MINOR: config: Improve warnings on misplaced rules by adding an optional arg

In warnings about misplaced rules, only the first keyword is mentionned. It
works well for http-request or quic-initial rules for instance. But it is a
bit confusing for tcp-request rules, because the layer is missing (session
or content).

To make it a bit systematic (and genric), the second argument can now be
provided. It can be set to NULL if there is no layer or scope. But
otherwise, it may be specified and it will be reported in the warning.

So the following snippet:

    tcp-request content reject if FALSE
    tcp-request session reject if FALSE
    tcp-request connection reject if FALSE

Will now emit the following warnings:

  a 'tcp-request session' rule placed after a 'tcp-request content' rule will still be processed before.
  a 'tcp-request connection' rule placed after a 'tcp-request session' rule will still be processed before.

This patch should fix the issue #2596.

diff --git a/include/haproxy/cfgparse.h b/include/haproxy/cfgparse.h
index 03e891ccfc6e2a76f7cdba6bc4b6970f9c3a1c2b..27c60c5dce27447e6c03b947de3644b812243535 100644 (file)
--- a/include/haproxy/cfgparse.h
+++ b/include/haproxy/cfgparse.h
@@ -128,10 +128,10 @@ int cfg_register_postparser(char *name, int (*func)());
 void cfg_unregister_sections(void);
 void cfg_backup_sections(struct list *backup_sections);
 void cfg_restore_sections(struct list *backup_sections);
-int warnif_misplaced_tcp_conn(struct proxy *proxy, const char *file, int line, const char *arg);
-int warnif_misplaced_tcp_sess(struct proxy *proxy, const char *file, int line, const char *arg);
-int warnif_misplaced_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg);
-int warnif_misplaced_quic_init(struct proxy *proxy, const char *file, int line, const char *arg);
+int warnif_misplaced_tcp_conn(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2);
+int warnif_misplaced_tcp_sess(struct proxy *proxy, const char *file, int line, const char *arg, const char *arg2);
+int warnif_misplaced_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg, const char *arg2);
+int warnif_misplaced_quic_init(struct proxy *proxy, const char *file, int line, const char *arg, const char *arg2);
 int warnif_cond_conflicts(const struct acl_cond *cond, unsigned int where, const char *file, int line);
 int warnif_tcp_http_cond(const struct proxy *px, const struct acl_cond *cond);
 int too_many_args_idx(int maxarg, int index, char **args, char **msg, int *err_code);

diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c
index 760ca716712959378ad1a0e6536698ef3f38c90f..b3f02c6f0ee1065c4795012b1ecba8ee2dee0fbc 100644 (file)
--- a/src/cfgparse-listen.c
+++ b/src/cfgparse-listen.c
@@ -70,11 +70,11 @@ static const char *common_options[] = {
 /* Report a warning if a rule is placed after a 'tcp-request connection' rule.
  * Return 1 if the warning has been emitted, otherwise 0.
  */
-int warnif_rule_after_tcp_conn(struct proxy *proxy, const char *file, int line, const char *arg)
+static int warnif_rule_after_tcp_conn(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2)
 {
        if (!LIST_ISEMPTY(&proxy->tcp_req.l4_rules)) {
-               ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'tcp-request connection' rule will still be processed before.\n",
-                          file, line, arg);
+               ha_warning("parsing [%s:%d] : a '%s%s%s' rule placed after a 'tcp-request connection' rule will still be processed before.\n",
+                          file, line, arg1, (arg2 ? " ": ""), (arg2 ? arg2 : ""));
                return 1;
        }
        return 0;
@@ -83,11 +83,11 @@ int warnif_rule_after_tcp_conn(struct proxy *proxy, const char *file, int line,
 /* Report a warning if a rule is placed after a 'tcp-request session' rule.
  * Return 1 if the warning has been emitted, otherwise 0.
  */
-int warnif_rule_after_tcp_sess(struct proxy *proxy, const char *file, int line, const char *arg)
+static int warnif_rule_after_tcp_sess(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2)
 {
        if (!LIST_ISEMPTY(&proxy->tcp_req.l5_rules)) {
-               ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'tcp-request session' rule will still be processed before.\n",
-                          file, line, arg);
+               ha_warning("parsing [%s:%d] : a '%s%s%s' rule placed after a 'tcp-request session' rule will still be processed before.\n",
+                          file, line, arg1, (arg2 ? " ": ""), (arg2 ? arg2 : ""));
                return 1;
        }
        return 0;
@@ -96,11 +96,11 @@ int warnif_rule_after_tcp_sess(struct proxy *proxy, const char *file, int line,
 /* Report a warning if a rule is placed after a 'tcp-request content' rule.
  * Return 1 if the warning has been emitted, otherwise 0.
  */
-int warnif_rule_after_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg)
+static int warnif_rule_after_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2)
 {
        if (!LIST_ISEMPTY(&proxy->tcp_req.inspect_rules)) {
-               ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'tcp-request content' rule will still be processed before.\n",
-                          file, line, arg);
+               ha_warning("parsing [%s:%d] : a '%s%s%s' rule placed after a 'tcp-request content' rule will still be processed before.\n",
+                          file, line, arg1, (arg2 ? " ": ""), (arg2 ? arg2 : ""));
                return 1;
        }
        return 0;
@@ -109,11 +109,11 @@ int warnif_rule_after_tcp_cont(struct proxy *proxy, const char *file, int line,
 /* Report a warning if a rule is placed after a 'monitor fail' rule.
  * Return 1 if the warning has been emitted, otherwise 0.
  */
-int warnif_rule_after_monitor(struct proxy *proxy, const char *file, int line, const char *arg)
+static int warnif_rule_after_monitor(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2)
 {
        if (!LIST_ISEMPTY(&proxy->mon_fail_cond)) {
-               ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'monitor fail' rule will still be processed before.\n",
-                          file, line, arg);
+               ha_warning("parsing [%s:%d] : a '%s%s%s' rule placed after a 'monitor fail' rule will still be processed before.\n",
+                          file, line, arg1, (arg2 ? " ": ""), (arg2 ? arg2 : ""));
                return 1;
        }
        return 0;
@@ -122,11 +122,11 @@ int warnif_rule_after_monitor(struct proxy *proxy, const char *file, int line, c
 /* Report a warning if a rule is placed after an 'http_request' rule.
  * Return 1 if the warning has been emitted, otherwise 0.
  */
-int warnif_rule_after_http_req(struct proxy *proxy, const char *file, int line, const char *arg)
+static int warnif_rule_after_http_req(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2)
 {
        if (!LIST_ISEMPTY(&proxy->http_req_rules)) {
-               ha_warning("parsing [%s:%d] : a '%s' rule placed after an 'http-request' rule will still be processed before.\n",
-                          file, line, arg);
+               ha_warning("parsing [%s:%d] : a '%s%s%s' rule placed after an 'http-request' rule will still be processed before.\n",
+                          file, line, arg1, (arg2 ? " ": ""), (arg2 ? arg2 : ""));
                return 1;
        }
        return 0;
@@ -135,11 +135,11 @@ int warnif_rule_after_http_req(struct proxy *proxy, const char *file, int line,
 /* Report a warning if a rule is placed after a redirect rule.
  * Return 1 if the warning has been emitted, otherwise 0.
  */
-int warnif_rule_after_redirect(struct proxy *proxy, const char *file, int line, const char *arg)
+static int warnif_rule_after_redirect(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2)
 {
        if (!LIST_ISEMPTY(&proxy->redirect_rules)) {
-               ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'redirect' rule will still be processed before.\n",
-                          file, line, arg);
+               ha_warning("parsing [%s:%d] : a '%s%s%s' rule placed after a 'redirect' rule will still be processed before.\n",
+                          file, line, arg1, (arg2 ? " ": ""), (arg2 ? arg2 : ""));
                return 1;
        }
        return 0;
@@ -148,11 +148,11 @@ int warnif_rule_after_redirect(struct proxy *proxy, const char *file, int line,
 /* Report a warning if a rule is placed after a 'use_backend' rule.
  * Return 1 if the warning has been emitted, otherwise 0.
  */
-int warnif_rule_after_use_backend(struct proxy *proxy, const char *file, int line, const char *arg)
+static int warnif_rule_after_use_backend(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2)
 {
        if (!LIST_ISEMPTY(&proxy->switching_rules)) {
-               ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'use_backend' rule will still be processed before.\n",
-                          file, line, arg);
+               ha_warning("parsing [%s:%d] : a '%s%s%s' rule placed after a 'use_backend' rule will still be processed before.\n",
+                          file, line, arg1, (arg2 ? " ": ""), (arg2 ? arg2 : ""));
                return 1;
        }
        return 0;
@@ -161,62 +161,62 @@ int warnif_rule_after_use_backend(struct proxy *proxy, const char *file, int lin
 /* Report a warning if a rule is placed after a 'use-server' rule.
  * Return 1 if the warning has been emitted, otherwise 0.
  */
-int warnif_rule_after_use_server(struct proxy *proxy, const char *file, int line, const char *arg)
+static int warnif_rule_after_use_server(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2)
 {
        if (!LIST_ISEMPTY(&proxy->server_rules)) {
-               ha_warning("parsing [%s:%d] : a '%s' rule placed after a 'use-server' rule will still be processed before.\n",
-                          file, line, arg);
+               ha_warning("parsing [%s:%d] : a '%s%s%s' rule placed after a 'use-server' rule will still be processed before.\n",
+                          file, line, arg1, (arg2 ? " ": ""), (arg2 ? arg2 : ""));
                return 1;
        }
        return 0;
 }
 
