Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 1 | ----------------------------------------------- |
| 2 | Stream Processing Offload Engine (SPOE) |
Christopher Faulet | 57583e4 | 2017-09-04 15:41:09 +0200 | [diff] [blame] | 3 | Version 1.2 |
Christopher Faulet | 3b78809 | 2020-05-13 08:25:12 +0200 | [diff] [blame] | 4 | ( Last update: 2020-06-13 ) |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 5 | ----------------------------------------------- |
| 6 | Author : Christopher Faulet |
| 7 | Contact : cfaulet at haproxy dot com |
| 8 | |
| 9 | |
| 10 | SUMMARY |
| 11 | -------- |
| 12 | |
| 13 | 0. Terms |
| 14 | 1. Introduction |
| 15 | 2. SPOE configuration |
| 16 | 2.1. SPOE scope |
| 17 | 2.2. "spoe-agent" section |
| 18 | 2.3. "spoe-message" section |
Christopher Faulet | 11610f3 | 2017-09-21 10:23:10 +0200 | [diff] [blame] | 19 | 2.4. "spoe-group" section |
| 20 | 2.5. Example |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 21 | 3. SPOP specification |
| 22 | 3.1. Data types |
| 23 | 3.2. Frames |
| 24 | 3.2.1. Frame capabilities |
| 25 | 3.2.2. Frame types overview |
| 26 | 3.2.3. Workflow |
| 27 | 3.2.4. Frame: HAPROXY-HELLO |
| 28 | 3.2.5. Frame: AGENT-HELLO |
| 29 | 3.2.6. Frame: NOTIFY |
| 30 | 3.2.7. Frame: ACK |
| 31 | 3.2.8. Frame: HAPROXY-DISCONNECT |
| 32 | 3.2.9. Frame: AGENT-DISCONNECT |
| 33 | 3.3. Events & messages |
| 34 | 3.4. Actions |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 35 | 3.5. Errors & timeouts |
Christopher Faulet | b2dd1e0 | 2018-03-22 09:07:41 +0100 | [diff] [blame] | 36 | 4. Logging |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 37 | |
| 38 | |
| 39 | 0. Terms |
| 40 | --------- |
| 41 | |
| 42 | * SPOE : Stream Processing Offload Engine. |
| 43 | |
Ilya Shipitsin | 11057a3 | 2020-06-21 21:18:27 +0500 | [diff] [blame] | 44 | A SPOE is a filter talking to servers managed by a SPOA to offload the |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 45 | stream processing. An engine is attached to a proxy. A proxy can have |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 46 | several engines. Each engine is linked to an agent and only one. |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 47 | |
| 48 | * SPOA : Stream Processing Offload Agent. |
| 49 | |
| 50 | A SPOA is a service that will receive info from a SPOE to offload the |
| 51 | stream processing. An agent manages several servers. It uses a backend to |
| 52 | reference all of them. By extension, these servers can also be called |
| 53 | agents. |
| 54 | |
| 55 | * SPOP : Stream Processing Offload Protocol, used by SPOEs to talk to SPOA |
| 56 | servers. |
| 57 | |
| 58 | This protocol is used by engines to talk to agents. It is an in-house |
| 59 | binary protocol described in this documentation. |
| 60 | |
| 61 | |
| 62 | 1. Introduction |
| 63 | ---------------- |
| 64 | |
| 65 | SPOE is a feature introduced in HAProxy 1.7. It makes possible the |
| 66 | communication with external components to retrieve some info. The idea started |
| 67 | with the problems caused by most ldap libs not working fine in event-driven |
| 68 | systems (often at least the connect() is blocking). So, it is hard to properly |
| 69 | implement Single Sign On solution (SSO) in HAProxy. The SPOE will ease this |
| 70 | kind of processing, or we hope so. |
| 71 | |
| 72 | Now, the aim of SPOE is to allow any kind of offloading on the streams. First |
Christopher Faulet | 3b78809 | 2020-05-13 08:25:12 +0200 | [diff] [blame] | 73 | releases won't do lot of things. As we will see, there are few handled events |
| 74 | and even less actions supported. Actually, for now, the SPOE can offload the |
| 75 | processing before "tcp-request content", "tcp-response content", "http-request" |
| 76 | and "http-response" rules. And it only supports variables definition. But, in |
| 77 | spite of these limited features, we can easily imagine to implement SSO |
| 78 | solution, ip reputation or ip geolocation services. |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 79 | |
Willy Tarreau | 8695199 | 2021-04-21 09:39:06 +0200 | [diff] [blame] | 80 | Some example implementations in various languages are linked to from the |
| 81 | HAProxy Wiki page dedicated to this mechanism: |
| 82 | |
| 83 | https://github.com/haproxy/wiki/wiki/SPOE:-Stream-Processing-Offloading-Engine |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 84 | |
| 85 | 2. SPOE configuration |
| 86 | ---------------------- |
| 87 | |
| 88 | Because SPOE is implemented as a filter, To use it, you must declare a "filter |
| 89 | spoe" line in a proxy section (frontend/backend/listen) : |
| 90 | |
| 91 | frontend my-front |
| 92 | ... |
| 93 | filter spoe [engine <name>] config <file> |
| 94 | ... |
| 95 | |
| 96 | The "config" parameter is mandatory. It specififies the SPOE configuration |
| 97 | file. The engine name is optional. It can be set to declare the scope to use in |
| 98 | the SPOE configuration. So it is possible to use the same SPOE configuration |
| 99 | for several engines. If no name is provided, the SPOE configuration must not |
| 100 | contain any scope directive. |
| 101 | |
| 102 | We use a separate configuration file on purpose. By commenting SPOE filter |
Michael Prokop | 4438c60 | 2019-05-24 10:25:45 +0200 | [diff] [blame] | 103 | line, you completely disable the feature, including the parsing of sections |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 104 | reserved to SPOE. This is also a way to keep the HAProxy configuration clean. |
| 105 | |
| 106 | A SPOE configuration file must contains, at least, the SPOA configuration |
Christopher Faulet | 11610f3 | 2017-09-21 10:23:10 +0200 | [diff] [blame] | 107 | ("spoe-agent" section) and SPOE messages/groups ("spoe-message" or "spoe-group" |
| 108 | sections) attached to this agent. |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 109 | |
| 110 | IMPORTANT : The configuration of a SPOE filter must be located in a dedicated |
| 111 | file. But the backend used by a SPOA must be declared in HAProxy configuration |
| 112 | file. |
| 113 | |
| 114 | 2.1. SPOE scope |
| 115 | ------------------------- |
| 116 | |
| 117 | If you specify an engine name on the SPOE filter line, then you need to define |
| 118 | scope in the SPOE configuration with the same name. You can have several SPOE |
| 119 | scope in the same file. In each scope, you must define one and only one |
| 120 | "spoe-agent" section to configure the SPOA linked to your SPOE and several |
Ilya Shipitsin | 2a950d0 | 2020-03-06 13:07:38 +0500 | [diff] [blame] | 121 | "spoe-message" and "spoe-group" sections to describe, respectively, messages and |
Christopher Faulet | 11610f3 | 2017-09-21 10:23:10 +0200 | [diff] [blame] | 122 | group of messages sent to servers mananged by your SPOA. |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 123 | |
| 124 | A SPOE scope starts with this kind of line : |
| 125 | |
| 126 | [<name>] |
| 127 | |
| 128 | where <name> is the same engine name specified on the SPOE filter line. The |
| 129 | scope ends when the file ends or when another scope is found. |
| 130 | |
| 131 | Example : |
| 132 | [my-first-engine] |
| 133 | spoe-agent my-agent |
| 134 | ... |
| 135 | spoe-message msg1 |
| 136 | ... |
| 137 | spoe-message msg2 |
| 138 | ... |
Christopher Faulet | b2dd1e0 | 2018-03-22 09:07:41 +0100 | [diff] [blame] | 139 | spoe-group grp1 |
Christopher Faulet | 11610f3 | 2017-09-21 10:23:10 +0200 | [diff] [blame] | 140 | ... |
Christopher Faulet | b2dd1e0 | 2018-03-22 09:07:41 +0100 | [diff] [blame] | 141 | spoe-group grp2 |
| 142 | ... |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 143 | |
| 144 | [my-second-engine] |
| 145 | ... |
| 146 | |
| 147 | If no engine name is provided on the SPOE filter line, no SPOE scope must be |
| 148 | found in the SPOE configuration file. All the file is considered to be in the |
| 149 | same anonymous and implicit scope. |
| 150 | |
Christopher Faulet | 7ee8667 | 2017-09-19 11:08:28 +0200 | [diff] [blame] | 151 | The engine name must be uniq for a proxy. If no engine name is provided on the |
