When "hdr" arguments of an http reply are parsed, the allocated header may leak
on error path. Adding it to the header list earlier fixes the issue.
This patch should partly fix the issue #645.
No backport needed.
The http reply must be released in the function responsible to release it. This
leak was introduced when the http return was refactored to use http reply.
This patch should partly fix the issue #645.
No backport needed.
Released version 2.2-dev8 with the following main changes :
- MINOR: checks: Improve report of unexpected errors for expect rules
- MEDIUM: checks: Add matching on log-format string for expect rules
- DOC: Fix req.body and co documentation to be accurate
- MEDIUM: checks: Remove dedicated sample fetches and use response ones instead
- CLEANUP: checks: sort and rename tcpcheck_expect_type types
- MINOR: checks: Use dedicated actions to send log-format strings in send rules
- MINOR: checks: Simplify matching on HTTP headers in HTTP expect rules
- MINOR: checks/sample: Remove unnecessary tests on the sample session
- REGTEST: checks: Adapt SSL error message reported when connection is rejected
- MINOR: mworker: replace ha_alert by ha_warning when exiting successfuly
- MINOR: checks: Support log-format string to set the URI for HTTP send rules
- MINOR: checks: Support log-format string to set the body for HTTP send rules
- DOC: Be more explicit about configurable check ok/error/timeout status
- MINOR: checks: Make matching on HTTP headers for expect rules less obscure
- BUG/MEDIUM: lua: Fix dumping of stick table entries for STD_T_DICT
- BUG/MINOR: config: Make use_backend and use-server post-parsing less obscur
- REGTESTS: make the http-check-send test require version 2.2
- BUG/MINOR: http-ana: fix NTLM response parsing again
- BUG/MEDIUM: http_ana: make the detection of NTLM variants safer
- BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x sequence is encountered
- MINOR: cfgparse: Improve error message for invalid \x sequences
- CI: travis-ci: enable arm64 builds again
- MEDIUM: ssl: increase default-dh-param to 2048
- CI: travis-ci: skip pcre2 on arm64 build
- CI: travis-ci: extend the build time for SSL to 60 minutes
- CLEANUP: config: drop unused setting CONFIG_HAP_MEM_OPTIM
- CLEANUP: config: drop unused setting CONFIG_HAP_INLINE_FD_SET
- CLENAUP: config: move CONFIG_HAP_LOCKLESS_POOLS out of config.h
- CLEANUP: remove THREAD_LOCAL from config.h
- CI: travis-ci: upgrade LibreSSL versions
- DOC: assorted typo fixes in the documentation
- CI: extend spellchecker whitelist
- CLEANUP: assorted typo fixes in the code and comments
- MAJOR: contrib: porting spoa_server to support python3
- BUG/MEDIUM: checks: Subscribe to I/O events on an unfinished connect
- BUG/MINOR: checks: Don't subscribe to I/O events if it is already done
- BUG/MINOR: checks: Rely on next I/O oriented rule when waiting for a connection
- MINOR: checks: Don't try to send outgoing data if waiting to be able to send
- MINOR: sample: Move aes_gcm_dec implementation into sample.c
- MINOR: sample: Add digest and hmac converters
- BUG/MEDIUM: checks: Subscribe to I/O events only if a mux was installed
- BUG/MINOR: sample/ssl: Fix digest converter for openssl < 1.1.0
- BUG/MINOR: pools: use %u not %d to report pool stats in "show pools"
- BUG/MINOR: pollers: remove uneeded free in global init
- CLEANUP: select: enhance readability in init
- BUG/MINOR: soft-stop: always wake up waiting threads on stopping
- MINOR: soft-stop: let the first stopper only signal other threads
- BUILD: select: only declare existing local labels to appease clang
- BUG/MEDIUM: streams: Remove SF_ADDR_SET if we're retrying due to L7 retry.
- BUG/MEDIUM: stream: Only allow L7 retries when using HTTP.
