From d447b5d5a771008ed83c03b4cf5fad8addd371e2 Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Sun, 14 Jan 2018 00:35:30 +0100
Subject: [PATCH] net/haproxy: make stick-table config more flexible, refs #202

---
 .../OPNsense/HAProxy/forms/dialogBackend.xml  | 49 +++++++++++++++++
 .../app/models/OPNsense/HAProxy/HAProxy.xml   | 55 +++++++++++++++++++
 .../templates/OPNsense/HAProxy/haproxy.conf   | 34 ++++++++++--
 3 files changed, 133 insertions(+), 5 deletions(-)

diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
index 6c7d1fbe9..b311cfca5 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
@@ -81,6 +81,13 @@
         <help><![CDATA[Choose a request pattern to associate a user to a server. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/configuration-1.7.html#stick on">HAProxy documentation</a> for a full description.<br/><div class="text-info"><b>NOTE:</b> Consider not using this feature in multi-process mode, it can result in random behaviours.</div>]]></help>
         <hint>Choose a persistence type.</hint>
     </field>
+    <field>
+        <id>backend.stickiness_dataTypes</id>
+        <label>Stored data types</label>
+        <type>select_multiple</type>
+        <style>tokenize</style>
+        <help><![CDATA[This is used to store additional information in the stick-table. It may be used by ACLs in order to control various criteria related to the activity of the client matching the stick-table. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#stick-table">HAProxy documentation</a> for a full description.]]></help>
+    </field>
     <field>
         <id>backend.stickiness_expire</id>
         <label>Expiration time</label>
@@ -107,6 +114,48 @@
         <type>text</type>
         <help><![CDATA[The maximum number of characters that will be stored in the stick table (if appropiate table type is selected).]]></help>
     </field>
+    <field>
+        <id>backend.stickiness_connRatePeriod</id>
+        <label>Connection rate period</label>
+        <type>text</type>
+        <help><![CDATA[The length of the period over which the average is measured. It reports the average incoming connection rate over that period, in connections per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
+        <advanced>true</advanced>
+    </field>
+    <field>
+        <id>backend.stickiness_sessRatePeriod</id>
+        <label>Session rate period</label>
+        <type>text</type>
+        <help><![CDATA[The length of the period over which the average is measured. It reports the average incoming session rate over that period, in sessions per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
+        <advanced>true</advanced>
+    </field>
+    <field>
+        <id>backend.stickiness_httpReqRatePeriod</id>
+        <label>HTTP request rate period</label>
+        <type>text</type>
+        <help><![CDATA[The length of the period over which the average is measured. It reports the average HTTP request rate over that period, in requests per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
+        <advanced>true</advanced>
+    </field>
+    <field>
+        <id>backend.stickiness_httpErrRatePeriod</id>
+        <label>HTTP error rate period</label>
+        <type>text</type>
+        <help><![CDATA[The length of the period over which the average is measured. It reports the average HTTP request error rate over that period, in requests per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
+        <advanced>true</advanced>
+    </field>
+    <field>
+        <id>backend.stickiness_bytesInRatePeriod</id>
+        <label>Bytes in rate period</label>
+        <type>text</type>
+        <help><![CDATA[The length of the period over which the average is measured. It reports the average incoming bytes rate over that period, in bytes per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
+        <advanced>true</advanced>
+    </field>
+    <field>
+        <id>backend.stickiness_bytesOutRatePeriod</id>
+        <label>Bytes out rate period</label>
+        <type>text</type>
+        <help><![CDATA[The length of the period over which the average is measured. It reports the average outgoing bytes rate over that period, in bytes per period. Defaults to milliseconds. Optionally the unit may be specified as either "d", "h", "m", "s", "ms" or "us".]]></help>