Joseph Herlant | 71b4b15 | 2018-11-13 16:55:16 -0800 | [diff] [blame] | 152 | SPOE filter line, the SPOE agent name is used by default. |
Christopher Faulet | 7ee8667 | 2017-09-19 11:08:28 +0200 | [diff] [blame] | 153 | |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 154 | 2.2. "spoe-agent" section |
| 155 | -------------------------- |
| 156 | |
| 157 | For each engine, you must define one and only one "spoe-agent" section. In this |
| 158 | section, you will declare SPOE messages and the backend you will use. You will |
| 159 | also set timeouts and options to customize your agent's behaviour. |
| 160 | |
| 161 | |
| 162 | spoe-agent <name> |
| 163 | Create a new SPOA with the name <name>. It must have one and only one |
| 164 | "spoe-agent" definition by SPOE scope. |
| 165 | |
| 166 | Arguments : |
| 167 | <name> is the name of the agent section. |
| 168 | |
| 169 | following keywords are supported : |
Christopher Faulet | 11610f3 | 2017-09-21 10:23:10 +0200 | [diff] [blame] | 170 | - groups |
Christopher Faulet | 7250b8f | 2018-03-26 17:19:01 +0200 | [diff] [blame] | 171 | - log |
Christopher Faulet | 4802672 | 2016-11-16 15:01:12 +0100 | [diff] [blame] | 172 | - maxconnrate |
| 173 | - maxerrrate |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 174 | - max-frame-size |
Christopher Faulet | e8ade38 | 2018-01-25 15:32:22 +0100 | [diff] [blame] | 175 | - max-waiting-frames |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 176 | - messages |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 177 | - [no] option async |
Christopher Faulet | 0e0f085 | 2018-03-26 17:20:36 +0200 | [diff] [blame] | 178 | - [no] option dontlog-normal |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 179 | - [no] option pipelining |
| 180 | - [no] option send-frag-payload |
Christopher Faulet | ea62c2a | 2016-11-14 10:54:21 +0100 | [diff] [blame] | 181 | - option continue-on-error |
Christopher Faulet | 336d3ef | 2017-12-22 10:00:55 +0100 | [diff] [blame] | 182 | - option force-set-var |
Christopher Faulet | 985532d | 2016-11-16 15:36:19 +0100 | [diff] [blame] | 183 | - option set-on-error |
Christopher Faulet | 36bda1c | 2018-03-22 09:08:20 +0100 | [diff] [blame] | 184 | - option set-process-time |
| 185 | - option set-total-time |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 186 | - option var-prefix |
Christopher Faulet | 336d3ef | 2017-12-22 10:00:55 +0100 | [diff] [blame] | 187 | - register-var-names |
Christopher Faulet | 03a3449 | 2016-11-19 16:47:56 +0100 | [diff] [blame] | 188 | - timeout hello|idle|processing |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 189 | - use-backend |
| 190 | |
| 191 | |
Christopher Faulet | 11610f3 | 2017-09-21 10:23:10 +0200 | [diff] [blame] | 192 | groups <grp-name> ... |
| 193 | Declare the list of SPOE groups that an agent will handle. |
| 194 | |
| 195 | Arguments : |
| 196 | <grp-name> is the name of a SPOE group. |
| 197 | |
Joseph Herlant | 71b4b15 | 2018-11-13 16:55:16 -0800 | [diff] [blame] | 198 | Groups declared here must be found in the same engine scope, else an error is |
Christopher Faulet | 11610f3 | 2017-09-21 10:23:10 +0200 | [diff] [blame] | 199 | triggered during the configuration parsing. You can have many "groups" lines. |
| 200 | |
| 201 | See also: "spoe-group" section. |
| 202 | |
| 203 | |
Christopher Faulet | 7250b8f | 2018-03-26 17:19:01 +0200 | [diff] [blame] | 204 | log global |
| 205 | log <address> [len <length>] [format <format>] <facility> [<level> [<minlevel>]] |
| 206 | no log |
| 207 | Enable per-instance logging of events and traffic. |
| 208 | |
| 209 | Prefix : |
| 210 | no should be used when the logger list must be flushed. |
| 211 | |
| 212 | See the HAProxy Configuration Manual for details about this option. |
| 213 | |
Christopher Faulet | 4802672 | 2016-11-16 15:01:12 +0100 | [diff] [blame] | 214 | maxconnrate <number> |
| 215 | Set the maximum number of connections per second to <number>. The SPOE will |
| 216 | stop to open new connections if the maximum is reached and will wait to |
| 217 | acquire an existing one. So it is important to set "timeout hello" to a |
| 218 | relatively small value. |
| 219 | |
| 220 | |
| 221 | maxerrrate <number> |
| 222 | Set the maximum number of errors per second to <number>. The SPOE will stop |
| 223 | its processing if the maximum is reached. |
| 224 | |
| 225 | |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 226 | max-frame-size <number> |
| 227 | Set the maximum allowed size for frames exchanged between HAProxy and SPOA. |
| 228 | It must be in the range [256, tune.bufsize-4] (4 bytes are reserved for the |
| 229 | frame length). By default, it is set to (tune.bufsize-4). |
| 230 | |
Christopher Faulet | e8ade38 | 2018-01-25 15:32:22 +0100 | [diff] [blame] | 231 | max-waiting-frames <number> |
| 232 | Set the maximum number of frames waiting for an acknowledgement on the same |
| 233 | connection. This value is only used when the pipelinied or asynchronus |
| 234 | exchanges between HAProxy and SPOA are enabled. By default, it is set to 20. |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 235 | |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 236 | messages <msg-name> ... |
| 237 | Declare the list of SPOE messages that an agent will handle. |
| 238 | |
| 239 | Arguments : |
| 240 | <msg-name> is the name of a SPOE message. |
| 241 | |
| 242 | Messages declared here must be found in the same engine scope, else an error |
| 243 | is triggered during the configuration parsing. You can have many "messages" |
| 244 | lines. |
| 245 | |
| 246 | See also: "spoe-message" section. |
| 247 | |
| 248 | |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 249 | option async |
| 250 | no option async |
| 251 | Enable or disable the support of asynchronus exchanges between HAProxy and |
| 252 | SPOA. By default, this option is enabled. |
| 253 | |
| 254 | |
Christopher Faulet | ea62c2a | 2016-11-14 10:54:21 +0100 | [diff] [blame] | 255 | option continue-on-error |
| 256 | Do not stop the events processing when an error occurred on a stream. |
| 257 | |
| 258 | By default, for a specific stream, when an abnormal/unexpected error occurs, |
| 259 | the SPOE is disabled for all the transaction. So if you have several events |
Ilya Shipitsin | 11057a3 | 2020-06-21 21:18:27 +0500 | [diff] [blame] | 260 | configured, such error on an event will disabled all following. For TCP |
Christopher Faulet | ea62c2a | 2016-11-14 10:54:21 +0100 | [diff] [blame] | 261 | streams, this will disable the SPOE for the whole session. For HTTP streams, |
| 262 | this will disable it for the transaction (request and response). |
| 263 | |
| 264 | When set, this option bypass this behaviour and only the current event will |
| 265 | be ignored. |
| 266 | |
Christopher Faulet | 0e0f085 | 2018-03-26 17:20:36 +0200 | [diff] [blame] | 267 | |
| 268 | option dontlog-normal |
| 269 | no option dontlog-normal |
| 270 | Enable or disable logging of normal, successful processing. |
| 271 | |
| 272 | Arguments : none |
| 273 | |
| 274 | See also: "log" and section 4 about logging. |
| 275 | |
| 276 | |
Etienne Carriere | aec8989 | 2017-12-14 09:36:40 +0000 | [diff] [blame] | 277 | option force-set-var |
| 278 | By default, SPOE filter only register already known variables (mainly from |
Willy Tarreau | 7978c5c | 2021-09-07 14:24:07 +0200 | [diff] [blame] | 279 | parsing of the configuration), and process-wide variables (those of scope |
| 280 | "proc") cannot be created. If you want that haproxy trusts the agent and |
Etienne Carriere | aec8989 | 2017-12-14 09:36:40 +0000 | [diff] [blame] | 281 | registers all variables (ex: can be useful for LUA workload), activate this |
| 282 | option. |
| 283 | |
| 284 | Caution : this option opens to a variety of attacks such as a rogue SPOA that |
| 285 | asks to register too many variables. |
| 286 | |
Christopher Faulet | ea62c2a | 2016-11-14 10:54:21 +0100 | [diff] [blame] | 287 | |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 288 | option pipelining |