 /* report a warning if a redirect rule is dangerously placed */
-int warnif_misplaced_redirect(struct proxy *proxy, const char *file, int line, const char *arg)
+static int warnif_misplaced_redirect(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2)
 {
-       return  warnif_rule_after_use_backend(proxy, file, line, arg) ||
-               warnif_rule_after_use_server(proxy, file, line, arg);
+       return  warnif_rule_after_use_backend(proxy, file, line, arg1, arg2) ||
+               warnif_rule_after_use_server(proxy, file, line, arg1, arg2);
 }
 
 /* report a warning if an http-request rule is dangerously placed */
-int warnif_misplaced_http_req(struct proxy *proxy, const char *file, int line, const char *arg)
+static int warnif_misplaced_http_req(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2)
 {
-       return  warnif_rule_after_redirect(proxy, file, line, arg) ||
-               warnif_misplaced_redirect(proxy, file, line, arg);
+       return  warnif_rule_after_redirect(proxy, file, line, arg1, arg2) ||
+               warnif_misplaced_redirect(proxy, file, line, arg1, arg2);
 }
 
 /* report a warning if a block rule is dangerously placed */
-int warnif_misplaced_monitor(struct proxy *proxy, const char *file, int line, const char *arg)
+static int warnif_misplaced_monitor(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2)
 {
-       return  warnif_rule_after_http_req(proxy, file, line, arg) ||
-               warnif_misplaced_http_req(proxy, file, line, arg);
+       return  warnif_rule_after_http_req(proxy, file, line, arg1, arg2) ||
+               warnif_misplaced_http_req(proxy, file, line, arg1, arg2);
 }
 
 /* report a warning if a "tcp request content" rule is dangerously placed */
-int warnif_misplaced_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg)
+int warnif_misplaced_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2)
 {
-       return  warnif_rule_after_monitor(proxy, file, line, arg) ||
-               warnif_misplaced_monitor(proxy, file, line, arg);
+       return  warnif_rule_after_monitor(proxy, file, line, arg1, arg2) ||
+               warnif_misplaced_monitor(proxy, file, line, arg1, arg2);
 }
 
 /* report a warning if a "tcp request session" rule is dangerously placed */
-int warnif_misplaced_tcp_sess(struct proxy *proxy, const char *file, int line, const char *arg)
+int warnif_misplaced_tcp_sess(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2)
 {
-       return  warnif_rule_after_tcp_cont(proxy, file, line, arg) ||
-               warnif_misplaced_tcp_cont(proxy, file, line, arg);
+       return  warnif_rule_after_tcp_cont(proxy, file, line, arg1, arg2) ||
+               warnif_misplaced_tcp_cont(proxy, file, line, arg1, arg2);
 }
 
 /* report a warning if a "tcp request connection" rule is dangerously placed */
-int warnif_misplaced_tcp_conn(struct proxy *proxy, const char *file, int line, const char *arg)
+int warnif_misplaced_tcp_conn(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2)
 {
-       return  warnif_rule_after_tcp_sess(proxy, file, line, arg) ||
-               warnif_misplaced_tcp_sess(proxy, file, line, arg);
+       return  warnif_rule_after_tcp_sess(proxy, file, line, arg1, arg2) ||
+               warnif_misplaced_tcp_sess(proxy, file, line, arg1, arg2);
 }
 
