mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-15 07:54:33 +00:00
8b87c01c4d
When using the peers feature a race condition could prevent a connection from being properly counted. When this connection exits it is being "uncounted" nonetheless, leading to a possible underflow (-1) of the conn_curr stick table entry in the following scenario : - Connect to peer A (A=1, B=0) - Peer A sends 1 to B (A=1, B=1) - Kill connection to A (A=0, B=1) - Connect to peer B (A=0, B=2) - Peer A sends 0 to B (A=0, B=0) - Peer B sends 0/2 to A (A=?, B=0) - Kill connection to B (A=?, B=-1) - Peer B sends -1 to A (A=-1, B=-1) This fix may be backported to all supported branches.
360 lines
10 KiB
C
360 lines
10 KiB
C
/*
|
|
* include/proto/stream.h
|
|
* This file defines everything related to streams.
|
|
*
|
|
* Copyright (C) 2000-2010 Willy Tarreau - w@1wt.eu
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation, version 2.1
|
|
* exclusively.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
|
|
#ifndef _PROTO_STREAM_H
|
|
#define _PROTO_STREAM_H
|
|
|
|
#include <common/config.h>
|
|
#include <common/memory.h>
|
|
#include <types/action.h>
|
|
#include <types/stream.h>
|
|
#include <proto/fd.h>
|
|
#include <proto/freq_ctr.h>
|
|
#include <proto/stick_table.h>
|
|
#include <proto/task.h>
|
|
|
|
extern struct pool_head *pool_head_stream;
|
|
extern struct list streams;
|
|
|
|
extern struct data_cb sess_conn_cb;
|
|
|
|
struct stream *stream_new(struct session *sess, enum obj_type *origin);
|
|
int stream_create_from_cs(struct conn_stream *cs);
|
|
|
|
/* kill a stream and set the termination flags to <why> (one of SF_ERR_*) */
|
|
void stream_shutdown(struct stream *stream, int why);
|
|
|
|
void stream_process_counters(struct stream *s);
|
|
void sess_change_server(struct stream *sess, struct server *newsrv);
|
|
struct task *process_stream(struct task *t, void *context, unsigned short state);
|
|
void default_srv_error(struct stream *s, struct stream_interface *si);
|
|
int parse_track_counters(char **args, int *arg,
|
|
int section_type, struct proxy *curpx,
|
|
struct track_ctr_prm *prm,
|
|
struct proxy *defpx, char **err);
|
|
|
|
/* Update the stream's backend and server time stats */
|
|
void stream_update_time_stats(struct stream *s);
|
|
void stream_release_buffers(struct stream *s);
|
|
int stream_buf_available(void *arg);
|
|
|
|
/* returns the session this stream belongs to */
|
|
static inline struct session *strm_sess(const struct stream *strm)
|
|
{
|
|
return strm->sess;
|
|
}
|
|
|
|
/* returns the frontend this stream was initiated from */
|
|
static inline struct proxy *strm_fe(const struct stream *strm)
|
|
{
|
|
return strm->sess->fe;
|
|
}
|
|
|
|
/* returns the listener this stream was initiated from */
|
|
static inline struct listener *strm_li(const struct stream *strm)
|
|
{
|
|
return strm->sess->listener;
|
|
}
|
|
|
|
/* returns a pointer to the origin of the session which created this stream */
|
|
static inline enum obj_type *strm_orig(const struct stream *strm)
|
|
{
|
|
return strm->sess->origin;
|
|
}
|
|
|
|
/* Remove the refcount from the stream to the tracked counters, and clear the
|
|
* pointer to ensure this is only performed once. The caller is responsible for
|
|
* ensuring that the pointer is valid first. We must be extremely careful not
|
|
* to touch the entries we inherited from the session.
