RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-12 22:44:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
b686644ad8
haproxy/tests
History
Willy Tarreau b686644ad8 [MAJOR] implement tcp request content inspection 
Some people need to inspect contents of TCP requests before
deciding to forward a connection or not. A future extension
of this demand might consist in selecting a server farm
depending on the protocol detected in the request.

For this reason, a new state CL_STINSPECT has been added on
the client side. It is immediately entered upon accept() if
the statement "tcp-request inspect-delay <xxx>" is found in
the frontend configuration. Haproxy will then wait up to
this amount of time trying to find a matching ACL, and will
either accept or reject the connection depending on the
"tcp-request content <action> {if|unless}" rules, where
<action> is either "accept" or "reject".

Note that it only waits that long if no definitive verdict
can be found earlier. That generally implies calling a fetch()
function which does not have enough information to decode
some contents, or a match() function which only finds the
beginning of what it's looking for.

It is only at the ACL level that partial data may be processed
as such, because we need to distinguish between MISS and FAIL
*before* applying the term negation.

Thus it is enough to add "| ACL_PARTIAL" to the last argument
when calling acl_exec_cond() to indicate that we expect
ACL_PAT_MISS to be returned if some data is missing (for
fetch() or match()). This is the only case we may return
this value. For this reason, the ACL check in process_cli()
has become a lot simpler.

A new ACL "req_len" of type "int" has been added. Right now
it is already possible to drop requests which talk too early
(eg: for SMTP) or which don't talk at all (eg: HTTP/SSL).

Also, the acl fetch() functions have been extended in order
to permit reporting of missing data in case of fetch failure,
using the ACL_TEST_F_MAY_CHANGE flag.

The default behaviour is unchanged, and if no rule matches,
the request is accepted.

As a side effect, all layer 7 fetching functions have been
cleaned up so that they now check for the validity of the
layer 7 pointer before dereferencing it.
2008-07-16 10:29:07 +02:00
..
0000-debug-stats.diff [TESTS] add a debug patch to help trigger the stats bug 2008-04-21 07:31:52 +02:00
active-sh.cfg * added the 'source' load-balancing algorithm which uses the source IP(v4|v6) 2006-03-25 20:33:17 +01:00
active-srv.cfg * some regression test files for active/backup conditions. 2006-03-25 20:33:14 +01:00
backup-all-sh.cfg * added the 'source' load-balancing algorithm which uses the source IP(v4|v6) 2006-03-25 20:33:17 +01:00
backup-all.cfg * some regression test files for active/backup conditions. 2006-03-25 20:33:14 +01:00
backup-first.cfg * some regression test files for active/backup conditions. 2006-03-25 20:33:14 +01:00
backup-second-sh.cfg * added the 'source' load-balancing algorithm which uses the source IP(v4|v6) 2006-03-25 20:33:17 +01:00
backup-second.cfg * some regression test files for active/backup conditions. 2006-03-25 20:33:14 +01:00
basic-test.cfg [TESTS] added two new test configurations 2006-07-29 16:47:12 +02:00
defaults.cfg
filltab25.c [CLEANUP] fwrr: ensure that we never overflow in placements 2007-12-02 11:01:23 +01:00
hash_results.txt [TESTS] updates to hash experimentations 2007-05-13 11:40:04 +02:00
httpterm-basic.cfg [TESTS] added two new test configurations 2006-07-29 16:47:12 +02:00
io_limits.txt [MEDIUM] optimize I/O by detecting system starvation 2007-06-03 16:05:39 +02:00
ip-hash.c [TESTS] add new methods in ip-hash test file 2008-04-13 09:27:00 +02:00
sessionhash_test.c [MAJOR] remove files distributed under an obscure license 2007-09-09 21:56:53 +02:00
sockstat.txt
test_hashes.c [TESTS] added a new hash algorithm 2007-09-09 21:13:47 +02:00
test_pools.c [TESTS] test_pools: added support for dlmalloc() 2007-05-12 16:14:55 +02:00
test-acl.cfg [TESTS] added test-acl.cfg to test some ACL combinations 2008-07-09 16:18:21 +02:00
test-backlog.cfg [MINOR] add support for the "backlog" parameter 2008-01-06 10:55:10 +01:00
test-balance.cfg [MEDIUM] introduce the "url_param" balance method 2007-11-01 23:05:09 +01:00
test-check-cpu.cfg [TESTS] provide a test configuration file for stats and checks 2007-09-09 21:09:28 +02:00
test-disable-404.cfg [TESTS] add a test file for disable-on-404 2007-11-30 15:23:38 +01:00
test-fwlc.cfg [MAJOR] implementation of the "leastconn" load balancing algorithm 2008-03-10 22:04:30 +01:00
test-fwrr.cfg [TESTS] merge test-fwrr.cfg to validate dynamic weights 2007-11-28 14:23:32 +01:00
test-inspect-smtp.cfg [MAJOR] implement tcp request content inspection 2008-07-16 10:29:07 +02:00
test-log.cfg [BUG] fix calls to localtime() 2007-10-25 10:34:16 +02:00
test-map-ports.cfg [TESTS] add a test case for port mapping 2008-04-12 11:19:04 +02:00
test-pollers.cfg [TESTS] add test-pollers.cfg to easily report pollers in use 2008-02-16 20:02:48 +01:00
test-redir.cfg Revert "[BUILD] backend.c and checks.c did not build without tproxy !" 2008-02-14 20:25:24 +01:00
test-redirect.cfg [MEDIUM] add support for conditional HTTP redirection 2008-06-07 23:08:56 +02:00
test-retries.cfg [MEDIUM] make default_backend work in TCP mode too 2007-11-03 14:28:39 +01:00
test-sched.cfg [MEDIUM] rework the wait queue mechanism 2008-06-29 17:00:59 +02:00
test-status.cfg [TESTS] add a simple test for the status page 2007-10-25 20:17:40 +02:00
test-time.cfg [MEDIUM] add support for time units in the configuration 2007-12-02 22:15:14 +01:00
test-timeout.cfg [MEDIUM] introduce "timeout http-request" in frontends 2008-01-06 13:24:40 +01:00
test-url-hash.cfg [MEDIUM] introduce the "url_param" balance method 2007-11-01 23:05:09 +01:00
test-valid-names.cfg [MEDIUM] restrict the set of allowed characters for identifiers 2007-12-02 18:45:09 +01:00
test.c
testinet.c
uri_hash.c [TESTS] updates to hash experimentations 2007-05-13 11:40:04 +02:00