RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-26 15:40:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
2281b7fd12
haproxy/src/frontend.c

544 lines
16 KiB
C
Raw Normal View History

[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
/*
[CLEANUP] rename client -> frontend The 'client.c' file now only contained frontend-specific functions, so it has naturally be renamed 'frontend.c'. Same for client.h. This has also been an opportunity to remove some cross references from files that should not have depended on it. In the end, this file should contain a protocol-agnostic accept() code, which would initialize a session, task, etc... based on an accept() from a lower layer. Right now there are still references to TCP.
2010-05-24 19:02:37 +00:00
* Frontend variables and functions.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
*
[CLEANUP] rename client -> frontend The 'client.c' file now only contained frontend-specific functions, so it has naturally be renamed 'frontend.c'. Same for client.h. This has also been an opportunity to remove some cross references from files that should not have depended on it. In the end, this file should contain a protocol-agnostic accept() code, which would initialize a session, task, etc... based on an accept() from a lower layer. Right now there are still references to TCP.
2010-05-24 19:02:37 +00:00
* Copyright 2000-2010 Willy Tarreau <w@1wt.eu>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
*/
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 15:53:05 +00:00
#include <string.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/types.h>
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 15:53:05 +00:00
#include <common/compat.h>
[CLEANUP] included common/version.h everywhere
2006-06-29 16:54:54 +00:00
#include <common/config.h>
[CLEANUP] renamed include/haproxy to include/common
2006-06-29 15:53:05 +00:00
#include <common/time.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
#include <types/global.h>
[MEDIUM] added several ACL criteria and matches Many ACL criteria have been added. Some others are still commented out because some functions are still missing.
2007-05-06 22:55:35 +00:00
#include <proto/acl.h>
[MEDIUM] started the changes towards I/O completion callbacks Now the event_* functions find their buffer in the fdtab itself.
2006-07-29 14:59:06 +00:00
#include <proto/buffers.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
#include <proto/fd.h>
[CLEANUP] rename client -> frontend The 'client.c' file now only contained frontend-specific functions, so it has naturally be renamed 'frontend.c'. Same for client.h. This has also been an opportunity to remove some cross references from files that should not have depended on it. In the end, this file should contain a protocol-agnostic accept() code, which would initialize a session, task, etc... based on an accept() from a lower layer. Right now there are still references to TCP.
2010-05-24 19:02:37 +00:00
#include <proto/frontend.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
#include <proto/log.h>
[MEDIUM] added the hdr_idx structure for future HTTP header indexing This structure will consume 4 bytes per header to keep track of headers within a request or a response without having to parse the whole request for each regex. As it's not possible to allocate only 4 bytes, we define a max number of HTTP headers. We set it to (BUFSIZE+79)/80 so that 8kB buffers can contain 100 headers (like Apache), resulting in 400 bytes dedicated to indexation, or about 400/(2*8kB) ~= 2.4% of the memory usage.
2006-12-03 14:21:35 +00:00
#include <proto/hdr_idx.h>
[MEDIUM] move connection establishment from backend to the SI. The connection establishment was completely handled by backend.c which normally just handles LB algos. Since it's purely TCP, it must move to proto_tcp.c. Also, instead of calling it directly, we now call it via the stream interface, which will later help us unify session handling.
2009-08-16 12:02:45 +00:00
#include <proto/proto_tcp.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
#include <proto/proto_http.h>
[MEDIUM] measure and report session rate on frontend, backends and servers With this change, all frontends, backends, and servers maintain a session counter and a timer to compute a session rate over the last second. This value will be very useful because it varies instantly and can be used to check thresholds. This value is also reported in the stats in a new "rate" column.
2009-03-05 17:43:00 +00:00
#include <proto/proxy.h>
[MAJOR] migrated task, tree64 and session to pool2 task and tree64 are already very close in size and are merged together. Overall performance gained slightly by this simple change.
2007-05-13 17:43:47 +00:00
#include <proto/session.h>
[MINOR] replace client_retnclose() with stream_int_retnclose() This makes more sense to return a message to a stream interface than to a session. senddata.{c,h} have been removed.
2008-11-30 18:48:07 +00:00
#include <proto/stream_interface.h>
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
#include <proto/stream_sock.h>
#include <proto/task.h>
[MEDIUM] store the original destination address in the session There are multiple places where the client's destination address is required. Let's store it in the session when needed, and add a flag to inform that it has been retrieved.
2007-05-08 17:46:30 +00:00
/* Retrieves the original destination address used by the client, and sets the
* SN_FRT_ADDR_SET flag.
*/
void get_frt_addr(struct session *s)
{
socklen_t namelen = sizeof(s->frt_addr);
[MEDIUM] remove cli_fd, srv_fd, cli_state and srv_state from the session Those were previously used by the unix sockets only, and could be removed.
2008-12-07 15:27:56 +00:00
if (get_original_dst(s->si[0].fd, (struct sockaddr_in *)&s->frt_addr, &namelen) == -1)
getsockname(s->si[0].fd, (struct sockaddr *)&s->frt_addr, &namelen);
[MEDIUM] store the original destination address in the session There are multiple places where the client's destination address is required. Let's store it in the session when needed, and add a flag to inform that it has been retrieved.
2007-05-08 17:46:30 +00:00
s->flags |= SN_FRT_ADDR_SET;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
/* This function is called from the protocol layer accept() in order to instanciate
* a new proxy. It returns a positive value upon success, 0 if the connection needs
* to be closed and ignored, or a negative value upon critical failure.