+        <advanced>true</advanced>
+    </field>
     <field>
         <label>Tuning Options</label>
         <type>header</type>
diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
index c7717b67d..acbef1629 100644
--- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
@@ -540,6 +540,25 @@
                         <rdpcookie>Stick on RDP-Cookie</rdpcookie>
                     </OptionValues>
                 </stickiness_pattern>
+                <stickiness_dataTypes type="OptionField">
+                    <Required>N</Required>
+                    <Multiple>Y</Multiple>
+                    <OptionValues>
+                        <conn_cnt>Connection count</conn_cnt>
+                        <conn_cur>Current connections</conn_cur>
+                        <conn_rate>Connection rate</conn_rate>
+                        <sess_cnt>Session count</sess_cnt>
+                        <sess_rate>Session rate</sess_rate>
+                        <http_req_cnt>HTTP request count</http_req_cnt>
+                        <http_req_rate>HTTP request rate</http_req_rate>
+                        <http_err_cnt>HTTP error count</http_err_cnt>
+                        <http_err_rate>HTTP error rate</http_err_rate>
+                        <bytes_in_cnt>Bytes in count (client to server)</bytes_in_cnt>
+                        <bytes_in_rate>Bytes in rate (client to server)</bytes_in_rate>
+                        <bytes_out_cnt>Bytes out count (server to client)</bytes_out_cnt>
+                        <bytes_out_rate>Bytes out rate (server to client)</bytes_out_rate>
+                    </OptionValues>
+                </stickiness_dataTypes>
                 <stickiness_expire type="TextField">
                     <Required>Y</Required>
                     <default>30m</default>
@@ -565,6 +584,42 @@
                     <ValidationMessage>Please specify a value between 1 and 10000.</ValidationMessage>
                     <Required>N</Required>
                 </stickiness_cookielength>
+                <stickiness_connRatePeriod type="TextField">
+                    <default>10s</default>
+                    <mask>/^([0-9]{1,8}(?:us|ms|s|m|h|d)?)/u</mask>
+                    <ValidationMessage>Should be a number between 1 and 8 characters, optionally followed by either "d", "h", "m", "s", "ms" or "us".</ValidationMessage>
+                    <Required>N</Required>
+                </stickiness_connRatePeriod>
+                <stickiness_sessRatePeriod type="TextField">
+                    <default>10s</default>
+                    <mask>/^([0-9]{1,8}(?:us|ms|s|m|h|d)?)/u</mask>
+                    <ValidationMessage>Should be a number between 1 and 8 characters, optionally followed by either "d", "h", "m", "s", "ms" or "us".</ValidationMessage>
+                    <Required>N</Required>
+                </stickiness_sessRatePeriod>
+                <stickiness_httpReqRatePeriod type="TextField">
+                    <default>10s</default>
+                    <mask>/^([0-9]{1,8}(?:us|ms|s|m|h|d)?)/u</mask>
+                    <ValidationMessage>Should be a number between 1 and 8 characters, optionally followed by either "d", "h", "m", "s", "ms" or "us".</ValidationMessage>
+                    <Required>N</Required>
+                </stickiness_httpReqRatePeriod>
+                <stickiness_httpErrRatePeriod type="TextField">
+                    <default>10s</default>
+                    <mask>/^([0-9]{1,8}(?:us|ms|s|m|h|d)?)/u</mask>
+                    <ValidationMessage>Should be a number between 1 and 8 characters, optionally followed by either "d", "h", "m", "s", "ms" or "us".</ValidationMessage>
+                    <Required>N</Required>
+                </stickiness_httpErrRatePeriod>
+                <stickiness_bytesInRatePeriod type="TextField">
+                    <default>1m</default>
+                    <mask>/^([0-9]{1,8}(?:us|ms|s|m|h|d)?)/u</mask>
+                    <ValidationMessage>Should be a number between 1 and 8 characters, optionally followed by either "d", "h", "m", "s", "ms" or "us".</ValidationMessage>
+                    <Required>N</Required>
+                </stickiness_bytesInRatePeriod>
+                <stickiness_bytesOutRatePeriod type="TextField">
