1 /*
2 * Backend variables and functions.
3 *
4 * Copyright 2000-2013 Willy Tarreau <w@1wt.eu>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13 #include <errno.h>
14 #include <fcntl.h>
15 #include <stdio.h>
16 #include <stdlib.h>
17 #include <syslog.h>
18 #include <string.h>
19 #include <ctype.h>
20 #include <sys/types.h>
21
22 #include <common/buffer.h>
23 #include <common/compat.h>
24 #include <common/config.h>
25 #include <common/debug.h>
26 #include <common/hash.h>
27 #include <common/htx.h>
28 #include <common/initcall.h>
29 #include <common/ticks.h>
30 #include <common/time.h>
31 #include <common/namespace.h>
32
33 #include <types/global.h>
34
35 #include <proto/acl.h>
36 #include <proto/arg.h>
37 #include <proto/backend.h>
38 #include <proto/channel.h>
39 #include <proto/frontend.h>
40 #include <proto/http_htx.h>
41 #include <proto/lb_chash.h>
42 #include <proto/lb_fas.h>
43 #include <proto/lb_fwlc.h>
44 #include <proto/lb_fwrr.h>
45 #include <proto/lb_map.h>
46 #include <proto/log.h>
47 #include <proto/mux_pt.h>
48 #include <proto/obj_type.h>
49 #include <proto/payload.h>
50 #include <proto/protocol.h>
51 #include <proto/proto_http.h>
52 #include <proto/proto_tcp.h>
53 #include <proto/proxy.h>
54 #include <proto/queue.h>
55 #include <proto/sample.h>
56 #include <proto/server.h>
57 #include <proto/session.h>
58 #include <proto/stream.h>
59 #include <proto/stream_interface.h>
60 #include <proto/task.h>
61
62 #ifdef USE_OPENSSL
63 #include <proto/ssl_sock.h>
64 #endif /* USE_OPENSSL */
65
be_lastsession(const struct proxy * be)66 int be_lastsession(const struct proxy *be)
67 {
68 if (be->be_counters.last_sess)
69 return now.tv_sec - be->be_counters.last_sess;
70
71 return -1;
72 }
73
74 /* helper function to invoke the correct hash method */
gen_hash(const struct proxy * px,const char * key,unsigned long len)75 static unsigned int gen_hash(const struct proxy* px, const char* key, unsigned long len)
76 {
77 unsigned int hash;
78
79 switch (px->lbprm.algo & BE_LB_HASH_FUNC) {
80 case BE_LB_HFCN_DJB2:
81 hash = hash_djb2(key, len);
82 break;
83 case BE_LB_HFCN_WT6:
84 hash = hash_wt6(key, len);
85 break;
86 case BE_LB_HFCN_CRC32:
87 hash = hash_crc32(key, len);
88 break;
89 case BE_LB_HFCN_SDBM:
90 /* this is the default hash function */
91 default:
92 hash = hash_sdbm(key, len);
93 break;
94 }
95
96 return hash;
97 }
98
99 /*
100 * This function recounts the number of usable active and backup servers for
101 * proxy <p>. These numbers are returned into the p->srv_act and p->srv_bck.
102 * This function also recomputes the total active and backup weights. However,
103 * it does not update tot_weight nor tot_used. Use update_backend_weight() for
104 * this.
105 * This functions is designed to be called before server's weight and state
106 * commit so it uses 'next' weight and states values.
107 *
108 * threads: this is the caller responsibility to lock data. For now, this
109 * function is called from lb modules, so it should be ok. But if you need to
110 * call it from another place, be careful (and update this comment).
111 */
recount_servers(struct proxy * px)112 void recount_servers(struct proxy *px)
113 {
114 struct server *srv;
115
116 px->srv_act = px->srv_bck = 0;
117 px->lbprm.tot_wact = px->lbprm.tot_wbck = 0;
118 px->lbprm.fbck = NULL;
119 for (srv = px->srv; srv != NULL; srv = srv->next) {
120 if (!srv_willbe_usable(srv))
121 continue;
122
123 if (srv->flags & SRV_F_BACKUP) {
124 if (!px->srv_bck &&
125 !(px->options & PR_O_USE_ALL_BK))
126 px->lbprm.fbck = srv;
127 px->srv_bck++;
128 srv->cumulative_weight = px->lbprm.tot_wbck;
129 px->lbprm.tot_wbck += srv->next_eweight;
130 } else {
131 px->srv_act++;
132 srv->cumulative_weight = px->lbprm.tot_wact;
133 px->lbprm.tot_wact += srv->next_eweight;
134 }
135 }
136 }
137
138 /* This function simply updates the backend's tot_weight and tot_used values
139 * after servers weights have been updated. It is designed to be used after
140 * recount_servers() or equivalent.