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
*/
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
int frontend_accept(struct listener *l, int cfd, struct sockaddr_storage *addr)
{
struct proxy *p = l->frontend;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
struct session *s;
[CLEANUP] replaced occurrences of 'hreq' with 'txn' (bis) Did the same in client.c
2007-03-03 19:51:44 +00:00
struct http_txn *txn;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
struct task *t;
[MEDIUM] tcp: check for pure layer4 rules immediately after accept() The tcp inspection rules were fast but were only processed after a schedule had occurred and all resources were allocated. When defending against DDoS, it's important to be able to apply some protection the earliest possible instant. Thus we introduce a new set of rules : tcp-request rules which act on pure layer4 information (no content). They are evaluated even before the buffers are allocated for the session, saving as much time as possible. That way it becomes possible to check an incoming connection's source IP address against a list of authorized/blocked networks, and immediately drop the connection. The rules are checked even before we perform any socket-specific operation, so that we can optimize the reject case, which will be the problematic one during a DDoS. The second stream interface and s->txn are also now initialized after the rules are parsed for the same reason. All these optimisations have permitted to reach up to 212000 connnections/s with a real rule rejecting based on the source IP address.
2010-05-23 20:59:00 +00:00
struct tcp_rule *rule;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
[OPTIM] frontend: tell the compiler that errors are unlikely to occur Doing this brings better, more linear object code with less jumps in the normal path.
2010-05-28 17:29:49 +00:00
if (unlikely((s = pool_alloc2(pool2_session)) == NULL)) {
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
Alert("out of memory in event_accept().\n");
goto out_close;
[OPTIM] rate-limit: cleaner behaviour on low rates and reduce consumption The rate-limit was applied to the smoothed value which does a special case for frequencies below 2 events per period. This caused irregular limitations when set to 1 session per second. The proper way to handle this is to compute the number of remaining events that can occur without reaching the limit. This is what has been added. It also has the benefit that the frequency calculation is now done once when entering event_accept(), before the accept() loop, and not once per accept() loop anymore, thus saving a few CPU cycles during very high loads. With this fix, rate limits of 1/s are perfectly respected.
2009-03-06 08:18:27 +00:00
}
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
LIST_ADDQ(&sessions, &s->list);
LIST_INIT(&s->back_refs);
s->flags = 0;
s->term_trace = 0;
s->cli_addr = *addr;
/* if this session comes from a known monitoring system, we want to ignore
* it as soon as possible, which means closing it immediately for TCP.
*/
[OPTIM] frontend: tell the compiler that errors are unlikely to occur Doing this brings better, more linear object code with less jumps in the normal path.
2010-05-28 17:29:49 +00:00
if (unlikely(p->mon_mask.s_addr &&
addr->ss_family == AF_INET &&
(((struct sockaddr_in *)addr)->sin_addr.s_addr & p->mon_mask.s_addr) == p->mon_net.s_addr)) {
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
if (p->mode == PR_MODE_TCP) {
pool_free2(pool2_session, s);
return 0;
[MEDIUM] session: account per-listener connections In order to merge the unix session handling code, we have to maintain the number of per-listener connections in the session. This was only performed for unix sockets till now.
2009-08-16 16:20:44 +00:00
}
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
s->flags |= SN_MONITOR;
}
[MEDIUM] session: account per-listener connections In order to merge the unix session handling code, we have to maintain the number of per-listener connections in the session. This was only performed for unix sockets till now.
2009-08-16 16:20:44 +00:00
[OPTIM] frontend: tell the compiler that errors are unlikely to occur Doing this brings better, more linear object code with less jumps in the normal path.
2010-05-28 17:29:49 +00:00
if (unlikely((t = task_new()) == NULL)) { /* disable this proxy for a while */
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
Alert("out of memory in event_accept().\n");
goto out_free_session;
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
t->process = l->handler;
t->context = s;
t->nice = l->nice;
s->task = t;
s->listener = l;
/* Note: initially, the session's backend points to the frontend.
* This changes later when switching rules are executed or
* when the default backend is assigned.
*/
s->be = s->fe = p;
s->req = s->rep = NULL; /* will be allocated later */
[MEDIUM] tcp: check for pure layer4 rules immediately after accept() The tcp inspection rules were fast but were only processed after a schedule had occurred and all resources were allocated. When defending against DDoS, it's important to be able to apply some protection the earliest possible instant. Thus we introduce a new set of rules : tcp-request rules which act on pure layer4 information (no content). They are evaluated even before the buffers are allocated for the session, saving as much time as possible. That way it becomes possible to check an incoming connection's source IP address against a list of authorized/blocked networks, and immediately drop the connection. The rules are checked even before we perform any socket-specific operation, so that we can optimize the reject case, which will be the problematic one during a DDoS. The second stream interface and s->txn are also now initialized after the rules are parsed for the same reason. All these optimisations have permitted to reach up to 212000 connnections/s with a real rule rejecting based on the source IP address.
2010-05-23 20:59:00 +00:00
/* this part should be common with other protocols */
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
s->si[0].state = s->si[0].prev_state = SI_ST_EST;
s->si[0].err_type = SI_ET_NONE;
s->si[0].err_loc = NULL;
s->si[0].owner = t;
s->si[0].update = stream_sock_data_finish;
s->si[0].shutr = stream_sock_shutr;
s->si[0].shutw = stream_sock_shutw;
s->si[0].chk_rcv = stream_sock_chk_rcv;
s->si[0].chk_snd = stream_sock_chk_snd;
s->si[0].connect = NULL;
s->si[0].iohandler = NULL;
s->si[0].fd = cfd;
s->si[0].flags = SI_FL_NONE | SI_FL_CAP_SPLTCP; /* TCP splicing capable */
[OPTIM] frontend: tell the compiler that errors are unlikely to occur Doing this brings better, more linear object code with less jumps in the normal path.
