Commit Graph

17470 Commits

Author SHA1 Message Date
Willy Tarreau
5fc49f2fc3 [DOC] updated TODO with remaining l7-switch work 2006-12-17 23:32:53 +01:00
Willy Tarreau
a496b6042b [MAJOR] merged the 'setbe' actions to switch the backend on a regex
Sin Yu's patch to permit to change the proxy from a regex was merged
with little changes :
  - req_cap/rsp_cap are not reassigned to the new proxy, they stay
    attached to the frontend

  - the actions have been renamed "reqsetbe" and "reqisetbe" for
    "set BackEnd".

  - the buffer is not reset after the switch, instead, the headers are
    parsed again by the backend

  - in Sin's patch, it was theorically possible to switch multiple times,
    but the switching track was lost, making it impossible to apply
    server responsesin the reverse order. Now switching is limited to
    1 action (separation between frontend and backend) but the filters
    remain.

Now it will be extremely easy to add other switching conditions, such
as host matching, URI matching, etc...

There's still a hard work to be done on the logs and stats.
2006-12-17 23:15:24 +01:00
Willy Tarreau
ddb358d932 [MEDIUM] tried to clean the logs up a little bit
The logs have become a real mess. It is now very hard to tell which
frontend/backend will impose its configuration for the logs. This
needs a complete rework but at least it should work.
2006-12-17 22:55:52 +01:00
Willy Tarreau
f1221aa19f [MEDIUM] separated nbconn into feconn and beconn
The nbconn attribute in the proxies was not relevant anymore because
a frontend A may use backend B and both of them must account for their
respective connections. For this reason, there now are two separate
counters for frontend and backend connections.

The stats page has been updated to reflect the backend, but a separate
line entry for the frontend with error counts would be good.

Note that as of now, beconn may be higher than maxconn, because maxconn
applies to the frontend, while beconn may be increased due to sessions
passed from another frontend.
2006-12-17 22:14:12 +01:00
Willy Tarreau
830ff458de [MAJOR] reworked ->be, ->fe and ->fi in sessions
There was a confusion about the way to find filters and backend
parameters from sessions. The chaining has been changed between
the session and the proxy.

Now, a session knows only two proxies : one frontend (->fe) and
one backend (->be). Each proxy has a link to the proxy providing
filters and to the proxy providing backend parameters (both self
by default).

The captures (cookies and headers) have been attached to the
frontend's filters for now.

The uri_auth and the statistics are attached to the backend's
filters so that the uri can depend on a hostname for instance.
2006-12-17 19:31:23 +01:00
Willy Tarreau
97a738f32c [MINOR] add the fiprm and beprm indirections to struct proxy
A proxy will be able to borrow parameters from another one.
In particular, the filters will be inheritable from another
proxy, and the backend parameters too.
2006-12-17 18:02:30 +01:00
Willy Tarreau
b251390f7e [MEDIUM] moved uri_auth check to a separate function
The check of uri_auth is now in a separate function which is
checked after every backend switch, so that it will be possible
to have an uri_auth for the frontend and another one for the
backend.
2006-12-17 14:52:38 +01:00
Willy Tarreau
921d7c0a70 [MINOR] removed the SN_POST flag and string checks on method
Now that hreq.meth is known, use it everywhere a method is required.
2006-12-17 13:50:27 +01:00
Willy Tarreau
53b6c74d06 [MEDIUM] check the HTTP method after all filters have been applied
The HTTP method is now checked and saved into hreq.meth. It will be
usable at several places instead of those dirty string comparisons.
2006-12-17 13:37:46 +01:00
Willy Tarreau
230fd0bfdf [MEDIUM] optimized the request parser a bit more
Some while() constructs are not very efficient with gcc, yet they are
used to scan all the text in the start line and the headers. Replacing
them with more efficient (but ugly) loops provides a global gain of
about 2%, which is not bad at all !
2006-12-17 12:05:00 +01:00
Willy Tarreau
976f1ee561 [MINOR] reorganized the request parser states to improve speed
The most commonly branched states have been grouped in the first
ifs.
2006-12-17 10:06:03 +01:00
Willy Tarreau
06619265b1 [MEDIUM] reorganized request handling to prepare for content-switching
The filters are now iterated for FE, FI, BE.