-int warnif_misplaced_quic_init(struct proxy *proxy, const char *file, int line, const char *arg)
+int warnif_misplaced_quic_init(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2)
 {
-       return warnif_rule_after_tcp_conn(proxy, file, line, arg) ||
-              warnif_misplaced_tcp_conn(proxy, file, line, arg);
+       return warnif_rule_after_tcp_conn(proxy, file, line, arg1, arg2) ||
+              warnif_misplaced_tcp_conn(proxy, file, line, arg1, arg2);
 }
 
 int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
@@ -1311,7 +1311,7 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
                        goto out;
                }
 
-               err_code |= warnif_misplaced_http_req(curproxy, file, linenum, args[0]);
+               err_code |= warnif_misplaced_http_req(curproxy, file, linenum, args[0], NULL);
 
                if (curproxy->cap & PR_CAP_FE)
                        where |= SMP_VAL_FE_HRQ_HDR;
@@ -1429,7 +1429,7 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
                }
 
                LIST_APPEND(&curproxy->redirect_rules, &rule->list);
-               err_code |= warnif_misplaced_redirect(curproxy, file, linenum, args[0]);
+               err_code |= warnif_misplaced_redirect(curproxy, file, linenum, args[0], NULL);
 
                if (curproxy->cap & PR_CAP_FE)
                        where |= SMP_VAL_FE_HRQ_HDR;
@@ -2515,7 +2515,7 @@ stats_error_parsing:
                                goto out;
                        }
 
-                       err_code |= warnif_misplaced_monitor(curproxy, file, linenum, "monitor fail");
+                       err_code |= warnif_misplaced_monitor(curproxy, file, linenum, args[0], args[1]);
                        if ((cond = build_acl_cond(file, linenum, &curproxy->acl, curproxy, (const char **)args + 2, &errmsg)) == NULL) {
                                ha_alert("parsing [%s:%d] : error detected while parsing a '%s %s' condition : %s.\n",
                                         file, linenum, args[0], args[1], errmsg);

diff --git a/src/cfgparse-quic.c b/src/cfgparse-quic.c
index 1b68386a5f95e1971fa52d733329792509e9843b..9db2a591da242583b21875097af5584bd46854a6 100644 (file)
--- a/src/cfgparse-quic.c
+++ b/src/cfgparse-quic.c
@@ -586,7 +586,7 @@ static int quic_parse_quic_initial(char **args, int section_type, struct proxy *
        }
 
        /* the following function directly emits the warning */
-       warnif_misplaced_quic_init(curpx, file, line, args[0]);
+       warnif_misplaced_quic_init(curpx, file, line, args[0], NULL);
 
        LIST_APPEND(&curpx->quic_init_rules, &rule->list);
 

diff --git a/src/tcp_rules.c b/src/tcp_rules.c
index 1468a13c2f939d8cd533a93d6dae4ffad994abf6..0d92c1a9430c6706fb4052a1cf819fa2a565e96d 100644 (file)
--- a/src/tcp_rules.c
+++ b/src/tcp_rules.c
@@ -1319,7 +1319,7 @@ static int tcp_parse_tcp_req(char **args, int section_type, struct proxy *curpx,
                }
 
                /* the following function directly emits the warning */
-               warnif_misplaced_tcp_cont(curpx, file, line, args[0]);
+               warnif_misplaced_tcp_cont(curpx, file, line, args[0], args[1]);
                LIST_APPEND(&curpx->tcp_req.inspect_rules, &rule->list);
        }
        else if (strcmp(args[1], "connection") == 0) {
@@ -1364,7 +1364,7 @@ static int tcp_parse_tcp_req(char **args, int section_type, struct proxy *curpx,
                }
 
                /* the following function directly emits the warning */
-               warnif_misplaced_tcp_conn(curpx, file, line, args[0]);
+               warnif_misplaced_tcp_conn(curpx, file, line, args[0], args[1]);
                LIST_APPEND(&curpx->tcp_req.l4_rules, &rule->list);
        }
        else if (strcmp(args[1], "session") == 0) {
@@ -1408,7 +1408,7 @@ static int tcp_parse_tcp_req(char **args, int section_type, struct proxy *curpx,
                }
 
                /* the following function directly emits the warning */
-               warnif_misplaced_tcp_sess(curpx, file, line, args[0]);
+               warnif_misplaced_tcp_sess(curpx, file, line, args[0], args[1]);
                LIST_APPEND(&curpx->tcp_req.l5_rules, &rule->list);
        }
        else {