- [PATCH 3/9] BUG/MEDIUM: Do not consider an agent check as failed on - [PATCH 4/9] BUG/MEDIUM: peers: correctly configure the client timeout - [PATCH 5/9] BUG/MEDIUM: buffer: one byte miss in buffer free space - [PATCH 6/9] BUG/MAJOR: http: don't read past buffer's end in - [PATCH 7/9] BUG/MEDIUM: http: the function "(req|res)-replace-value" - [PATCH 8/9] BUG/MINOR: compression: consider the expansion factor in - [PATCH 9/9] BUG/MEDIUM: http: hdr_cnt would not count any header when Signed-off-by: heil <heil@terminal-consulting.de>lilik-openwrt-22.03
@ -0,0 +1,43 @@ | |||||
From bfb8f885955efa1ef90f79595f16a01e30fd0dcf Mon Sep 17 00:00:00 2001 | |||||
From: Simon Horman <horms@verge.net.au> | |||||
Date: Thu, 26 Feb 2015 11:26:17 +0900 | |||||
Subject: [PATCH 3/9] BUG/MEDIUM: Do not consider an agent check as failed on | |||||
L7 error | |||||
As failure to connect to the agent check is not sufficient to mark it as | |||||
failed it stands to reason that an L7 error shouldn't either. | |||||
Without this fix if an L7 error occurs, for example of connectivity to the | |||||
agent is lost immediately after establishing a connection to it, then the | |||||
agent check will be considered to have failed and thus may end up with zero | |||||
health. Once this has occurred if the primary health check also reaches | |||||
zero health, which is likely if connectivity to the server is lost, then | |||||
the server will be marked as down and not be marked as up again until a | |||||
successful agent check occurs regardless of the success of any primary | |||||
health checks. | |||||
This behaviour is not correct as a failed agent check should never cause a | |||||
server to be marked as down or by extension continue to be marked as down. | |||||
Signed-off-by: Simon Horman <horms@verge.net.au> | |||||
(cherry picked from commit eaabd52e29a29187f9829fe727028a6ca530cbf9) | |||||
--- | |||||
src/checks.c | 2 +- | |||||
1 file changed, 1 insertion(+), 1 deletion(-) | |||||
diff --git a/src/checks.c b/src/checks.c | |||||
index b9048da..71debb6 100644 | |||||
--- a/src/checks.c | |||||
+++ b/src/checks.c | |||||
@@ -246,7 +246,7 @@ static void set_server_check_status(struct check *check, short status, const cha | |||||
* cause the server to be marked down. | |||||
*/ | |||||
if ((!(check->state & CHK_ST_AGENT) || | |||||
- (check->status >= HCHK_STATUS_L7TOUT)) && | |||||
+ (check->status >= HCHK_STATUS_L57DATA)) && | |||||
(check->health >= check->rise)) { | |||||
s->counters.failed_checks++; | |||||
report = 1; | |||||
-- | |||||
2.0.5 | |||||
@ -0,0 +1,33 @@ | |||||
From fc940eb2bf0bbd7adf5b283f28bcff136501ae7f Mon Sep 17 00:00:00 2001 | |||||
From: Willy Tarreau <w@1wt.eu> | |||||
Date: Fri, 13 Mar 2015 16:18:25 +0100 | |||||
Subject: [PATCH 4/9] BUG/MEDIUM: peers: correctly configure the client timeout | |||||
The peers frontend timeout was mistakenly set on timeout.connect instead | |||||
of timeout.client, resulting in no timeout being applied to the peers | |||||
connections. The impact is just that peers can establish connections and | |||||
remain connected until they speak. Once they start speaking, only one of | |||||
them will still be accepted, and old sessions will be killed, so the | |||||
problem is limited. This fix should however be backported to 1.5 since | |||||
it was introduced in 1.5-dev3 with peers. | |||||
(cherry picked from commit 9ff95bb18c4cd9ae747fa5b3bef6d3f94e54172f) | |||||
--- | |||||
src/cfgparse.c | 2 +- | |||||
1 file changed, 1 insertion(+), 1 deletion(-) | |||||
diff --git a/src/cfgparse.c b/src/cfgparse.c | |||||
index a91e027..b7613b8 100644 | |||||
--- a/src/cfgparse.c | |||||
