
MINOR: vars: Parse optional conditions passed to the set-var converter This patch adds the parsing of the optional condition parameters that can be passed to the set-var converter. Those conditions will not be taken into account yet in the var_set function so conditions passed as parameters will not have any effect. This is true for any condition apart from the "ifexists" one that is also used to replace the VF_UPDATEONLY flag that was used to prevent proc scope variable creation from a LUA module.
2021-12-16 11:14:37 -05:00
{ "set-var", smp_conv_store, ARG5(1,STR,STR,STR,STR,STR), conv_check_var, SMP_T_ANY, SMP_T_ANY },
MINOR: vars: Add 'unset-var' action/converter It does the opposite of 'set-var' action/converter. It is really useful for per-process variables. But, it can be used for any scope. The lua function 'unset_var' has also been added.
2016-11-09 10:54:56 -05:00
{ "unset-var", smp_conv_clear, ARG1(1,STR), conv_check_var, SMP_T_ANY, SMP_T_ANY },
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
{ /* END */ },
}};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 13:14:37 -05:00
INITCALL1(STG_REGISTER, sample_register_convs, &sample_conv_kws);
MINOR: vars: add "set-var" for "tcp-request connection" rules. Session struct is already allocated when "tcp-request connection" rules are evaluated so session-scoped variables turned out easy to support. This resolves github issue #1408.
2021-11-02 11:56:05 -04:00
static struct action_kw_list tcp_req_conn_kws = { { }, {
{ "set-var-fmt", parse_store, KWF_MATCH_PREFIX },
{ "set-var", parse_store, KWF_MATCH_PREFIX },
{ "unset-var", parse_store, KWF_MATCH_PREFIX },
{ /* END */ }
}};
INITCALL1(STG_REGISTER, tcp_req_conn_keywords_register, &tcp_req_conn_kws);
MEDIUM: tcp: add registration and processing of TCP L5 rules This commit introduces "tcp-request session" rules. These are very much like "tcp-request connection" rules except that they're processed after the handshake, so it is possible to consider SSL information and addresses rewritten by the proxy protocol header in actions. This is particularly useful to track proxied sources as this was not possible before, given that tcp-request content rules are processed after each HTTP request. Similarly it is possible to assign the proxied source address or the client's cert to a variable.
2016-10-21 10:37:51 -04:00
static struct action_kw_list tcp_req_sess_kws = { { }, {
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
{ "set-var-fmt", parse_store, KWF_MATCH_PREFIX },
MINOR: action: replace match_pfx by a keyword flags field Define a new keyword flag KWF_MATCH_PREFIX. This is used to replace the match_pfx field of action struct. This has the benefit to have more explicit action declaration, and now it is possible to quickly implement experimental actions.
2021-05-06 09:33:09 -04:00
{ "set-var", parse_store, KWF_MATCH_PREFIX },
{ "unset-var", parse_store, KWF_MATCH_PREFIX },
MEDIUM: tcp: add registration and processing of TCP L5 rules This commit introduces "tcp-request session" rules. These are very much like "tcp-request connection" rules except that they're processed after the handshake, so it is possible to consider SSL information and addresses rewritten by the proxy protocol header in actions. This is particularly useful to track proxied sources as this was not possible before, given that tcp-request content rules are processed after each HTTP request. Similarly it is possible to assign the proxied source address or the client's cert to a variable.
2016-10-21 10:37:51 -04:00
{ /* END */ }
}};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 13:14:37 -05:00
INITCALL1(STG_REGISTER, tcp_req_sess_keywords_register, &tcp_req_sess_kws);
MEDIUM: tcp: add registration and processing of TCP L5 rules This commit introduces "tcp-request session" rules. These are very much like "tcp-request connection" rules except that they're processed after the handshake, so it is possible to consider SSL information and addresses rewritten by the proxy protocol header in actions. This is particularly useful to track proxied sources as this was not possible before, given that tcp-request content rules are processed after each HTTP request. Similarly it is possible to assign the proxied source address or the client's cert to a variable.
2016-10-21 10:37:51 -04:00
static struct action_kw_list tcp_req_cont_kws = { { }, {
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
{ "set-var-fmt", parse_store, KWF_MATCH_PREFIX },
MINOR: action: replace match_pfx by a keyword flags field Define a new keyword flag KWF_MATCH_PREFIX. This is used to replace the match_pfx field of action struct. This has the benefit to have more explicit action declaration, and now it is possible to quickly implement experimental actions.