2010-05-28 17:29:49 +00:00
if (likely(s->fe->options2 & PR_O2_INDEPSTR))
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
s->si[0].flags |= SI_FL_INDEP_STR;
s->si[0].exp = TICK_ETERNITY;
[MEDIUM] tcp: check for pure layer4 rules immediately after accept() The tcp inspection rules were fast but were only processed after a schedule had occurred and all resources were allocated. When defending against DDoS, it's important to be able to apply some protection the earliest possible instant. Thus we introduce a new set of rules : tcp-request rules which act on pure layer4 information (no content). They are evaluated even before the buffers are allocated for the session, saving as much time as possible. That way it becomes possible to check an incoming connection's source IP address against a list of authorized/blocked networks, and immediately drop the connection. The rules are checked even before we perform any socket-specific operation, so that we can optimize the reject case, which will be the problematic one during a DDoS. The second stream interface and s->txn are also now initialized after the rules are parsed for the same reason. All these optimisations have permitted to reach up to 212000 connnections/s with a real rule rejecting based on the source IP address.
2010-05-23 20:59:00 +00:00
s->logs.accept_date = date; /* user-visible date for logging */
s->logs.tv_accept = now; /* corrected date for internal use */
s->uniq_id = totalconn;
proxy_inc_fe_ctr(l, p); /* note: cum_beconn will be increased once assigned */
/* now evaluate the tcp-request rules */
list_for_each_entry(rule, &p->tcp_req.l4_rules, list) {
int ret = ACL_PAT_PASS;
if (rule->cond) {
ret = acl_exec_cond(rule->cond, p, s, &s->txn, ACL_DIR_REQ);
ret = acl_pass(ret);
if (rule->cond->pol == ACL_COND_UNLESS)
ret = !ret;
}
if (ret) {
/* we have a matching rule. */
if (rule->action == TCP_ACT_REJECT) {
p->counters.denied_req++;
if (l->counters)
l->counters->denied_req++;
if (!(s->flags & SN_ERR_MASK))
s->flags |= SN_ERR_PRXCOND;
if (!(s->flags & SN_FINST_MASK))
s->flags |= SN_FINST_R;
task_free(t);
LIST_DEL(&s->list);
pool_free2(pool2_session, s);
/* let's do a no-linger now to close with a single RST. */
setsockopt(cfd, SOL_SOCKET, SO_LINGER, (struct linger *) &nolinger, sizeof(struct linger));
return 0;
}
/* otherwise it's an accept */
break;
}
}
/* pre-initialize the other side's stream interface */
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
s->si[1].state = s->si[1].prev_state = SI_ST_INI;
s->si[1].err_type = SI_ET_NONE;
s->si[1].err_loc = NULL;
s->si[1].owner = t;
s->si[1].update = stream_sock_data_finish;
s->si[1].shutr = stream_sock_shutr;
s->si[1].shutw = stream_sock_shutw;
s->si[1].chk_rcv = stream_sock_chk_rcv;
s->si[1].chk_snd = stream_sock_chk_snd;
s->si[1].connect = tcpv4_connect_server;
s->si[1].iohandler = NULL;
s->si[1].exp = TICK_ETERNITY;
s->si[1].fd = -1; /* just to help with debugging */
s->si[1].flags = SI_FL_NONE;
[OPTIM] frontend: tell the compiler that errors are unlikely to occur Doing this brings better, more linear object code with less jumps in the normal path.
2010-05-28 17:29:49 +00:00
if (likely(s->be->options2 & PR_O2_INDEPSTR))
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
s->si[1].flags |= SI_FL_INDEP_STR;
s->srv = s->prev_srv = s->srv_conn = NULL;
s->pend_pos = NULL;
s->conn_retries = s->be->conn_retries;
/* init store persistence */
s->store_count = 0;
/* FIXME: the logs are horribly complicated now, because they are
* defined in <p>, <p>, and later <be> and <be>.
*/
if (s->flags & SN_MONITOR)
s->logs.logwait = 0;
else
s->logs.logwait = p->to_log;
if (s->logs.logwait & LW_REQ)
s->do_log = http_sess_log;
else
s->do_log = tcp_sess_log;
/* default error reporting function, may be changed by analysers */
s->srv_error = default_srv_error;
tv_zero(&s->logs.tv_request);
s->logs.t_queue = -1;
s->logs.t_connect = -1;
s->logs.t_data = -1;
s->logs.t_close = 0;
s->logs.bytes_in = s->logs.bytes_out = 0;
s->logs.prx_queue_size = 0; /* we get the number of pending conns before us */
s->logs.srv_queue_size = 0; /* we will get this number soon */
s->data_source = DATA_SRC_NONE;
txn = &s->txn;
/* Those variables will be checked and freed if non-NULL in
* session.c:session_free(). It is important that they are
* properly initialized.