+++ b/src/cfgparse.c | |||||
@@ -1834,7 +1834,7 @@ int cfg_parse_peers(const char *file, int linenum, char **args, int kwm) | |||||
curpeers->peers_fe->cap = PR_CAP_FE; | |||||
curpeers->peers_fe->maxconn = 0; | |||||
curpeers->peers_fe->conn_retries = CONN_RETRIES; | |||||
- curpeers->peers_fe->timeout.connect = 5000; | |||||
+ curpeers->peers_fe->timeout.client = MS_TO_TICKS(5000); | |||||
curpeers->peers_fe->accept = peer_accept; | |||||
curpeers->peers_fe->options2 |= PR_O2_INDEPSTR | PR_O2_SMARTCON | PR_O2_SMARTACC; | |||||
curpeers->peers_fe->conf.args.file = curpeers->peers_fe->conf.file = strdup(file); | |||||
-- | |||||
2.0.5 | |||||
@ -0,0 +1,30 @@ | |||||
From b92902814f796bb1dc24bab2179000caceb5b151 Mon Sep 17 00:00:00 2001 | |||||
From: Thierry FOURNIER <tfournier@exceliance.fr> | |||||
Date: Tue, 10 Mar 2015 01:55:01 +0100 | |||||
Subject: [PATCH 5/9] BUG/MEDIUM: buffer: one byte miss in buffer free space | |||||
check | |||||
Space is not avalaible only if the end of the data inserted | |||||
is strictly greater than the end of buffer. If these two value | |||||
are equal, the space is avamaible. | |||||
(cherry picked from commit fdda6777bffb4f933569c609ba54e24ea5eabf29) | |||||
--- | |||||
src/buffer.c | 2 +- | |||||
1 file changed, 1 insertion(+), 1 deletion(-) | |||||
diff --git a/src/buffer.c b/src/buffer.c | |||||
index 9037dd3..8d2644e 100644 | |||||
--- a/src/buffer.c | |||||
+++ b/src/buffer.c | |||||
@@ -46,7 +46,7 @@ int buffer_replace2(struct buffer *b, char *pos, char *end, const char *str, int | |||||
delta = len - (end - pos); | |||||
- if (bi_end(b) + delta >= b->data + b->size) | |||||
+ if (bi_end(b) + delta > b->data + b->size) | |||||
return 0; /* no space left */ | |||||
if (buffer_not_empty(b) && | |||||
-- | |||||
2.0.5 | |||||
@ -0,0 +1,52 @@ | |||||
From 8e05ac2044c6523c867ceaaae1f10486370eec89 Mon Sep 17 00:00:00 2001 | |||||
From: Thierry FOURNIER <tfournier@haproxy.com> | |||||
Date: Mon, 16 Mar 2015 11:14:41 +0100 | |||||
Subject: [PATCH 6/9] BUG/MAJOR: http: don't read past buffer's end in | |||||
http_replace_value | |||||
The function http_replace_value use bad variable to detect the end | |||||
of the input string. | |||||
Regression introduced by the patch "MEDIUM: regex: Remove null | |||||
terminated strings." (c9c2daf2) | |||||
We need to backport this patch int the 1.5 stable branch. | |||||
WT: there is no possibility to overwrite existing data as we only read | |||||
past the end of the request buffer, to copy into the trash. The copy | |||||
is bounded by buffer_replace2(), just like the replacement performed | |||||
by exp_replace(). However if a buffer happens to contain non-zero data | |||||
up to the next unmapped page boundary, there's a theorical risk of | |||||
crashing the process despite this not being reproducible in tests. | |||||
The risk is low because "http-request replace-value" did not work due | |||||
to this bug so that probably means it's not used yet. | |||||
(cherry picked from commit 534101658d6e19aeb598bf7833a8ce167498c4ed) | |||||
--- | |||||
src/proto_http.c | 4 ++-- | |||||
1 file changed, 2 insertions(+), 2 deletions(-) | |||||
diff --git a/src/proto_http.c b/src/proto_http.c | |||||
index 705f3b4..f53b5e2 100644 | |||||
--- a/src/proto_http.c | |||||
+++ b/src/proto_http.c | |||||
@@ -3206,7 +3206,7 @@ static int http_replace_value(struct my_regex *re, char *dst, uint dst_size, cha | |||||
/* look for delim. */ | |||||
p_delim = p; | |||||
- while (p_delim < p + len && *p_delim != delim) | |||||
+ while (p_delim < val + len && *p_delim != delim) | |||||
p_delim++; | |||||
if (regex_exec_match2(re, p, p_delim-p, MAX_MATCH, pmatch)) { | |||||