Some grey areas remain :
  - uri_auth has been propagated to the backend, but in fact it
    should be checked at every level (fe, fi, be), depending
    where it is declared, and before the filters.

  - the HTTP method and URI should be stored and propagated everywhere
    they are used. For this, we would need to first apply filters to
    be aware of filter changes which affect them.

  - there seems to be no need anymore for hdr_idx[0] being empty.
    It may contain the start line, which will slightly improve
    performance and make the code easier to read.
2006-12-17 08:37:22 +01:00
Willy Tarreau
45e73e3cd9 [MEDIUM] move all HTTP Request-related session material to struct hreq
The req_cap, hdr_state, hdr_idx, auth_hdr and req_line have been moved
to a dedicated hreq structure in the session. It makes is easier to
add HTTP-specific fields such as SOR (start of request) and EOF (end
of headers).

It also made it possible to fix two bugs introduced by last commit :
 - end of headers not correctly detected
 - hdr_idx not freed upon one specific error during session creation

When the backend side will be reworked, it should rely on a similar
structure.
2006-12-17 00:05:15 +01:00
Willy Tarreau
8a68c24b91 [BUILD] debug.h had a typo. Also add FSM_PRINTF to debug FSM only. 2006-12-16 23:22:58 +01:00
Willy Tarreau
a4cd1f50cc [MEDIUM] make process_cli() not depend on req->h anymore
Local variables now keep the start and end of line at any moment.
req->h has been removed and will soon be removable from the buffer.
2006-12-16 19:57:26 +01:00
Willy Tarreau
09733ab109 [MINOR] add .gitignore 2006-12-16 19:56:22 +01:00
Willy Tarreau
1d488b6e10 [MINOR] added include/common/debug.h
This file will provide debugging macros such as DPRINTF.
2006-12-16 19:54:02 +01:00
Willy Tarreau
f224273df3 [BUILD] last commit did not build 2006-12-16 19:00:29 +01:00
Willy Tarreau
e15d9132df [MEDIUM] reference and index appended request headers
When headers are appended to the end of a request, they must
be indexed.
2006-12-14 22:26:42 +01:00
Willy Tarreau
2a32428926 [MAJOR] finished replacement of the client-side HTTP parser with a new one
The code is working again, but not as clean as it could be.
Many blocks should still move to dedicated functions. req->h
must be removed everywhere and updated everytime needed.

A few functions or macros should take care of the headers
during header insertion/deletion/change.
2006-12-05 00:05:46 +01:00
Willy Tarreau
58f10d7478 [MAJOR] replaced the client-side HTTP parser with a new one
The new parser uses an FSM to strictly follow RFC2616.
Headers are indexed and parsed only once they're all available.
That way, complex regexes make more sense.

HTTP processing is now performed in several phases by calling
multiple functions, making the code cleaner and easier to read.

Note that req[i]pass does not work anymore because it would
require that we mark a header to be ignored. What is really
needed is to have the ability to add an exception to a matching
(match xx except yy).

Several bugs have been fixed in appsession during the conversion
to the new FSM (method length and recovery on malloc errors).