+                    <default>1m</default>
+                    <mask>/^([0-9]{1,8}(?:us|ms|s|m|h|d)?)/u</mask>
+                    <ValidationMessage>Should be a number between 1 and 8 characters, optionally followed by either "d", "h", "m", "s", "ms" or "us".</ValidationMessage>
+                    <Required>N</Required>
+                </stickiness_bytesOutRatePeriod>
                 <tuning_timeoutConnect type="TextField">
                     <mask>/^([0-9]{1,8}(?:us|ms|s|m|h|d)?)/u</mask>
                     <ValidationMessage>Should be a number between 1 and 8 characters, optionally followed by either "d", "h", "m", "s", "ms" or "us".</ValidationMessage>
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index ccaefda24..9eb5f0976 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -816,21 +816,45 @@ backend {{backend.name}}
 {#       #      (redundant) GUI option for this.                            #}
     mode {{backend.mode}}
     balance {{backend.algorithm}}
-{#       # ignore if stickiness is disabled (set to "None") #}
+{#       # check if stickiness is disabled (set to "None") #}
 {%       if backend.stickiness_pattern|default("") != "" %}
     # stickiness
+{#         # check if additional data types are configured #}
+{%         if backend.stickiness_dataTypes|default("") != "" %}
+{%           set stickiness_datatypes = [] %}
+{%           for datatype in backend.stickiness_dataTypes.split(",") %}
+{#             # add time period to all types where this is required #}
+{%             if datatype == 'conn_rate' %}
+{%               do stickiness_datatypes.append(datatype ~ '(' ~ backend.stickiness_connRatePeriod ~ ')') %}
+{%             elif datatype == 'sess_rate' %}
+{%               do stickiness_datatypes.append(datatype ~ '(' ~ backend.stickiness_sessRatePeriod ~ ')') %}
+{%             elif datatype == 'http_req_rate' %}
+{%               do stickiness_datatypes.append(datatype ~ '(' ~ backend.stickiness_httpReqRatePeriod ~ ')') %}
+{%             elif datatype == 'http_err_rate' %}
+{%               do stickiness_datatypes.append(datatype ~ '(' ~ backend.stickiness_httpErrRatePeriod ~ ')') %}
+{%             elif datatype == 'bytes_in_rate' %}
+{%               do stickiness_datatypes.append(datatype ~ '(' ~ backend.stickiness_bytesInRatePeriod ~ ')') %}
+{%             elif datatype == 'bytes_out_rate' %}
+{%               do stickiness_datatypes.append(datatype ~ '(' ~ backend.stickiness_bytesOutRatePeriod ~ ')') %}
+{%             else %}
+{%               do stickiness_datatypes.append(datatype) %}
+{%             endif %}
+{%           endfor %}
+{%           set stickiness_store = 'store ' ~ stickiness_datatypes|join(',') %}
+{%         endif %}
+{#         # check stick-table type #}
 {%         if backend.stickiness_pattern == "sourceipv4" %}
-    stick-table type ip size {{backend.stickiness_size}} expire {{backend.stickiness_expire}}
+    stick-table type ip size {{backend.stickiness_size}} expire {{backend.stickiness_expire}} {{stickiness_store}}
     stick on src
 {%         elif backend.stickiness_pattern == "sourceipv6" %}
-    stick-table type ipv6 size {{backend.stickiness_size}} expire {{backend.stickiness_expire}}
+    stick-table type ipv6 size {{backend.stickiness_size}} expire {{backend.stickiness_expire}} {{stickiness_store}}
     stick on src
 {%         elif backend.stickiness_pattern == "cookievalue" %}
-    stick-table type string len {{backend.stickiness_cookielength}} size {{backend.stickiness_size}} expire {{backend.stickiness_expire}}
+    stick-table type string len {{backend.stickiness_cookielength}} size {{backend.stickiness_size}} expire {{backend.stickiness_expire}} {{stickiness_store}}
     stick store-response res.cook({{backend.stickiness_cookiename}})
     stick on req.cook({{backend.stickiness_cookiename}})
 {%         elif backend.stickiness_pattern == "rdpcookie" %}
-    stick-table type binary len {{backend.stickiness_cookielength}} size {{backend.stickiness_size}} expire {{backend.stickiness_expire}}
+    stick-table type binary len {{backend.stickiness_cookielength}} size {{backend.stickiness_size}} expire {{backend.stickiness_expire}} {{stickiness_store}}
     stick on req.rdp_cookie(mstshash)
 {%         endif %}
 {%       endif %}