blob: c4c263faf729e6b5a2ab5e3b015c4e9ddd406735 [file] [log] [blame]
Christopher Faulet78880fb2017-09-18 14:43:55 +02001/*
2 * Action management functions.
3 *
4 * Copyright 2017 HAProxy Technologies, Christopher Faulet <cfaulet@haproxy.com>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
Willy Tarreau122eba92020-06-04 10:15:32 +020013#include <haproxy/action.h>
Willy Tarreau4c7e4b72020-05-27 12:58:42 +020014#include <haproxy/api.h>
Willy Tarreau36979d92020-06-05 17:27:29 +020015#include <haproxy/errors.h>
Willy Tarreaub2551052020-06-09 09:07:15 +020016#include <haproxy/list.h>
Willy Tarreau8efbdfb2020-06-04 11:29:21 +020017#include <haproxy/obj_type.h>
Willy Tarreaud0ef4392020-06-02 09:38:52 +020018#include <haproxy/pool.h>
Willy Tarreaua264d962020-06-04 22:29:18 +020019#include <haproxy/proxy.h>
Willy Tarreaub2551052020-06-09 09:07:15 +020020#include <haproxy/stick_table.h>
Willy Tarreaucea0e1b2020-06-04 17:25:40 +020021#include <haproxy/task.h>
Willy Tarreau48fbcae2020-06-03 18:09:46 +020022#include <haproxy/tools.h>
Christopher Faulet78880fb2017-09-18 14:43:55 +020023
Christopher Faulet78880fb2017-09-18 14:43:55 +020024
Christopher Fauletac98d812019-12-18 09:20:16 +010025/* Find and check the target table used by an action track-sc*. This
Christopher Faulet78880fb2017-09-18 14:43:55 +020026 * function should be called during the configuration validity check.
27 *
28 * The function returns 1 in success case, otherwise, it returns 0 and err is
29 * filled.
30 */
31int check_trk_action(struct act_rule *rule, struct proxy *px, char **err)
32{
Frédéric Lécaille1b8e68e2019-03-14 07:07:41 +010033 struct stktable *target;
Christopher Faulet78880fb2017-09-18 14:43:55 +020034
35 if (rule->arg.trk_ctr.table.n)
Frédéric Lécaille1b8e68e2019-03-14 07:07:41 +010036 target = stktable_find_by_name(rule->arg.trk_ctr.table.n);
Christopher Faulet78880fb2017-09-18 14:43:55 +020037 else
Frédéric Lécaille1b8e68e2019-03-14 07:07:41 +010038 target = px->table;
Christopher Faulet78880fb2017-09-18 14:43:55 +020039
40 if (!target) {
41 memprintf(err, "unable to find table '%s' referenced by track-sc%d",
Frédéric Lécaille1b8e68e2019-03-14 07:07:41 +010042 rule->arg.trk_ctr.table.n ? rule->arg.trk_ctr.table.n : px->id,
Christopher Fauletac98d812019-12-18 09:20:16 +010043 rule->action);
Christopher Faulet78880fb2017-09-18 14:43:55 +020044 return 0;
45 }
Frédéric Lécaille1b8e68e2019-03-14 07:07:41 +010046
47 if (!stktable_compatible_sample(rule->arg.trk_ctr.expr, target->type)) {
Christopher Faulet78880fb2017-09-18 14:43:55 +020048 memprintf(err, "stick-table '%s' uses a type incompatible with the 'track-sc%d' rule",
49 rule->arg.trk_ctr.table.n ? rule->arg.trk_ctr.table.n : px->id,
Christopher Fauletac98d812019-12-18 09:20:16 +010050 rule->action);
Christopher Faulet78880fb2017-09-18 14:43:55 +020051 return 0;
52 }
Frédéric Lécaille1b8e68e2019-03-14 07:07:41 +010053 else if (target->proxy && (px->bind_proc & ~target->proxy->bind_proc)) {