2021-05-06 09:33:09 -04:00
{ "set-var", parse_store, KWF_MATCH_PREFIX },
{ "unset-var", parse_store, KWF_MATCH_PREFIX },
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
{ /* END */ }
}};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 13:14:37 -05:00
INITCALL1(STG_REGISTER, tcp_req_cont_keywords_register, &tcp_req_cont_kws);
MEDIUM: actions: Merge (http|tcp)-(request|reponse) keywords structs This patch merges the conguration keyword struct. Each declared configuration keyword struct are similar with the others. This patch simplify the code.
2015-08-19 03:01:53 -04:00
static struct action_kw_list tcp_res_kws = { { }, {
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
{ "set-var-fmt", parse_store, KWF_MATCH_PREFIX },
MINOR: action: replace match_pfx by a keyword flags field Define a new keyword flag KWF_MATCH_PREFIX. This is used to replace the match_pfx field of action struct. This has the benefit to have more explicit action declaration, and now it is possible to quickly implement experimental actions.
2021-05-06 09:33:09 -04:00
{ "set-var", parse_store, KWF_MATCH_PREFIX },
{ "unset-var", parse_store, KWF_MATCH_PREFIX },
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
{ /* END */ }
}};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 13:14:37 -05:00
INITCALL1(STG_REGISTER, tcp_res_cont_keywords_register, &tcp_res_kws);
MEDIUM: checks: Parse custom action rules in tcp-checks Register the custom action rules "set-var" and "unset-var", that will call the parse_store() command upon parsing. These rules are thus built and integrated to the tcp-check ruleset, but have no further effect for the moment.
2020-02-21 12:14:59 -05:00
static struct action_kw_list tcp_check_kws = {ILH, {
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
{ "set-var-fmt", parse_store, KWF_MATCH_PREFIX },
MINOR: action: replace match_pfx by a keyword flags field Define a new keyword flag KWF_MATCH_PREFIX. This is used to replace the match_pfx field of action struct. This has the benefit to have more explicit action declaration, and now it is possible to quickly implement experimental actions.
2021-05-06 09:33:09 -04:00
{ "set-var", parse_store, KWF_MATCH_PREFIX },
{ "unset-var", parse_store, KWF_MATCH_PREFIX },
MEDIUM: checks: Parse custom action rules in tcp-checks Register the custom action rules "set-var" and "unset-var", that will call the parse_store() command upon parsing. These rules are thus built and integrated to the tcp-check ruleset, but have no further effect for the moment.
2020-02-21 12:14:59 -05:00
{ /* END */ }
}};
INITCALL1(STG_REGISTER, tcp_check_keywords_register, &tcp_check_kws);
MEDIUM: actions: Merge (http|tcp)-(request|reponse) keywords structs This patch merges the conguration keyword struct. Each declared configuration keyword struct are similar with the others. This patch simplify the code.
2015-08-19 03:01:53 -04:00
static struct action_kw_list http_req_kws = { { }, {
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
{ "set-var-fmt", parse_store, KWF_MATCH_PREFIX },
MINOR: action: replace match_pfx by a keyword flags field Define a new keyword flag KWF_MATCH_PREFIX. This is used to replace the match_pfx field of action struct. This has the benefit to have more explicit action declaration, and now it is possible to quickly implement experimental actions.
2021-05-06 09:33:09 -04:00
{ "set-var", parse_store, KWF_MATCH_PREFIX },
{ "unset-var", parse_store, KWF_MATCH_PREFIX },
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
{ /* END */ }
}};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 13:14:37 -05:00
INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_kws);
MEDIUM: actions: Merge (http|tcp)-(request|reponse) keywords structs This patch merges the conguration keyword struct. Each declared configuration keyword struct are similar with the others. This patch simplify the code.
2015-08-19 03:01:53 -04:00
static struct action_kw_list http_res_kws = { { }, {
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
{ "set-var-fmt", parse_store, KWF_MATCH_PREFIX },
MINOR: action: replace match_pfx by a keyword flags field Define a new keyword flag KWF_MATCH_PREFIX. This is used to replace the match_pfx field of action struct. This has the benefit to have more explicit action declaration, and now it is possible to quickly implement experimental actions.
