LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1235 Commits
1 Branch
46 MiB
Tree: d2d0d41dd9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd2d0d41dd9'
${ noResults }
openwrt-packages-dist/net/haproxy/patches/0012-MEDIUM-config-report-i...

110 lines
4.4 KiB
Raw Normal View History

haproxy: patches from upstream - [PATCH 01/13] DOC: clearly state that the "show sess" output format - [PATCH 02/13] MINOR: stats: fix minor typo fix in - [PATCH 03/13] MEDIUM: Improve signal handling in systemd wrapper. - [PATCH 04/13] MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper - [PATCH 05/13] DOC: indicate in the doc that track-sc* can wait if - [PATCH 06/13] MEDIUM: http: enable header manipulation for 101 - [PATCH 07/13] BUG/MEDIUM: config: propagate frontend to backend - [PATCH 08/13] MEDIUM: config: properly propagate process binding - [PATCH 09/13] MEDIUM: config: make the frontends automatically bind - [PATCH 10/13] MEDIUM: config: compute the exact bind-process before - [PATCH 11/13] MEDIUM: config: only warn if stats are attached to - [PATCH 12/13] MEDIUM: config: report it when tcp-request rules are - [PATCH 13/13] MINOR: config: detect the case where a tcp-request Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
10 years ago
 
  1. From 8b3c808c37dd5672f87e7b61085295e1316a6694 Mon Sep 17 00:00:00 2001
  2. From: Willy Tarreau <w@1wt.eu>
  3. Date: Tue, 16 Sep 2014 15:39:51 +0200
  4. Subject: [PATCH 12/13] MEDIUM: config: report it when tcp-request rules are
  5.  misplaced
  6. 

  7. A config where a tcp-request rule appears after an http-request rule
  8. might seem valid but it is not. So let's report a warning about this
  9. since this case is hard to detect by the naked eye.
  10. (cherry picked from commit 3986b9c14037f446f5f5bec6207a39e1bd753fae)
  11. ---

  12.  include/common/cfgparse.h |  2 ++
  13.  src/cfgparse.c            | 38 ++++++++++++++++++++++++++++++++++++++
  14.  src/proto_tcp.c           |  4 ++++
  15.  3 files changed, 44 insertions(+)
  16. 

  17. diff --git a/include/common/cfgparse.h b/include/common/cfgparse.h

  18. index 80310ae..86a0035 100644

  19. --- a/include/common/cfgparse.h

  20. +++ b/include/common/cfgparse.h

  21. @@ -73,6 +73,8 @@ int check_config_validity();

  22.  int str2listener(char *str, struct proxy *curproxy, struct bind_conf *bind_conf, const char *file, int line, char **err);
  23.  int cfg_register_section(char *section_name,
  24.                           int (*section_parser)(const char *, int, char **, int));
  25. +int warnif_misplaced_tcp_conn(struct proxy *proxy, const char *file, int line, const char *arg);

  26. +int warnif_misplaced_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg);

  27.  
  28.  /*
  29.   * Sends a warning if proxy <proxy> does not have at least one of the
  30. diff --git a/src/cfgparse.c b/src/cfgparse.c

  31. index 5668393..9ff44e9 100644

  32. --- a/src/cfgparse.c

  33. +++ b/src/cfgparse.c

  34. @@ -317,6 +317,19 @@ int str2listener(char *str, struct proxy *curproxy, struct bind_conf *bind_conf,

  35.  	return 0;
  36.  }
  37.  
  38. +/* Report a warning if a rule is placed after a 'tcp-request content' rule.

  39. + * Return 1 if the warning has been emitted, otherwise 0.

  40. + */

  41. +int warnif_rule_after_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg)

  42. +{

  43. +	if (!LIST_ISEMPTY(&proxy->tcp_req.inspect_rules)) {

  44. +		Warning("parsing [%s:%d] : a '%s' rule placed after a 'tcp-request content' rule will still be processed before.\n",

  45. +			file, line, arg);

  46. +		return 1;

  47. +	}

  48. +	return 0;

  49. +}

  50. +

  51.  /* Report a warning if a rule is placed after a 'block' rule.
  52.   * Return 1 if the warning has been emitted, otherwise 0.
  53.   */
  54. @@ -408,6 +421,31 @@ int warnif_rule_after_use_server(struct proxy *proxy, const char *file, int line

  55.  	return 0;
  56.  }
  57.  
  58. +/* report a warning if a "tcp request connection" rule is dangerously placed */

  59. +int warnif_misplaced_tcp_conn(struct proxy *proxy, const char *file, int line, const char *arg)

  60. +{

  61. +	return	warnif_rule_after_tcp_cont(proxy, file, line, arg) ||

  62. +		warnif_rule_after_block(proxy, file, line, arg) ||

  63. +		warnif_rule_after_http_req(proxy, file, line, arg) ||

  64. +		warnif_rule_after_reqxxx(proxy, file, line, arg) ||

  65. +		warnif_rule_after_reqadd(proxy, file, line, arg) ||

  66. +		warnif_rule_after_redirect(proxy, file, line, arg) ||

  67. +		warnif_rule_after_use_backend(proxy, file, line, arg) ||

  68. +		warnif_rule_after_use_server(proxy, file, line, arg);

  69. +}

  70. +

  71. +/* report a warning if a "tcp request content" rule is dangerously placed */

  72. +int warnif_misplaced_tcp_cont(struct proxy *proxy, const char *file, int line, const char *arg)

  73. +{

  74. +	return	warnif_rule_after_block(proxy, file, line, arg) ||

  75. +		warnif_rule_after_http_req(proxy, file, line, arg) ||

  76. +		warnif_rule_after_reqxxx(proxy, file, line, arg) ||

  77. +		warnif_rule_after_reqadd(proxy, file, line, arg) ||

  78. +		warnif_rule_after_redirect(proxy, file, line, arg) ||

  79. +		warnif_rule_after_use_backend(proxy, file, line, arg) ||

  80. +		warnif_rule_after_use_server(proxy, file, line, arg);

  81. +}

  82. +

  83.  /* report a warning if a block rule is dangerously placed */
  84.  int warnif_misplaced_block(struct proxy *proxy, const char *file, int line, const char *arg)
  85.  {
  86. diff --git a/src/proto_tcp.c b/src/proto_tcp.c

  87. index 72dc92b..940c3f1 100644

  88. --- a/src/proto_tcp.c

  89. +++ b/src/proto_tcp.c

  90. @@ -1711,6 +1711,8 @@ static int tcp_parse_tcp_req(char **args, int section_type, struct proxy *curpx,

  91.  			warn++;
  92.  		}
  93.  
  94. +		/* the following function directly emits the warning */

  95. +		warnif_misplaced_tcp_cont(curpx, file, line, args[0]);

  96.  		LIST_ADDQ(&curpx->tcp_req.inspect_rules, &rule->list);
  97.  	}
  98.  	else if (strcmp(args[1], "connection") == 0) {
  99. @@ -1754,6 +1756,8 @@ static int tcp_parse_tcp_req(char **args, int section_type, struct proxy *curpx,

  100.  			warn++;
  101.  		}
  102.  
  103. +		/* the following function directly emits the warning */

  104. +		warnif_misplaced_tcp_conn(curpx, file, line, args[0]);

  105.  		LIST_ADDQ(&curpx->tcp_req.l4_rules, &rule->list);
  106.  	}
  107.  	else {
  108. -- 

  109. 1.8.5.5
  110.