From: Willy Tarreau <w@1wt.eu>
Date: Fri, 25 Nov 2016 08:16:37 +0000 (+0100)
Subject: MINOR: cli: make "show errors" capable of dumping only request or response
X-Git-Tag: v1.7.0~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=35069f84afae1ff11654146cb59b05468e6876fc;p=thirdparty%2Fhaproxy.git

MINOR: cli: make "show errors" capable of dumping only request or response

When dealing with many proxies, it's hard to spot response errors because
all internet-facing frontends constantly receive attacks. This patch now
makes it possible to demand that only request or response errors are dumped
by appending "request" or "reponse" to the show errors command.
---

diff --git a/doc/management.txt b/doc/management.txt
index 0bfefcd987..7f338b96d5 100644
--- a/doc/management.txt
+++ b/doc/management.txt
@@ -1684,13 +1684,15 @@ show env [<name>]
   ensure that they contain the expected values. This command is restricted and
   can only be issued on sockets configured for levels "operator" or "admin".
 
-show errors [<iid>|<proxy>]
+show errors [<iid>|<proxy>] [request|response]
   Dump last known request and response errors collected by frontends and
   backends. If <iid> is specified, the limit the dump to errors concerning
   either frontend or backend whose ID is <iid>. Proxy ID "-1" will cause
   all instances to be dumped. If a proxy name is specified instead, its ID
-  will be used as the filter. This command is restricted and can only be
-  issued on sockets configured for levels "operator" or "admin".
+  will be used as the filter. If "request" or "response" is added after the
+  proxy name or ID, only request or response errors will be dumped. This
+  command is restricted and can only be issued on sockets configured for
+  levels "operator" or "admin".
 
   The errors which may be collected are the last request and response errors
   caused by protocol violations, often due to invalid characters in header
@@ -1716,7 +1718,7 @@ show errors [<iid>|<proxy>]
   line.
 
   Example :
-        $ echo "show errors" | socat stdio /tmp/sock1
+        $ echo "show errors -1 response" | socat stdio /tmp/sock1
     >>> [04/Mar/2009:15:46:56.081] backend http-in (#2) : invalid response
           src 127.0.0.1, session #54, frontend fe-eth0 (#1), server s2 (#1)
           response length 213 bytes, error at position 23:
diff --git a/include/types/applet.h b/include/types/applet.h
index 26bb4ea572..da9f787a26 100644
--- a/include/types/applet.h
+++ b/include/types/applet.h
@@ -81,7 +81,7 @@ struct appctx {
 		struct {
 			int iid;		/* if >= 0, ID of the proxy to filter on */
 			struct proxy *px;	/* current proxy being dumped, NULL = not started yet. */
-			unsigned int buf;	/* buffer being dumped, 0 = req, 1 = rep */
+			unsigned int flag;	/* bit0: buffer being dumped, 0 = req, 1 = resp ; bit1=skip req ; bit2=skip resp. */
 			unsigned int sid;	/* session ID of error being dumped */
 			int ptr;		/* <0: headers, >=0 : text pointer to restart from */
 			int bol;		/* pointer to beginning of current line */
diff --git a/src/proto_http.c b/src/proto_http.c
index e0459c23e2..04aaf90ebf 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -12925,6 +12925,11 @@ static int cli_parse_show_errors(char **args, struct appctx *appctx, void *priva
 	else
 		appctx->ctx.errors.iid	= -1; // dump all proxies
 
+	appctx->ctx.errors.flag = 0;
+	if (strcmp(args[3], "request") == 0)
+		appctx->ctx.errors.flag |= 4; // ignore response
+	else if (strcmp(args[3], "response") == 0)
+		appctx->ctx.errors.flag |= 2; // ignore request
 	appctx->ctx.errors.px = NULL;
 	return 0;
 }
@@ -12962,7 +12967,6 @@ static int cli_io_handler_show_errors(struct appctx *appctx)
 		}
 
 		appctx->ctx.errors.px = proxy;
-		appctx->ctx.errors.buf = 0;
 		appctx->ctx.errors.bol = 0;
 		appctx->ctx.errors.ptr = -1;
 	}
@@ -12973,10 +12977,16 @@ static int cli_io_handler_show_errors(struct appctx *appctx)
 	while (appctx->ctx.errors.px) {
 		struct error_snapshot *es;
 
-		if (appctx->ctx.errors.buf == 0)
+		if ((appctx->ctx.errors.flag & 1) == 0) {
 			es = &appctx->ctx.errors.px->invalid_req;
-		else
+			if (appctx->ctx.errors.flag & 2) // skip req
+				goto next;
+		}
+		else {
 			es = &appctx->ctx.errors.px->invalid_rep;
+			if (appctx->ctx.errors.flag & 4) // skip resp
+				goto next;
+		}
 
 		if (!es->when.tv_sec)
 			goto next;
@@ -13007,7 +13017,7 @@ static int cli_io_handler_show_errors(struct appctx *appctx)
 				port = 0;
 			}
 
-			switch (appctx->ctx.errors.buf) {
+			switch (appctx->ctx.errors.flag & 1) {
 			case 0:
 				chunk_appendf(&trash,
 					     " frontend %s (#%d): invalid request\n"
@@ -13081,11 +13091,9 @@ static int cli_io_handler_show_errors(struct appctx *appctx)
 	next:
 		appctx->ctx.errors.bol = 0;
 		appctx->ctx.errors.ptr = -1;
-		appctx->ctx.errors.buf++;
-		if (appctx->ctx.errors.buf > 1) {
-			appctx->ctx.errors.buf = 0;
+		appctx->ctx.errors.flag ^= 1;
+		if (!(appctx->ctx.errors.flag & 1))
 			appctx->ctx.errors.px = appctx->ctx.errors.px->next;
-		}
 	}
 
 	/* dump complete */