From: Roberto Moreda Date: Mon, 3 Mar 2025 20:57:52 +0000 (+0100) Subject: MINOR: log: add dont-parse-log and assume-rfc6587-ntf options X-Git-Tag: v3.2-dev7~26 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f98b5c4f59695a538cffe951ba222f54a1d7f6d6;p=thirdparty%2Fhaproxy.git MINOR: log: add dont-parse-log and assume-rfc6587-ntf options This commit introduces the dont-parse-log option to disable log message parsing, allowing raw log data to be forwarded without modification. Also, it adds the assume-rfc6587-ntf option to frame log messages using only non-transparent framing as per RFC 6587. This avoids missparsing in certain cases (mainly with non RFC compliant messages). The documentation is updated to include details on the new options and their intended use cases. This feature was discussed in GH #2856 --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 941073c92..d7f7e2e05 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -5358,6 +5358,18 @@ maxconn timeout client Set the maximum inactivity time on the client side. +option assume-rfc6587-ntf + Directs HAProxy to treat incoming TCP log streams always as using + non-transparent framing. This option simplifies the framing logic and ensures + consistent handling of messages, particularly useful when dealing with + improperly formed starting characters. + +option dont-parse-log + Enables HAProxy to relay syslog messages without attempting to parse and + restructure them, useful for forwarding messages that may not conform to + traditional formats. This option should be used with the format raw setting on + destination log targets to ensure the original message content is preserved. + 3.11. HTTPClient tuning ----------------------- diff --git a/include/haproxy/proxy-t.h b/include/haproxy/proxy-t.h index 407a99947..79b6499dc 100644 --- a/include/haproxy/proxy-t.h +++ b/include/haproxy/proxy-t.h @@ -155,7 +155,12 @@ enum PR_SRV_STATE_FILE { #define PR_O2_RSTRICT_REQ_HDR_NAMES_DEL 0x00800000 /* remove request header names containing chars outside of [0-9a-zA-Z-] charset */ #define PR_O2_RSTRICT_REQ_HDR_NAMES_NOOP 0x01000000 /* preserve request header names containing chars outside of [0-9a-zA-Z-] charset */ #define PR_O2_RSTRICT_REQ_HDR_NAMES_MASK 0x01c00000 /* mask for restrict-http-header-names option */ -/* unused : 0x0000000..0x80000000 */ + +/* bits for log-forward proxies */ +#define PR_O2_DONTPARSELOG 0x02000000 /* don't parse log messages */ +#define PR_O2_ASSUME_RFC6587_NTF 0x04000000 /* assume that we are going to receive just non-transparent framing messages */ + +/* unused : 0x08000000 */ /* server health checks */ #define PR_O2_CHK_NONE 0x00000000 /* no L7 health checks configured (TCP by default) */ diff --git a/src/log.c b/src/log.c index 14f05bfd8..17a716e75 100644 --- a/src/log.c +++ b/src/log.c @@ -5724,9 +5724,11 @@ void syslog_fd_handler(int fd) int level; int facility; struct listener *l = objt_listener(fdtab[fd].owner); + struct proxy *frontend; int max_accept; BUG_ON(!l); + frontend = l->bind_conf->frontend; if (fdtab[fd].state & FD_POLL_IN) { @@ -5754,13 +5756,14 @@ void syslog_fd_handler(int fd) /* update counters */ _HA_ATOMIC_INC(&cum_log_messages); - proxy_inc_fe_req_ctr(l, l->bind_conf->frontend, 0); + proxy_inc_fe_req_ctr(l, frontend, 0); prepare_log_message(buf->area, buf->data, &level, &facility, metadata, &message, &size); - parse_log_message(buf->area, buf->data, &level, &facility, metadata, &message, &size); + if (!(frontend->options2 & PR_O2_DONTPARSELOG)) + parse_log_message(buf->area, buf->data, &level, &facility, metadata, &message, &size); - process_send_log(NULL, &l->bind_conf->frontend->loggers, level, facility, metadata, message, size); + process_send_log(NULL, &frontend->loggers, level, facility, metadata, message, size); } while (--max_accept); } @@ -5806,7 +5809,7 @@ static void syslog_io_handler(struct appctx *appctx) else if (to_skip < 0) goto cli_abort; - if (c == '<') { + if (c == '<' || (frontend->options2 & PR_O2_ASSUME_RFC6587_NTF)) { /* rfc-6587, Non-Transparent-Framing: messages separated by * a trailing LF or CR LF */ @@ -5872,7 +5875,8 @@ static void syslog_io_handler(struct appctx *appctx) prepare_log_message(buf->area, buf->data, &level, &facility, metadata, &message, &size); - parse_log_message(buf->area, buf->data, &level, &facility, metadata, &message, &size); + if (!(frontend->options2 & PR_O2_DONTPARSELOG)) + parse_log_message(buf->area, buf->data, &level, &facility, metadata, &message, &size); process_send_log(NULL, &frontend->loggers, level, facility, metadata, message, size); diff --git a/src/proxy.c b/src/proxy.c index e0dad6b51..c3b3467be 100644 --- a/src/proxy.c +++ b/src/proxy.c @@ -131,6 +131,8 @@ const struct cfg_opt cfg_opts2[] = {"h1-case-adjust-bogus-client", PR_O2_H1_ADJ_BUGCLI, PR_CAP_FE, 0, 0 }, {"h1-case-adjust-bogus-server", PR_O2_H1_ADJ_BUGSRV, PR_CAP_BE, 0, 0 }, {"disable-h2-upgrade", PR_O2_NO_H2_UPGRADE, PR_CAP_FE, 0, PR_MODE_HTTP }, + {"assume-rfc6587-ntf", PR_O2_ASSUME_RFC6587_NTF, PR_CAP_FE, 0, PR_MODE_SYSLOG }, + {"dont-parse-log", PR_O2_DONTPARSELOG, PR_CAP_FE, 0, PR_MODE_SYSLOG }, { NULL, 0, 0, 0 } };