141 *
142 * threads: this is the caller responsibility to lock data. For now, this
143 * function is called from lb modules, so it should be ok. But if you need to
144 * call it from another place, be careful (and update this comment).
145 */
update_backend_weight(struct proxy * px)146 void update_backend_weight(struct proxy *px)
147 {
148 if (px->srv_act) {
149 px->lbprm.tot_weight = px->lbprm.tot_wact;
150 px->lbprm.tot_used = px->srv_act;
151 }
152 else if (px->lbprm.fbck) {
153 /* use only the first backup server */
154 px->lbprm.tot_weight = px->lbprm.fbck->next_eweight;
155 px->lbprm.tot_used = 1;
156 }
157 else {
158 px->lbprm.tot_weight = px->lbprm.tot_wbck;
159 px->lbprm.tot_used = px->srv_bck;
160 }
161 }
162
163 /*
164 * This function tries to find a running server for the proxy <px> following
165 * the source hash method. Depending on the number of active/backup servers,
166 * it will either look for active servers, or for backup servers.
167 * If any server is found, it will be returned. If no valid server is found,
168 * NULL is returned.
169 */
get_server_sh(struct proxy * px,const char * addr,int len,const struct server * avoid)170 static struct server *get_server_sh(struct proxy *px, const char *addr, int len, const struct server *avoid)
171 {
172 unsigned int h, l;
173
174 if (px->lbprm.tot_weight == 0)
175 return NULL;
176
177 l = h = 0;
178
179 /* note: we won't hash if there's only one server left */
180 if (px->lbprm.tot_used == 1)
181 goto hash_done;
182
183 while ((l + sizeof (int)) <= len) {
184 h ^= ntohl(*(unsigned int *)(&addr[l]));
185 l += sizeof (int);
186 }
187 if ((px->lbprm.algo & BE_LB_HASH_MOD) == BE_LB_HMOD_AVAL)
188 h = full_hash(h);
189 hash_done:
190 if ((px->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_CHTREE)
191 return chash_get_server_hash(px, h, avoid);
192 else
193 return map_get_server_hash(px, h);
194 }
195
196 /*
197 * This function tries to find a running server for the proxy <px> following
198 * the URI hash method. In order to optimize cache hits, the hash computation
199 * ends at the question mark. Depending on the number of active/backup servers,
200 * it will either look for active servers, or for backup servers.
201 * If any server is found, it will be returned. If no valid server is found,
202 * NULL is returned. The lbprm.arg_opt{1,2,3} values correspond respectively to
203 * the "whole" optional argument (boolean), the "len" argument (numeric) and
204 * the "depth" argument (numeric).
205 *
206 * This code was contributed by Guillaume Dallaire, who also selected this hash
207 * algorithm out of a tens because it gave him the best results.
208 *
209 */
get_server_uh(struct proxy * px,char * uri,int uri_len,const struct server * avoid)210 static struct server *get_server_uh(struct proxy *px, char *uri, int uri_len, const struct server *avoid)
211 {
212 unsigned int hash = 0;
213 int c;
214 int slashes = 0;
215 const char *start, *end;
216
217 if (px->lbprm.tot_weight == 0)
218 return NULL;
219
220 /* note: we won't hash if there's only one server left */
221 if (px->lbprm.tot_used == 1)
222 goto hash_done;
223
224 if (px->lbprm.arg_opt2) // "len"
225 uri_len = MIN(uri_len, px->lbprm.arg_opt2);
226
227 start = end = uri;
228 while (uri_len--) {
229 c = *end;
230 if (c == '/') {
231 slashes++;
232 if (slashes == px->lbprm.arg_opt3) /* depth+1 */
233 break;
234 }
235 else if (c == '?' && !px->lbprm.arg_opt1) // "whole"
236 break;
237 end++;
238 }
239
240 hash = gen_hash(px, start, (end - start));
241
242 if ((px->lbprm.algo & BE_LB_HASH_MOD) == BE_LB_HMOD_AVAL)
243 hash = full_hash(hash);
244 hash_done:
245 if ((px->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_CHTREE)
246 return chash_get_server_hash(px, hash, avoid);
247 else
248 return map_get_server_hash(px, hash);
249 }
250
251 /*
252 * This function tries to find a running server for the proxy <px> following
253 * the URL parameter hash method. It looks for a specific parameter in the
254 * URL and hashes it to compute the server ID. This is useful to optimize
255 * performance by avoiding bounces between servers in contexts where sessions
256 * are shared but cookies are not usable. If the parameter is not found, NULL
257 * is returned. If any server is found, it will be returned. If no valid server
258 * is found, NULL is returned.
