Christopher Faulet | 78880fb | 2017-09-18 14:43:55 +0200 | [diff] [blame] | 1 | /* |
| 2 | * Action management functions. |
| 3 | * |
| 4 | * Copyright 2017 HAProxy Technologies, Christopher Faulet <cfaulet@haproxy.com> |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or |
| 7 | * modify it under the terms of the GNU General Public License |
| 8 | * as published by the Free Software Foundation; either version |
| 9 | * 2 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | */ |
| 12 | |
Willy Tarreau | 122eba9 | 2020-06-04 10:15:32 +0200 | [diff] [blame] | 13 | #include <haproxy/action.h> |
Willy Tarreau | 4c7e4b7 | 2020-05-27 12:58:42 +0200 | [diff] [blame] | 14 | #include <haproxy/api.h> |
Willy Tarreau | 36979d9 | 2020-06-05 17:27:29 +0200 | [diff] [blame] | 15 | #include <haproxy/errors.h> |
Willy Tarreau | b255105 | 2020-06-09 09:07:15 +0200 | [diff] [blame] | 16 | #include <haproxy/list.h> |
Willy Tarreau | 8efbdfb | 2020-06-04 11:29:21 +0200 | [diff] [blame] | 17 | #include <haproxy/obj_type.h> |
Willy Tarreau | d0ef439 | 2020-06-02 09:38:52 +0200 | [diff] [blame] | 18 | #include <haproxy/pool.h> |
Willy Tarreau | a264d96 | 2020-06-04 22:29:18 +0200 | [diff] [blame] | 19 | #include <haproxy/proxy.h> |
Willy Tarreau | b255105 | 2020-06-09 09:07:15 +0200 | [diff] [blame] | 20 | #include <haproxy/stick_table.h> |
Willy Tarreau | cea0e1b | 2020-06-04 17:25:40 +0200 | [diff] [blame] | 21 | #include <haproxy/task.h> |
Willy Tarreau | 48fbcae | 2020-06-03 18:09:46 +0200 | [diff] [blame] | 22 | #include <haproxy/tools.h> |
Christopher Faulet | 78880fb | 2017-09-18 14:43:55 +0200 | [diff] [blame] | 23 | |
Christopher Faulet | 78880fb | 2017-09-18 14:43:55 +0200 | [diff] [blame] | 24 | |
Christopher Faulet | ac98d81 | 2019-12-18 09:20:16 +0100 | [diff] [blame] | 25 | /* Find and check the target table used by an action track-sc*. This |
Christopher Faulet | 78880fb | 2017-09-18 14:43:55 +0200 | [diff] [blame] | 26 | * function should be called during the configuration validity check. |
| 27 | * |
| 28 | * The function returns 1 in success case, otherwise, it returns 0 and err is |
| 29 | * filled. |
| 30 | */ |
| 31 | int check_trk_action(struct act_rule *rule, struct proxy *px, char **err) |
| 32 | { |
Frédéric Lécaille | 1b8e68e | 2019-03-14 07:07:41 +0100 | [diff] [blame] | 33 | struct stktable *target; |
Christopher Faulet | 78880fb | 2017-09-18 14:43:55 +0200 | [diff] [blame] | 34 | |
| 35 | if (rule->arg.trk_ctr.table.n) |
Frédéric Lécaille | 1b8e68e | 2019-03-14 07:07:41 +0100 | [diff] [blame] | 36 | target = stktable_find_by_name(rule->arg.trk_ctr.table.n); |
Christopher Faulet | 78880fb | 2017-09-18 14:43:55 +0200 | [diff] [blame] | 37 | else |
Frédéric Lécaille | 1b8e68e | 2019-03-14 07:07:41 +0100 | [diff] [blame] | 38 | target = px->table; |
Christopher Faulet | 78880fb | 2017-09-18 14:43:55 +0200 | [diff] [blame] | 39 | |
| 40 | if (!target) { |
| 41 | memprintf(err, "unable to find table '%s' referenced by track-sc%d", |
Frédéric Lécaille | 1b8e68e | 2019-03-14 07:07:41 +0100 | [diff] [blame] | 42 | rule->arg.trk_ctr.table.n ? rule->arg.trk_ctr.table.n : px->id, |
Christopher Faulet | ac98d81 | 2019-12-18 09:20:16 +0100 | [diff] [blame] | 43 | rule->action); |