*/
txn->sessid = NULL;
txn->srv_cookie = NULL;
txn->cli_cookie = NULL;
txn->uri = NULL;
txn->req.cap = NULL;
txn->rsp.cap = NULL;
txn->hdr_idx.v = NULL;
txn->hdr_idx.size = txn->hdr_idx.used = 0;
[MEDIUM] tcp: check for pure layer4 rules immediately after accept() The tcp inspection rules were fast but were only processed after a schedule had occurred and all resources were allocated. When defending against DDoS, it's important to be able to apply some protection the earliest possible instant. Thus we introduce a new set of rules : tcp-request rules which act on pure layer4 information (no content). They are evaluated even before the buffers are allocated for the session, saving as much time as possible. That way it becomes possible to check an incoming connection's source IP address against a list of authorized/blocked networks, and immediately drop the connection. The rules are checked even before we perform any socket-specific operation, so that we can optimize the reject case, which will be the problematic one during a DDoS. The second stream interface and s->txn are also now initialized after the rules are parsed for the same reason. All these optimisations have permitted to reach up to 212000 connnections/s with a real rule rejecting based on the source IP address.
2010-05-23 20:59:00 +00:00
/* Adjust some socket options */
[OPTIM] frontend: tell the compiler that errors are unlikely to occur Doing this brings better, more linear object code with less jumps in the normal path.
2010-05-28 17:29:49 +00:00
if (unlikely(fcntl(cfd, F_SETFL, O_NONBLOCK) == -1 ||
setsockopt(cfd, IPPROTO_TCP, TCP_NODELAY,
(char *) &one, sizeof(one)) == -1)) {
[MEDIUM] tcp: check for pure layer4 rules immediately after accept() The tcp inspection rules were fast but were only processed after a schedule had occurred and all resources were allocated. When defending against DDoS, it's important to be able to apply some protection the earliest possible instant. Thus we introduce a new set of rules : tcp-request rules which act on pure layer4 information (no content). They are evaluated even before the buffers are allocated for the session, saving as much time as possible. That way it becomes possible to check an incoming connection's source IP address against a list of authorized/blocked networks, and immediately drop the connection. The rules are checked even before we perform any socket-specific operation, so that we can optimize the reject case, which will be the problematic one during a DDoS. The second stream interface and s->txn are also now initialized after the rules are parsed for the same reason. All these optimisations have permitted to reach up to 212000 connnections/s with a real rule rejecting based on the source IP address.
2010-05-23 20:59:00 +00:00
Alert("accept(): cannot set the socket in non blocking mode. Giving up\n");
goto out_free_task;
}
if (p->options & PR_O_TCP_CLI_KA)
setsockopt(cfd, SOL_SOCKET, SO_KEEPALIVE, (char *) &one, sizeof(one));
if (p->options & PR_O_TCP_NOLING)
setsockopt(cfd, SOL_SOCKET, SO_LINGER, (struct linger *) &nolinger, sizeof(struct linger));
if (global.tune.client_sndbuf)
setsockopt(cfd, SOL_SOCKET, SO_SNDBUF, &global.tune.client_sndbuf, sizeof(global.tune.client_sndbuf));
if (global.tune.client_rcvbuf)
setsockopt(cfd, SOL_SOCKET, SO_RCVBUF, &global.tune.client_rcvbuf, sizeof(global.tune.client_rcvbuf));
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
if (p->mode == PR_MODE_HTTP) {
/* the captures are only used in HTTP frontends */
[OPTIM] frontend: tell the compiler that errors are unlikely to occur Doing this brings better, more linear object code with less jumps in the normal path.
2010-05-28 17:29:49 +00:00
if (unlikely(p->nb_req_cap > 0 &&
(txn->req.cap = pool_alloc2(p->req_cap_pool)) == NULL))
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
goto out_fail_reqcap; /* no memory */
[OPTIM] frontend: tell the compiler that errors are unlikely to occur Doing this brings better, more linear object code with less jumps in the normal path.
2010-05-28 17:29:49 +00:00
if (unlikely(p->nb_rsp_cap > 0 &&
(txn->rsp.cap = pool_alloc2(p->rsp_cap_pool)) == NULL))
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
goto out_fail_rspcap; /* no memory */
}
[MAJOR] kill CL_STINSPECT and CL_STHEADERS (step 1) This is a first attempt at separating data processing from the TCP state machine. Those two states have been replaced with flags in the session indicating what needs to be analyzed. The corresponding code is still called before and in lieu of TCP states. Next change should get rid of the specific SV_STANALYZE which is in fact a client state. Then next change should consist in making it possible to analyze TCP contents while being in CL_STDATA (or CL_STSHUT*).
2008-08-10 20:55:22 +00:00
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
if (p->acl_requires & ACL_USE_L7_ANY) {
/* we have to allocate header indexes only if we know
* that we may make use of them. This of course includes
* (mode == PR_MODE_HTTP).
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
*/
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
txn->hdr_idx.size = MAX_HTTP_HDR;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
[OPTIM] frontend: tell the compiler that errors are unlikely to occur Doing this brings better, more linear object code with less jumps in the normal path.
2010-05-28 17:29:49 +00:00
if (unlikely((txn->hdr_idx.v = pool_alloc2(p->hdr_idx_pool)) == NULL))
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
goto out_fail_idx; /* no memory */
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
/* and now initialize the HTTP transaction state */
http_init_txn(s);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
if ((p->mode == PR_MODE_TCP || p->mode == PR_MODE_HTTP)
&& (p->logfac1 >= 0 || p->logfac2 >= 0)) {
[OPTIM] frontend: tell the compiler that errors are unlikely to occur Doing this brings better, more linear object code with less jumps in the normal path.