Willy Tarreau151e1ca2019-02-05 11:38:38 +010054 memprintf(err, "stick-table '%s' referenced by 'track-sc%d' rule not present on all processes covered by proxy '%s'",
Christopher Fauletac98d812019-12-18 09:20:16 +010055 target->id, rule->action, px->id);
Willy Tarreau151e1ca2019-02-05 11:38:38 +010056 return 0;
57 }
Christopher Faulet78880fb2017-09-18 14:43:55 +020058 else {
Frédéric Lécaillebe367932019-08-07 09:28:39 +020059 if (!in_proxies_list(target->proxies_list, px)) {
Frédéric Lécaille015e4d72019-03-19 14:55:01 +010060 px->next_stkt_ref = target->proxies_list;
61 target->proxies_list = px;
62 }
Christopher Faulet78880fb2017-09-18 14:43:55 +020063 free(rule->arg.trk_ctr.table.n);
Frédéric Lécaille1b8e68e2019-03-14 07:07:41 +010064 rule->arg.trk_ctr.table.t = target;
Christopher Faulet78880fb2017-09-18 14:43:55 +020065 /* Note: if we decide to enhance the track-sc syntax, we may be
66 * able to pass a list of counters to track and allocate them
67 * right here using stktable_alloc_data_type().
68 */
69 }
Christopher Fauletac98d812019-12-18 09:20:16 +010070
Christopher Faulet2079a4a2020-10-02 11:48:57 +020071 if (rule->from == ACT_F_TCP_REQ_CNT && (px->cap & PR_CAP_FE)) {
72 if (!px->tcp_req.inspect_delay && !(rule->arg.trk_ctr.expr->fetch->val & SMP_VAL_FE_SES_ACC)) {
73 ha_warning("config : %s '%s' : a 'tcp-request content track-sc*' rule explicitly depending on request"
74 " contents without any 'tcp-request inspect-delay' setting."
75 " This means that this rule will randomly find its contents. This can be fixed by"
76 " setting the tcp-request inspect-delay.\n",
77 proxy_type_str(px), px->id);
78 }
79
80 /* The following warning is emitted because HTTP multiplexers are able to catch errors
81 * or timeouts at the session level, before instantiating any stream.
82 * Thus the tcp-request content ruleset will not be evaluated in such case. It means,
83 * http_req and http_err counters will not be incremented as expected, even if the tracked
84 * counter does not use the request content. To track invalid requests it should be
85 * performed at the session level using a tcp-request session rule.
86 */
87 if (px->mode == PR_MODE_HTTP &&
88 !(rule->arg.trk_ctr.expr->fetch->use & (SMP_USE_L6REQ|SMP_USE_HRQHV|SMP_USE_HRQHP|SMP_USE_HRQBO)) &&
89 (!rule->cond || !(rule->cond->use & (SMP_USE_L6REQ|SMP_USE_HRQHV|SMP_USE_HRQHP|SMP_USE_HRQBO)))) {
90 ha_warning("config : %s '%s' : a 'tcp-request content track-sc*' rule not depending on request"
91 " contents for an HTTP frontend should be executed at the session level, using a"
92 " 'tcp-request session' rule (mandatory to track invalid HTTP requests).\n",
93 proxy_type_str(px), px->id);
94 }
Christopher Fauletac98d812019-12-18 09:20:16 +010095 }
96
Christopher Faulet78880fb2017-09-18 14:43:55 +020097 return 1;
98}
99
Christopher Fauletd73b96d2019-12-19 17:27:03 +0100100/* check a capture rule. This function should be called during the configuration
101 * validity check.
102 *
103 * The function returns 1 in success case, otherwise, it returns 0 and err is
104 * filled.