Christopher Faulet | 78880fb | 2017-09-18 14:43:55 +0200 | [diff] [blame] | 44 | return 0; |
| 45 | } |
Frédéric Lécaille | 1b8e68e | 2019-03-14 07:07:41 +0100 | [diff] [blame] | 46 | |
| 47 | if (!stktable_compatible_sample(rule->arg.trk_ctr.expr, target->type)) { |
Christopher Faulet | 78880fb | 2017-09-18 14:43:55 +0200 | [diff] [blame] | 48 | memprintf(err, "stick-table '%s' uses a type incompatible with the 'track-sc%d' rule", |
| 49 | rule->arg.trk_ctr.table.n ? rule->arg.trk_ctr.table.n : px->id, |
Christopher Faulet | ac98d81 | 2019-12-18 09:20:16 +0100 | [diff] [blame] | 50 | rule->action); |
Christopher Faulet | 78880fb | 2017-09-18 14:43:55 +0200 | [diff] [blame] | 51 | return 0; |
| 52 | } |
Frédéric Lécaille | 1b8e68e | 2019-03-14 07:07:41 +0100 | [diff] [blame] | 53 | else if (target->proxy && (px->bind_proc & ~target->proxy->bind_proc)) { |
Willy Tarreau | 151e1ca | 2019-02-05 11:38:38 +0100 | [diff] [blame] | 54 | memprintf(err, "stick-table '%s' referenced by 'track-sc%d' rule not present on all processes covered by proxy '%s'", |
Christopher Faulet | ac98d81 | 2019-12-18 09:20:16 +0100 | [diff] [blame] | 55 | target->id, rule->action, px->id); |
Willy Tarreau | 151e1ca | 2019-02-05 11:38:38 +0100 | [diff] [blame] | 56 | return 0; |
| 57 | } |
Christopher Faulet | 78880fb | 2017-09-18 14:43:55 +0200 | [diff] [blame] | 58 | else { |
Frédéric Lécaille | be36793 | 2019-08-07 09:28:39 +0200 | [diff] [blame] | 59 | if (!in_proxies_list(target->proxies_list, px)) { |
Frédéric Lécaille | 015e4d7 | 2019-03-19 14:55:01 +0100 | [diff] [blame] | 60 | px->next_stkt_ref = target->proxies_list; |
| 61 | target->proxies_list = px; |
| 62 | } |
Christopher Faulet | 78880fb | 2017-09-18 14:43:55 +0200 | [diff] [blame] | 63 | free(rule->arg.trk_ctr.table.n); |
Frédéric Lécaille | 1b8e68e | 2019-03-14 07:07:41 +0100 | [diff] [blame] | 64 | rule->arg.trk_ctr.table.t = target; |
Christopher Faulet | 78880fb | 2017-09-18 14:43:55 +0200 | [diff] [blame] | 65 | /* Note: if we decide to enhance the track-sc syntax, we may be |
| 66 | * able to pass a list of counters to track and allocate them |
| 67 | * right here using stktable_alloc_data_type(). |
| 68 | */ |
| 69 | } |
Christopher Faulet | ac98d81 | 2019-12-18 09:20:16 +0100 | [diff] [blame] | 70 | |
Christopher Faulet | 2079a4a | 2020-10-02 11:48:57 +0200 | [diff] [blame] | 71 | if (rule->from == ACT_F_TCP_REQ_CNT && (px->cap & PR_CAP_FE)) { |
| 72 | if (!px->tcp_req.inspect_delay && !(rule->arg.trk_ctr.expr->fetch->val & SMP_VAL_FE_SES_ACC)) { |
| 73 | ha_warning("config : %s '%s' : a 'tcp-request content track-sc*' rule explicitly depending on request" |
| 74 | " contents without any 'tcp-request inspect-delay' setting." |
| 75 | " This means that this rule will randomly find its contents. This can be fixed by" |
| 76 | " setting the tcp-request inspect-delay.\n", |
| 77 | proxy_type_str(px), px->id); |
| 78 | } |
| 79 | |
| 80 | /* The following warning is emitted because HTTP multiplexers are able to catch errors |
| 81 | * or timeouts at the session level, before instantiating any stream. |
| 82 | * Thus the tcp-request content ruleset will not be evaluated in such case. It means, |
| 83 | * http_req and http_err counters will not be incremented as expected, even if the tracked |
