From: Willy Tarreau Date: Fri, 5 Nov 2021 16:07:03 +0000 (+0100) Subject: MEDIUM: connection: rename fc_conn_err and bc_conn_err to fc_err and bc_err X-Git-Tag: v2.5-dev13~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6f7497616;p=thirdparty%2Fhaproxy.git MEDIUM: connection: rename fc_conn_err and bc_conn_err to fc_err and bc_err Commit 3d2093af9 ("MINOR: connection: Add a connection error code sample fetch") added these convenient sample-fetch functions but it appears that due to a misunderstanding the redundant "conn" part was kept in their name, causing confusion, since "fc" already stands for "front connection". Let's simply call them "fc_err" and "bc_err" to match all other related ones before they appear in a final release. The VTC they appeared in were also updated, and the alpha sort in the keywords table updated. Cc: William Lallemand --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 6f61e26607..b2a149a8ef 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -17976,17 +17976,6 @@ table may be specified with the "sc*" form, in which case the currently tracked key will be looked up into this alternate table instead of the table currently being tracked. -bc_conn_err : integer - Returns the ID of the error that might have occurred on the current backend - connection. See the "fc_conn_err_str" fetch for a full list of error codes - and their corresponding error message. - -bc_conn_err_str : string - Returns an error message describing what problem happened on the current - backend connection, resulting in a connection failure. See the - "fc_conn_err_str" fetch for a full list of error codes and their - corresponding error message. - bc_dst : ip This is the destination ip address of the connection on the server side, which is the server address HAProxy connected to. It is of type IP and works @@ -17997,6 +17986,17 @@ bc_dst_port : integer Returns an integer value corresponding to the destination TCP port of the connection on the server side, which is the port HAProxy connected to. +bc_err : integer + Returns the ID of the error that might have occurred on the current backend + connection. See the "fc_err_str" fetch for a full list of error codes + and their corresponding error message. + +bc_err_str : string + Returns an error message describing what problem happened on the current + backend connection, resulting in a connection failure. See the + "fc_err_str" fetch for a full list of error codes and their + corresponding error message. + bc_http_major : integer Returns the backend connection's HTTP major version encoding, which may be 1 for HTTP/0.9 to HTTP/1.1 or 2 for HTTP/2. Note, this is based on the on-wire @@ -18083,14 +18083,29 @@ dst_port : integer application session, to stick all users to a same server, or to pass the destination port information to a server using an HTTP header. -fc_conn_err : integer +fc_dst : ip + This is the original destination IP address of the connection on the client + side. Only "tcp-request connection" rules may alter this address. See "dst" + for details. + +fc_dst_is_local : boolean + Returns true if the original destination address of the incoming connection + is local to the system, or false if the address doesn't exist on the + system. See "dst_is_local" for details. + +fc_dst_port : integer + Returns an integer value corresponding to the original destination TCP port + of the connection on the client side. Only "tcp-request connection" rules may + alter this address. See "dst-port" for details. + +fc_err : integer Returns the ID of the error that might have occurred on the current connection. Any strictly positive value of this fetch indicates that the connection did not succeed and would result in an error log being output (as - described in section 8.2.5). See the "fc_conn_err_str" fetch for a full list of + described in section 8.2.5). See the "fc_err_str" fetch for a full list of error codes and their corresponding error message. -fc_conn_err_str : string +fc_err_str : string Returns an error message describing what problem happened on the current connection, resulting in a connection failure. This string corresponds to the "message" part of the error log format (see section 8.2.5). See below for a @@ -18145,21 +18160,6 @@ fc_conn_err_str : string | 43 | "SSL fatal error" | +----+---------------------------------------------------------------------------+ -fc_dst : ip - This is the original destination IP address of the connection on the client - side. Only "tcp-request connection" rules may alter this address. See "dst" - for details. - -fc_dst_is_local : boolean - Returns true if the original destination address of the incoming connection - is local to the system, or false if the address doesn't exist on the - system. See "dst_is_local" for details. - -fc_dst_port : integer - Returns an integer value corresponding to the original destination TCP port - of the connection on the client side. Only "tcp-request connection" rules may - alter this address. See "dst-port" for details. - fc_fackets : integer Returns the fack counter measured by the kernel for the client connection. If the server connection is not established, if the connection is @@ -21272,14 +21272,14 @@ HTTP ones, refer to the HTTP section. 14 '{' captured_request_headers* '}' {haproxy.1wt.eu} 15 '{' captured_response_headers* '}' {} 16 '"' http_request '"' "GET /index.html HTTP/1.1" - 17 fc_conn_err '/' ssl_fc_err '/' ssl_c_err + 17 fc_err '/' ssl_fc_err '/' ssl_c_err '/' ssl_c_ca_err '/' ssl_fc_is_resumed 0/0/0/0/0 18 ssl_version '/' ssl_ciphers TLSv1.3/TLS_AES_256_GCM_SHA384 Detailed fields description : - - "fc_conn_err" is the status of the connection on the frontend's side. It - corresponds to the "fc_conn_err" sample fetch. See the "fc_conn_err" and - "fc_conn_err_str" fetches for more information. + - "fc_err" is the status of the connection on the frontend's side. It + corresponds to the "fc_err" sample fetch. See the "fc_err" and "fc_err_str" + sample fetch functions for more information. - "ssl_fc_err" is the last error of the first SSL error stack that was raised on the connection from the frontend's perspective. It might be used @@ -21364,7 +21364,7 @@ the default HTTPS format is defined this way : log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r \ - %[fc_conn_err]/%[ssl_fc_err,hex]/%[ssl_c_err]/\ + %[fc_err]/%[ssl_fc_err,hex]/%[ssl_c_err]/\ %[ssl_c_ca_err]/%[ssl_fc_is_resumed] %sslv/%sslc" and the default TCP format is defined this way : diff --git a/include/haproxy/connection-t.h b/include/haproxy/connection-t.h index 6969d8c757..09351d61a5 100644 --- a/include/haproxy/connection-t.h +++ b/include/haproxy/connection-t.h @@ -199,8 +199,8 @@ enum { /* Possible connection error codes. * Warning: Do not reorder the codes, they are fetchable through the - * "fc_conn_err" sample fetch. If a new code is added, please add an error label - * in conn_err_code_str and in the "fc_conn_err_str" sample fetch documentation. + * "fc_err" sample fetch. If a new code is added, please add an error label + * in conn_err_code_str and in the "fc_err_str" sample fetch documentation. */ enum { CO_ER_NONE, /* no error */ diff --git a/reg-tests/ssl/ssl_errors.vtc b/reg-tests/ssl/ssl_errors.vtc index ef83e3e601..5dd3491ab1 100644 --- a/reg-tests/ssl/ssl_errors.vtc +++ b/reg-tests/ssl/ssl_errors.vtc @@ -105,33 +105,33 @@ syslog Slg_logconnerror -level info { syslog Slg_bcknd -level info { recv - expect ~ ".*bc_conn_err:0:\"Success\" ssl_bc_err:0:" + expect ~ ".