- DOC: retry-on can only be used with mode http
- MEDIUM: ssl: allow to register callbacks for SSL/TLS protocol messages
- MEDIUM: ssl: split ssl_sock_msgcbk() and use a new callback mechanism
- MINOR: ssl: add a new function ssl_sock_get_ssl_object()
- MEDIUM: ssl: use ssl_sock_get_ssl_object() in fetchers where appropriate
- REORG: ssl: move macros and structure definitions to ssl_sock.h
- CLEANUP: ssl: remove the shsess_* macros
- REORG: move the crt-list structures in their own .h
- REORG: ssl: move the ckch structures to types/ssl_ckch.h
- CLEANUP: ssl: add ckch prototypes in proto/ssl_ckch.h
- REORG: ssl: move crtlist functions to src/ssl_crtlist.c
- CLEANUP: ssl: avoid circular dependencies in ssl_crtlist.h
- REORG: ssl: move the ckch_store related functions to src/ssl_ckch.c
- REORG: ssl: move ckch_inst functions to src/ssl_ckch.c
- REORG: ssl: move the crt-list CLI functions in src/ssl_crtlist.c
- REORG: ssl: move the CLI 'cert' functions to src/ssl_ckch.c
- REORG: ssl: move ssl configuration to cfgparse-ssl.c
- MINOR: ssl: remove static keyword in some SSL utility functions
- REORG: ssl: move ssl_sock_ctx and fix cross-dependencies issues
- REORG: ssl: move sample fetches to src/ssl_sample.c
- REORG: ssl: move utility functions to src/ssl_utils.c
- DOC: ssl: update MAINTAINERS file
- CI: travis-ci: switch arm64 builds to use openssl from distro
- MINOR: stats: Prepare for more accurate moving averages
- MINOR: stats: Expose native cum_req metric for a server
- MEDIUM: stats: Enable more accurate moving average calculation for stats
- BUILD: ssl: include buffer common headers for ssl_sock_ctx
- BUILD: ssl: include errno.h in ssl_crtlist.c
- CLEANUP: acl: remove unused assignment
- DOC/MINOR: halog: Add long help info for ic flag
- BUILD: ssl: fix build without OPENSSL_NO_ENGINE
- DOC: SPOE is no longer experimental
- BUG/MINOR: cache: Don't needlessly test "cache" keyword in parse_cache_flt()
- MINOR: config: Don't dump keywords if argument is NULL
- MEDIUM: checks: Make post-41 the default mode for mysql checks
- BUG/MINOR: logs: prevent double line returns in some events.
- MEDIUM: sink: build header in sink_write for log formats
- MEDIUM: logs: buffer targets now rely on new sink_write
- MEDIUM: sink: add global statement to create a new ring (sink buffer)
- MEDIUM: hpack: use a pool for the hpack table
- BUG/MAJOR: mux-fcgi: Stop sending loop if FCGI stream is blocked for any reason
- BUG/MEDIUM: ring: write-lock the ring while attaching/detaching
- MINOR: applet: adopt the wait list entry from the CLI
- MINOR: ring: make the applet code not depend on the CLI
- Revert "MEDIUM: sink: add global statement to create a new ring (sink buffer)"
- CI: travis-ci: fix libslz download URL
- MINOR: ssl: split config and runtime variable for ssl-{min,max}-ver
- CLEANUP: http_ana: Remove unused TXN flags
- BUG/MINOR: http-rules: Mark http return rules as final
- MINOR: http-htx: Add http_reply type based on what is used for http return rules
- CLEANUP: http-htx: Rename http_error structure into http_error_msg
- MINOR: http-rules: Use http_reply structure for http return rules
- MINOR: http-htx: Use a dedicated function to release http_reply objects
- MINOR: http-htx: Use a dedicated function to parse http reply arguments
- MINOR: http-htx: Use a dedicated function to check http reply validity
- MINOR: http-ana: Use a dedicated function to send a response from an http reply
- MEDIUM: http-rules: Rely on http reply for http deny/tarpit rules
- MINOR: http-htx: Store default error messages in a global http reply array
- MINOR: http-htx: Store messages of an http-errors section in a http reply array
- MINOR: http-htx: Store errorloc/errorfile messages in http replies