2010-05-28 17:29:49 +00:00
if (likely(p->to_log)) {
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
/* we have the client ip */
if (s->logs.logwait & LW_CLIP)
if (!(s->logs.logwait &= ~LW_CLIP))
s->do_log(s);
[MINOR] http: rely on proxy->acl_requires to allocate hdr_idx Right now only HTTP proxies may use HTTP headers in ACLs, but when this evolves, we'll need to be able to allocate the hdr_idx on demand. The solution consists in allocating it only when it is certain that at least one ACL requires HTTP parsing, regardless of the mode the proxy is in. This is what is achieved by this patch.
2009-07-10 21:52:51 +00:00
}
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
else if (s->cli_addr.ss_family == AF_INET) {
char pn[INET_ADDRSTRLEN], sn[INET_ADDRSTRLEN];
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
if (!(s->flags & SN_FRT_ADDR_SET))
get_frt_addr(s);
[MINOR] http: move the http transaction init/cleanup code to proto_http This code really belongs to the http part since it's transaction-specific. This will also make it easier to later reinitialize a transaction in order to support keepalive.
2009-12-22 14:03:09 +00:00
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
if (inet_ntop(AF_INET, (const void *)&((struct sockaddr_in *)&s->frt_addr)->sin_addr,
sn, sizeof(sn)) &&
inet_ntop(AF_INET, (const void *)&((struct sockaddr_in *)&s->cli_addr)->sin_addr,
pn, sizeof(pn))) {
send_log(p, LOG_INFO, "Connect from %s:%d to %s:%d (%s/%s)\n",
pn, ntohs(((struct sockaddr_in *)&s->cli_addr)->sin_port),
sn, ntohs(((struct sockaddr_in *)&s->frt_addr)->sin_port),
p->id, (p->mode == PR_MODE_HTTP) ? "HTTP" : "TCP");
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
}
}
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
else {
char pn[INET6_ADDRSTRLEN], sn[INET6_ADDRSTRLEN];
[MEDIUM] store the original destination address in the session There are multiple places where the client's destination address is required. Let's store it in the session when needed, and add a flag to inform that it has been retrieved.
2007-05-08 17:46:30 +00:00
if (!(s->flags & SN_FRT_ADDR_SET))
get_frt_addr(s);
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
if (inet_ntop(AF_INET6, (const void *)&((struct sockaddr_in6 *)&s->frt_addr)->sin6_addr,
sn, sizeof(sn)) &&
inet_ntop(AF_INET6, (const void *)&((struct sockaddr_in6 *)&s->cli_addr)->sin6_addr,
pn, sizeof(pn))) {
send_log(p, LOG_INFO, "Connect from %s:%d to %s:%d (%s/%s)\n",
pn, ntohs(((struct sockaddr_in6 *)&s->cli_addr)->sin6_port),
sn, ntohs(((struct sockaddr_in6 *)&s->frt_addr)->sin6_port),
p->id, (p->mode == PR_MODE_HTTP) ? "HTTP" : "TCP");
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
}
}
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
[OPTIM] frontend: tell the compiler that errors are unlikely to occur Doing this brings better, more linear object code with less jumps in the normal path.
2010-05-28 17:29:49 +00:00
if (unlikely((global.mode & MODE_DEBUG) && (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)))) {
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
int len;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
if (!(s->flags & SN_FRT_ADDR_SET))
get_frt_addr(s);
[MEDIUM] session: move the analysis bit field to the buffer It makes more sense to store the list of analysers in the buffer than in the session since they are precisely plugged onto one buffer.
2008-08-17 13:20:19 +00:00
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
if (s->cli_addr.ss_family == AF_INET) {
char pn[INET_ADDRSTRLEN];
inet_ntop(AF_INET,
(const void *)&((struct sockaddr_in *)&s->cli_addr)->sin_addr,
pn, sizeof(pn));
[MEDIUM] process_srv: don't rely at all on client state A new buffer flag BF_MAY_CONNECT has been added so that the server FSM can check whether it is allowed to establish a connection or not. That way, the client FSM only has to move this flag and the server side does not need to monitor client state anymore.
2008-08-03 18:38:13 +00:00
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
len = sprintf(trash, "%08x:%s.accept(%04x)=%04x from [%s:%d]\n",
s->uniq_id, p->id, (unsigned short)l->fd, (unsigned short)cfd,
pn, ntohs(((struct sockaddr_in *)&s->cli_addr)->sin_port));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
}
else {
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
char pn[INET6_ADDRSTRLEN];
inet_ntop(AF_INET6,
(const void *)&((struct sockaddr_in6 *)(&s->cli_addr))->sin6_addr,
pn, sizeof(pn));
len = sprintf(trash, "%08x:%s.accept(%04x)=%04x from [%s:%d]\n",
s->uniq_id, p->id, (unsigned short)l->fd, (unsigned short)cfd,
pn, ntohs(((struct sockaddr_in6 *)(&s->cli_addr))->sin6_port));
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
}
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
write(1, trash, len);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
[OPTIM] frontend: tell the compiler that errors are unlikely to occur Doing this brings better, more linear object code with less jumps in the normal path.
2010-05-28 17:29:49 +00:00
if (unlikely((s->req = pool_alloc2(pool2_buffer)) == NULL))
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
goto out_fail_req; /* no memory */
[MEDIUM] session: account per-listener connections In order to merge the unix session handling code, we have to maintain the number of per-listener connections in the session. This was only performed for unix sockets till now.