| 289 | no option pipelining |
| 290 | Enable or disable the support of pipelined exchanges between HAProxy and |
| 291 | SPOA. By default, this option is enabled. |
| 292 | |
| 293 | |
| 294 | option send-frag-payload |
| 295 | no option send-frag-payload |
| 296 | Enable or disable the sending of fragmented payload to SPOA. By default, this |
| 297 | option is enabled. |
| 298 | |
| 299 | |
Christopher Faulet | 985532d | 2016-11-16 15:36:19 +0100 | [diff] [blame] | 300 | option set-on-error <var name> |
| 301 | Define the variable to set when an error occurred during an event processing. |
| 302 | |
| 303 | Arguments : |
| 304 | |
| 305 | <var name> is the variable name, without the scope. The name may only |
| 306 | contain characters 'a-z', 'A-Z', '0-9', '.' and '_'. |
| 307 | |
| 308 | This variable will only be set when an error occurred in the scope of the |
| 309 | transaction. As for all other variables define by the SPOE, it will be |
| 310 | prefixed. So, if your variable name is "error" and your prefix is |
| 311 | "my_spoe_pfx", the variable will be "txn.my_spoe_pfx.error". |
| 312 | |
Christopher Faulet | b067b06 | 2017-01-04 16:39:11 +0100 | [diff] [blame] | 313 | When set, the variable is an integer representing the error reason. For values |
| 314 | under 256, it represents an error coming from the engine. Below 256, it |
| 315 | reports a SPOP error. In this case, to retrieve the right SPOP status code, |
| 316 | you must remove 256 to this value. Here are possible values: |
| 317 | |
| 318 | * 1 a timeout occurred during the event processing. |
| 319 | |
Michael Prokop | 4438c60 | 2019-05-24 10:25:45 +0200 | [diff] [blame] | 320 | * 2 an error was triggered during the resources allocation. |
Christopher Faulet | b067b06 | 2017-01-04 16:39:11 +0100 | [diff] [blame] | 321 | |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 322 | * 3 the frame payload exceeds the frame size and it cannot be |
| 323 | fragmented. |
| 324 | |
| 325 | * 4 the fragmentation of a payload is aborted. |
| 326 | |
Christopher Faulet | 344c4ab | 2017-09-22 10:20:13 +0200 | [diff] [blame] | 327 | * 5 The frame processing has been interrupted by HAProxy. |
| 328 | |
Christopher Faulet | b067b06 | 2017-01-04 16:39:11 +0100 | [diff] [blame] | 329 | * 255 an unknown error occurred during the event processing. |
| 330 | |
| 331 | * 256+N a SPOP error occurred during the event processing (see section |
| 332 | "Errors & timeouts"). |
| 333 | |
| 334 | Note that if "option continue-on-error" is set, the variable is not |
| 335 | automatically removed between events processing. |
Christopher Faulet | 985532d | 2016-11-16 15:36:19 +0100 | [diff] [blame] | 336 | |
| 337 | See also: "option continue-on-error", "option var-prefix". |
| 338 | |
Christopher Faulet | 36bda1c | 2018-03-22 09:08:20 +0100 | [diff] [blame] | 339 | |
| 340 | option set-process-time <var name> |
| 341 | Define the variable to set to report the processing time of the last event or |
| 342 | group. |
| 343 | |
| 344 | Arguments : |
| 345 | |
| 346 | <var name> is the variable name, without the scope. The name may only |
| 347 | contain characters 'a-z', 'A-Z', '0-9', '.' and '_'. |
| 348 | |
| 349 | This variable will be set in the scope of the transaction. As for all other |
| 350 | variables define by the SPOE, it will be prefixed. So, if your variable name |
| 351 | is "process_time" and your prefix is "my_spoe_pfx", the variable will be |
| 352 | "txn.my_spoe_pfx.process_time". |
| 353 | |
| 354 | When set, the variable is an integer representing the delay to process the |
| 355 | event or the group, in milliseconds. From the stream point of view, it is the |
| 356 | latency added by the SPOE processing for the last handled event or group. |
| 357 | |
| 358 | If several events or groups are processed for the same stream, this value |
| 359 | will be overrideen. |
| 360 | |
| 361 | See also: "option set-total-time". |
| 362 | |
| 363 | |
| 364 | option set-total-time <var name> |
| 365 | Define the variable to set to report the total processing time SPOE for a |
| 366 | stream. |
| 367 | |
| 368 | Arguments : |
| 369 | |
| 370 | <var name> is the variable name, without the scope. The name may only |
| 371 | contain characters 'a-z', 'A-Z', '0-9', '.' and '_'. |
| 372 | |
| 373 | This variable will be set in the scope of the transaction. As for all other |
| 374 | variables define by the SPOE, it will be prefixed. So, if your variable name |
| 375 | is "total_time" and your prefix is "my_spoe_pfx", the variable will be |
| 376 | "txn.my_spoe_pfx.total_time". |
| 377 | |
| 378 | When set, the variable is an integer representing the sum of processing times |
| 379 | for a stream, in milliseconds. From the stream point of view, it is the |
| 380 | latency added by the SPOE processing. |
| 381 | |
| 382 | If several events or groups are processed for the same stream, this value |
| 383 | will be updated. |
| 384 | |
| 385 | See also: "option set-process-time". |
| 386 | |
| 387 | |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 388 | option var-prefix <prefix> |
| 389 | Define the prefix used when variables are set by an agent. |
| 390 | |
| 391 | Arguments : |
| 392 | |
| 393 | <prefix> is the prefix used to limit the scope of variables set by an |
| 394 | agent. |
| 395 | |
| 396 | To avoid conflict with other variables defined by HAProxy, all variables |
| 397 | names will be prefixed. By default, the "spoe-agent" name is used. This |
| 398 | option can be used to customize it. |
| 399 | |
| 400 | The prefix will be added between the variable scope and its name, separated |
| 401 | by a '.'. It may only contain characters 'a-z', 'A-Z', '0-9', '.' and '_', as |
| 402 | for variables name. In HAProxy configuration, you need to use this prefix as |
| 403 | a part of the variables name. For example, if an agent define the variable |
| 404 | "myvar" in the "txn" scope, with the prefix "my_spoe_pfx", then you should |
| 405 | use "txn.my_spoe_pfx.myvar" name in your HAProxy configuration. |
| 406 | |
Etienne Carriere | aec8989 | 2017-12-14 09:36:40 +0000 | [diff] [blame] | 407 | By default, an agent will never set new variables at runtime: It can only set |
| 408 | new value for existing ones. If you want a different behaviour, see |
Christopher Faulet | 336d3ef | 2017-12-22 10:00:55 +0100 | [diff] [blame] | 409 | force-set-var option and register-var-names directive. |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 410 | |
Christopher Faulet | 336d3ef | 2017-12-22 10:00:55 +0100 | [diff] [blame] | 411 | register-var-names <var name> ... |
| 412 | Register some variable names. By default, an agent will not be allowed to set |
| 413 | new variables at runtime. This rule can be totally relaxed by setting the |
| 414 | option "force-set-var". If you know all the variables you will need, this |
| 415 | directive is a good way to register them without letting an agent doing what |
| 416 | it want. This is only required if these variables are not referenced anywhere |
| 417 | in the HAProxy configuration or the SPOE one. |
| 418 | |
| 419 | Arguments: |
| 420 | <var name> is a variable name without the scope. The name may only |
| 421 | contain characters 'a-z', 'A-Z', '0-9', '.' and '_'. |
| 422 | |
| 423 | The prefix will be automatically added during the registration. You can have |
| 424 | many "register-var-names" lines. |
| 425 | |
| 426 | See also: "option force-set-var", "option var-prefix". |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 427 | |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 428 | timeout hello <timeout> |
| 429 | Set the maximum time to wait for an agent to receive the AGENT-HELLO frame. |
Christopher Faulet | f7a3092 | 2016-11-10 15:04:51 +0100 | [diff] [blame] | 430 | It is applied on the stream that handle the connection with the agent. |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 431 | |
| 432 | Arguments : |
| 433 | <timeout> is the timeout value specified in milliseconds by default, but |
