MINOR: counters: Remove failed_secu counter and use denied_resp instead

The failed_secu counter is only used for the servers stats. It is used to report
the number of denied responses. On proxies, the same info is stored in the
denied_resp counter. So, it is more consistent to use the same field for
servers.

diff --git a/contrib/prometheus-exporter/service-prometheus.c b/contrib/prometheus-exporter/service-prometheus.c
index 6b828f46cfe6d7db8eeb4deb0531421d7407861c..fa80147865f09cb80a83e6150845c84b977ea1f5 100644 (file)
--- a/contrib/prometheus-exporter/service-prometheus.c
+++ b/contrib/prometheus-exporter/service-prometheus.c
@@ -1997,7 +1997,7 @@ static int promex_dump_srv_metrics(struct appctx *appctx, struct htx *htx)
                                                metric = mkf_u64(FN_COUNTER, sv->counters.reuse);
                                                break;
                                        case ST_F_DRESP:
-                                               metric = mkf_u64(FN_COUNTER, sv->counters.failed_secu);
+                                               metric = mkf_u64(FN_COUNTER, sv->counters.denied_resp);
                                                break;
                                        case ST_F_ECON:
                                                metric = mkf_u64(FN_COUNTER, sv->counters.failed_conns);

diff --git a/include/types/counters.h b/include/types/counters.h
index 7c525b7530ea012e6db7a74c6bd67512e3f061f1..5b56c7dbb5c4708645779077c620071fa23bca71 100644 (file)
--- a/include/types/counters.h
+++ b/include/types/counters.h
@@ -95,7 +95,6 @@ struct be_counters {
        long long retries;                      /* retried and redispatched connections (BE only) */
        long long redispatches;                 /* retried and redispatched connections (BE only) */
        long long failed_rewrites;              /* failed rewrites (warning) */
-       long long failed_secu;                  /* blocked responses because of security concerns */
        long long internal_errors;              /* internal processing errors */
 
        long long failed_checks, failed_hana;   /* failed health checks and health analyses for servers */

diff --git a/src/http_ana.c b/src/http_ana.c
index 14a86a1b215eb3100b8eab1ee3a63f2b2624e446..cb87db2daa92cc43bc19435d1afe16d597ae9821 100644 (file)
--- a/src/http_ana.c
+++ b/src/http_ana.c
@@ -2124,12 +2124,12 @@ int http_process_res_common(struct stream *s, struct channel *rep, int an_bit, s
  deny:
        txn->flags |= TX_CLDENY;
        txn->status = 502;
-       if (objt_server(s->target))
-               _HA_ATOMIC_ADD(&__objt_server(s->target)->counters.failed_secu, 1);
-       _HA_ATOMIC_ADD(&s->be->be_counters.denied_resp, 1);
        _HA_ATOMIC_ADD(&sess->fe->fe_counters.denied_resp, 1);
+       _HA_ATOMIC_ADD(&s->be->be_counters.denied_resp, 1);
        if (sess->listener->counters)
                _HA_ATOMIC_ADD(&sess->listener->counters->denied_resp, 1);
+       if (objt_server(s->target))
+               _HA_ATOMIC_ADD(&__objt_server(s->target)->counters.denied_resp, 1);
        goto return_prx_err;
 
  return_int_err:

diff --git a/src/stats.c b/src/stats.c
index a759a446e0ecbeeadce0df48cf617789706e7a50..6330512ca88f0f5a2fec6ec5a13085e2d75a5e9d 100644 (file)
--- a/src/stats.c
+++ b/src/stats.c
@@ -1685,7 +1685,7 @@ int stats_fill_sv_stats(struct proxy *px, struct server *sv, int flags,
        stats[ST_F_STOT]     = mkf_u64(FN_COUNTER, sv->counters.cum_sess);
        stats[ST_F_BIN]      = mkf_u64(FN_COUNTER, sv->counters.bytes_in);
        stats[ST_F_BOUT]     = mkf_u64(FN_COUNTER, sv->counters.bytes_out);
-       stats[ST_F_DRESP]    = mkf_u64(FN_COUNTER, sv->counters.failed_secu);
+       stats[ST_F_DRESP]    = mkf_u64(FN_COUNTER, sv->counters.denied_resp);
        stats[ST_F_ECON]     = mkf_u64(FN_COUNTER, sv->counters.failed_conns);
        stats[ST_F_ERESP]    = mkf_u64(FN_COUNTER, sv->counters.failed_resp);
        stats[ST_F_WRETR]    = mkf_u64(FN_COUNTER, sv->counters.retries);