2009-08-16 16:20:44 +00:00
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
s->req->size = global.tune.bufsize;
buffer_init(s->req);
s->req->prod = &s->si[0];
s->req->cons = &s->si[1];
s->si[0].ib = s->si[1].ob = s->req;
[MEDIUM] make default_backend work in TCP mode too The default_backend did not work in TCP mode since there was no header state to assign the backend. This causes much trouble when configs are created by copy-paste. The solution was to fix the way the backend is assigned upon accept(). A wrong contimeout assignment was fixed too.
2007-11-03 13:28:39 +00:00
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
s->req->flags |= BF_READ_ATTACHED; /* the producer is already connected */
if (p->mode == PR_MODE_HTTP)
s->req->flags |= BF_READ_DONTWAIT; /* one read is usually enough */
[MEDIUM] Collect & provide separate statistics for sockets, v2 This patch allows to collect & provide separate statistics for each socket. It can be very useful if you would like to distinguish between traffic generate by local and remote users or between different types of remote clients (peerings, domestic, foreign). Currently no "Session rate" is supported, but adding it should be possible if we found it useful.
2009-10-04 13:43:17 +00:00
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
/* activate default analysers enabled for this listener */
s->req->analysers = l->analysers;
/* note: this should not happen anymore since there's always at least the switching rules */
if (!s->req->analysers) {
buffer_auto_connect(s->req); /* don't wait to establish connection */
buffer_auto_close(s->req); /* let the producer forward close requests */
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
s->req->rto = s->fe->timeout.client;
s->req->wto = s->be->timeout.server;
s->req->cto = s->be->timeout.connect;
[OPTIM] frontend: tell the compiler that errors are unlikely to occur Doing this brings better, more linear object code with less jumps in the normal path.
2010-05-28 17:29:49 +00:00
if (unlikely((s->rep = pool_alloc2(pool2_buffer)) == NULL))
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
goto out_fail_rep; /* no memory */
s->rep->size = global.tune.bufsize;
buffer_init(s->rep);
s->rep->prod = &s->si[1];
s->rep->cons = &s->si[0];
s->si[0].ob = s->si[1].ib = s->rep;
s->rep->analysers = 0;
s->rep->rto = s->be->timeout.server;
s->rep->wto = s->fe->timeout.client;
s->rep->cto = TICK_ETERNITY;
s->req->rex = TICK_ETERNITY;
s->req->wex = TICK_ETERNITY;
s->req->analyse_exp = TICK_ETERNITY;
s->rep->rex = TICK_ETERNITY;
s->rep->wex = TICK_ETERNITY;
s->rep->analyse_exp = TICK_ETERNITY;
t->expire = TICK_ETERNITY;
fd_insert(cfd);
fdtab[cfd].owner = &s->si[0];
fdtab[cfd].state = FD_STREADY;
fdtab[cfd].flags = FD_FL_TCP | FD_FL_TCP_NODELAY;
if (p->options & PR_O_TCP_NOLING)
fdtab[cfd].flags |= FD_FL_TCP_NOLING;
fdtab[cfd].cb[DIR_RD].f = l->proto->read;
fdtab[cfd].cb[DIR_RD].b = s->req;
fdtab[cfd].cb[DIR_WR].f = l->proto->write;
fdtab[cfd].cb[DIR_WR].b = s->rep;
fdinfo[cfd].peeraddr = (struct sockaddr *)&s->cli_addr;
fdinfo[cfd].peerlen = sizeof(s->cli_addr);
[OPTIM] frontend: tell the compiler that errors are unlikely to occur Doing this brings better, more linear object code with less jumps in the normal path.
2010-05-28 17:29:49 +00:00
if (unlikely((p->mode == PR_MODE_HTTP && (s->flags & SN_MONITOR)) ||
(p->mode == PR_MODE_HEALTH && (p->options & PR_O_HTTP_CHK)))) {
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
/* Either we got a request from a monitoring system on an HTTP instance,
* or we're in health check mode with the 'httpchk' option enabled. In
* both cases, we return a fake "HTTP/1.0 200 OK" response and we exit.
*/
struct chunk msg;
chunk_initstr(&msg, "HTTP/1.0 200 OK\r\n\r\n");
stream_int_retnclose(&s->si[0], &msg); /* forge a 200 response */
s->req->analysers = 0;
t->expire = s->rep->wex;
}
[OPTIM] frontend: tell the compiler that errors are unlikely to occur Doing this brings better, more linear object code with less jumps in the normal path.
2010-05-28 17:29:49 +00:00
else if (unlikely(p->mode == PR_MODE_HEALTH)) { /* health check mode, no client reading */
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
struct chunk msg;
chunk_initstr(&msg, "OK\n");
stream_int_retnclose(&s->si[0], &msg); /* forge an "OK" response */
s->req->analysers = 0;
t->expire = s->rep->wex;
}
else {
EV_FD_SET(cfd, DIR_RD);
}
/* it is important not to call the wakeup function directly but to
* pass through task_wakeup(), because this one knows how to apply
* priorities to tasks.
*/
task_wakeup(t, TASK_WOKEN_INIT);
return 1;
[MEDIUM] simplify error path in event_accept() The error path in event_accept() was complicated by many code duplications. Use the classical unrolling with the gotos. This fix alone reduced the code by 2.5 kB.