- MINOR: proxy: Add references on http replies for proxy error messages
- MINOR: http-htx: Use http reply from the http-errors section
- MINOR: http-ana: Use a TXN flag to prevent after-response ruleset evaluation
- MEDIUM: http-ana: Use http replies for HTTP error messages
- CLEANUP: http-htx: Remove unused storage of error messages in buffers
- MINOR: htx: Add a function to copy a buffer in an HTX message
- CLEANUP: channel: Remove channel_htx_copy_msg() function
- MINOR: http-ana: Add a function to write an http reply in an HTX message
- MINOR: http-htx/proxy: Add http-error directive using http return syntax
- DOC: Fix "errorfile" description in the configuration manual
- BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified
- BUILD: hpack: make sure the hpack table can still be built standalone
- CONTRIB: hpack: make use of the simplified standalone HPACK API
- MINOR: connection: add pp2-never-send-local to support old PP2 behavior
A bug in the PROXY protocol v2 implementation was present in HAProxy up to
version 2.1, causing it to emit a PROXY command instead of a LOCAL command
for health checks. This is particularly minor but confuses some servers'
logs. Sadly, the bug was discovered very late and revealed that some servers
which possibly only tested their PROXY protocol implementation against
HAProxy fail to properly handle the LOCAL command, and permanently remain in
the "down" state when HAProxy checks them. When this happens, it is possible
to enable this global option to revert to the older (bogus) behavior for the
time it takes to contact the affected components' vendors and get them fixed.
This option is disabled by default and acts on all servers having the
"send-proxy-v2" statement.
Older versions were reverted to the old behavior and should not attempt to
be fixed by default again. However a variant of this patch could possibly
be implemented to ask to explicitly send LOCAL if needed by some servers.
More context here:
https://www.mail-archive.com/haproxy@formilux.org/msg36890.htmlhttps://www.mail-archive.com/haproxy@formilux.org/msg37218.html
As reported in oss-fuzz issue 22388, the contrib/hpack code doesn't
build anymore for now. Thanks to previous patch we can now just define
HPACK_STANDALONE in the few files which include hpack-tbl.h and we can
declare a dummy pool to hold the DHT size. This is enough to make the
code work again outside of the haproxy process. It was successfully
tested using:
$ echo 82 84 87 90 | ./decode
Recent commit 2bdcc70fa7 ("MEDIUM: hpack: use a pool for the hpack table")
made the hpack code finally use a pool with very unintrusive code that was
assumed to be trivial enough to adjust if the code needed to be reused
outside of haproxy. Unfortunately the code in contrib/hpack already uses
it and broke the oss-fuzz tests as it doesn't build anymore.
This patch adds an HPACK_STANDALONE macro to decide if we should use the
pools or malloc+free. The resulting macros are called hpack_alloc() and
hpack_free() respectively, and the size must be passed into the pool
itself.
When a check port or a check address is specified, the check transport layer is
ignored. So it is impossible to do a SSL check in this case. This bug was
introduced by the commit 8892e5d30 ("BUG/MEDIUM: server/checks: Init server
check during config validity check").
This patch should fix the issue #643. It must be backported to all branches
where the above commit was backported.
"errorfile" description is outdated. Now, error messages are parsed at startup
and converted to HTX messages. So they must be valid according to the HTTP
standards. In addition, there is now a comment about the reserved buffer space
that should remain available to allow header rewrites.