@@ -3230,7 +3230,7 @@ static int http_replace_value(struct my_regex *re, char *dst, uint dst_size, cha | |||||
return -1; | |||||
/* end of the replacements. */ | |||||
- if (p_delim >= p + len) | |||||
+ if (p_delim >= val + len) | |||||
break; | |||||
/* Next part. */ | |||||
-- | |||||
2.0.5 | |||||
@ -0,0 +1,171 @@ | |||||
From 06170c50ae5cd0fb23510b832826f7e63a5a8894 Mon Sep 17 00:00:00 2001 | |||||
From: Thierry FOURNIER <tfournier@haproxy.com> | |||||
Date: Mon, 16 Mar 2015 23:23:53 +0100 | |||||
Subject: [PATCH 7/9] BUG/MEDIUM: http: the function "(req|res)-replace-value" | |||||
doesn't respect the HTTP syntax | |||||
These function used an invalid header parser. | |||||
- The trailing white-spaces were embedded in the replacement regex, | |||||
- The double-quote (") containing comma (,) were not respected. | |||||
This patch replace this parser by the "official" parser http_find_header2(). | |||||
(cherry picked from commit 191f9efdc58f21af1d9dde3db5ba198d7f1ce22e) | |||||
--- | |||||
src/proto_http.c | 126 +++++++++++++++---------------------------------------- | |||||
1 file changed, 34 insertions(+), 92 deletions(-) | |||||
diff --git a/src/proto_http.c b/src/proto_http.c | |||||
index f53b5e2..c49c4f4 100644 | |||||
--- a/src/proto_http.c | |||||
+++ b/src/proto_http.c | |||||
@@ -3179,113 +3179,55 @@ static inline void inet_set_tos(int fd, struct sockaddr_storage from, int tos) | |||||
#endif | |||||
} | |||||
-/* Returns the number of characters written to destination, | |||||
- * -1 on internal error and -2 if no replacement took place. | |||||
- */ | |||||
-static int http_replace_header(struct my_regex *re, char *dst, uint dst_size, char *val, int len, | |||||
- const char *rep_str) | |||||
-{ | |||||
- if (!regex_exec_match2(re, val, len, MAX_MATCH, pmatch)) | |||||
- return -2; | |||||
- | |||||
- return exp_replace(dst, dst_size, val, rep_str, pmatch); | |||||
-} | |||||
- | |||||
-/* Returns the number of characters written to destination, | |||||
- * -1 on internal error and -2 if no replacement took place. | |||||
- */ | |||||
-static int http_replace_value(struct my_regex *re, char *dst, uint dst_size, char *val, int len, char delim, | |||||
- const char *rep_str) | |||||
-{ | |||||
- char* p = val; | |||||
- char* dst_end = dst + dst_size; | |||||
- char* dst_p = dst; | |||||
- | |||||
- for (;;) { | |||||
- char *p_delim; | |||||
- | |||||
- /* look for delim. */ | |||||
- p_delim = p; | |||||
- while (p_delim < val + len && *p_delim != delim) | |||||
- p_delim++; | |||||
- | |||||
- if (regex_exec_match2(re, p, p_delim-p, MAX_MATCH, pmatch)) { | |||||
- int replace_n = exp_replace(dst_p, dst_end - dst_p, p, rep_str, pmatch); | |||||
- | |||||
- if (replace_n < 0) | |||||
- return -1; | |||||
- | |||||
- dst_p += replace_n; | |||||
- } else { | |||||
- uint len = p_delim - p; | |||||
- | |||||
- if (dst_p + len >= dst_end) | |||||
- return -1; | |||||
- | |||||
- memcpy(dst_p, p, len); | |||||
- dst_p += len; | |||||
- } | |||||
- | |||||
- if (dst_p >= dst_end) | |||||
- return -1; | |||||
- | |||||
- /* end of the replacements. */ | |||||
- if (p_delim >= val + len) | |||||
- break; | |||||
- | |||||
- /* Next part. */ | |||||
- *dst_p++ = delim; | |||||
- p = p_delim + 1; | |||||
- } | |||||
- | |||||
- return dst_p - dst; | |||||
-} | |||||
- | |||||
static int http_transform_header(struct session* s, struct http_msg *msg, const char* name, uint name_len, | |||||
char* buf, struct hdr_idx* idx, struct list *fmt, struct my_regex *re, | |||||
struct hdr_ctx* ctx, int action) | |||||
{ | |||||
+ int (*http_find_hdr_func)(const char *name, int len, char *sol, | |||||
+ struct hdr_idx *idx, struct hdr_ctx *ctx); | |||||