2021-05-06 09:33:09 -04:00
{ "set-var", parse_store, KWF_MATCH_PREFIX },
{ "unset-var", parse_store, KWF_MATCH_PREFIX },
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
{ /* END */ }
}};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 13:14:37 -05:00
INITCALL1(STG_REGISTER, http_res_keywords_register, &http_res_kws);
MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding This patch introduces the 'http-after-response' rules. These rules are evaluated at the end of the response analysis, just before the data forwarding, on ALL HTTP responses, the server ones but also all responses generated by HAProxy. Thanks to this ruleset, it is now possible for instance to add some headers to the responses generated by the stats applet. Following actions are supported : * allow * add-header * del-header * replace-header * replace-value * set-header * set-status * set-var * strict-mode * unset-var
2020-01-22 03:26:35 -05:00
static struct action_kw_list http_after_res_kws = { { }, {
MEDIUM: vars: add a new "set-var-fmt" action The set-var() action is convenient because it preserves the input type but it's a pain to deal with when trying to concatenate values. The most recurring example is when it's needed to build a variable composed of the source address and the source port. Usually it ends up like this: tcp-request session set-var(sess.port) src_port tcp-request session set-var(sess.addr) src,concat(":",sess.port) This is even worse when trying to aggregate multiple fields from stick-table data for example. Due to this a lot of users instead abuse headers from HTTP rules: http-request set-header(x-addr) %[src]:%[src_port] But this requires some careful cleanups to make sure they won't leak, and it's significantly more expensive to deal with. And generally speaking it's not clean. Plus it must be performed for each and every request, which is expensive for this common case of ip+port that doesn't change for the whole session. This patch addresses this limitation by implementing a new "set-var-fmt" action which performs the same work as "set-var" but takes a format string in argument instead of an expression. This way it becomes pretty simple to just write: tcp-request session set-var-fmt(sess.addr) %[src]:%[src_port] It is usable in all rulesets that already support the "set-var" action. It is not yet implemented for the global "set-var" directive (which already takes a string) and the CLI's "set var" command, which would definitely benefit from it but currently uses its own parser and engine, thus it must be reworked. The doc and regtests were updated.
2021-09-02 15:00:38 -04:00
{ "set-var-fmt", parse_store, KWF_MATCH_PREFIX },
MINOR: action: replace match_pfx by a keyword flags field Define a new keyword flag KWF_MATCH_PREFIX. This is used to replace the match_pfx field of action struct. This has the benefit to have more explicit action declaration, and now it is possible to quickly implement experimental actions.
2021-05-06 09:33:09 -04:00
{ "set-var", parse_store, KWF_MATCH_PREFIX },
{ "unset-var", parse_store, KWF_MATCH_PREFIX },
MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding This patch introduces the 'http-after-response' rules. These rules are evaluated at the end of the response analysis, just before the data forwarding, on ALL HTTP responses, the server ones but also all responses generated by HAProxy. Thanks to this ruleset, it is now possible for instance to add some headers to the responses generated by the stats applet. Following actions are supported : * allow * add-header * del-header * replace-header * replace-value * set-header * set-status * set-var * strict-mode * unset-var
2020-01-22 03:26:35 -05:00
{ /* END */ }
}};
INITCALL1(STG_REGISTER, http_after_res_keywords_register, &http_after_res_kws);
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
static struct cfg_kw_list cfg_kws = {{ },{
MEDIUM: vars: add support for a "set-var" global directive While we do support process-wide variables ("proc.<name>"), there was no way to preset them from the configuration. This was particularly limiting their usefulness since configs involving them always had to first check if the variable was set prior to performing an operation. This patch adds a new "set-var" directive in the global section that supports setting the proc.<name> variables from an expression, like other set-var actions do. The syntax however follows what is already being done for setenv, which consists in having one argument for the variable name and another one for the expression. Only "constant" expressions are allowed here, such as "int", "str" etc, combined with arithmetic or string converters, and variable lookups. A few extra sample fetch keywords like "date", "rand" and "uuid" are also part of the constant expressions and may make sense to allow to create a random key or differentiate processes. The way it was done consists in parsing a dummy rule an executing the expression in the CFG_PARSE context, then releasing the expression. This is safe because the sample that variables store does not hold a back pointer to expression that created them.
2021-03-26 06:38:08 -04:00
{ CFG_GLOBAL, "set-var", vars_parse_global_set_var },
MINOR: vars: add a "set-var-fmt" directive to the global section Just like the set-var-fmt action for tcp/http rules, the set-var-fmt directive in global sections allows to pre-set process-wide variables using a format string instead of a sample expression. This is often more convenient when it is required to concatenate multiple fields, or when emitting just one word.
2021-09-03 03:02:47 -04:00
{ CFG_GLOBAL, "set-var-fmt", vars_parse_global_set_var },
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
{ CFG_GLOBAL, "tune.vars.global-max-size", vars_max_size_global },
MEDIUM: vars: Add a per-process scope for variables Now it is possible to use variables attached to a process. The scope name is 'proc'. These variables are released only when HAProxy is stopped. 'tune.vars.proc-max-size' directive has been added to confiure the maximum amount of memory used by "proc" variables. And because memory accounting is hierachical for variables, memory for "proc" vars includes memory for "sess" vars.