The http-error directive can now be used instead of errorfile to define an error
message in a proxy section (including default sections). This directive uses the
same syntax that http return rules. The only real difference is the limitation
on status code that may be specified. Only status codes supported by errorfile
directives are supported for this new directive. Parsing of errorfile directive
remains independent from http-error parsing. But functionally, it may be
expressed in terms of http-errors :
errorfile <status> <file> ==> http-errror status <status> errorfile <file>
When an error response is sent to a client, the write of the http reply in the
channel buffer and its sending are performed in different functions. The
http_reply_to_htx() function is used to write an http reply in HTX message. This
way, it could be possible to use the http replies in a different context.
The htx_copy_msg() function can now be used to copy the HTX message stored in a
buffer in an existing HTX message. It takes care to not overwrite existing
data. If the destination message is empty, a raw copy is performed. All the
message is copied or nothing.
This function is used instead of channel_htx_copy_msg().
When HAProxy returns an http error message, the corresponding http reply is now
used instead of the buffer containing the corresponding HTX message. So,
http_error_message() function now returns the http reply to use for a given
stream. And the http_reply_and_close() function now relies on
http_reply_message() to send the response to the client.
The txn flag TX_CONST_REPLY may now be used to prevent after-response ruleset
evaluation. It is used if this ruleset evaluation failed on an internal error
response. Before, it was done incrementing the parameter <final>. But it is not
really convenient if an intermediary function is used to produce the
response. Using a txn flag could also be a good way to prevent after-response
ruleset evaluation in a different context.
When an http reply is configured to use an error message from an http-errors
section, instead of referencing the error message, the http reply is used. To do
so the new http reply type HTTP_REPLY_INDIRECT has been added.
Error messages defined in proxy section or inherited from a default section are
now also referenced using an array of http replies. This is done during the
configuration validity check.
During configuration parsing, error messages resulting of parsing of errorloc
and errorfile directives are now also stored as an http reply. So, for now,
these messages are stored as a buffer and as an http reply. To be able to
release all these http replies when haproxy is stopped, a global list is
used. We must do that because the same http reply may be referenced several
times by different proxies if it is defined in a default section.
Error messages specified in an http-errors section is now also stored in an
array of http replies. So, for now, these messages are stored as a buffer and as
a http reply.
Default error messages are stored as a buffer, in http_err_chunks global array.
Now, they are also stored as a http reply, in http_err_replies global array.
"http-request deny", "http-request tarpit" and "http-response deny" rules now
use the same syntax than http return rules and internally rely on the http
replies. The behaviour is not the same when no argument is specified (or only
the status code). For http replies, a dummy response is produced, with no
payload. For old deny/tarpit rules, the proxy's error messages are used. Thus,
to be compatible with existing configuration, the "default-errorfiles" parameter
is implied. For instance :
http-request deny deny_status 404
is now an alias of
http-request deny status 404 default-errorfiles
The http_reply_message() function may be used to send an http reply to a
client. This function is responsile to convert the reply in HTX, to push it in
the response buffer and to forward it to the client. It is also responsible to
terminate the transaction.
This function is used during evaluation of http return rules.
A dedicated function is added to check the validity of an http reply object,
after parsing. It is used to check the validity of http return rules.
For now, this function is only used to find the right error message in an
http-errors section for http replies of type HTTP_REPLY_ERRFILES (using
"errorfiles" argument). On success, such replies are updated to point on the
corresponding error message and their type is set to HTTP_REPLY_ERRMSG. If an
unknown http-errors section is referenced, anx error is returned. If a unknown
error message is referenced inside an existing http-errors section, a warning is
emitted and the proxy's error messages are used instead.
A dedicated function to parse arguments and create an http_reply object is
added. It is used to parse http return rule. Thus, following arguments are
parsed by this function :
... [status <code>] [content-type <type>]
[ { default-errorfiles | errorfile <file> | errorfiles <name> |
file <file> | lf-file <file> | string <str> | lf-string <fmt> } ]
[ hdr <name> <fmt> ]*
Because the status code argument is optional, a default status code must be
defined when this function is called.
No real change here. Instead of using an internal structure to the action rule,
the http return rules are now stored as an http reply. The main change is about
the action type. It is now always set to ACT_CUSTOM. The http reply type is used
to know how to evaluate the rule.