The code does build and work with the debug examples, but is
not usable yet to connect to anything as it does not forward
the requests yet.
2006-12-04 02:26:12 +01:00
Willy Tarreau
b7eba10304 [BUG] files were missing for hdr_idx in previous commit 2006-12-04 02:20:02 +01:00
Willy Tarreau
e5f20dcea8 [MEDIUM] added the hdr_idx structure for future HTTP header indexing
This structure will consume 4 bytes per header to keep track of
headers within a request or a response without having to parse
the whole request for each regex. As it's not possible to allocate
only 4 bytes, we define a max number of HTTP headers. We set it
to (BUFSIZE+79)/80 so that 8kB buffers can contain 100 headers
(like Apache), resulting in 400 bytes dedicated to indexation,
or about 400/(2*8kB) ~= 2.4% of the memory usage.
2006-12-03 15:21:35 +01:00
Willy Tarreau
09536952b3 Merge branch 'rfc2616' into switch 2006-12-02 20:13:39 +01:00
Willy Tarreau
669e6da163 [BUG] implemented support for multi-line headers as required by RFC2616.
This patch was added in 1.2.9 but was then incidentely reverted by
  manipulation error when merging next patch (enforce max number of
  conns). It's now merged again.
2006-12-02 20:12:55 +01:00
Willy Tarreau
73de9899a6 [MAJOR] separate sess->proxy into sess->{fe,fi,be}
The references to the proxy from the session have been turned into
Frontend (fe), Filters (fi) and Backend (be). This should ease the
migration to the L7 switching features. Next step will be to kill
the struct proxy and have 3 independant structs instead, each
referenced from entities called listener, frontend, filters and
backend.
2006-11-30 11:40:23 +01:00
Willy Tarreau
163c53253c [MEDIUM] use tproxy address as source of health checks
If a tproxy address is defined, then use it for health checks too.
2006-11-14 16:18:41 +01:00
Willy Tarreau
f19cf37031 [BUILD] remove a warning in backend.c
include <string.h> to remove a warning on memset
2006-11-14 15:40:51 +01:00
Willy Tarreau
58b2f83685 [MEDIUM] add support for SO_REUSEPORT on Linux
SO_REUSEPORT does not exist on Linux but the checks are available in
the code. With a little patch, it's possible to implement the feature,
but the value of SO_REUSEPORT will still have to be known from userland.
This patch adds a workaround to this problem by figuring out the value
for the one used by SO_REUSEADDR.
2006-11-13 01:22:38 +01:00
Willy Tarreau
77074d548b [MAJOR] support for source binding via cttproxy
Using the cttproxy kernel patch, it's possible to bind to any source
address. It is highly recommended to use the 03-natdel patch with the
other ones.

A new keyword appears as a complement to the "source" keyword : "usesrc".
The source address is mandatory and must be valid on the interface which
will see the packets. The "usesrc" option supports "client" (for full
client_ip:client_port spoofing), "client_ip" (for client_ip spoofing)
and any 'IP[:port]' combination to pretend to be another machine.