| 434 | can be in any other unit if the number is suffixed by the unit, |
| 435 | as explained at the top of this document. |
| 436 | |
| 437 | This timeout is an applicative timeout. It differ from "timeout connect" |
| 438 | defined on backends. |
| 439 | |
| 440 | |
| 441 | timeout idle <timeout> |
Christopher Faulet | f7a3092 | 2016-11-10 15:04:51 +0100 | [diff] [blame] | 442 | Set the maximum time to wait for an agent to close an idle connection. It is |
| 443 | applied on the stream that handle the connection with the agent. |
| 444 | |
| 445 | Arguments : |
| 446 | <timeout> is the timeout value specified in milliseconds by default, but |
| 447 | can be in any other unit if the number is suffixed by the unit, |
| 448 | as explained at the top of this document. |
| 449 | |
| 450 | |
| 451 | timeout processing <timeout> |
| 452 | Set the maximum time to wait for a stream to process an event, i.e to acquire |
| 453 | a stream to talk with an agent, to encode all messages, to send the NOTIFY |
Ilya Shipitsin | 0188108 | 2021-08-07 14:41:56 +0500 | [diff] [blame] | 454 | frame, to receive the corresponding acknowledgement and to process all |
Christopher Faulet | f7a3092 | 2016-11-10 15:04:51 +0100 | [diff] [blame] | 455 | actions. It is applied on the stream that handle the client and the server |
| 456 | sessions. |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 457 | |
| 458 | Arguments : |
| 459 | <timeout> is the timeout value specified in milliseconds by default, but |
| 460 | can be in any other unit if the number is suffixed by the unit, |
| 461 | as explained at the top of this document. |
| 462 | |
| 463 | |
| 464 | use-backend <backend> |
| 465 | Specify the backend to use. It must be defined. |
| 466 | |
| 467 | Arguments : |
| 468 | <backend> is the name of a valid "backend" section. |
| 469 | |
| 470 | |
| 471 | 2.3. "spoe-message" section |
| 472 | ---------------------------- |
| 473 | |
| 474 | To offload the stream processing, SPOE will send messages with specific |
| 475 | information at a specific moment in the stream life and will wait for |
| 476 | corresponding replies to know what to do. |
| 477 | |
| 478 | |
| 479 | spoe-message <name> |
| 480 | Create a new SPOE message with the name <name>. |
| 481 | |
| 482 | Arguments : |
| 483 | <name> is the name of the SPOE message. |
| 484 | |
| 485 | Here you define a message that can be referenced in a "spoe-agent" |
| 486 | section. Following keywords are supported : |
Christopher Faulet | 57583e4 | 2017-09-04 15:41:09 +0200 | [diff] [blame] | 487 | - acl |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 488 | - args |
| 489 | - event |
| 490 | |
| 491 | See also: "spoe-agent" section. |
| 492 | |
| 493 | |
Christopher Faulet | 57583e4 | 2017-09-04 15:41:09 +0200 | [diff] [blame] | 494 | acl <aclname> <criterion> [flags] [operator] <value> ... |
Christopher Faulet | 57583e4 | 2017-09-04 15:41:09 +0200 | [diff] [blame] | 495 | Declare or complete an access list. |
| 496 | |
| 497 | See section 7 about ACL usage in the HAProxy Configuration Manual. |
| 498 | |
| 499 | |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 500 | args [name=]<sample> ... |
| 501 | Define arguments passed into the SPOE message. |
| 502 | |
| 503 | Arguments : |
| 504 | <sample> is a sample expression. |
| 505 | |
| 506 | When the message is processed, if a sample expression is not available, it is |
| 507 | set to NULL. Arguments are processed in their declaration order and added in |
Joseph Herlant | 71b4b15 | 2018-11-13 16:55:16 -0800 | [diff] [blame] | 508 | the message in that order. It is possible to declare named arguments. |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 509 | |
| 510 | For example: |
| 511 | args frontend=fe_id src dst |
| 512 | |
| 513 | |
Christopher Faulet | 57583e4 | 2017-09-04 15:41:09 +0200 | [diff] [blame] | 514 | event <name> [ { if | unless } <condition> ] |
| 515 | Set the event that triggers sending of the message. It may optionally be |
| 516 | followed by an ACL-based condition, in which case it will only be evaluated |
Christopher Faulet | d322e94 | 2021-12-03 10:18:09 +0100 | [diff] [blame] | 517 | if the condition is true. A SPOE message can only be sent on one event. If |
| 518 | several events are defined, only the last one is considered. |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 519 | |
Christopher Faulet | 57583e4 | 2017-09-04 15:41:09 +0200 | [diff] [blame] | 520 | ACL-based conditions are executed in the context of the stream that handle |
| 521 | the client and the server connections. |
| 522 | |
| 523 | Arguments : |
| 524 | <name> is the event name. |
| 525 | <condition> is a standard ACL-based condition. |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 526 | |
| 527 | Supported events are: |
| 528 | - on-client-session |
Christopher Faulet | 1002aac | 2016-12-09 17:41:54 +0100 | [diff] [blame] | 529 | - on-server-session |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 530 | - on-frontend-tcp-request |
| 531 | - on-backend-tcp-request |
| 532 | - on-tcp-response |
| 533 | - on-frontend-http-request |
| 534 | - on-backend-http-request |
| 535 | - on-http-response |
| 536 | |
Christopher Faulet | 57583e4 | 2017-09-04 15:41:09 +0200 | [diff] [blame] | 537 | See section "Events & Messages" for more details about supported events. |
| 538 | See section 7 about ACL usage in the HAProxy Configuration Manual. |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 539 | |
Christopher Faulet | 11610f3 | 2017-09-21 10:23:10 +0200 | [diff] [blame] | 540 | 2.4. "spoe-group" section |
| 541 | -------------------------- |
| 542 | |
| 543 | This section can be used to declare a group of SPOE messages. Unlike messages |
| 544 | referenced in a "spoe-agent" section, messages inside a group are not sent on a |
| 545 | specific event. The sending must be triggered by TCP or HTTP rules, from the |
| 546 | HAProxy configuration. |
| 547 | |
| 548 | |
| 549 | spoe-group <name> |
| 550 | Create a new SPOE group with the name <name>. |
| 551 | |
| 552 | Arguments : |
| 553 | <name> is the name of the SPOE group. |
| 554 | |
| 555 | Here you define a group of SPOE messages that can be referenced in a |
| 556 | "spoe-agent" section. Following keywords are supported : |
| 557 | - messages |
| 558 | |
| 559 | See also: "spoe-agent" and "spoe-message" sections. |
| 560 | |
| 561 | |
| 562 | messages <msg-name> ... |
| 563 | Declare the list of SPOE messages belonging to the group. |
| 564 | |
| 565 | Arguments : |
| 566 | <msg-name> is the name of a SPOE message. |
| 567 | |
| 568 | Messages declared here must be found in the same engine scope, else an error |
| 569 | is triggered during the configuration parsing. Furthermore, a message belongs |
| 570 | at most to a group. You can have many "messages" lines. |
| 571 | |
| 572 | See also: "spoe-message" section. |
| 573 | |
| 574 | |
| 575 | 2.5. Example |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 576 | ------------- |
| 577 | |
| 578 | Here is a simple but complete example that sends client-ip address to a ip |
| 579 | reputation service. This service can set the variable "ip_score" which is an |
| 580 | integer between 0 and 100, indicating its reputation (100 means totally safe |
| 581 | and 0 a blacklisted IP with no doubt). |
| 582 | |
| 583 | ### |
| 584 | ### HAProxy configuration |
| 585 | frontend www |
| 586 | mode http |
| 587 | bind *:80 |
| 588 | |
| 589 | filter spoe engine ip-reputation config spoe-ip-reputation.conf |
| 590 | |
| 591 | # Reject connection if the IP reputation is under 20 |
| 592 | tcp-request content reject if { var(sess.iprep.ip_score) -m int lt 20 } |
| 593 | |
| 594 | default_backend http-servers |
| 595 | |
| 596 | backend http-servers |
| 597 | mode http |
| 598 | server http A.B.C.D:80 |
| 599 | |
| 600 | backend iprep-servers |
| 601 | mode tcp |
| 602 | balance roundrobin |
| 603 | |
| 604 | timeout connect 5s # greater than hello timeout |
| 605 | timeout server 3m # greater than idle timeout |
