MEDIUM: sessions: Introduce session flags.

Add session flags, and add a new flag, SESS_FL_PREFER_LAST, to be set when
we use NTLM authentication, and we should reuse the last connection. This
should fix using NTLM with HTX. This totally replaces TX_PREFER_LAST.

This should be backported to 1.9.

diff --git a/contrib/debug/flags.c b/contrib/debug/flags.c
index c1a804742b5d80216139e789486f7051a2631a39..986f8cfe26fce9cd3fa97bc4d5ffaa4f0451b552 100644 (file)
--- a/contrib/debug/flags.c
+++ b/contrib/debug/flags.c
@@ -275,7 +275,6 @@ void show_txn_flags(unsigned int f)
        SHOW_FLAG(f, TX_HDR_CONN_PRS);
        SHOW_FLAG(f, TX_WAIT_NEXT_RQ);
        SHOW_FLAG(f, TX_HDR_CONN_UPG);
-       SHOW_FLAG(f, TX_PREFER_LAST);
        SHOW_FLAG(f, TX_CON_KAL_SET);
        SHOW_FLAG(f, TX_CON_CLO_SET);
 

diff --git a/include/types/proto_http.h b/include/types/proto_http.h
index 8fc0feb90e8b9640e6c01111ab73dd1f4ff85ba7..d4fa652c10b1c20e9e2647fd094ffb41709037f1 100644 (file)
--- a/include/types/proto_http.h
+++ b/include/types/proto_http.h
@@ -94,7 +94,7 @@
 #define TX_CON_CLO_SET  0x00400000     /* "connection: close" is now set */
 #define TX_CON_KAL_SET  0x00800000     /* "connection: keep-alive" is now set */
 
-#define TX_PREFER_LAST  0x01000000      /* try to stay on same server if possible (eg: after 401) */
+/* unused: 0x01000000 */
 
 #define TX_HDR_CONN_UPG 0x02000000     /* The "Upgrade" token was found in the "Connection" header */
 #define TX_WAIT_NEXT_RQ        0x04000000      /* waiting for the second request to start, use keep-alive timeout */

diff --git a/include/types/session.h b/include/types/session.h
index 328372d6ec7e5664ae314fab676fec6e0078a35c..824799a514b0c68bbbe8bc4cdf8f19eb3f30027d 100644 (file)
--- a/include/types/session.h
+++ b/include/types/session.h
@@ -45,6 +45,12 @@ struct sess_srv_list {
 
 #define MAX_SRV_LIST   5
 
+/* session flags */
+enum {
+       SESS_FL_NONE          = 0x00000000, /* nothing */
+       SESS_FL_PREFER_LAST   = 0x00000001, /* NTML authent, we should reuse last conn */
+};
+
 struct session {
        struct proxy *fe;               /* the proxy this session depends on for the client side */
        struct listener *listener;      /* the listener by which the request arrived */
@@ -57,6 +63,7 @@ struct session {
        long t_handshake;               /* handshake duration, -1 = not completed */
        int idle_conns;                 /* Number of connections we're currently responsible for that we are not using */
        struct list srv_list;           /* List of servers and the connections the session is currently responsible for */
+       unsigned int flags;             /* session flags, SESS_FL_* */
 };
 
 #endif /* _TYPES_SESSION_H */

diff --git a/src/backend.c b/src/backend.c
index 88991a8281d5653f3a08b9511a687867258ef6cb..b8e56cf59499f1c066ccfcf6fa154efc7c4a1e05 100644 (file)
--- a/src/backend.c
+++ b/src/backend.c
@@ -647,14 +647,14 @@ int assign_server(struct stream *s)
        s->target = NULL;
 
        if ((s->be->lbprm.algo & BE_LB_KIND) != BE_LB_KIND_HI &&
-           ((s->txn && s->txn->flags & TX_PREFER_LAST) ||
+           ((s->sess->flags & SESS_FL_PREFER_LAST) ||
             (s->be->options & PR_O_PREF_LAST))) {
                struct sess_srv_list *srv_list;
                list_for_each_entry(srv_list, &s->sess->srv_list, srv_list) {
                        struct server *tmpsrv = objt_server(srv_list->target);
 
                        if (tmpsrv && tmpsrv->proxy == s->be &&
-                           ((s->txn && s->txn->flags & TX_PREFER_LAST) ||
+                           ((s->sess->flags & SESS_FL_PREFER_LAST) ||
                             (!s->be->max_ka_queue ||
                              server_has_room(tmpsrv) || (
                              tmpsrv->nbpend + 1 < s->be->max_ka_queue))) &&

diff --git a/src/proto_http.c b/src/proto_http.c
index b47fbe6351c7598dd27aa6a4aa334da17cf9b402..bfdb199159e4935903331f98b061ebf4584cec3e 100644 (file)
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -3542,7 +3542,7 @@ void http_end_txn_clean_session(struct stream *s)
                 * it's better to do it (at least it helps with debugging), at
                 * least for non-deterministic load balancing algorithms.
                 */
-               s->txn->flags |= TX_PREFER_LAST;
+               s->sess->flags |= SESS_FL_PREFER_LAST;
        }
 
        /* Never ever allow to reuse a connection from a non-reuse backend */

diff --git a/src/proto_htx.c b/src/proto_htx.c
index 27150a8ed5cd1e7d7634365505b903b3dbe2cd2f..6c510557e24a6e55339a7bb3197000b6d975a3c6 100644 (file)
--- a/src/proto_htx.c
+++ b/src/proto_htx.c
@@ -1777,8 +1777,10 @@ int htx_wait_for_response(struct stream *s, struct channel *rep, int an_bit)
                ctx.blk = NULL;
                while (http_find_header(htx, hdr, &ctx, 0)) {
                        if ((ctx.value.len >= 9 && word_match(ctx.value.ptr, ctx.value.len, "Negotiate", 9)) ||
-                           (ctx.value.len >= 4 && word_match(ctx.value.ptr, ctx.value.len, "NTLM", 4)))
+                           (ctx.value.len >= 4 && word_match(ctx.value.ptr, ctx.value.len, "NTLM", 4))) {
+                               sess->flags |= SESS_FL_PREFER_LAST;
                                srv_conn->flags |= CO_FL_PRIVATE;
+                       }
                }
        }
 

diff --git a/src/session.c b/src/session.c
index c77f1e9596b296e1e7dcbeacde0943001593215e..718b97fd5ee99772c4f9826f36784a0fcdcd3947 100644 (file)
--- a/src/session.c
+++ b/src/session.c
@@ -59,6 +59,7 @@ struct session *session_new(struct proxy *fe, struct listener *li, enum obj_type
                _HA_ATOMIC_ADD(&jobs, 1);
                LIST_INIT(&sess->srv_list);
                sess->idle_conns = 0;
+               sess->flags = SESS_FL_NONE;
        }
        return sess;
 }