The structure owns an error message, most of time loaded from a file, and
converted to HTX. It is created when an errorfile or errorloc directive is
parsed. It is renamed to avoid ambiguities with http_reply structure.
The http_reply structure is added. It represents a generic HTTP message used as
internal response by HAProxy. It is based on the structure used to store http
return rules. The aim is to store all error messages using this structure, as
well as http return and http deny rules.
For HTTP rules, this flag is only used to trigger a warning during HAProxy
startup when a final rule without ACL is not the last one. So this patch is
marked as a bug, but its impact is really limited.
No backport needed because http return rules were introduced in the 2.2.
TX_CLDENY, TX_CLALLOW, TX_SVDENY and TX_SVALLOW flags are unused. Only
TX_CLTARPIT is used to make the difference between an http deny rule and an http
tarpit rule. So these unused flags are removed.
In the CLI command 'show ssl crt-list', the ssl-min-ver and the
ssl-min-max arguments were always displayed because the dumped versions
were the actual version computed and used by haproxy, instead of the
version found in the configuration.
To fix the problem, this patch separates the variables to have one with
the configured version, and one with the actual version used. The dump
only shows the configured version.
let us switch to github mirror, travis cannot download original libslz
error is:
fatal: unable to access 'http://git.1wt.eu/git/libslz.git/': Failed
to connect to git.1wt.eu port 80: Connection timed out The command
"git clone http://git.1wt.eu/git/libslz.git/" failed and exited with
128...
This reverts commit 957ec59571.
As discussed with Emeric, the current syntax is not extensible enough,
this will be turned to a section instead in a forthcoming patch.
The ring to applet communication was only made to deal with CLI functions
but it's generic. Let's have generic appctx functions and have the CLI
rely on these instead. This patch introduces ring_attach_appctx() and
ring_detach_appctx().
A few fields, including a generic list entry, were added to the CLI context
by commit 300decc8d9 ("MINOR: cli: extend the CLI context with a list and
two offsets"). It turns out that the list entry (l0) is solely used to
consult rings and that the generic ring_write() code is restricted to a
consumer on the CLI due to this, which was not the initial intent. Let's
make it a general purpose wait_entry field that is properly initialized
during appctx_init(). This will allow any applet to wait on a ring, not
just the CLI.
The LIST_ADDQ() and LIST_DEL_INIT() calls made to attach/detach a waiter
to the ring were made under a read lock which was sufficient in front of
the writer's write lock. But it's not sufficient against other readers!
Thus theorically multiple "show events" on the same ring buffer on the
CLI could result in a crash, even though for now I couldn't manage to
reproduce it.
This fixes commit 1d181e489c ("MEDIUM: ring: implement a wait mode for
watchers") so it must be backported to 2.1, possibly further if the ring
code gets backported.
Because of a typo error in conditions to exit the sending loop, it is possible
to loop infinitely in fcgi_snd_buf() function. Instead of checking the FCGI
stream is not blocked to continue sending data, the FCGI connection is used. So
it is possible to have a stream blocked because there is not enough space in the
mux buffers to copy more data but continue to loop to send more data.
This patch should fix the issue #637. It must be backported to 2.1.
Instead of using malloc/free to allocate an HPACK table, let's declare
a pool. However the HPACK size is configured by the H2 mux, so it's
also this one which allocates it after post_check.
This patch adds the new global statement:
ring <name> [desc <desc>] [format <format>] [size <size>] [maxlen <length>]
Creates a named ring buffer which could be used on log line for instance.
<desc> is an optionnal description string of the ring. It will appear on
CLI. By default, <name> is reused to fill this field.
<format> is the log format used when generating syslog messages. It may be
one of the following :
iso A message containing only the ISO date, followed by the text.