|
|
*/
|
|
static inline void stream_store_counters(struct stream *s)
|
|
{
|
|
void *ptr;
|
|
int i;
|
|
struct stksess *ts;
|
|
|
|
for (i = 0; i < MAX_SESS_STKCTR; i++) {
|
|
ts = stkctr_entry(&s->stkctr[i]);
|
|
if (!ts)
|
|
continue;
|
|
|
|
if (stkctr_entry(&s->sess->stkctr[i]))
|
|
continue;
|
|
|
|
ptr = stktable_data_ptr(s->stkctr[i].table, ts, STKTABLE_DT_CONN_CUR);
|
|
if (ptr) {
|
|
HA_RWLOCK_WRLOCK(STK_SESS_LOCK, &ts->lock);
|
|
|
|
if (stktable_data_cast(ptr, conn_cur) > 0)
|
|
stktable_data_cast(ptr, conn_cur)--;
|
|
|
|
HA_RWLOCK_WRUNLOCK(STK_SESS_LOCK, &ts->lock);
|
|
|
|
/* If data was modified, we need to touch to re-schedule sync */
|
|
stktable_touch_local(s->stkctr[i].table, ts, 0);
|
|
}
|
|
stkctr_set_entry(&s->stkctr[i], NULL);
|
|
stksess_kill_if_expired(s->stkctr[i].table, ts, 1);
|
|
}
|
|
}
|
|
|
|
/* Remove the refcount from the stream counters tracked at the content level if
|
|
* any, and clear the pointer to ensure this is only performed once. The caller
|
|
* is responsible for ensuring that the pointer is valid first. We must be
|
|
* extremely careful not to touch the entries we inherited from the session.
|
|
*/
|
|
static inline void stream_stop_content_counters(struct stream *s)
|
|
{
|
|
struct stksess *ts;
|
|
void *ptr;
|
|
int i;
|
|
|
|
for (i = 0; i < MAX_SESS_STKCTR; i++) {
|
|
ts = stkctr_entry(&s->stkctr[i]);
|
|
if (!ts)
|
|
continue;
|
|
|
|
if (stkctr_entry(&s->sess->stkctr[i]))
|
|
continue;
|
|
|
|
if (!(stkctr_flags(&s->stkctr[i]) & STKCTR_TRACK_CONTENT))
|
|
continue;
|
|
|
|
ptr = stktable_data_ptr(s->stkctr[i].table, ts, STKTABLE_DT_CONN_CUR);
|
|
if (ptr) {
|
|
HA_RWLOCK_WRLOCK(STK_SESS_LOCK, &ts->lock);
|
|
|
|
if (stktable_data_cast(ptr, conn_cur) > 0)
|
|
stktable_data_cast(ptr, conn_cur)--;
|
|
|
|
HA_RWLOCK_WRUNLOCK(STK_SESS_LOCK, &ts->lock);
|
|
|
|
/* If data was modified, we need to touch to re-schedule sync */
|
|
stktable_touch_local(s->stkctr[i].table, ts, 0);
|
|
}
|
|
stkctr_set_entry(&s->stkctr[i], NULL);
|
|
stksess_kill_if_expired(s->stkctr[i].table, ts, 1);
|
|
}
|
|
}
|
|
|
|
/* Increase total and concurrent connection count for stick entry <ts> of table
|
|
* <t>. The caller is responsible for ensuring that <t> and <ts> are valid
|
|
* pointers, and for calling this only once per connection.
|
|
*/
|
|
static inline void stream_start_counters(struct stktable *t, struct stksess *ts)
|
|
{
|
|
void *ptr;
|
|
|
|
HA_RWLOCK_WRLOCK(STK_SESS_LOCK, &ts->lock);
|
|
|
|
ptr = stktable_data_ptr(t, ts, STKTABLE_DT_CONN_CUR);
|
|
if (ptr)
|
|
stktable_data_cast(ptr, conn_cur)++;
|
|
|
|
ptr = stktable_data_ptr(t, ts, STKTABLE_DT_CONN_CNT);
|
|
if (ptr)
|
|
stktable_data_cast(ptr, conn_cnt)++;
|
|
|
|
ptr = stktable_data_ptr(t, ts, STKTABLE_DT_CONN_RATE);
|
|
if (ptr)
|
|
update_freq_ctr_period(&stktable_data_cast(ptr, conn_rate),
|
|
t->data_arg[STKTABLE_DT_CONN_RATE].u, 1);
|
|
if (tick_isset(t->expire))
|
|
ts->expire = tick_add(now_ms, MS_TO_TICKS(t->expire));
|
|
|
|
HA_RWLOCK_WRUNLOCK(STK_SESS_LOCK, &ts->lock);
|
|
|
|
/* If data was modified, we need to touch to re-schedule sync */
|
|
stktable_touch_local(t, ts, 0);
|
|
}
|
|
|
|
/* Enable tracking of stream counters as <stkctr> on stksess <ts>. The caller is
|
|
* responsible for ensuring that <t> and <ts> are valid pointers. Some controls
|
|
* are performed to ensure the state can still change.