2007-11-04 16:51:50 +00:00
/* Error unrolling */
out_fail_rep:
[MEDIUM] memory: update pool_free2() to support NULL pointers In order to make pool usage more convenient, let pool_free2() support NULL pointers by doing nothing, just like the standard free(3) call does. The various call places have been updated to remove the now useless checks.
2008-08-03 15:41:33 +00:00
pool_free2(pool2_buffer, s->req);
[MEDIUM] simplify error path in event_accept() The error path in event_accept() was complicated by many code duplications. Use the classical unrolling with the gotos. This fix alone reduced the code by 2.5 kB.
2007-11-04 16:51:50 +00:00
out_fail_req:
[MEDIUM] memory: update pool_free2() to support NULL pointers In order to make pool usage more convenient, let pool_free2() support NULL pointers by doing nothing, just like the standard free(3) call does. The various call places have been updated to remove the now useless checks.
2008-08-03 15:41:33 +00:00
pool_free2(p->hdr_idx_pool, txn->hdr_idx.v);
[MEDIUM] simplify error path in event_accept() The error path in event_accept() was complicated by many code duplications. Use the classical unrolling with the gotos. This fix alone reduced the code by 2.5 kB.
2007-11-04 16:51:50 +00:00
out_fail_idx:
[MEDIUM] memory: update pool_free2() to support NULL pointers In order to make pool usage more convenient, let pool_free2() support NULL pointers by doing nothing, just like the standard free(3) call does. The various call places have been updated to remove the now useless checks.
2008-08-03 15:41:33 +00:00
pool_free2(p->rsp_cap_pool, txn->rsp.cap);
[MEDIUM] simplify error path in event_accept() The error path in event_accept() was complicated by many code duplications. Use the classical unrolling with the gotos. This fix alone reduced the code by 2.5 kB.
2007-11-04 16:51:50 +00:00
out_fail_rspcap:
[MEDIUM] memory: update pool_free2() to support NULL pointers In order to make pool usage more convenient, let pool_free2() support NULL pointers by doing nothing, just like the standard free(3) call does. The various call places have been updated to remove the now useless checks.
2008-08-03 15:41:33 +00:00
pool_free2(p->req_cap_pool, txn->req.cap);
[MEDIUM] simplify error path in event_accept() The error path in event_accept() was complicated by many code duplications. Use the classical unrolling with the gotos. This fix alone reduced the code by 2.5 kB.
2007-11-04 16:51:50 +00:00
out_fail_reqcap:
out_free_task:
[MINOR] task: keep a task count and clean up task creators It's sometimes useful at least for statistics to keep a task count. It's easy to do by forcing the rare task creators to always use the same functions to create/destroy a task.
2009-03-21 17:13:21 +00:00
task_free(t);
[MEDIUM] simplify error path in event_accept() The error path in event_accept() was complicated by many code duplications. Use the classical unrolling with the gotos. This fix alone reduced the code by 2.5 kB.
2007-11-04 16:51:50 +00:00
out_free_session:
[MINOR] maintain a global session list in order to ease debugging Now the global variable 'sessions' will be a dual-linked list of all known sessions. The list element is set at the beginning of the session so that it's easier to follow them all with gdb.
2008-11-23 18:53:55 +00:00
LIST_DEL(&s->list);
[MEDIUM] simplify error path in event_accept() The error path in event_accept() was complicated by many code duplications. Use the classical unrolling with the gotos. This fix alone reduced the code by 2.5 kB.
2007-11-04 16:51:50 +00:00
pool_free2(pool2_session, s);
out_close:
[MEDIUM] separate protocol-level accept() from the frontend's For a long time we had two large accept() functions, one for TCP sockets instanciating proxies, and another one for UNIX sockets instanciating the stats interface. A lot of code was duplicated and both did not work exactly the same way. Now we have a stream_sock layer accept() called for either TCP or UNIX sockets, and this function calls the frontend-specific accept() function which does the rest of the frontend-specific initialisation. Some code is still duplicated (session & task allocation, stream interface initialization), and might benefit from having an intermediate session-level accept() callback to perform such initializations. Still there are some minor differences that need to be addressed first. For instance, the monitor nets should only be checked for proxies and not for other connection templates. Last, we renamed l->private as l->frontend. The "private" pointer in the listener is only used to store a frontend, so let's rename it to eliminate this ambiguity. When we later support detached listeners (eg: FTP), we'll add another field to avoid the confusion.
2010-05-28 16:46:57 +00:00
return -1;
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
}
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
/* set test->i to the id of the frontend */
[MINOR] acl: specify the direction during fetches Some fetches such as 'line' or 'hdr' need to know the direction of the test (request or response). A new 'dir' parameter is now propagated from the caller to achieve this.
2007-06-10 08:06:18 +00:00
static int
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
acl_fetch_fe_id(struct proxy *px, struct session *l4, void *l7, int dir,
struct acl_expr *expr, struct acl_test *test) {
[MINOR] implement the ACL keywords 'dst' and 'dport' The file client.c now provides acl_fetch_dip and acl_fetch_dport to be able to check the client's destination address and port. The corresponding ACL keywords 'dst' and 'dport' have been added.
2007-05-08 17:56:15 +00:00
test->flags = ACL_TEST_F_READ_ONLY;
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
test->i = l4->fe->uuid;
[MINOR] implement the ACL keywords 'dst' and 'dport' The file client.c now provides acl_fetch_dip and acl_fetch_dport to be able to check the client's destination address and port. The corresponding ACL keywords 'dst' and 'dport' have been added.