| 84 | * counter does not use the request content. To track invalid requests it should be |
| 85 | * performed at the session level using a tcp-request session rule. |
| 86 | */ |
| 87 | if (px->mode == PR_MODE_HTTP && |
| 88 | !(rule->arg.trk_ctr.expr->fetch->use & (SMP_USE_L6REQ|SMP_USE_HRQHV|SMP_USE_HRQHP|SMP_USE_HRQBO)) && |
| 89 | (!rule->cond || !(rule->cond->use & (SMP_USE_L6REQ|SMP_USE_HRQHV|SMP_USE_HRQHP|SMP_USE_HRQBO)))) { |
| 90 | ha_warning("config : %s '%s' : a 'tcp-request content track-sc*' rule not depending on request" |
| 91 | " contents for an HTTP frontend should be executed at the session level, using a" |
| 92 | " 'tcp-request session' rule (mandatory to track invalid HTTP requests).\n", |
| 93 | proxy_type_str(px), px->id); |
| 94 | } |
Christopher Faulet | ac98d81 | 2019-12-18 09:20:16 +0100 | [diff] [blame] | 95 | } |
| 96 | |
Christopher Faulet | 78880fb | 2017-09-18 14:43:55 +0200 | [diff] [blame] | 97 | return 1; |
| 98 | } |
| 99 | |
Christopher Faulet | d73b96d | 2019-12-19 17:27:03 +0100 | [diff] [blame] | 100 | /* check a capture rule. This function should be called during the configuration |
| 101 | * validity check. |
| 102 | * |
| 103 | * The function returns 1 in success case, otherwise, it returns 0 and err is |
| 104 | * filled. |
| 105 | */ |
| 106 | int check_capture(struct act_rule *rule, struct proxy *px, char **err) |
| 107 | { |
| 108 | if (rule->from == ACT_F_TCP_REQ_CNT && (px->cap & PR_CAP_FE) && !px->tcp_req.inspect_delay && |
| 109 | !(rule->arg.trk_ctr.expr->fetch->val & SMP_VAL_FE_SES_ACC)) { |
| 110 | ha_warning("config : %s '%s' : a 'tcp-request capture' rule explicitly depending on request" |
| 111 | " contents without any 'tcp-request inspect-delay' setting." |
| 112 | " This means that this rule will randomly find its contents. This can be fixed by" |
| 113 | " setting the tcp-request inspect-delay.\n", |
| 114 | proxy_type_str(px), px->id); |
| 115 | } |
| 116 | |
| 117 | return 1; |
| 118 | } |
| 119 | |
Baptiste Assmann | 333939c | 2019-01-21 08:34:50 +0100 | [diff] [blame] | 120 | int act_resolution_cb(struct dns_requester *requester, struct dns_nameserver *nameserver) |
| 121 | { |
| 122 | struct stream *stream; |
| 123 | |
| 124 | if (requester->resolution == NULL) |
| 125 | return 0; |
| 126 | |
| 127 | stream = objt_stream(requester->owner); |
| 128 | if (stream == NULL) |
| 129 | return 0; |
| 130 | |
| 131 | task_wakeup(stream->task, TASK_WOKEN_MSG); |
| 132 | |
| 133 | return 0; |
| 134 | } |
| 135 | |
Emeric Brun | a8b60f2 | 2021-06-10 15:25:25 +0200 | [diff] [blame] | 136 | /* |
| 137 | * Do resolve error management callback |
| 138 | * returns: |
| 139 | * 0 if we can trash answser items. |
| 140 | * 1 when safely ignored and we must kept answer items |
| 141 | */ |
Baptiste Assmann | 333939c | 2019-01-21 08:34:50 +0100 | [diff] [blame] | 142 | int act_resolution_error_cb(struct dns_requester *requester, int error_code) |
| 143 | { |
| 144 | struct stream *stream; |
| 145 | |
| 146 | if (requester->resolution == NULL) |
| 147 | return 0; |
| 148 | |
| 149 | stream = objt_stream(requester->owner); |
| 150 | if (stream == NULL) |
| 151 | return 0; |
| 152 | |
| 153 | task_wakeup(stream->task, TASK_WOKEN_MSG); |
| 154 | |
| 155 | return 0; |
| 156 | } |
| 157 | |