|
|
*/
|
|
static inline void stream_track_stkctr(struct stkctr *ctr, struct stktable *t, struct stksess *ts)
|
|
{
|
|
/* Why this test ???? */
|
|
if (stkctr_entry(ctr))
|
|
return;
|
|
|
|
ctr->table = t;
|
|
stkctr_set_entry(ctr, ts);
|
|
stream_start_counters(t, ts);
|
|
}
|
|
|
|
/* Increase the number of cumulated HTTP requests in the tracked counters */
|
|
static void inline stream_inc_http_req_ctr(struct stream *s)
|
|
{
|
|
struct stksess *ts;
|
|
void *ptr;
|
|
int i;
|
|
|
|
for (i = 0; i < MAX_SESS_STKCTR; i++) {
|
|
struct stkctr *stkctr = &s->stkctr[i];
|
|
|
|
ts = stkctr_entry(stkctr);
|
|
if (!ts) {
|
|
stkctr = &s->sess->stkctr[i];
|
|
ts = stkctr_entry(stkctr);
|
|
if (!ts)
|
|
continue;
|
|
}
|
|
|
|
HA_RWLOCK_WRLOCK(STK_SESS_LOCK, &ts->lock);
|
|
|
|
ptr = stktable_data_ptr(stkctr->table, ts, STKTABLE_DT_HTTP_REQ_CNT);
|
|
if (ptr)
|
|
stktable_data_cast(ptr, http_req_cnt)++;
|
|
|
|
ptr = stktable_data_ptr(stkctr->table, ts, STKTABLE_DT_HTTP_REQ_RATE);
|
|
if (ptr)
|
|
update_freq_ctr_period(&stktable_data_cast(ptr, http_req_rate),
|
|
stkctr->table->data_arg[STKTABLE_DT_HTTP_REQ_RATE].u, 1);
|
|
|
|
HA_RWLOCK_WRUNLOCK(STK_SESS_LOCK, &ts->lock);
|
|
|
|
/* If data was modified, we need to touch to re-schedule sync */
|
|
stktable_touch_local(stkctr->table, ts, 0);
|
|
}
|
|
}
|
|
|
|
/* Increase the number of cumulated HTTP requests in the backend's tracked
|
|
* counters. We don't look up the session since it cannot happen in the bakcend.
|
|
*/
|
|
static void inline stream_inc_be_http_req_ctr(struct stream *s)
|
|
{
|
|
struct stksess *ts;
|
|
void *ptr;
|
|
int i;
|
|
|
|
for (i = 0; i < MAX_SESS_STKCTR; i++) {
|
|
struct stkctr *stkctr = &s->stkctr[i];
|
|
|
|
ts = stkctr_entry(stkctr);
|
|
if (!ts)
|
|
continue;
|
|
|
|
if (!(stkctr_flags(&s->stkctr[i]) & STKCTR_TRACK_BACKEND))
|
|
continue;
|
|
|
|
HA_RWLOCK_WRLOCK(STK_SESS_LOCK, &ts->lock);
|
|
|
|
ptr = stktable_data_ptr(stkctr->table, ts, STKTABLE_DT_HTTP_REQ_CNT);
|
|
if (ptr)
|
|
stktable_data_cast(ptr, http_req_cnt)++;
|
|
|
|
ptr = stktable_data_ptr(stkctr->table, ts, STKTABLE_DT_HTTP_REQ_RATE);
|
|
if (ptr)
|
|
update_freq_ctr_period(&stktable_data_cast(ptr, http_req_rate),
|
|
stkctr->table->data_arg[STKTABLE_DT_HTTP_REQ_RATE].u, 1);
|
|
|
|
HA_RWLOCK_WRUNLOCK(STK_SESS_LOCK, &ts->lock);
|
|
|
|
/* If data was modified, we need to touch to re-schedule sync */
|
|
stktable_touch_local(stkctr->table, ts, 0);
|
|
}
|
|
}
|
|
|
|
/* Increase the number of cumulated failed HTTP requests in the tracked
|
|
* counters. Only 4xx requests should be counted here so that we can
|
|
* distinguish between errors caused by client behaviour and other ones.
