MINOR: payload/config: Warn if a L6 sample fetch is used from an HTTP proxy
L6 sample fetches are now ignored when called from an HTTP proxy. Thus, a
warning is emitted during the startup if such usage is detected. It is true
for most ACLs and for log-format strings. Unfortunately, it is a bit painful
to do so for sample expressions.
This patch relies on the commit "MINOR: action: Use a generic function to
check validity of an action rule list".
diff --git a/include/haproxy/cfgparse.h b/include/haproxy/cfgparse.h
index 54bfa2a..2d309f4 100644
--- a/include/haproxy/cfgparse.h
+++ b/include/haproxy/cfgparse.h
@@ -106,6 +106,7 @@
int warnif_misplaced_tcp_sess(struct proxy *proxy, const char *file, int line, const char *arg);
int warnif_misplaced_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg);
int warnif_cond_conflicts(const struct acl_cond *cond, unsigned int where, const char *file, int line);
+int warnif_tcp_http_cond(const struct proxy *px, const struct acl_cond *cond);
int too_many_args_idx(int maxarg, int index, char **args, char **msg, int *err_code);
int too_many_args(int maxarg, char **args, char **msg, int *err_code);
int alertif_too_many_args_idx(int maxarg, int index, const char *file, int linenum, char **args, int *err_code);
diff --git a/src/action.c b/src/action.c
index 7b017f6..b9d12c0 100644
--- a/src/action.c
+++ b/src/action.c
@@ -13,6 +13,7 @@
#include <haproxy/acl.h>
#include <haproxy/action.h>
#include <haproxy/api.h>
+#include <haproxy/cfgparse.h>
#include <haproxy/errors.h>
#include <haproxy/list.h>
#include <haproxy/obj_type.h>
@@ -37,7 +38,7 @@
ha_alert("Proxy '%s': %s.\n", px->id, errmsg);
err++;
}
-
+ *err_code |= warnif_tcp_http_cond(px, rule->cond);
free(errmsg);
errmsg = NULL;
}
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 5562185..52d6022 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -334,6 +334,23 @@
return ERR_WARN;
}
+/* Report it if an ACL uses a L6 sample fetch from an HTTP proxy. It returns
+ * either 0 or ERR_WARN so that its result can be or'ed with err_code. Note that
+ * <cond> may be NULL and then will be ignored.
+*/
+int warnif_tcp_http_cond(const struct proxy *px, const struct acl_cond *cond)
+{
+ if (!cond || px->mode != PR_MODE_HTTP)
+ return 0;
+
+ if (cond->use & (SMP_USE_L6REQ|SMP_USE_L6RES)) {
+ ha_warning("Proxy '%s': L6 sample fetches ignored on HTTP proxies (declared at %s:%d).\n",
+ px->id, cond->file, cond->line);
+ return ERR_WARN;
+ }
+ return 0;
+}
+
/* try to find in <list> the word that looks closest to <word> by counting
* transitions between letters, digits and other characters. Will return the
* best matching word if found, otherwise NULL. An optional array of extra
@@ -379,7 +396,6 @@
return best_ptr;
}
-
/* Parse a string representing a process number or a set of processes. It must
* be "all", "odd", "even", a number between 1 and <max> or a range with
* two such numbers delimited by a dash ('-'). On success, it returns
@@ -2362,6 +2378,7 @@
ha_free(&rule->be.name);
rule->be.backend = target;
}
+ err_code |= warnif_tcp_http_cond(curproxy, rule->cond);
}
/* find the target server for 'use_server' rules */
@@ -2404,6 +2421,7 @@
srule->dynamic = 0;
srule->srv.name = server_name;
target = findserver(curproxy, srule->srv.name);
+ err_code |= warnif_tcp_http_cond(curproxy, srule->cond);
if (!target) {
ha_alert("config : %s '%s' : unable to find server '%s' referenced in a 'use-server' rule.\n",
@@ -2453,6 +2471,7 @@
target->proxies_list = curproxy;
}
}
+ err_code |= warnif_tcp_http_cond(curproxy, mrule->cond);
}
/* find the target table for 'store response' rules */
diff --git a/src/log.c b/src/log.c
index c771218..e002c48 100644
--- a/src/log.c
+++ b/src/log.c
@@ -512,6 +512,11 @@
goto error_free;
}
+ if ((options & LOG_OPT_HTTP) && (expr->fetch->use & (SMP_USE_L6REQ|SMP_USE_L6RES))) {
+ ha_warning("parsing [%s:%d] : L6 sample fetch <%s> ignored in HTTP log-format string.\n",
+ curpx->conf.args.file, curpx->conf.args.line, text);
+ }
+
/* check if we need to allocate an http_txn struct for HTTP parsing */
/* Note, we may also need to set curpx->to_log with certain fetches */
curpx->http_needed |= !!(expr->fetch->use & SMP_USE_HTTP_ANY);