+ struct chunk *replace = get_trash_chunk(); | |||||
+ struct chunk *output = get_trash_chunk(); | |||||
+ | |||||
+ replace->len = build_logline(s, replace->str, replace->size, fmt); | |||||
+ if (replace->len >= replace->size - 1) | |||||
+ return -1; | |||||
+ | |||||
ctx->idx = 0; | |||||
- while (http_find_full_header2(name, name_len, buf, idx, ctx)) { | |||||
+ /* Choose the header browsing function. */ | |||||
+ switch (action) { | |||||
+ case HTTP_REQ_ACT_REPLACE_VAL: | |||||
+ case HTTP_RES_ACT_REPLACE_VAL: | |||||
+ http_find_hdr_func = http_find_header2; | |||||
+ break; | |||||
+ case HTTP_REQ_ACT_REPLACE_HDR: | |||||
+ case HTTP_RES_ACT_REPLACE_HDR: | |||||
+ http_find_hdr_func = http_find_full_header2; | |||||
+ break; | |||||
+ default: /* impossible */ | |||||
+ return -1; | |||||
+ } | |||||
+ | |||||
+ while (http_find_hdr_func(name, name_len, buf, idx, ctx)) { | |||||
struct hdr_idx_elem *hdr = idx->v + ctx->idx; | |||||
int delta; | |||||
- char* val = (char*)ctx->line + ctx->val; | |||||
- char* val_end = (char*)ctx->line + hdr->len; | |||||
- char* reg_dst_buf; | |||||
- uint reg_dst_buf_size; | |||||
- int n_replaced; | |||||
- | |||||
- trash.len = build_logline(s, trash.str, trash.size, fmt); | |||||
- | |||||
- if (trash.len >= trash.size - 1) | |||||
- return -1; | |||||
+ char *val = ctx->line + ctx->val; | |||||
+ char* val_end = val + ctx->vlen; | |||||
- reg_dst_buf = trash.str + trash.len + 1; | |||||
- reg_dst_buf_size = trash.size - trash.len - 1; | |||||
+ if (!regex_exec_match2(re, val, val_end-val, MAX_MATCH, pmatch)) | |||||
+ continue; | |||||
- switch (action) { | |||||
- case HTTP_REQ_ACT_REPLACE_VAL: | |||||
- case HTTP_RES_ACT_REPLACE_VAL: | |||||
- n_replaced = http_replace_value(re, reg_dst_buf, reg_dst_buf_size, val, val_end-val, ',', trash.str); | |||||
- break; | |||||
- case HTTP_REQ_ACT_REPLACE_HDR: | |||||
- case HTTP_RES_ACT_REPLACE_HDR: | |||||
- n_replaced = http_replace_header(re, reg_dst_buf, reg_dst_buf_size, val, val_end-val, trash.str); | |||||
- break; | |||||
- default: /* impossible */ | |||||
+ output->len = exp_replace(output->str, output->size, val, replace->str, pmatch); | |||||
+ if (output->len == -1) | |||||
return -1; | |||||
- } | |||||
- switch (n_replaced) { | |||||
- case -1: return -1; | |||||
- case -2: continue; | |||||
- } | |||||
- | |||||
- delta = buffer_replace2(msg->chn->buf, val, val_end, reg_dst_buf, n_replaced); | |||||
+ delta = buffer_replace2(msg->chn->buf, val, val_end, output->str, output->len); | |||||
hdr->len += delta; | |||||
http_msg_move_end(msg, delta); | |||||
+ | |||||
+ /* Adjust the length of the current value of the index. */ | |||||
+ ctx->vlen += delta; | |||||
} | |||||
return 0; | |||||
-- | |||||
2.0.5 | |||||
@ -0,0 +1,43 @@ | |||||
From 9b9531d90dfd8a334958d23394afafd0185bfa21 Mon Sep 17 00:00:00 2001 | |||||
From: Willy Tarreau <w@1wt.eu> | |||||
Date: Sat, 28 Mar 2015 12:20:33 +0100 | |||||
Subject: [PATCH 8/9] BUG/MINOR: compression: consider the expansion factor in | |||||
init | |||||
When checking if the buffer is large enough, we used to rely on a fixed | |||||
size that was "apparently" enough. We need to consider the expansion | |||||
factor of deflate-encoded streams instead, which is of 5 bytes per 32kB. | |||||
The previous value was OK till 128kB buffers but became wrong past that. | |||||
It's totally harmless since we always keep the reserve when compressiong, | |||||
so there's 1kB or so available, which is enough for buffers as large as | |||||
6.5 MB, but better fix the check anyway. | |||||
This fix could be backported into 1.5 since compression was added there. | |||||
