mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-26 22:52:13 +00:00
MINOR: log/backend: prevent tcp-{request,response} use with LOG mode
We start implementing some postparsing compatibility checks for log backends. Here we report a warning if user tries to use tcp-{request,response} rules with log backend, and we properly ignore such rules when inherited from defaults section.
This commit is contained in:
parent
6a29888f60
commit
5335618967
31
src/log.c
31
src/log.c
@ -41,6 +41,7 @@
|
||||
#include <haproxy/ssl_sock.h>
|
||||
#include <haproxy/stconn.h>
|
||||
#include <haproxy/stream.h>
|
||||
#include <haproxy/action.h>
|
||||
#include <haproxy/time.h>
|
||||
#include <haproxy/hash.h>
|
||||
#include <haproxy/tools.h>
|
||||
@ -874,6 +875,32 @@ static void log_backend_srv_down(struct server *srv)
|
||||
HA_RWLOCK_WRUNLOCK(LBPRM_LOCK, &p->lbprm.lock);
|
||||
}
|
||||
|
||||
/* check that current configuration is compatible with "mode log" */
|
||||
static int _postcheck_log_backend_compat(struct proxy *be)
|
||||
{
|
||||
int err_code = ERR_NONE;
|
||||
|
||||
if (!LIST_ISEMPTY(&be->tcp_req.inspect_rules) ||
|
||||
!LIST_ISEMPTY(&be->tcp_req.l4_rules) ||
|
||||
!LIST_ISEMPTY(&be->tcp_req.l5_rules)) {
|
||||
ha_warning("Cannot use tcp-request rules with 'mode log' in %s '%s'. They will be ignored.\n",
|
||||
proxy_type_str(be), be->id);
|
||||
|
||||
err_code |= ERR_WARN;
|
||||
free_act_rules(&be->tcp_req.inspect_rules);
|
||||
free_act_rules(&be->tcp_req.l4_rules);
|
||||
free_act_rules(&be->tcp_req.l5_rules);
|
||||
}
|
||||
if (!LIST_ISEMPTY(&be->tcp_rep.inspect_rules)) {
|
||||
ha_warning("Cannot use tcp-response rules with 'mode log' in %s '%s'. They will be ignored.\n",
|
||||
proxy_type_str(be), be->id);
|
||||
|
||||
err_code |= ERR_WARN;
|
||||
free_act_rules(&be->tcp_rep.inspect_rules);
|
||||
}
|
||||
return err_code;
|
||||
}
|
||||
|
||||
static int postcheck_log_backend(struct proxy *be)
|
||||
{
|
||||
char *msg = NULL;
|
||||
@ -885,6 +912,10 @@ static int postcheck_log_backend(struct proxy *be)
|
||||
(be->flags & (PR_FL_DISABLED|PR_FL_STOPPED)))
|
||||
return ERR_NONE; /* nothing to do */
|
||||
|
||||
err_code |= _postcheck_log_backend_compat(be);
|
||||
if (err_code & ERR_CODE)
|
||||
return err_code;
|
||||
|
||||
/* First time encoutering this log backend, perform some init
|
||||
*/
|
||||
be->lbprm.set_server_status_up = log_backend_srv_up;
|
||||
|
@ -103,7 +103,9 @@ int tcp_inspect_request(struct stream *s, struct channel *req, int an_bit)
|
||||
|
||||
DBG_TRACE_ENTER(STRM_EV_STRM_ANA|STRM_EV_TCP_ANA, s);
|
||||
|
||||
def_rules = ((s->be->defpx && (an_bit == AN_REQ_INSPECT_FE || s->be->defpx != sess->fe->defpx)) ? &s->be->defpx->tcp_req.inspect_rules : NULL);
|
||||
def_rules = ((s->be->defpx &&
|
||||
(sess->fe->mode == PR_MODE_TCP || sess->fe->mode == PR_MODE_HTTP) &&
|
||||
(an_bit == AN_REQ_INSPECT_FE || s->be->defpx != sess->fe->defpx)) ? &s->be->defpx->tcp_req.inspect_rules : NULL);
|
||||
rules = &s->be->tcp_req.inspect_rules;
|
||||
|
||||
/* We don't know whether we have enough data, so must proceed
|
||||
@ -286,7 +288,7 @@ int tcp_inspect_response(struct stream *s, struct channel *rep, int an_bit)
|
||||
|
||||
DBG_TRACE_ENTER(STRM_EV_STRM_ANA|STRM_EV_TCP_ANA, s);
|
||||
|
||||
def_rules = (s->be->defpx ? &s->be->defpx->tcp_rep.inspect_rules : NULL);
|
||||
def_rules = (s->be->defpx && (s->be->mode == PR_MODE_TCP || s->be->mode == PR_MODE_HTTP) ? &s->be->defpx->tcp_rep.inspect_rules : NULL);
|
||||
rules = &s->be->tcp_rep.inspect_rules;
|
||||
|
||||
/* We don't know whether we have enough data, so must proceed
|
||||
@ -484,7 +486,7 @@ int tcp_exec_l4_rules(struct session *sess)
|
||||
if (!conn)
|
||||
return result;
|
||||
|
||||
if (sess->fe->defpx)
|
||||
if (sess->fe->defpx && (sess->fe->mode == PR_MODE_TCP || sess->fe->mode == PR_MODE_HTTP))
|
||||
px = sess->fe->defpx;
|
||||
|
||||
restart:
|
||||
@ -579,7 +581,7 @@ int tcp_exec_l5_rules(struct session *sess)
|
||||
int result = 1;
|
||||
enum acl_test_res ret;
|
||||
|
||||
if (sess->fe->defpx)
|
||||
if (sess->fe->defpx && (sess->fe->mode == PR_MODE_TCP || sess->fe->mode == PR_MODE_HTTP))
|
||||
px = sess->fe->defpx;
|
||||
|
||||
restart:
|
||||
|
Loading…
Reference in New Issue
Block a user