The PID, process name and system name are omitted. This is
designed to be used with a local log server.
raw A message containing only the text. The level, PID, date, time,
process name and system name are omitted. This is designed to be
used in containers or during development, where the severity only
depends on the file descriptor used (stdout/stderr). This is
the default.
rfc3164 The RFC3164 syslog message format. This is the default.
(https://tools.ietf.org/html/rfc3164)
rfc5424 The RFC5424 syslog message format.
(https://tools.ietf.org/html/rfc5424)
short A message containing only a level between angle brackets such as
'<3>', followed by the text. The PID, date, time, process name
and system name are omitted. This is designed to be used with a
local log server. This format is compatible with what the systemd
logger consumes.
timed A message containing only a level between angle brackets such as
'<3>', followed by ISO date and by the text. The PID, process
name and system name are omitted. This is designed to be
used with a local log server.
<length> is the maximum length of event message stored into the ring,
including formatted header. If the event message is longer
than <length>, it would be truncated to this length.
<name> is the ring identifier, which follows the same naming convention as
proxies and servers.
<size> is the optionnal size in bytes. Default value is set to BUFSIZE.
Note: Historically sink's name and desc were refs on const strings. But with new
configurable rings a dynamic allocation is needed.
Before this path, they rely directly on ring_write bypassing
a part of the sink API.
Now the maxlen parameter of the log will apply only on the text
message part (and not the header, for this you woud prefer
to use the maxlen parameter on the sink/ring).
sink_write prototype was also reviewed to return the number of Bytes
written to be compliant with the other write functions.
This patch extends the sink_write prototype and code to
handle the rfc5424 and rfc3164 header.
It uses header building tools from log.c. Doing this some
functions/vars have been externalized.
facility and minlevel have been removed from the struct sink
and passed to args at sink_write because they depends of the log
and not of the sink (they remained unused by rest of the code
until now).
Historically some messages used to already contain the trailing LF but
not all, and __do_send_log adds a new one in needed cases. It also does
trim a trailing LF in certain cases while computing the max message
length, as a result of subtracting 1 to the available room in the
destination buffer. But the way it's done is wrong since some messages
still contain it.
So the code was fixed to always trim the trailing LF from messages if
present, and then only subtract 1 from the destination buffer room
instead of the size..
Note: new sink API is not designed to receive a trailing LF on
event messages
This could be backported to relevant stable versions with particular
care since the logic of the code changed a bit since 1.6 and there
may be other locations that need to be adjusted.
MySQL 4.1 is old enough to be the default mode for mysql checks. So now, once a
username is defined, post-41 mode is automatically used. To do mysql checks on
previous MySQL version, the argument "pre-41" must be used.
Note, it is a compatibility breakage for everyone using an antique and
unsupported MySQL version.
Helper functions are used to dump bind, server or filter keywords. These
functions are used to report errors during the configuration parsing. To have a
coherent API, these functions are now prepared to handle a null pointer as
argument. If so, no action is performed and functions immediately return.
This patch should fix the issue #631. It is not a bug. There is no reason to
backport it.
parse_cache_flt() is the registered callback for the "cache" filter keyword. It
is only called when the "cache" keyword is found on a filter line. So, it is
useless to test the filter name in the callback function.
This patch should fix the issue #634. It may be backported as far as 1.9.
The CI revealed that the boringssl build is still broken because of some
ifdef misplacement.
Bug introduced by dad3105 ("REORG: ssl: move ssl configuration to
cfgparse-ssl.c").
No backport needed.
Fix issue #633.
Coverity found unused variable assignment
CID 1299671 (#1 of 1): Unused value (UNUSED_VALUE)assigned_pointer:
Assigning value from args[arg + 1] to word here, but that stored
value is overwritten before it can be used.
958 word = args[arg + 1];
959 arg = arg_end;
In issue #632 boringssl build were broken by the lack of errno.h
include in ssl_crtlist.c
Bug introduced by 6e9556b ("REORG: ssl: move crtlist functions to src/ssl_crtlist.c").
No backport needed.