|
|
* Note that even 404 are interesting because they're generally caused by
|
|
* vulnerability scans.
|
|
*/
|
|
static void inline stream_inc_http_err_ctr(struct stream *s)
|
|
{
|
|
struct stksess *ts;
|
|
void *ptr;
|
|
int i;
|
|
|
|
for (i = 0; i < MAX_SESS_STKCTR; i++) {
|
|
struct stkctr *stkctr = &s->stkctr[i];
|
|
|
|
ts = stkctr_entry(stkctr);
|
|
if (!ts) {
|
|
stkctr = &s->sess->stkctr[i];
|
|
ts = stkctr_entry(stkctr);
|
|
if (!ts)
|
|
continue;
|
|
}
|
|
|
|
HA_RWLOCK_WRLOCK(STK_SESS_LOCK, &ts->lock);
|
|
|
|
ptr = stktable_data_ptr(stkctr->table, ts, STKTABLE_DT_HTTP_ERR_CNT);
|
|
if (ptr)
|
|
stktable_data_cast(ptr, http_err_cnt)++;
|
|
|
|
ptr = stktable_data_ptr(stkctr->table, ts, STKTABLE_DT_HTTP_ERR_RATE);
|
|
if (ptr)
|
|
update_freq_ctr_period(&stktable_data_cast(ptr, http_err_rate),
|
|
stkctr->table->data_arg[STKTABLE_DT_HTTP_ERR_RATE].u, 1);
|
|
|
|
HA_RWLOCK_WRUNLOCK(STK_SESS_LOCK, &ts->lock);
|
|
|
|
/* If data was modified, we need to touch to re-schedule sync */
|
|
stktable_touch_local(stkctr->table, ts, 0);
|
|
}
|
|
}
|
|
|
|
static void inline __stream_add_srv_conn(struct stream *sess, struct server *srv)
|
|
{
|
|
sess->srv_conn = srv;
|
|
LIST_ADD(&srv->actconns, &sess->by_srv);
|
|
}
|
|
|
|
static void inline stream_add_srv_conn(struct stream *sess, struct server *srv)
|
|
{
|
|
HA_SPIN_LOCK(SERVER_LOCK, &srv->lock);
|
|
__stream_add_srv_conn(sess, srv);
|
|
HA_SPIN_UNLOCK(SERVER_LOCK, &srv->lock);
|
|
}
|
|
|
|
static void inline stream_del_srv_conn(struct stream *sess)
|
|
{
|
|
struct server *srv = sess->srv_conn;
|
|
|
|
if (!srv)
|
|
return;
|
|
|
|
HA_SPIN_LOCK(SERVER_LOCK, &srv->lock);
|
|
sess->srv_conn = NULL;
|
|
LIST_DEL(&sess->by_srv);
|
|
HA_SPIN_UNLOCK(SERVER_LOCK, &srv->lock);
|
|
}
|
|
|
|
static void inline stream_init_srv_conn(struct stream *sess)
|
|
{
|
|
sess->srv_conn = NULL;
|
|
LIST_INIT(&sess->by_srv);
|
|
}
|
|
|
|
void service_keywords_register(struct action_kw_list *kw_list);
|
|
|
|
#endif /* _PROTO_STREAM_H */
|
|
|
|
/*
|
|
* Local variables:
|
|
* c-indent-level: 8
|
|
* c-basic-offset: 8
|
|
* End:
|
|
*/
|