259 */
get_server_ph(struct proxy * px,const char * uri,int uri_len,const struct server * avoid)260 static struct server *get_server_ph(struct proxy *px, const char *uri, int uri_len, const struct server *avoid)
261 {
262 unsigned int hash = 0;
263 const char *start, *end;
264 const char *p;
265 const char *params;
266 int plen;
267
268 /* when tot_weight is 0 then so is srv_count */
269 if (px->lbprm.tot_weight == 0)
270 return NULL;
271
272 if ((p = memchr(uri, '?', uri_len)) == NULL)
273 return NULL;
274
275 p++;
276
277 uri_len -= (p - uri);
278 plen = px->lbprm.arg_len;
279 params = p;
280
281 while (uri_len > plen) {
282 /* Look for the parameter name followed by an equal symbol */
283 if (params[plen] == '=') {
284 if (memcmp(params, px->lbprm.arg_str, plen) == 0) {
285 /* OK, we have the parameter here at <params>, and
286 * the value after the equal sign, at <p>
287 * skip the equal symbol
288 */
289 p += plen + 1;
290 start = end = p;
291 uri_len -= plen + 1;
292
293 while (uri_len && *end != '&') {
294 uri_len--;
295 end++;
296 }
297 hash = gen_hash(px, start, (end - start));
298
299 if ((px->lbprm.algo & BE_LB_HASH_MOD) == BE_LB_HMOD_AVAL)
300 hash = full_hash(hash);
301
302 if ((px->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_CHTREE)
303 return chash_get_server_hash(px, hash, avoid);
304 else
305 return map_get_server_hash(px, hash);
306 }
307 }
308 /* skip to next parameter */
309 p = memchr(params, '&', uri_len);
310 if (!p)
311 return NULL;
312 p++;
313 uri_len -= (p - params);
314 params = p;
315 }
316 return NULL;
317 }
318
319 /*
320 * this does the same as the previous server_ph, but check the body contents
321 */
get_server_ph_post(struct stream * s,const struct server * avoid)322 static struct server *get_server_ph_post(struct stream *s, const struct server *avoid)
323 {
324 unsigned int hash = 0;
325 struct channel *req = &s->req;
326 struct proxy *px = s->be;
327 unsigned int plen = px->lbprm.arg_len;
328 unsigned long len;
329 const char *params, *p, *start, *end;
330
331 if (px->lbprm.tot_weight == 0)
332 return NULL;
333
334 if (!IS_HTX_STRM(s)) {
335 struct http_txn *txn = s->txn;
336 struct http_msg *msg = &txn->req;
337
338 len = http_body_bytes(msg);
339 p = params = c_ptr(req, -http_data_rewind(msg));
340
341 if (len == 0)
342 return NULL;
343 if (len > b_wrap(&req->buf) - p)
344 len = b_wrap(&req->buf) - p;
345
346 }
347 else {
348 struct htx *htx = htxbuf(&req->buf);
349 struct htx_blk *blk;
350
351 p = params = NULL;
352 len = 0;
353 for (blk = htx_get_head_blk(htx); blk; blk = htx_get_next_blk(htx, blk)) {
354 enum htx_blk_type type = htx_get_blk_type(blk);
355 struct ist v;
356
357 if (type != HTX_BLK_DATA)
358 continue;
359 v = htx_get_blk_value(htx, blk);
360 p = params = v.ptr;
361 len = v.len;
362 break;
363 }
364 }
365
366 while (len > plen) {
367 /* Look for the parameter name followed by an equal symbol */
368 if (params[plen] == '=') {
369 if (memcmp(params, px->lbprm.arg_str, plen) == 0) {
370 /* OK, we have the parameter here at <params>, and
371 * the value after the equal sign, at <p>
372 * skip the equal symbol
373 */
374 p += plen + 1;
375 start = end = p;
376 len -= plen + 1;
377
378 while (len && *end != '&') {
379 if (unlikely(!HTTP_IS_TOKEN(*p))) {
380 /* if in a POST, body must be URI encoded or it's not a URI.
381 * Do not interpret any possible binary data as a parameter.
382 */
383 if (likely(HTTP_IS_LWS(*p))) /* eol, uncertain uri len */
384 break;
385 return NULL; /* oh, no; this is not uri-encoded.
386 * This body does not contain parameters.
387 */
388 }
389 len--;
390 end++;
391 /* should we break if vlen exceeds limit? */
392 }
393 hash = gen_hash(px, start, (end - start));
394
395 if ((px->lbprm.algo & BE_LB_HASH_MOD) == BE_LB_HMOD_AVAL)
396 hash = full_hash(hash);
397
398 if ((px->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_CHTREE)
399 return chash_get_server_hash(px, hash, avoid);
400 else
401 return map_get_server_hash(px, hash);
402 }
403 }
404 /* skip to next parameter */
405 p = memchr(params, '&', len);
406 if (!p)
407 return NULL;
408 p++;
409 len -= (p - params);
410 params = p;
411 }
412 return NULL;
413 }
414
415
416 /*
417 * This function tries to find a running server for the proxy <px> following
418 * the Header parameter hash method. It looks for a specific parameter in the
419 * URL and hashes it to compute the server ID. This is useful to optimize
420 * performance by avoiding bounces between servers in contexts where sessions
421 * are shared but cookies are not usable. If the parameter is not found, NULL
422 * is returned. If any server is found, it will be returned. If no valid server
423 * is found, NULL is returned. When lbprm.arg_opt1 is set, the hash will only
424 * apply to the middle part of a domain name ("use_domain_only" option).