2007-05-08 17:56:15 +00:00
[MEDIUM] Add src dst and dport pattern fetches.
2010-01-04 14:47:45 +00:00
return 1;
}
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
/* set test->i to the number of connections per second reaching the frontend */
[MINOR] acl: specify the direction during fetches Some fetches such as 'line' or 'hdr' need to know the direction of the test (request or response). A new 'dir' parameter is now propagated from the caller to achieve this.
2007-06-10 08:06:18 +00:00
static int
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
acl_fetch_fe_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir,
struct acl_expr *expr, struct acl_test *test)
[MINOR] implement the ACL keywords 'dst' and 'dport' The file client.c now provides acl_fetch_dip and acl_fetch_dport to be able to check the client's destination address and port. The corresponding ACL keywords 'dst' and 'dport' have been added.
2007-05-08 17:56:15 +00:00
{
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
test->flags = ACL_TEST_F_VOL_TEST;
if (expr->arg_len) {
/* another proxy was designated, we must look for it */
for (px = proxy; px; px = px->next)
if ((px->cap & PR_CAP_FE) && !strcmp(px->id, expr->arg.str))
break;
}
if (!px)
return 0;
[MEDIUM] Add src dst and dport pattern fetches.
2010-01-04 14:47:45 +00:00
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
test->i = read_freq_ctr(&px->fe_sess_per_sec);
[MEDIUM] Add src dst and dport pattern fetches.
2010-01-04 14:47:45 +00:00
return 1;
}
[MEDIUM] New option http_proxy Hello, You will find attached an updated release of previously submitted patch. It polish some part and extend ACL engine to match IP and PORT parsed in HTTP request. (and take care of comments made by Willy ! ;)) Best regards, Alexandre
2007-11-29 14:43:32 +00:00
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
/* set test->i to the number of concurrent connections on the frontend */
[MINOR] acl: specify the direction during fetches Some fetches such as 'line' or 'hdr' need to know the direction of the test (request or response). A new 'dir' parameter is now propagated from the caller to achieve this.
2007-06-10 08:06:18 +00:00
static int
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
acl_fetch_fe_conn(struct proxy *px, struct session *l4, void *l7, int dir,
struct acl_expr *expr, struct acl_test *test)
[MEDIUM] added several ACL criteria and matches Many ACL criteria have been added. Some others are still commented out because some functions are still missing.
2007-05-06 22:55:35 +00:00
{
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
test->flags = ACL_TEST_F_VOL_TEST;
if (expr->arg_len) {
/* another proxy was designated, we must look for it */
for (px = proxy; px; px = px->next)
if ((px->cap & PR_CAP_FE) && !strcmp(px->id, expr->arg.str))
break;
}
if (!px)
return 0;
[MINOR] acl: add fe_id/so_id to match frontend's and socket's id
2010-01-12 20:59:30 +00:00
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
test->i = px->feconn;
[MINOR] acl: add fe_id/so_id to match frontend's and socket's id
2010-01-12 20:59:30 +00:00
return 1;
}
[MEDIUM] added several ACL criteria and matches Many ACL criteria have been added. Some others are still commented out because some functions are still missing.
2007-05-06 22:55:35 +00:00
/* Note: must not be declared <const> as its list will be overwritten */
static struct acl_kw_list acl_kws = {{ },{
[CLEANUP] client: move some ACLs away to their respective locations Some ACLs in the client ought to belong to proto_tcp, or protocols. This file should only contain frontend-specific information and will be renamed that way in next commit.
2010-05-24 18:55:15 +00:00
{ "fe_id", acl_parse_int, acl_fetch_fe_id, acl_match_int, ACL_USE_NOTHING },
{ "fe_sess_rate", acl_parse_int, acl_fetch_fe_sess_rate, acl_match_int, ACL_USE_NOTHING },
{ "fe_conn", acl_parse_int, acl_fetch_fe_conn, acl_match_int, ACL_USE_NOTHING },
[MEDIUM] added several ACL criteria and matches Many ACL criteria have been added. Some others are still commented out because some functions are still missing.
2007-05-06 22:55:35 +00:00
{ NULL, NULL, NULL, NULL },
}};
__attribute__((constructor))
[CLEANUP] rename client -> frontend The 'client.c' file now only contained frontend-specific functions, so it has naturally be renamed 'frontend.c'. Same for client.h. This has also been an opportunity to remove some cross references from files that should not have depended on it. In the end, this file should contain a protocol-agnostic accept() code, which would initialize a session, task, etc... based on an accept() from a lower layer. Right now there are still references to TCP.
2010-05-24 19:02:37 +00:00
static void __frontend_init(void)
[MEDIUM] added several ACL criteria and matches Many ACL criteria have been added. Some others are still commented out because some functions are still missing.
2007-05-06 22:55:35 +00:00
{
acl_register_keywords(&acl_kws);
}
[BIGMOVE] exploded the monolithic haproxy.c file into multiple files. The files are now stored under : - include/haproxy for the generic includes - include/types.h for the structures needed within prototypes - include/proto.h for function prototypes and inline functions - src/*.c for the C files Most include files are now covered by LGPL. A last move still needs to be done to put inline functions under GPL and not LGPL. Version has been set to 1.3.0 in the code but some control still needs to be done before releasing.
2006-06-26 00:48:02 +00:00
/*
* Local variables:
* c-indent-level: 8
* c-basic-offset: 8
* End:
*/
Reference in New Issue Copy Permalink