| 606 | |
| 607 | server iprep1 A1.B1.C1.D1:12345 |
| 608 | server iprep2 A2.B2.C2.D2:12345 |
| 609 | |
| 610 | #### |
| 611 | ### spoe-ip-reputation.conf |
| 612 | [ip-reputation] |
| 613 | |
| 614 | spoe-agent iprep-agent |
| 615 | messages get-ip-reputation |
| 616 | |
| 617 | option var-prefix iprep |
| 618 | |
Christopher Faulet | 03a3449 | 2016-11-19 16:47:56 +0100 | [diff] [blame] | 619 | timeout hello 2s |
| 620 | timeout idle 2m |
| 621 | timeout processing 10ms |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 622 | |
| 623 | use-backend iprep-servers |
| 624 | |
| 625 | spoe-message get-ip-reputation |
| 626 | args ip=src |
Christopher Faulet | 57583e4 | 2017-09-04 15:41:09 +0200 | [diff] [blame] | 627 | event on-client-session if ! { src -f /etc/haproxy/whitelist.lst } |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 628 | |
| 629 | |
| 630 | 3. SPOP specification |
| 631 | ---------------------- |
| 632 | |
| 633 | 3.1. Data types |
| 634 | ---------------- |
| 635 | |
| 636 | Here is the bytewise representation of typed data: |
| 637 | |
| 638 | TYPED-DATA : <TYPE:4 bits><FLAGS:4 bits><DATA> |
| 639 | |
| 640 | Supported types and their representation are: |
| 641 | |
| 642 | TYPE | ID | DESCRIPTION |
| 643 | -----------------------------+-----+---------------------------------- |
| 644 | NULL | 0 | NULL : <0> |
| 645 | Boolean | 1 | BOOL : <1+FLAG> |
| 646 | 32bits signed integer | 2 | INT32 : <2><VALUE:varint> |
| 647 | 32bits unsigned integer | 3 | UINT32 : <3><VALUE:varint> |
| 648 | 64bits signed integer | 4 | INT64 : <4><VALUE:varint> |
| 649 | 32bits unsigned integer | 5 | UNIT64 : <5><VALUE:varint> |
| 650 | IPV4 | 6 | IPV4 : <6><STRUCT IN_ADDR:4 bytes> |
| 651 | IPV6 | 7 | IPV6 : <7><STRUCT IN_ADDR6:16 bytes> |
| 652 | String | 8 | STRING : <8><LENGTH:varint><BYTES> |
| 653 | Binary | 9 | BINARY : <9><LENGTH:varint><BYTES> |
| 654 | 10 -> 15 unused/reserved | - | - |
| 655 | -----------------------------+-----+---------------------------------- |
| 656 | |
| 657 | Variable-length integer (varint) are encoded using Peers encoding: |
| 658 | |
| 659 | |
| 660 | 0 <= X < 240 : 1 byte (7.875 bits) [ XXXX XXXX ] |
| 661 | 240 <= X < 2288 : 2 bytes (11 bits) [ 1111 XXXX ] [ 0XXX XXXX ] |
| 662 | 2288 <= X < 264432 : 3 bytes (18 bits) [ 1111 XXXX ] [ 1XXX XXXX ] [ 0XXX XXXX ] |
| 663 | 264432 <= X < 33818864 : 4 bytes (25 bits) [ 1111 XXXX ] [ 1XXX XXXX ]*2 [ 0XXX XXXX ] |
| 664 | 33818864 <= X < 4328786160 : 5 bytes (32 bits) [ 1111 XXXX ] [ 1XXX XXXX ]*3 [ 0XXX XXXX ] |
| 665 | ... |
| 666 | |
| 667 | For booleans, the value (true or false) is the first bit in the FLAGS |
| 668 | bitfield. if this bit is set to 0, then the boolean is evaluated as false, |
| 669 | otherwise, the boolean is evaluated as true. |
| 670 | |
| 671 | 3.2. Frames |
| 672 | ------------ |
| 673 | |
| 674 | Exchange between HAProxy and agents are made using FRAME packets. All frames |
| 675 | must be prefixed with their size encoded on 4 bytes in network byte order: |
| 676 | |
| 677 | <FRAME-LENGTH:4 bytes> <FRAME> |
| 678 | |
| 679 | A frame always starts with its type, on one byte, followed by metadata |
| 680 | containing flags, on 4 bytes and a two variable-length integer representing the |
| 681 | stream identifier and the frame identifier inside the stream: |
| 682 | |
| 683 | FRAME : <FRAME-TYPE:1 byte> <METADATA> <FRAME-PAYLOAD> |
| 684 | METADATA : <FLAGS:4 bytes> <STREAM-ID:varint> <FRAME-ID:varint> |
| 685 | |
| 686 | Then comes the frame payload. Depending on the frame type, the payload can be |
| 687 | of three types: a simple key/value list, a list of messages or a list of |
| 688 | actions. |
| 689 | |
| 690 | FRAME-PAYLOAD : <LIST-OF-MESSAGES> | <LIST-OF-ACTIONS> | <KV-LIST> |
| 691 | |
| 692 | LIST-OF-MESSAGES : [ <MESSAGE-NAME> <NB-ARGS:1 byte> <KV-LIST> ... ] |
| 693 | MESSAGE-NAME : <STRING> |
| 694 | |
| 695 | LIST-OF-ACTIONS : [ <ACTION-TYPE:1 byte> <NB-ARGS:1 byte> <ACTION-ARGS> ... ] |
| 696 | ACTION-ARGS : [ <TYPED-DATA>... ] |
| 697 | |
| 698 | KV-LIST : [ <KV-NAME> <KV-VALUE> ... ] |
| 699 | KV-NAME : <STRING> |
| 700 | KV-VALUE : <TYPED-DATA> |
| 701 | |
Thierry FOURNIER | c4dcaff | 2018-05-18 12:25:39 +0200 | [diff] [blame] | 702 | FLAGS : |
| 703 | |
| 704 | Flags are a 32 bits field. They are encoded on 4 bytes in network byte |
| 705 | order, where the bit 0 is the LSB. |
| 706 | |
| 707 | 0 1 2-31 |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 708 | +---+---+----------+ |
| 709 | | | A | | |
| 710 | | F | B | | |
| 711 | | I | O | RESERVED | |
| 712 | | N | R | | |
| 713 | | | T | | |
| 714 | +---+---+----------+ |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 715 | |
| 716 | FIN: Indicates that this is the final payload fragment. The first fragment |
| 717 | may also be the final fragment. |
| 718 | |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 719 | ABORT: Indicates that the processing of the current frame must be |
| 720 | cancelled. This bit should be set on frames with a fragmented |
| 721 | payload. It can be ignore for frames with an unfragemnted |
| 722 | payload. When it is set, the FIN bit must also be set. |
| 723 | |
| 724 | |
Joseph Herlant | 71b4b15 | 2018-11-13 16:55:16 -0800 | [diff] [blame] | 725 | Frames cannot exceed a maximum size negotiated between HAProxy and agents |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 726 | during the HELLO handshake. Most of time, payload will be small enough to send |
| 727 | it in one frame. But when supported by the peer, it will be possible to |
| 728 | fragment huge payload on many frames. This ability is announced during the |
| 729 | HELLO handshake and it can be asynmetric (supported by agents but not by |
| 730 | HAProxy or the opposite). The following rules apply to fragmentation: |
| 731 | |
| 732 | * An unfragemnted payload consists of a single frame with the FIN bit set. |
| 733 | |
| 734 | * A fragemented payload consists of several frames with the FIN bit clear and |
| 735 | terminated by a single frame with the FIN bit set. All these frames must |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 736 | share the same STREAM-ID and FRAME-ID. The first frame must set the right |
| 737 | FRAME-TYPE (e.g, NOTIFY). The following frames must have an unset type (0). |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 738 | |
| 739 | Beside the support of fragmented payload by a peer, some payload must not be |
| 740 | fragmented. See below for details. |
| 741 | |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 742 | IMPORTANT : The maximum size supported by peers for a frame must be greater |
| 743 | than or equal to 256 bytes. |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 744 | |
| 745 | 3.2.1. Frame capabilities |
| 746 | -------------------------- |
| 747 | |
| 748 | Here are the list of official capabilities that HAProxy and agents can support: |
| 749 | |
Christopher Faulet | a1cda02 | 2016-12-21 08:58:06 +0100 | [diff] [blame] | 750 | * fragmentation: This is the ability for a peer to support fragmented |
| 751 | payload in received frames. This is an asymmectical |
| 752 | capability, it only concerns the peer that announces |
| 753 | it. This is the responsibility to the other peer to use it |
| 754 | or not. |
| 755 | |
| 756 | * pipelining: This is the ability for a peer to decouple NOTIFY and ACK |
| 757 | frames. This is a symmectical capability. To be used, it must |
Willy Tarreau | 714f345 | 2021-05-09 06:47:26 +0200 | [diff] [blame] | 758 | be supported by HAProxy and agents. Unlike HTTP pipelining, the |
Christopher Faulet | a1cda02 | 2016-12-21 08:58:06 +0100 | [diff] [blame] | 759 | ACK frames can be send in any order, but always on the same TCP |
| 760 | connection used for the corresponding NOTIFY frame. |
| 761 | |
| 762 | * async: This ability is similar to the pipelining, but here any TCP |
| 763 | connection established between HAProxy and the agent can be used to |
| 764 | send ACK frames. if an agent accepts connections from multiple |
