From: Christopher Faulet Date: Mon, 16 Dec 2019 15:07:34 +0000 (+0100) Subject: MINOR: counters: Remove failed_secu counter and use denied_resp instead X-Git-Tag: v2.2-dev1~55 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a08546bb5a95ae6f8dd3a6e1b0469ca2b68a34ed;p=thirdparty%2Fhaproxy.git MINOR: counters: Remove failed_secu counter and use denied_resp instead The failed_secu counter is only used for the servers stats. It is used to report the number of denied responses. On proxies, the same info is stored in the denied_resp counter. So, it is more consistent to use the same field for servers. --- diff --git a/contrib/prometheus-exporter/service-prometheus.c b/contrib/prometheus-exporter/service-prometheus.c index 6b828f46cf..fa80147865 100644 --- a/contrib/prometheus-exporter/service-prometheus.c +++ b/contrib/prometheus-exporter/service-prometheus.c @@ -1997,7 +1997,7 @@ static int promex_dump_srv_metrics(struct appctx *appctx, struct htx *htx) metric = mkf_u64(FN_COUNTER, sv->counters.reuse); break; case ST_F_DRESP: - metric = mkf_u64(FN_COUNTER, sv->counters.failed_secu); + metric = mkf_u64(FN_COUNTER, sv->counters.denied_resp); break; case ST_F_ECON: metric = mkf_u64(FN_COUNTER, sv->counters.failed_conns); diff --git a/include/types/counters.h b/include/types/counters.h index 7c525b7530..5b56c7dbb5 100644 --- a/include/types/counters.h +++ b/include/types/counters.h @@ -95,7 +95,6 @@ struct be_counters { long long retries; /* retried and redispatched connections (BE only) */ long long redispatches; /* retried and redispatched connections (BE only) */ long long failed_rewrites; /* failed rewrites (warning) */ - long long failed_secu; /* blocked responses because of security concerns */ long long internal_errors; /* internal processing errors */ long long failed_checks, failed_hana; /* failed health checks and health analyses for servers */ diff --git a/src/http_ana.c b/src/http_ana.c index 14a86a1b21..cb87db2daa 100644 --- a/src/http_ana.c +++ b/src/http_ana.c @@ -2124,12 +2124,12 @@ int http_process_res_common(struct stream *s, struct channel *rep, int an_bit, s deny: txn->flags |= TX_CLDENY; txn->status = 502; - if (objt_server(s->target)) - _HA_ATOMIC_ADD(&__objt_server(s->target)->counters.failed_secu, 1); - _HA_ATOMIC_ADD(&s->be->be_counters.denied_resp, 1); _HA_ATOMIC_ADD(&sess->fe->fe_counters.denied_resp, 1); + _HA_ATOMIC_ADD(&s->be->be_counters.denied_resp, 1); if (sess->listener->counters) _HA_ATOMIC_ADD(&sess->listener->counters->denied_resp, 1); + if (objt_server(s->target)) + _HA_ATOMIC_ADD(&__objt_server(s->target)->counters.denied_resp, 1); goto return_prx_err; return_int_err: diff --git a/src/stats.c b/src/stats.c index a759a446e0..6330512ca8 100644 --- a/src/stats.c +++ b/src/stats.c @@ -1685,7 +1685,7 @@ int stats_fill_sv_stats(struct proxy *px, struct server *sv, int flags, stats[ST_F_STOT] = mkf_u64(FN_COUNTER, sv->counters.cum_sess); stats[ST_F_BIN] = mkf_u64(FN_COUNTER, sv->counters.bytes_in); stats[ST_F_BOUT] = mkf_u64(FN_COUNTER, sv->counters.bytes_out); - stats[ST_F_DRESP] = mkf_u64(FN_COUNTER, sv->counters.failed_secu); + stats[ST_F_DRESP] = mkf_u64(FN_COUNTER, sv->counters.denied_resp); stats[ST_F_ECON] = mkf_u64(FN_COUNTER, sv->counters.failed_conns); stats[ST_F_ERESP] = mkf_u64(FN_COUNTER, sv->counters.failed_resp); stats[ST_F_WRETR] = mkf_u64(FN_COUNTER, sv->counters.retries);