(cherry picked from commit 2aee2215c908c6997addcd1714b5b10f73c0703d) | |||||
--- | |||||
src/compression.c | 9 ++++++--- | |||||
1 file changed, 6 insertions(+), 3 deletions(-) | |||||
diff --git a/src/compression.c b/src/compression.c | |||||
index 3d6085e..d55f14e 100644 | |||||
--- a/src/compression.c | |||||
+++ b/src/compression.c | |||||
@@ -130,9 +130,12 @@ int http_compression_buffer_init(struct session *s, struct buffer *in, struct bu | |||||
{ | |||||
int left; | |||||
- /* not enough space */ | |||||
- if (in->size - buffer_len(in) < 40) | |||||
- return -1; | |||||
+ /* output stream requires at least 10 bytes for the gzip header, plus | |||||
+ * at least 8 bytes for the gzip trailer (crc+len), plus a possible | |||||
+ * plus at most 5 bytes per 32kB block and 2 bytes to close the stream. | |||||
+ */ | |||||
+ if (in->size - buffer_len(in) < 20 + 5 * ((in->i + 32767) >> 15)) | |||||
+ return -1; | |||||
/* We start by copying the current buffer's pending outgoing data into | |||||
* a new temporary buffer that we initialize with a new empty chunk. | |||||
-- | |||||
2.0.5 | |||||
@ -0,0 +1,70 @@ | |||||
From 2943734024525d4b9aeec13cca2c1d230c358ee5 Mon Sep 17 00:00:00 2001 | |||||
From: Willy Tarreau <w@1wt.eu> | |||||
Date: Wed, 1 Apr 2015 19:16:09 +0200 | |||||
Subject: [PATCH 9/9] BUG/MEDIUM: http: hdr_cnt would not count any header when | |||||
called without name | |||||
It's documented that these sample fetch functions should count all headers | |||||
and/or all values when called with no name but in practice it's not what is | |||||
being done as a missing name causes an immediate return and an absence of | |||||
result. | |||||
This bug is present in 1.5 as well and must be backported. | |||||
(cherry picked from commit 601a4d1741100d7a861b6d9b66561335c9911277) | |||||
--- | |||||
src/proto_http.c | 20 ++++++++++++++------ | |||||
1 file changed, 14 insertions(+), 6 deletions(-) | |||||
diff --git a/src/proto_http.c b/src/proto_http.c | |||||
index c49c4f4..ccd52ad 100644 | |||||
--- a/src/proto_http.c | |||||
+++ b/src/proto_http.c | |||||
@@ -10014,15 +10014,19 @@ smp_fetch_fhdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int | |||||
struct hdr_ctx ctx; | |||||
const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp; | |||||
int cnt; | |||||
+ const char *name = NULL; | |||||
+ int len = 0; | |||||
- if (!args || args->type != ARGT_STR) | |||||
- return 0; | |||||
+ if (args && args->type == ARGT_STR) { | |||||
+ name = args->data.str.str; | |||||
+ len = args->data.str.len; | |||||
+ } | |||||
CHECK_HTTP_MESSAGE_FIRST(); | |||||
ctx.idx = 0; | |||||
cnt = 0; | |||||
- while (http_find_full_header2(args->data.str.str, args->data.str.len, msg->chn->buf->p, idx, &ctx)) | |||||
+ while (http_find_full_header2(name, len, msg->chn->buf->p, idx, &ctx)) | |||||
cnt++; | |||||
smp->type = SMP_T_UINT; | |||||
@@ -10101,15 +10105,19 @@ smp_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int o | |||||
struct hdr_ctx ctx; | |||||
const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp; | |||||
int cnt; | |||||
+ const char *name = NULL; | |||||
+ int len = 0; | |||||
- if (!args || args->type != ARGT_STR) | |||||
- return 0; | |||||
+ if (args && args->type == ARGT_STR) { | |||||
+ name = args->data.str.str; | |||||
+ len = args->data.str.len; | |||||
+ } | |||||
CHECK_HTTP_MESSAGE_FIRST(); | |||||
ctx.idx = 0; | |||||
cnt = 0; | |||||
- while (http_find_header2(args->data.str.str, args->data.str.len, msg->chn->buf->p, idx, &ctx)) | |||||
+ while (http_find_header2(name, len, msg->chn->buf->p, idx, &ctx)) | |||||
cnt++; | |||||
smp->type = SMP_T_UINT; | |||||
-- | |||||
2.0.5 | |||||