| 765 | HAProxy, it can use the "engine-id" value to group TCP |
| 766 | connections. See details about HAPROXY-HELLO frame. |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 767 | |
| 768 | Unsupported or unknown capabilities are silently ignored, when possible. |
| 769 | |
Christopher Faulet | 9536ad7 | 2021-03-02 10:05:03 +0100 | [diff] [blame] | 770 | NOTE: HAProxy does not support the fragmentation for now. This means it is not |
| 771 | able to handle fragmented frames. However, if an agent announces the |
| 772 | fragmentation support, HAProxy may choose to send fragemented frames. |
| 773 | |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 774 | 3.2.2. Frame types overview |
| 775 | ---------------------------- |
| 776 | |
| 777 | Here are types of frame supported by SPOE. Frames sent by HAProxy come first, |
| 778 | then frames sent by agents : |
| 779 | |
| 780 | TYPE | ID | DESCRIPTION |
| 781 | -----------------------------+-----+------------------------------------- |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 782 | UNSET | 0 | Used for all frames but the first when a |
| 783 | | | payload is fragmented. |
| 784 | -----------------------------+-----+------------------------------------- |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 785 | HAPROXY-HELLO | 1 | Sent by HAProxy when it opens a |
| 786 | | | connection on an agent. |
| 787 | | | |
| 788 | HAPROXY-DISCONNECT | 2 | Sent by HAProxy when it want to close |
| 789 | | | the connection or in reply to an |
| 790 | | | AGENT-DISCONNECT frame |
| 791 | | | |
| 792 | NOTIFY | 3 | Sent by HAProxy to pass information |
| 793 | | | to an agent |
| 794 | -----------------------------+-----+------------------------------------- |
| 795 | AGENT-HELLO | 101 | Reply to a HAPROXY-HELLO frame, when |
| 796 | | | the connection is established |
| 797 | | | |
| 798 | AGENT-DISCONNECT | 102 | Sent by an agent just before closing |
| 799 | | | the connection |
| 800 | | | |
| 801 | ACK | 103 | Sent to acknowledge a NOTIFY frame |
| 802 | -----------------------------+-----+------------------------------------- |
| 803 | |
| 804 | Unknown frames may be silently skipped. |
| 805 | |
| 806 | 3.2.3. Workflow |
| 807 | ---------------- |
| 808 | |
| 809 | * Successful HELLO handshake: |
| 810 | |
| 811 | HAPROXY AGENT SRV |
| 812 | | HAPROXY-HELLO | |
Christopher Faulet | ba7bc16 | 2016-11-07 21:07:38 +0100 | [diff] [blame] | 813 | | (healthcheck: false) | |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 814 | | --------------------------> | |
| 815 | | | |
| 816 | | AGENT-HELLO | |
| 817 | | <-------------------------- | |
| 818 | | | |
| 819 | |
Christopher Faulet | ba7bc16 | 2016-11-07 21:07:38 +0100 | [diff] [blame] | 820 | * Successful HELLO healthcheck: |
| 821 | |
| 822 | HAPROXY AGENT SRV |
| 823 | | HAPROXY-HELLO | |
| 824 | | (healthcheck: true) | |
| 825 | | --------------------------> | |
| 826 | | | |
| 827 | | AGENT-HELLO + close() | |
| 828 | | <-------------------------- | |
| 829 | | | |
| 830 | |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 831 | |
| 832 | * Error encountered by agent during the HELLO handshake: |
| 833 | |
| 834 | HAPROXY AGENT SRV |
| 835 | | HAPROXY-HELLO | |
| 836 | | --------------------------> | |
| 837 | | | |
| 838 | | DISCONNECT + close() | |
| 839 | | <-------------------------- | |
| 840 | | | |
| 841 | |
| 842 | * Error encountered by HAProxy during the HELLO handshake: |
| 843 | |
| 844 | HAPROXY AGENT SRV |
| 845 | | HAPROXY-HELLO | |
| 846 | | --------------------------> | |
| 847 | | | |
| 848 | | AGENT-HELLO | |
| 849 | | <-------------------------- | |
| 850 | | | |
| 851 | | DISCONNECT | |
| 852 | | --------------------------> | |
| 853 | | | |
| 854 | | DISCONNECT + close() | |
| 855 | | <-------------------------- | |
| 856 | | | |
| 857 | |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 858 | * Notify / Ack exchange (unfragmented payload): |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 859 | |
| 860 | HAPROXY AGENT SRV |
| 861 | | NOTIFY | |
| 862 | | --------------------------> | |
| 863 | | | |
| 864 | | ACK | |
| 865 | | <-------------------------- | |
| 866 | | | |
| 867 | |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 868 | * Notify / Ack exchange (fragmented payload): |
| 869 | |
| 870 | HAPROXY AGENT SRV |
| 871 | | NOTIFY (frag 1) | |
| 872 | | --------------------------> | |
| 873 | | | |
| 874 | | UNSET (frag 2) | |
| 875 | | --------------------------> | |
| 876 | | ... | |
| 877 | | UNSET (frag N) | |
| 878 | | --------------------------> | |
| 879 | | | |
| 880 | | ACK | |
| 881 | | <-------------------------- | |
| 882 | | | |
| 883 | |
| 884 | * Aborted fragmentation of a NOTIFY frame: |
| 885 | |
| 886 | HAPROXY AGENT SRV |
| 887 | | ... | |
| 888 | | UNSET (frag X) | |
| 889 | | --------------------------> | |
| 890 | | | |
| 891 | | ACK/ABORT | |
| 892 | | <-------------------------- | |
| 893 | | | |
| 894 | | UNSET (frag X+1) | |
| 895 | | -----------X | |
| 896 | | | |
| 897 | | | |
| 898 | |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 899 | * Connection closed by haproxy: |
| 900 | |
| 901 | HAPROXY AGENT SRV |
| 902 | | DISCONNECT | |
| 903 | | --------------------------> | |
| 904 | | | |
| 905 | | DISCONNECT + close() | |
| 906 | | <-------------------------- | |
| 907 | | | |
| 908 | |
| 909 | * Connection closed by agent: |
| 910 | |
| 911 | HAPROXY AGENT SRV |
| 912 | | DISCONNECT + close() | |
| 913 | | <-------------------------- | |
| 914 | | | |
| 915 | |
| 916 | 3.2.4. Frame: HAPROXY-HELLO |
| 917 | ---------------------------- |
| 918 | |
| 919 | This frame is the first one exchanged between HAProxy and an agent, when the |
| 920 | connection is established. The payload of this frame is a KV-LIST. It cannot be |
| 921 | fragmented. STREAM-ID and FRAME-ID are must be set 0. |
| 922 | |
| 923 | Following items are mandatory in the KV-LIST: |
| 924 | |
| 925 | * "supported-versions" <STRING> |
| 926 | |
| 927 | Last SPOP major versions supported by HAProxy. It is a comma-separated list |
| 928 | of versions, following the format "Major.Minor". Spaces must be ignored, if |
| 929 | any. When a major version is announced by HAProxy, it means it also support |
| 930 | all previous minor versions. |
| 931 | |
| 932 | Example: "2.0, 1.5" means HAProxy supports SPOP 2.0 and 1.0 to 1.5 |
| 933 | |
| 934 | * "max-frame-size" <UINT32> |
| 935 | |
| 936 | This is the maximum size allowed for a frame. The HAPROXY-HELLO frame must |
| 937 | be lower or equal to this value. |
| 938 | |
| 939 | * "capabilities" <STRING> |
| 940 | |
| 941 | This a comma-separated list of capabilities supported by HAProxy. Spaces |
| 942 | must be ignored, if any. |
| 943 | |
Christopher Faulet | ba7bc16 | 2016-11-07 21:07:38 +0100 | [diff] [blame] | 944 | Following optional items can be added in the KV-LIST: |
| 945 | |
| 946 | * "healthcheck" <BOOLEAN> |
| 947 | |
| 948 | If this item is set to TRUE, then the HAPROXY-HELLO frame is sent during a |
| 949 | SPOE health check. When set to FALSE, this item can be ignored. |
| 950 | |
Christopher Faulet | a1cda02 | 2016-12-21 08:58:06 +0100 | [diff] [blame] | 951 | * "engine-id" <STRING> |
| 952 | |
| 953 | This is a uniq string that identify a SPOE engine. |
| 954 | |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 955 | To finish the HELLO handshake, the agent must return an AGENT-HELLO frame with |
| 956 | its supported SPOP version, the lower value between its maximum size allowed |
| 957 | for a frame and the HAProxy one and capabilities it supports. If an error |
| 958 | occurs or if an incompatibility is detected with the agent configuration, an |
| 959 | AGENT-DISCONNECT frame must be returned. |
| 960 | |
| 961 | 3.2.5. Frame: AGENT-HELLO |
| 962 | -------------------------- |
| 963 | |
| 964 | This frame is sent in reply to a HAPROXY-HELLO frame to finish a HELLO |
| 965 | handshake. As for HAPROXY-HELLO frame, STREAM-ID and FRAME-ID are also set |