2016-11-09 05:36:17 -05:00
{ CFG_GLOBAL, "tune.vars.proc-max-size", vars_max_size_proc },
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
{ CFG_GLOBAL, "tune.vars.sess-max-size", vars_max_size_sess },
{ CFG_GLOBAL, "tune.vars.txn-max-size", vars_max_size_txn },
{ CFG_GLOBAL, "tune.vars.reqres-max-size", vars_max_size_reqres },
MINOR: checks/vars: Add a check scope for variables Add a dedicated vars scope for checks. This scope is considered as part of the session scope for accounting purposes. The scope can be addressed by a valid session, even embryonic. The stream is not necessary. The scope is initialized after the check session is created. All variables are then pruned before the session is destroyed.
2020-02-21 12:13:44 -05:00
{ CFG_GLOBAL, "tune.vars.check-max-size", vars_max_size_check },
MEDIUM: vars: adds support of variables This patch adds support of variables during the processing of each stream. The variables scope can be set as 'session', 'transaction', 'request' or 'response'. The variable type is the type returned by the assignment expression. The type can change while the processing. The allocated memory can be controlled for each scope and each request, and for the global process.
2015-06-06 13:29:07 -04:00
{ /* END */ }
}};
MEDIUM: init: convert all trivial registration calls to initcalls This switches explicit calls to various trivial registration methods for keywords, muxes or protocols from constructors to INITCALL1 at stage STG_REGISTER. All these calls have in common to consume a single pointer and return void. Doing this removes 26 constructors. The following calls were addressed : - acl_register_keywords - bind_register_keywords - cfg_register_keywords - cli_register_kw - flt_register_keywords - http_req_keywords_register - http_res_keywords_register - protocol_register - register_mux_proto - sample_register_convs - sample_register_fetches - srv_register_keywords - tcp_req_conn_keywords_register - tcp_req_cont_keywords_register - tcp_req_sess_keywords_register - tcp_res_cont_keywords_register - flt_register_keywords
2018-11-25 13:14:37 -05:00
INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
MINOR: vars/cli: add a "get var" CLI command to retrieve global variables Process-wide variables can now be displayed from the CLI using "get var" followed by the variable name. They must all start with "proc." otherwise they will not be found. The output is very similar to the one of the debug converter, with a type and value being reported for the embedded sample. This command is limited to clients with the level "operator" or higher, since it can possibly expose traffic-related data.
2021-03-26 09:51:31 -04:00
/* register cli keywords */
static struct cli_kw_list cli_kws = {{ },{
CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages There were 102 CLI commands whose help were zig-zagging all along the dump making them unreadable. This patch realigns all these messages so that the command now uses up to 40 characters before the delimiting colon. About a third of the commands did not correctly list their arguments which were added after the first version, so they were all updated. Some abuses of the term "id" were fixed to use a more explanatory term. The "set ssl ocsp-response" command was not listed because it lacked a help message, this was fixed as well. The deprecated enable/disable commands for agent/health/server were prominently written as deprecated. Whenever possible, clearer explanations were provided.
2021-05-07 05:38:37 -04:00
{ { "get", "var", NULL }, "get var <name> : retrieve contents of a process-wide variable", vars_parse_cli_get_var, NULL },
MEDIUM: vars: also support format strings in CLI's "set var" command Most often "set var" on the CLI is used to set a string, and using only expressions is not always convenient, particularly when trying to concatenate variables sur as host names and paths. Now the "set var" command supports an optional keyword before the value to indicate its type. "expr" takes an expression just like before this patch, and "fmt" a format string, making it work like the "set-var-fmt" actions. The VTC was updated to include a test on the format string.
2021-09-03 03:47:37 -04:00
{ { "set", "var", NULL }, "set var <name> [fmt|expr] {<fmt>|<expr>}: set variable from an expression or a format", vars_parse_cli_set_var, NULL, NULL, NULL, ACCESS_EXPERIMENTAL },
MINOR: vars/cli: add a "get var" CLI command to retrieve global variables Process-wide variables can now be displayed from the CLI using "get var" followed by the variable name. They must all start with "proc." otherwise they will not be found. The output is very similar to the one of the debug converter, with a type and value being reported for the embedded sample. This command is limited to clients with the level "operator" or higher, since it can possibly expose traffic-related data.
2021-03-26 09:51:31 -04:00
{ { NULL }, NULL, NULL, NULL }
}};
INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
Reference in a new issue Copy permalink