*bc_err:0:\"Success\" ssl_bc_err:0:" barrier b2 sync recv - expect ~ ".*bc_conn_err:34:\"SSL handshake failure\" ssl_bc_err:134:.*:certificate verify failed" + expect ~ ".*bc_err:34:\"SSL handshake failure\" ssl_bc_err:134:.*:certificate verify failed" barrier b2 sync recv - expect ~ ".*bc_conn_err:32:\"Server presented an SSL certificate different from the configured one\" ssl_bc_err:134:.*:certificate verify failed" + expect ~ ".*bc_err:32:\"Server presented an SSL certificate different from the configured one\" ssl_bc_err:134:.*:certificate verify failed" barrier b2 sync # Verify errors on the server side cannot be caught when using TLSv1.3 but it works for TLSv1.2 recv - expect ~ ".*bc_conn_err:34:\"SSL handshake failure\" ssl_bc_err:1048:.*:tlsv1 alert unknown ca" + expect ~ ".*bc_err:34:\"SSL handshake failure\" ssl_bc_err:1048:.*:tlsv1 alert unknown ca" barrier b2 sync recv - expect ~ ".*bc_conn_err:34:\"SSL handshake failure\" ssl_bc_err:1040:.*:sslv3 alert handshake failure" + expect ~ ".*bc_err:34:\"SSL handshake failure\" ssl_bc_err:1040:.*:sslv3 alert handshake failure" barrier b2 sync recv - expect ~ ".*bc_conn_err:34:\"SSL handshake failure\" ssl_bc_err:1040:.*:sslv3 alert handshake failure" + expect ~ ".*bc_err:34:\"SSL handshake failure\" ssl_bc_err:1040:.*:sslv3 alert handshake failure" } -start @@ -172,12 +172,12 @@ haproxy h1 -conf { server logconnerror "${tmpdir}/logconnerror_ssl.sock" - # This listener will be used to test backend fetches (bc_conn_err and ssl_bc_err) + # This listener will be used to test backend fetches (bc_err and ssl_bc_err) listen clear_backend_errors_lst bind "fd@${backenderrorslst}" log ${Slg_bcknd_addr}:${Slg_bcknd_port} local0 - log-format "bc_conn_err:%[bc_conn_err]:%{+Q}[bc_conn_err_str]\ ssl_bc_err:%[ssl_bc_err,and(proc.ssl_error_mask)]:%{+Q}[ssl_bc_err_str]" - error-log-format "ERROR bc_conn_err:%[bc_conn_err]:%{+Q}[bc_conn_err_str]\ ssl_bc_err:%[ssl_bc_err,and(proc.ssl_error_mask)]:%[ssl_bc_err_str]" + log-format "bc_err:%[bc_err]:%{+Q}[bc_err_str]\ ssl_bc_err:%[ssl_bc_err,and(proc.ssl_error_mask)]:%{+Q}[ssl_bc_err_str]" + error-log-format "ERROR bc_err:%[bc_err]:%{+Q}[bc_err_str]\ ssl_bc_err:%[ssl_bc_err,and(proc.ssl_error_mask)]:%[ssl_bc_err_str]" balance roundrobin server no_err "${tmpdir}/no_err_ssl.sock" ssl crt ${testdir}/set_cafile_client.pem ca-file ${testdir}/set_cafile_interCA2.crt verify required @@ -203,8 +203,8 @@ haproxy h1 -conf { listen cust_logfmt_ssl_lst log ${Slg_cust_fmt_addr}:${Slg_cust_fmt_port} local0 mode http - log-format "conn_status:\"%[fc_conn_err]:%[fc_conn_err_str]\" hsk_err:\"%[ssl_fc_err]:%[ssl_fc_err_str]\" CN=%{+Q}[ssl_c_s_dn],serial=%[ssl_c_serial,hex],hash=%[ssl_c_sha1,hex]" - error-log-format "ERROR conn_status:\"%[fc_conn_err]:%[fc_conn_err_str]\" hsk_err:\"%[ssl_fc_err,and(proc.ssl_error_mask)]:%[ssl_fc_err_str]\" CN=%{+Q}[ssl_c_s_dn],serial=%[ssl_c_serial,hex],hash=%[ssl_c_sha1,hex]" + log-format "conn_status:\"%[fc_err]:%[fc_err_str]\" hsk_err:\"%[ssl_fc_err]:%[ssl_fc_err_str]\" CN=%{+Q}[ssl_c_s_dn],serial=%[ssl_c_serial,hex],hash=%[ssl_c_sha1,hex]" + error-log-format "ERROR conn_status:\"%[fc_err]:%[fc_err_str]\" hsk_err:\"%[ssl_fc_err,and(proc.ssl_error_mask)]:%[ssl_fc_err_str]\" CN=%{+Q}[ssl_c_s_dn],serial=%[ssl_c_serial,hex],hash=%[ssl_c_sha1,hex]" bind "${tmpdir}/cust_logfmt_ssl.sock" ssl crt ${testdir}/set_cafile_server.pem ca-verify-file ${testdir}/set_cafile_rootCA.crt ca-file ${testdir}/set_cafile_interCA1.crt verify required ciphers "kRSA" server s1 ${s1_addr}:${s1_port} @@ -214,7 +214,7 @@ haproxy h1 -conf { option log-separate-errors mode http option httpslog - error-log-format "ERROR %ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r %[fc_conn_err]/%[ssl_fc_err,and(proc.ssl_error_mask),hex]/%[ssl_c_err]/%[ssl_c_ca_err]/%[ssl_fc_is_resumed] %sslv/%sslc" + error-log-format "ERROR %ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r %[fc_err]/%[ssl_fc_err,and(proc.ssl_error_mask),hex]/%[ssl_c_err]/%[ssl_c_ca_err]/%[ssl_fc_is_resumed] %sslv/%sslc" bind "${tmpdir}/https_logfmt_ssl.sock" ssl crt ${testdir}/set_cafile_server.pem ca-verify-file ${testdir}/set_cafile_rootCA.crt ca-file ${testdir}/set_cafile_interCA1.crt verify required ciphers "kRSA" server s1 ${s1_addr}:${s1_port} diff --git a/src/connection.c b/src/connection.c index 270ae11a11..f0fb3d665f 100644 --- a/src/connection.c +++ b/src/connection.c @@ -2131,7 +2131,7 @@ int smp_fetch_fc_pp_unique_id(const struct arg *args, struct sample *smp, const } /* fetch the error code of a connection */ -int smp_fetch_fc_conn_err(const struct arg *args, struct sample *smp, const char *kw, void *private) +int smp_fetch_fc_err(const struct arg *args, struct sample *smp, const char *kw, void *private) { struct connection *conn; @@ -2157,7 +2157,7 @@ int smp_fetch_fc_conn_err(const struct arg *args, struct sample *smp, const char } /* fetch a string representation of the error code of a connection */ -int smp_fetch_fc_conn_err_str(const struct arg *args, struct sample *smp, const char *kw, void *private) +int smp_fetch_fc_err_str(const struct arg *args, struct sample *smp, const char *kw, void *private) { struct connection *conn; const char *err_code_str; @@ -2195,15 +2195,15 @@ int smp_fetch_fc_conn_err_str(const struct arg *args, struct sample *smp, const * instance v4/v6 must be declared v4. */ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, { - { "fc_http_major", smp_fetch_fc_http_major, 0, NULL, SMP_T_SINT, SMP_USE_L4CLI }, + { "bc_err", smp_fetch_fc_err, 0, NULL, SMP_T_SINT, SMP_USE_L4SRV }, + { "bc_err_str", smp_fetch_fc_err_str, 0, NULL, SMP_T_STR, SMP_USE_L4SRV }, { "bc_http_major", smp_fetch_fc_http_major, 0, NULL, SMP_T_SINT, SMP_USE_L4SRV }, + { "fc_err", smp_fetch_fc_err, 0, NULL, SMP_T_SINT, SMP_USE_L4CLI }, + { "fc_err_str", smp_fetch_fc_err_str, 0, NULL, SMP_T_STR, SMP_USE_L4CLI }, + { "fc_http_major", smp_fetch_fc_http_major, 0, NULL, SMP_T_SINT, SMP_USE_L4CLI }, { "fc_rcvd_proxy", smp_fetch_fc_rcvd_proxy, 0, NULL, SMP_T_BOOL, SMP_USE_L4CLI }, { "fc_pp_authority", smp_fetch_fc_pp_authority, 0, NULL, SMP_T_STR, SMP_USE_L4CLI }, { "fc_pp_unique_id", smp_fetch_fc_pp_unique_id, 0, NULL, SMP_T_STR, SMP_USE_L4CLI }, - { "fc_conn_err", smp_fetch_fc_conn_err, 0, NULL, SMP_T_SINT, SMP_USE_L4CLI }, - { "fc_conn_err_str", smp_fetch_fc_conn_err_str, 0, NULL, SMP_T_STR, SMP_USE_L4CLI }, - { "bc_conn_err", smp_fetch_fc_conn_err, 0, NULL, SMP_T_SINT, SMP_USE_L4SRV }, - { "bc_conn_err_str", smp_fetch_fc_conn_err_str, 0, NULL, SMP_T_STR, SMP_USE_L4SRV }, { /* END */ }, }}; diff --git a/src/log.c b/src/log.c index 6912217de3..51ad75ada1 100644 --- a/src/log.c +++ b/src/log.c @@ -195,7 +195,7 @@ static const struct logformat_type logformat_keywords[] = { }; char default_http_log_format[] = "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"; // default format -char default_https_log_format[] = "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r %[fc_conn_err]/%[ssl_fc_err,hex]/%[ssl_c_err]/%[ssl_c_ca_err]/%[ssl_fc_is_resumed] %sslv/%sslc"; +char default_https_log_format[] = "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r %[fc_err]/%[ssl_fc_err,hex]/%[ssl_c_err]/%[ssl_c_ca_err]/%[ssl_fc_is_resumed] %sslv/%sslc"; char clf_http_log_format[] = "%{+Q}o %{-Q}ci - - [%trg] %r %ST %B \"\" \"\" %cp %ms %ft %b %s %TR %Tw %Tc %Tr %Ta %tsc %ac %fc %bc %sc %rc %sq %bq %CC %CS %hrl %hsl"; char default_tcp_log_format[] = "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq"; char *log_format = NULL;