MINOR: payload/config: Warn if a L6 sample fetch is used from an HTTP proxy

L6 sample fetches are now ignored when called from an HTTP proxy. Thus, a
warning is emitted during the startup if such usage is detected. It is true
for most ACLs and for log-format strings. Unfortunately, it is a bit painful
to do so for sample expressions.

This patch relies on the commit "MINOR: action: Use a generic function to
check validity of an action rule list".

diff --git a/include/haproxy/cfgparse.h b/include/haproxy/cfgparse.h
index 54bfa2a4c1521044efe6aace81a411fe1399381f..2d309f4a1899e9db6d0965408d271376a99b43b5 100644 (file)
--- a/include/haproxy/cfgparse.h
+++ b/include/haproxy/cfgparse.h
@@ -106,6 +106,7 @@ int warnif_misplaced_tcp_conn(struct proxy *proxy, const char *file, int line, c
 int warnif_misplaced_tcp_sess(struct proxy *proxy, const char *file, int line, const char *arg);
 int warnif_misplaced_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg);
 int warnif_cond_conflicts(const struct acl_cond *cond, unsigned int where, const char *file, int line);
+int warnif_tcp_http_cond(const struct proxy *px, const struct acl_cond *cond);
 int too_many_args_idx(int maxarg, int index, char **args, char **msg, int *err_code);
 int too_many_args(int maxarg, char **args, char **msg, int *err_code);
 int alertif_too_many_args_idx(int maxarg, int index, const char *file, int linenum, char **args, int *err_code);

diff --git a/src/action.c b/src/action.c
index 7b017f618580537f1f312951da761781b3af5e98..b9d12c0302cab62d51676746d642d7341c9c8c90 100644 (file)
--- a/src/action.c
+++ b/src/action.c
@@ -13,6 +13,7 @@
 #include <haproxy/acl.h>
 #include <haproxy/action.h>
 #include <haproxy/api.h>
+#include <haproxy/cfgparse.h>
 #include <haproxy/errors.h>
 #include <haproxy/list.h>
 #include <haproxy/obj_type.h>
@@ -37,7 +38,7 @@ int check_action_rules(struct list *rules, struct proxy *px, int *err_code)
                        ha_alert("Proxy '%s': %s.\n", px->id, errmsg);
                        err++;
                }
-
+               *err_code |= warnif_tcp_http_cond(px, rule->cond);
                free(errmsg);
                errmsg = NULL;
        }

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 5562185eb40ea209ddb9fd520add61a556e4d936..52d602295327b2946984dead3f222bd805b7162e 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -334,6 +334,23 @@ int warnif_cond_conflicts(const struct acl_cond *cond, unsigned int where, const
        return ERR_WARN;
 }
 
+/* Report it if an ACL uses a L6 sample fetch from an HTTP proxy.  It returns
+ * either 0 or ERR_WARN so that its result can be or'ed with err_code. Note that
+ * <cond> may be NULL and then will be ignored.
+*/
+int warnif_tcp_http_cond(const struct proxy *px, const struct acl_cond *cond)
+{
+       if (!cond || px->mode != PR_MODE_HTTP)
+               return 0;
+
+       if (cond->use & (SMP_USE_L6REQ|SMP_USE_L6RES)) {
+               ha_warning("Proxy '%s': L6 sample fetches ignored on HTTP proxies (declared at %s:%d).\n",
+                          px->id, cond->file, cond->line);
+               return ERR_WARN;
+       }
+       return 0;
+}
+
 /* try to find in <list> the word that looks closest to <word> by counting
  * transitions between letters, digits and other characters. Will return the
  * best matching word if found, otherwise NULL. An optional array of extra
@@ -379,7 +396,6 @@ const char *cfg_find_best_match(const char *word, const struct list *list, int s
        return best_ptr;
 }
 
-
 /* Parse a string representing a process number or a set of processes. It must
  * be "all", "odd", "even", a number between 1 and <max> or a range with
  * two such numbers delimited by a dash ('-'). On success, it returns
@@ -2362,6 +2378,7 @@ int check_config_validity()
                                ha_free(&rule->be.name);
                                rule->be.backend = target;
                        }
+                       err_code |= warnif_tcp_http_cond(curproxy, rule->cond);
                }
 
                /* find the target server for 'use_server' rules */
@@ -2404,6 +2421,7 @@ int check_config_validity()
                        srule->dynamic = 0;
                        srule->srv.name = server_name;
                        target = findserver(curproxy, srule->srv.name);
+                       err_code |= warnif_tcp_http_cond(curproxy, srule->cond);
 
                        if (!target) {
                                ha_alert("config : %s '%s' : unable to find server '%s' referenced in a 'use-server' rule.\n",
@@ -2453,6 +2471,7 @@ int check_config_validity()
                                        target->proxies_list = curproxy;
                                }
                        }
+                       err_code |= warnif_tcp_http_cond(curproxy, mrule->cond);
                }
 
                /* find the target table for 'store response' rules */

diff --git a/src/log.c b/src/log.c
index c7712182374e22fa7d049fc5973dda3a5fda519d..e002c48ac2e395a14b3a917401de4ce54d515bb8 100644 (file)
--- a/src/log.c
+++ b/src/log.c
@@ -512,6 +512,11 @@ int add_sample_to_logformat_list(char *text, char *arg, int arg_len, struct prox
                goto error_free;
        }
 
+       if ((options & LOG_OPT_HTTP) && (expr->fetch->use & (SMP_USE_L6REQ|SMP_USE_L6RES))) {
+               ha_warning("parsing [%s:%d] : L6 sample fetch <%s> ignored in HTTP log-format string.\n",
+                          curpx->conf.args.file, curpx->conf.args.line, text);
+       }
+
        /* check if we need to allocate an http_txn struct for HTTP parsing */
        /* Note, we may also need to set curpx->to_log with certain fetches */
        curpx->http_needed |= !!(expr->fetch->use & SMP_USE_HTTP_ANY);