| 966 | 0. The payload of this frame is a KV-LIST and it cannot be fragmented. |
| 967 | |
| 968 | Following items are mandatory in the KV-LIST: |
| 969 | |
| 970 | * "version" <STRING> |
| 971 | |
| 972 | This is the SPOP version the agent supports. It must follow the format |
| 973 | "Major.Minor" and it must be lower or equal than one of major versions |
| 974 | announced by HAProxy. |
| 975 | |
| 976 | * "max-frame-size" <UINT32> |
| 977 | |
| 978 | This is the maximum size allowed for a frame. It must be lower or equal to |
| 979 | the value in the HAPROXY-HELLO frame. This value will be used for all |
| 980 | subsequent frames. |
| 981 | |
| 982 | * "capabilities" <STRING> |
| 983 | |
| 984 | This a comma-separated list of capabilities supported by agent. Spaces must |
| 985 | be ignored, if any. |
| 986 | |
| 987 | At this time, if everything is ok for HAProxy (supported version and valid |
| 988 | max-frame-size value), the HELLO handshake is successfully completed. Else, |
| 989 | HAProxy sends a HAPROXY-DISCONNECT frame with the corresponding error. |
| 990 | |
Christopher Faulet | ba7bc16 | 2016-11-07 21:07:38 +0100 | [diff] [blame] | 991 | If "healthcheck" item was set to TRUE in the HAPROXY-HELLO frame, the agent can |
| 992 | safely close the connection without DISCONNECT frame. In all cases, HAProxy |
Ilya Shipitsin | 11057a3 | 2020-06-21 21:18:27 +0500 | [diff] [blame] | 993 | will close the connection at the end of the health check. |
Christopher Faulet | ba7bc16 | 2016-11-07 21:07:38 +0100 | [diff] [blame] | 994 | |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 995 | 3.2.6. Frame: NOTIFY |
| 996 | --------------------- |
| 997 | |
| 998 | Information are sent to the agents inside NOTIFY frames. These frames are |
| 999 | attached to a stream, so STREAM-ID and FRAME-ID must be set. The payload of |
| 1000 | NOTIFY frames is a LIST-OF-MESSAGES and, if supported by agents, it can be |
| 1001 | fragmented. |
| 1002 | |
| 1003 | NOTIFY frames must be acknowledge by agents sending an ACK frame, repeating |
| 1004 | right STREAM-ID and FRAME-ID. |
| 1005 | |
| 1006 | 3.2.7. Frame: ACK |
| 1007 | ------------------ |
| 1008 | |
| 1009 | ACK frames must be sent by agents to reply to NOTIFY frames. STREAM-ID and |
| 1010 | FRAME-ID found in a NOTIFY frame must be reuse in the corresponding ACK |
| 1011 | frame. The payload of ACK frames is a LIST-OF-ACTIONS and, if supported by |
| 1012 | HAProxy, it can be fragmented. |
| 1013 | |
| 1014 | 3.2.8. Frame: HAPROXY-DISCONNECT |
| 1015 | --------------------------------- |
| 1016 | |
| 1017 | If an error occurs, at anytime, from the HAProxy side, a HAPROXY-DISCONNECT |
| 1018 | frame is sent with information describing the error. HAProxy will wait an |
| 1019 | AGENT-DISCONNECT frame in reply. All other frames will be ignored. The agent |
| 1020 | must then close the socket. |
| 1021 | |
| 1022 | The payload of this frame is a KV-LIST. It cannot be fragmented. STREAM-ID and |
| 1023 | FRAME-ID are must be set 0. |
| 1024 | |
| 1025 | Following items are mandatory in the KV-LIST: |
| 1026 | |
| 1027 | * "status-code" <UINT32> |
| 1028 | |
| 1029 | This is the code corresponding to the error. |
| 1030 | |
| 1031 | * "message" <STRING> |
| 1032 | |
| 1033 | This is a textual message describing the error. |
| 1034 | |
| 1035 | For more information about known errors, see section "Errors & timeouts" |
| 1036 | |
| 1037 | 3.2.9. Frame: AGENT-DISCONNECT |
| 1038 | ------------------------------- |
| 1039 | |
| 1040 | If an error occurs, at anytime, from the agent size, a AGENT-DISCONNECT frame |
Michael Prokop | 4438c60 | 2019-05-24 10:25:45 +0200 | [diff] [blame] | 1041 | is sent, with information describing the error. such frame is also sent in reply |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 1042 | to a HAPROXY-DISCONNECT. The agent must close the socket just after sending |
| 1043 | this frame. |
| 1044 | |
| 1045 | The payload of this frame is a KV-LIST. It cannot be fragmented. STREAM-ID and |
| 1046 | FRAME-ID are must be set 0. |
| 1047 | |
| 1048 | Following items are mandatory in the KV-LIST: |
| 1049 | |
| 1050 | * "status-code" <UINT32> |
| 1051 | |
| 1052 | This is the code corresponding to the error. |
| 1053 | |
| 1054 | * "message" <STRING> |
| 1055 | |
| 1056 | This is a textual message describing the error. |
| 1057 | |
| 1058 | For more information about known errors, see section "Errors & timeouts" |
| 1059 | |
| 1060 | 3.3. Events & Messages |
| 1061 | ----------------------- |
| 1062 | |
| 1063 | Information about streams are sent in NOTIFY frames. You can specify which kind |
| 1064 | of information to send by defining "spoe-message" sections in your SPOE |
| 1065 | configuration file. for each "spoe-message" there will be a message in a NOTIFY |
| 1066 | frame when the right event is triggered. |
| 1067 | |
| 1068 | A NOTIFY frame is sent for an specific event when there is at least one |
| 1069 | "spoe-message" attached to this event. All messages for an event will be added |
| 1070 | in the same NOTIFY frame. |
| 1071 | |
| 1072 | Here is the list of supported events: |
| 1073 | |
| 1074 | * on-client-session is triggered when a new client session is created. |
| 1075 | This event is only available for SPOE filters |
| 1076 | declared in a frontend or a listen section. |
| 1077 | |
| 1078 | * on-frontend-tcp-request is triggered just before the evaluation of |
| 1079 | "tcp-request content" rules on the frontend side. |
| 1080 | This event is only available for SPOE filters |
| 1081 | declared in a frontend or a listen section. |
| 1082 | |
| 1083 | * on-backend-tcp-request is triggered just before the evaluation of |
| 1084 | "tcp-request content" rules on the backend side. |
| 1085 | This event is skipped for SPOE filters declared |
| 1086 | in a listen section. |
| 1087 | |
| 1088 | * on-frontend-http-request is triggered just before the evaluation of |
| 1089 | "http-request" rules on the frontend side. This |
| 1090 | event is only available for SPOE filters declared |
| 1091 | in a frontend or a listen section. |
| 1092 | |
| 1093 | * on-backend-http-request is triggered just before the evaluation of |
| 1094 | "http-request" rules on the backend side. This |
| 1095 | event is skipped for SPOE filters declared in a |
| 1096 | listen section. |
| 1097 | |
| 1098 | * on-server-session is triggered when the session with the server is |
| 1099 | established. |
| 1100 | |
| 1101 | * on-tcp-response is triggered just before the evaluation of |
| 1102 | "tcp-response content" rules. |
| 1103 | |
| 1104 | * on-http-response is triggered just before the evaluation of |
| 1105 | "http-response" rules. |
| 1106 | |
| 1107 | |
| 1108 | The stream processing will loop on these events, when triggered, waiting the |
| 1109 | agent reply. |
| 1110 | |
| 1111 | 3.4. Actions |
| 1112 | ------------- |
| 1113 | |
| 1114 | An agent must acknowledge each NOTIFY frame by sending the corresponding ACK |
| 1115 | frame. Actions can be added in these frames to dynamically take action on the |
| 1116 | processing of a stream. |
| 1117 | |
| 1118 | Here is the list of supported actions: |
| 1119 | |
| 1120 | * set-var set the value for an existing variable. 3 arguments must be |
| 1121 | attached to this action: the variable scope (proc, sess, txn, |
Kevin Zhu | 730323e | 2018-06-01 05:38:00 +0200 | [diff] [blame] | 1122 | req or res), the variable name (a string) and its value. |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 1123 | |
| 1124 | ACTION-SET-VAR : <SET-VAR:1 byte><NB-ARGS:1 byte><VAR-SCOPE:1 byte><VAR-NAME><VAR-VALUE> |
| 1125 | |
| 1126 | SET-VAR : <1> |
| 1127 | NB-ARGS : <3> |
| 1128 | VAR-SCOPE : <PROCESS> | <SESSION> | <TRANSACTION> | <REQUEST> | <RESPONSE> |
| 1129 | VAR-NAME : <STRING> |
| 1130 | VAR-VALUE : <TYPED-DATA> |
| 1131 | |
| 1132 | PROCESS : <0> |
| 1133 | SESSION : <1> |
| 1134 | TRANSACTION : <2> |
| 1135 | REQUEST : <3> |
Christopher Faulet | a1cda02 | 2016-12-21 08:58:06 +0100 | [diff] [blame] | 1136 | RESPONSE : <4> |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 1137 | |