105 */
106int check_capture(struct act_rule *rule, struct proxy *px, char **err)
107{
108 if (rule->from == ACT_F_TCP_REQ_CNT && (px->cap & PR_CAP_FE) && !px->tcp_req.inspect_delay &&
109 !(rule->arg.trk_ctr.expr->fetch->val & SMP_VAL_FE_SES_ACC)) {
110 ha_warning("config : %s '%s' : a 'tcp-request capture' rule explicitly depending on request"
111 " contents without any 'tcp-request inspect-delay' setting."
112 " This means that this rule will randomly find its contents. This can be fixed by"
113 " setting the tcp-request inspect-delay.\n",
114 proxy_type_str(px), px->id);
115 }
116
117 return 1;
118}
119
Baptiste Assmann333939c2019-01-21 08:34:50 +0100120int act_resolution_cb(struct dns_requester *requester, struct dns_nameserver *nameserver)
121{
122 struct stream *stream;
123
124 if (requester->resolution == NULL)
125 return 0;
126
127 stream = objt_stream(requester->owner);
128 if (stream == NULL)
129 return 0;
130
131 task_wakeup(stream->task, TASK_WOKEN_MSG);
132
133 return 0;
134}
135
136int act_resolution_error_cb(struct dns_requester *requester, int error_code)
137{
138 struct stream *stream;
139
140 if (requester->resolution == NULL)
141 return 0;
142
143 stream = objt_stream(requester->owner);
144 if (stream == NULL)
145 return 0;
146
147 task_wakeup(stream->task, TASK_WOKEN_MSG);
148
149 return 0;
150}
151
Amaury Denoyelle8d228232020-12-10 13:43:54 +0100152/* Parse a set-timeout rule statement. It first checks if the timeout name is
153 * valid and returns it in <name>. Then the timeout is parsed as a plain value
154 * and * returned in <out_timeout>. If there is a parsing error, the value is
155 * reparsed as an expression and returned in <expr>.
156 *
157 * Returns -1 if the name is invalid or neither a time or an expression can be
158 * parsed, or if the timeout value is 0.
159 */
160int cfg_parse_rule_set_timeout(const char **args, int idx, int *out_timeout,
161 enum act_timeout_name *name,
162 struct sample_expr **expr, char **err,
163 const char *file, int line, struct arg_list *al)
164{
165 const char *res;
166 const char *timeout_name = args[idx++];
167
168 if (!strcmp(timeout_name, "server")) {
169 *name = ACT_TIMEOUT_SERVER;
170 }
171 else if (!strcmp(timeout_name, "tunnel")) {
172 *name = ACT_TIMEOUT_TUNNEL;
173 }
174 else {
175 memprintf(err,
176 "'set-timeout' rule supports 'server'/'tunnel' (got '%s')",
177 timeout_name);
178 return -1;
179 }
180
181 res = parse_time_err(args[idx], (unsigned int *)out_timeout, TIME_UNIT_MS);
182 if (res == PARSE_TIME_OVER) {
183 memprintf(err, "timer overflow in argument '%s' to rule 'set-timeout %s' (maximum value is 2147483647 ms or ~24.8 days)",
184 args[idx], timeout_name);
185 return -1;
186 }
187 else if (res == PARSE_TIME_UNDER) {
188 memprintf(err, "timer underflow in argument '%s' to rule 'set-timeout %s' (minimum value is 1 ms)",
189 args[idx], timeout_name);
190 return -1;
191 }
192 /* res not NULL, parsing error */
193 else if (res) {
194 *expr = sample_parse_expr((char **)args, &idx, file, line, err, al, NULL);
195 if (!*expr) {
196 memprintf(err, "unexpected character '%c' in rule 'set-timeout %s'", *res, timeout_name);
197 return -1;
198 }
199 }
200 /* res NULL, parsing ok but value is 0 */
201 else if (!(*out_timeout)) {
202 memprintf(err, "null value is not valid for a 'set-timeout %s' rule",
203 timeout_name);
204 return -1;
205 }
206
207 return 0;
208}