BUG/MEDIUM: sink: bad init sequence on tcp sink from a ring.
The init of tcp sink, particularly for SSL, was done
too early in the code, during parsing, and this can cause
a crash specially if nbthread was not configured.
This was detected by William using ASAN on a new regtest
on log forward.
This patch adds the 'struct proxy' created for a sink
to a list and this list is now submitted to the same init
code than the main proxies list or the log_forward's proxies
list. Doing this, we are assured to use the right init sequence.
It also removes the ini code for ssl from post section parsing.
This patch should be backported as far as v2.2
Note: this fix uses 'goto' labels created by commit
'BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized'
but this code didn't exist before v2.3 so this patch needs to be
adapted for v2.2.
(cherry picked from commit d6e581de4be1d3564d771056303242c9ae930c40)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 2cc1ed89d482fde7b78a24987b7383eff2a1d7eb)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit fd3fe4a3335f883d26dc1cb81eb9049ac42b4934)
[cf: PR_CAP_INT does not exist on 2.4. So this capability is not set on sink
proxies.]
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/include/haproxy/sink.h b/include/haproxy/sink.h
index 51d507c..a9f8099 100644
--- a/include/haproxy/sink.h
+++ b/include/haproxy/sink.h
@@ -28,6 +28,8 @@
extern struct list sink_list;
+extern struct proxy *sink_proxies_list;
+
struct sink *sink_find(const char *name);
struct sink *sink_new_fd(const char *name, const char *desc, enum log_fmt, int fd);
ssize_t __sink_write(struct sink *sink, const struct ist msg[], size_t nmsg,
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 70d4820..27bab1d 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -65,6 +65,7 @@
#include <haproxy/lb_map.h>
#include <haproxy/listener.h>
#include <haproxy/log.h>
+#include <haproxy/sink.h>
#include <haproxy/mailers.h>
#include <haproxy/namespace.h>
#include <haproxy/obj_type-t.h>
@@ -3990,6 +3991,13 @@
goto init_proxies_list_stage1;
}
+ if (init_proxies_list == cfg_log_forward) {
+ init_proxies_list = sink_proxies_list;
+ /* check if list is not null to avoid infinite loop */
+ if (init_proxies_list)
+ goto init_proxies_list_stage1;
+ }
+
/***********************************************************/
/* At this point, target names have already been resolved. */
/***********************************************************/
diff --git a/src/sink.c b/src/sink.c
index 6c6897d..b75da34 100644
--- a/src/sink.c
+++ b/src/sink.c
@@ -35,6 +35,9 @@
struct list sink_list = LIST_HEAD_INIT(sink_list);
+/* sink proxies list */
+struct proxy *sink_proxies_list;
+
struct sink *cfg_sink;
struct sink *sink_find(const char *name)
@@ -288,6 +291,8 @@
px->accept = NULL;
px->options2 |= PR_O2_INDEPSTR | PR_O2_SMARTCON | PR_O2_SMARTACC;
px->bind_proc = 0; /* will be filled by users */
+ px->next = sink_proxies_list;
+ sink_proxies_list = px;
}
/*
@@ -1118,13 +1123,6 @@
srv = cfg_sink->forward_px->srv;
while (srv) {
struct sink_forward_target *sft;
- /* init ssl if needed */
- if (srv->use_ssl == 1 && xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv) {
- if (xprt_get(XPRT_SSL)->prepare_srv(srv)) {
- ha_alert("unable to prepare SSL for server '%s' in ring '%s'.\n", srv->id, cfg_sink->name);
- err_code |= ERR_ALERT | ERR_FATAL;
- }
- }
/* allocate sink_forward_target descriptor */
sft = calloc(1, sizeof(*sft));