Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 57583e474e3ee73d960403f2515437b6349ab7f1^! / . / doc / SPOE.txt
commit57583e474e3ee73d960403f2515437b6349ab7f1[log] [tgz]
authorChristopher Faulet <cfaulet@haproxy.com>Mon Sep 04 15:41:09 2017 +0200
committerWilly Tarreau <w@1wt.eu>Tue Oct 31 11:36:12 2017 +0100
tree08aaeeb8b402a5dc2f5f95edf99230d652da429f
parent1b421eab872384a56976059a8642f8a94aba367f [diff] [blame]
MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages

Now, it is possible to conditionnaly send a SPOE message by adding an ACL-based
condition on the "event" line, in a "spoe-message" section. Here is the example
coming for the SPOE documentation:

    spoe-message get-ip-reputation
        args ip=src
        event on-client-session if ! { src -f /etc/haproxy/whitelist.lst }

To avoid mixin with proxy's ACLs, each SPOE message has its private ACL list. It
possible to declare named ACLs in "spoe-message" section, using the same syntax
than for proxies. So we can rewrite the previous example to use a named ACL:

    spoe-message get-ip-reputation
        args ip=src
	acl ip-whitelisted src -f /etc/haproxy/whitelist.lst
        event on-client-session if ! ip-whitelisted

ACL-based conditions are executed in the context of the stream that handle the
client and the server connections.

diff --git a/doc/SPOE.txt b/doc/SPOE.txt
index 0f6ed14..611b228 100644
--- a/doc/SPOE.txt
+++ b/doc/SPOE.txt

@@ -1,7 +1,7 @@
                 -----------------------------------------------
                    Stream Processing Offload Engine (SPOE)
-                                  Version 1.1
-                          ( Last update: 2017-02-27 )
+                                  Version 1.2
+                          ( Last update: 2017-09-22 )
                 -----------------------------------------------
                           Author : Christopher Faulet
                       Contact : cfaulet at haproxy dot com
@@ -351,12 +351,20 @@
 
   Here you define a message that can be referenced in a "spoe-agent"
   section. Following keywords are supported :
+    - acl
     - args
     - event
 
   See also: "spoe-agent" section.
 
 
+acl <aclname> <criterion> [flags] [operator] <value> ...
+
+  Declare or complete an access list.
+
+  See section 7 about ACL usage in the HAProxy Configuration Manual.
+
+
 args [name=]<sample> ...
   Define arguments passed into the SPOE message.
 
@@ -371,11 +379,17 @@
     args frontend=fe_id src dst
 
 
-event <name>
-  Set the event that triggers sending of the message.
+event <name> [ { if | unless } <condition> ]
+  Set the event that triggers sending of the message. It may optionally be
+  followed by an ACL-based condition, in which case it will only be evaluated
+  if the condition is true.
 
-  Argument :
-    <name>   is the event name.
+  ACL-based conditions are executed in the context of the stream that handle
+  the client and the server connections.
+
+  Arguments :
+    <name>      is the event name.
+    <condition> is a standard ACL-based condition.
 
   Supported events are:
     - on-client-session
@@ -387,7 +401,8 @@
     - on-backend-http-request
     - on-http-response
 
-  See section "Events & Messages".
+  See section "Events & Messages" for more details about supported events.
+  See section 7 about ACL usage in the HAProxy Configuration Manual.
 
 2.4. Example
 -------------
@@ -441,7 +456,7 @@
 
     spoe-message get-ip-reputation
         args ip=src
-        event on-client-session
+        event on-client-session if ! { src -f /etc/haproxy/whitelist.lst }
 
 
 3. SPOP specification