| 1138 | * unset-var unset the value for an existing variable. 2 arguments must be |
| 1139 | attached to this action: the variable scope (proc, sess, txn, |
Kevin Zhu | 730323e | 2018-06-01 05:38:00 +0200 | [diff] [blame] | 1140 | req or res) and the variable name (a string). |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 1141 | |
Christopher Faulet | 1002aac | 2016-12-09 17:41:54 +0100 | [diff] [blame] | 1142 | ACTION-UNSET-VAR : <UNSET-VAR:1 byte><NB-ARGS:1 byte><VAR-SCOPE:1 byte><VAR-NAME> |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 1143 | |
Christopher Faulet | 1002aac | 2016-12-09 17:41:54 +0100 | [diff] [blame] | 1144 | UNSET-VAR : <2> |
| 1145 | NB-ARGS : <2> |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 1146 | VAR-SCOPE : <PROCESS> | <SESSION> | <TRANSACTION> | <REQUEST> | <RESPONSE> |
| 1147 | VAR-NAME : <STRING> |
| 1148 | |
| 1149 | PROCESS : <0> |
| 1150 | SESSION : <1> |
| 1151 | TRANSACTION : <2> |
| 1152 | REQUEST : <3> |
Christopher Faulet | a1cda02 | 2016-12-21 08:58:06 +0100 | [diff] [blame] | 1153 | RESPONSE : <4> |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 1154 | |
| 1155 | |
| 1156 | NOTE: Name of the variables will be automatically prefixed by HAProxy to avoid |
| 1157 | name clashes with other variables used in HAProxy. Moreover, unknown |
| 1158 | variable will be silently ignored. |
| 1159 | |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 1160 | 3.5. Errors & timeouts |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 1161 | ---------------------- |
| 1162 | |
| 1163 | Here is the list of all known errors: |
| 1164 | |
| 1165 | STATUS CODE | DESCRIPTION |
| 1166 | ----------------+-------------------------------------------------------- |
| 1167 | 0 | normal (no error occurred) |
| 1168 | 1 | I/O error |
| 1169 | 2 | A timeout occurred |
| 1170 | 3 | frame is too big |
| 1171 | 4 | invalid frame received |
| 1172 | 5 | version value not found |
| 1173 | 6 | max-frame-size value not found |
| 1174 | 7 | capabilities value not found |
| 1175 | 8 | unsupported version |
| 1176 | 9 | max-frame-size too big or too small |
Christopher Faulet | d1307ce | 2017-02-27 21:59:39 +0100 | [diff] [blame] | 1177 | 10 | payload fragmentation is not supported |
| 1178 | 11 | invalid interlaced frames |
| 1179 | 12 | frame-id not found (it does not match any referenced frame) |
| 1180 | 13 | resource allocation error |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 1181 | 99 | an unknown error occurrde |
| 1182 | ----------------+-------------------------------------------------------- |
| 1183 | |
| 1184 | An agent can define its own errors using a not yet assigned status code. |
| 1185 | |
Christopher Faulet | ea62c2a | 2016-11-14 10:54:21 +0100 | [diff] [blame] | 1186 | IMPORTANT NOTE: By default, for a specific stream, when an abnormal/unexpected |
| 1187 | error occurs, the SPOE is disabled for all the transaction. So |
| 1188 | if you have several events configured, such error on an event |
Ilya Shipitsin | 11057a3 | 2020-06-21 21:18:27 +0500 | [diff] [blame] | 1189 | will disabled all following. For TCP streams, this will |
Christopher Faulet | ea62c2a | 2016-11-14 10:54:21 +0100 | [diff] [blame] | 1190 | disable the SPOE for the whole session. For HTTP streams, this |
| 1191 | will disable it for the transaction (request and response). |
| 1192 | See 'option continue-on-error' to bypass this limitation. |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 1193 | |
Joseph Herlant | 71b4b15 | 2018-11-13 16:55:16 -0800 | [diff] [blame] | 1194 | To avoid a stream to wait undefinetly, you must carefully choose the |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 1195 | acknowledgement timeout. In most of cases, it will be quiet low. But it depends |
| 1196 | on the responsivness of your service. |
| 1197 | |
| 1198 | You must also choose idle timeout carefully. Because connection with your |
| 1199 | service depends on the backend configuration used by the SPOA, it is important |
| 1200 | to use a lower value for idle timeout than the server timeout. Else the |
| 1201 | connection will be closed by HAProxy. The same is true for hello timeout. You |
| 1202 | should choose a lower value than the connect timeout. |
| 1203 | |
Christopher Faulet | b2dd1e0 | 2018-03-22 09:07:41 +0100 | [diff] [blame] | 1204 | 4. Logging |
| 1205 | ----------- |
| 1206 | |
| 1207 | Activity of an SPOE is logged using HAProxy's logger. The messages are logged |
| 1208 | in the context of the streams that handle the client and the server |
| 1209 | connections. A message is emitted for each event or group handled by an |
| 1210 | SPOE. Depending on the status code, the log level will be different. In the |
| 1211 | normal case, when no error occurred, the message is logged with the level |
| 1212 | LOG_NOTICE. Otherwise, the message is logged with the level LOG_WARNING. |
| 1213 | |
Christopher Faulet | 3b8e349 | 2018-03-26 17:20:58 +0200 | [diff] [blame] | 1214 | The messages are logged using the agent's logger, if defined, and use the |
| 1215 | following format: |
Christopher Faulet | b2dd1e0 | 2018-03-22 09:07:41 +0100 | [diff] [blame] | 1216 | |
Christopher Faulet | 6e0d5e7 | 2018-04-26 14:25:43 +0200 | [diff] [blame] | 1217 | SPOE: [AGENT] <TYPE:NAME> sid=STREAM-ID st=STATUS-CODE reqT/qT/wT/resT/pT \ |
Christopher Faulet | caf2fec | 2018-04-04 10:25:50 +0200 | [diff] [blame] | 1218 | <idles>/<applets> <nb_sending>/<nb_waiting> <nb_error>/<nb_processed> |
Christopher Faulet | b2dd1e0 | 2018-03-22 09:07:41 +0100 | [diff] [blame] | 1219 | |
| 1220 | AGENT is the agent name |
| 1221 | TYPE is EVENT of GROUP |
| 1222 | NAME is the event or the group name |
| 1223 | STREAM-ID is an integer, the unique id of the stream |
| 1224 | STATUS_CODE is the processing's status code |
| 1225 | reqT/qT/wT/resT/pT are the following time events: |
| 1226 | |
| 1227 | * reqT : the encoding time. It includes ACLs processing, if any. For |
| 1228 | fragmented frames, it is the sum of all fragments. |
| 1229 | * qT : the delay before the request gets out the sending queue. For |
| 1230 | fragmented frames, it is the sum of all fragments. |
Joseph Herlant | 71b4b15 | 2018-11-13 16:55:16 -0800 | [diff] [blame] | 1231 | * wT : the delay before the response is received. No fragmentation |
Christopher Faulet | b2dd1e0 | 2018-03-22 09:07:41 +0100 | [diff] [blame] | 1232 | supported here. |
| 1233 | * resT : the delay to process the response. No fragmentation supported |
Christopher Faulet | 36bda1c | 2018-03-22 09:08:20 +0100 | [diff] [blame] | 1234 | here. |
Christopher Faulet | b2dd1e0 | 2018-03-22 09:07:41 +0100 | [diff] [blame] | 1235 | * pT : the delay to process the event or the group. From the stream |
Christopher Faulet | 36bda1c | 2018-03-22 09:08:20 +0100 | [diff] [blame] | 1236 | point of view, it is the latency added by the SPOE processing. |
| 1237 | It is more or less the sum of values above. |
Christopher Faulet | b2dd1e0 | 2018-03-22 09:07:41 +0100 | [diff] [blame] | 1238 | |
Christopher Faulet | caf2fec | 2018-04-04 10:25:50 +0200 | [diff] [blame] | 1239 | <idle> is the numbers of idle SPOE applets |
| 1240 | <applets> is the numbers of SPOE applets |
| 1241 | <nb_sending> is the numbers of streams waiting to send data |
| 1242 | <nb_waiting> is the numbers of streams waiting for a ack |
| 1243 | <nb_error> is the numbers of processing errors |
| 1244 | <nb_processed> is the numbers of events/groups processed |
| 1245 | |
| 1246 | |
Christopher Faulet | b2dd1e0 | 2018-03-22 09:07:41 +0100 | [diff] [blame] | 1247 | For all these time events, -1 means the processing was interrupted before the |
| 1248 | end. So -1 for the queue time means the request was never dequeued. For |
| 1249 | fragmented frames it is harder to know when the interruption happened. |
Christopher Faulet | f7e4e7e | 2016-10-27 22:29:49 +0200 | [diff] [blame] | 1250 | |
| 1251 | /* |
| 1252 | * Local variables: |
| 1253 | * fill-column: 79 |
| 1254 | * End: |
| 1255 | */ |