Right now, the source binding is missing from server health-checks if
set to another address. It must be implemented (think restricted firewalls).
The doc is still missing too.
2006-11-12 23:57:19 +01:00
Willy Tarreau
2152cb5b59 [MEDIUM] import ip_tproxy.h from cttproxy
The file "ip_tproxy.h" will be needed to build with cttproxy support.
Let's include it to ease the build process.
2006-11-12 23:50:48 +01:00
Willy Tarreau
9c9fea4617 [RELEASE] released 1.3.3
Released 1.3.3 with the following changes :
    - fix broken redispatch option in case the connection has already
      been marked "in progress" (ie: nearly always).
    - support regparm on x86 to speed up some often called functions
    - removed a few useless calls to gettimeofday() in log functions.
    - lots of 'const char*' cleanups
    - turn every FD_* into functions which are faster on recent CPUs
    - builds again on OpenBSD and Solaris
2006-10-16 00:03:35 +02:00
Willy Tarreau
4eeec0967d [BUILD] Makefile.bsd is functionnal again. 2006-10-15 23:50:42 +02:00
Willy Tarreau
390223bc32 [BUILD] only enable regparm on x86 to avoid useless warnings
It complains at least on Solaris/sparc64 and OpenBSD/vax.
2006-10-15 23:43:42 +02:00
Willy Tarreau
1a587498e8 [BUILD] make clean did not work on anything but bash 2006-10-15 23:40:58 +02:00
Willy Tarreau
aad2e49034 [BUILD] replaced u_int32_t with unsigned int.
Linux and BSD know about u_int32_t, while Solaris knows about uint32_t.
This is getting boring and unsigned int perfectly fits the goal for the
moment. Further investigation will be performed anyway.
2006-10-15 23:32:18 +02:00
Willy Tarreau
7d67768e27 [BUILD] types/proxy.h: reorder a few includes.
OpenBSD is very sensible on the order of includes :
sys/types.h, sys/socket.h, netinet/in.h and arpa/inet.h must be
included in this exact order.
2006-10-15 23:18:47 +02:00
Willy Tarreau
1001b949ee [CLEANUP] fd.c : regparm was hardcoded too. 2006-10-15 23:10:10 +02:00
Willy Tarreau
014b4fecb2 [BUILD] <stdint> is not present on OpenBSD. Prefer <sys/types.h> 2006-10-15 22:57:13 +02:00
Willy Tarreau
fddaec02ee [CLEANUP] fd.h : regparm was hardcoded. 2006-10-15 22:56:08 +02:00
Willy Tarreau
bf73613543 [CLEANUP] added the correct cast to call localtime()
Calling localtime() with a timeval.tv_sec causes a warning on
OpenBSD where the tv_sec is declared long.
2006-10-15 22:54:47 +02:00
Willy Tarreau
fb278677e2 [MEDIUM] use regparm on a few tv_* functions
Some of the tv_* functions are called very often. Passing their
arguments as registers is quite faster. This can be disabled
by setting CONFIG_HAP_DISABLE_REGPARM.
2006-10-15 15:38:50 +02:00
Willy Tarreau
2b35c95d6c [MEDIUM] remove useless calls to gettimeofday()
send_log(), Alert() and Warning() used gettimeofday() while using
<now> should have been preferred.
2006-10-15 15:25:48 +02:00
Willy Tarreau
b17916e89b [CLEANUP] add a few "const char *" where appropriate
As suggested by Markus Elfring, a few "const char *" have replaced
some "char *" declarations where a function is not expected to
modify a value. It does not change the code but it helps detecting
coding errors.
2006-10-15 15:17:57 +02:00
Willy Tarreau
c642348ce4 [CLEANUP] add a few checks for functions return values
Markus Elfring suggested adding a few checks which were missing
after a bunch of getsockopt() and 2 strdup(). While those are
unlikely to fail where they are used, it makes the code cleaner.
2006-10-15 14:59:03 +02:00
Willy Tarreau
2a429503e0 [MINOR] turn every FD_* into functions
On recent CPUs, functions are about twice as fast as inline FD_*, so
there is now a #define CONFIG_HAP_INLINE_FD_SET to choose between the
two modes.
2006-10-15 14:53:07 +02:00
Willy Tarreau
0bbc3cf157 [MEDIUM] fix broken redispatch option
Since the connection queueing was introduced, the "redispatch"
option could not cover the cases where a connection has been
refused by the server after having been marked "in progress".
The fix consists in doing a redispatch in the delayed connection
handling code.

Problem reported by Konrad Rzentarzewski.
2006-10-15 14:26:02 +02:00
Willy Tarreau
9f0a90145f [BUILD] added the 'git-tar' target to the Makefile
Now, doing a "make git-tar" will automaticall build the tar.gz archive
from the versionned tree.
2006-10-15 14:24:14 +02:00
Willy Tarreau
690f9aa028 [RELEASE] released 1.3.2
- started the changes towards I/O completion callbacks. stream_sock* have
      replaced event_*.
    - added the new "reqtarpit" and "reqitarpit" protection features
2006-09-03 11:23:06 +02:00
Willy Tarreau
08fa2e37fd [MINOR] tarpit: close the connection if the client closes.
There's no point at maintaining an open tarpitted connection
if the client has left.
2006-09-03 10:47:37 +02:00