425 */
get_server_hh(struct stream * s,const struct server * avoid)426 static struct server *get_server_hh(struct stream *s, const struct server *avoid)
427 {
428 unsigned int hash = 0;
429 struct proxy *px = s->be;
430 unsigned int plen = px->lbprm.arg_len;
431 unsigned long len;
432 const char *p;
433 const char *start, *end;
434
435 /* tot_weight appears to mean srv_count */
436 if (px->lbprm.tot_weight == 0)
437 return NULL;
438
439 /* note: we won't hash if there's only one server left */
440 if (px->lbprm.tot_used == 1)
441 goto hash_done;
442
443 if (!IS_HTX_STRM(s)) {
444 struct http_txn *txn = s->txn;
445 struct hdr_ctx ctx = { .idx = 0 };
446
447 /* if the message is chunked, we skip the chunk size, but use the value as len */
448 http_find_header2(px->lbprm.arg_str, plen, c_ptr(&s->req, -http_hdr_rewind(&txn->req)),
449 &txn->hdr_idx, &ctx);
450
451 /* if the header is not found or empty, let's fallback to round robin */
452 if (!ctx.idx || !ctx.vlen)
453 return NULL;
454
455 /* Found the param_name in the headers.
456 * we will compute the hash based on this value ctx.val.
457 */
458 len = ctx.vlen;
459 p = (char *)ctx.line + ctx.val;
460 }
461 else {
462 struct htx *htx = htxbuf(&s->req.buf);
463 struct http_hdr_ctx ctx = { .blk = NULL };
464
465 http_find_header(htx, ist2(px->lbprm.arg_str, plen), &ctx, 0);
466
467 /* if the header is not found or empty, let's fallback to round robin */
468 if (!ctx.blk || !ctx.value.len)
469 return NULL;
470
471 /* Found a the param_name in the headers.
472 * we will compute the hash based on this value ctx.val.
473 */
474 len = ctx.value.len;
475 p = ctx.value.ptr;
476 }
477
478 if (!px->lbprm.arg_opt1) {
479 hash = gen_hash(px, p, len);
480 } else {
481 int dohash = 0;
482 p += len;
483 /* special computation, use only main domain name, not tld/host
484 * going back from the end of string, start hashing at first
485 * dot stop at next.
486 * This is designed to work with the 'Host' header, and requires
487 * a special option to activate this.
488 */
489 end = p;
490 while (len) {
491 if (dohash) {
492 /* Rewind the pointer until the previous char
493 * is a dot, this will allow to set the start
494 * position of the domain. */
495 if (*(p - 1) == '.')
496 break;
497 }
498 else if (*p == '.') {
499 /* The pointer is rewinded to the dot before the
500 * tld, we memorize the end of the domain and
501 * can enter the domain processing. */
502 end = p;
503 dohash = 1;
504 }
505 p--;
506 len--;
507 }
508 start = p;
509 hash = gen_hash(px, start, (end - start));
510 }
511 if ((px->lbprm.algo & BE_LB_HASH_MOD) == BE_LB_HMOD_AVAL)
512 hash = full_hash(hash);
513 hash_done:
514 if ((px->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_CHTREE)
515 return chash_get_server_hash(px, hash, avoid);
516 else
517 return map_get_server_hash(px, hash);
518 }
519
520 /* RDP Cookie HASH. */
get_server_rch(struct stream * s,const struct server * avoid)521 static struct server *get_server_rch(struct stream *s, const struct server *avoid)
522 {
523 unsigned int hash = 0;
524 struct proxy *px = s->be;
525 unsigned long len;
526 int ret;
527 struct sample smp;
528 int rewind;
529
530 /* tot_weight appears to mean srv_count */
531 if (px->lbprm.tot_weight == 0)
532 return NULL;
533
534 memset(&smp, 0, sizeof(smp));
535
536 rewind = co_data(&s->req);
537 c_rew(&s->req, rewind);
538
539 ret = fetch_rdp_cookie_name(s, &smp, px->lbprm.arg_str, px->lbprm.arg_len);
540 len = smp.data.u.str.data;
541
542 c_adv(&s->req, rewind);
543
544 if (ret == 0 || (smp.flags & SMP_F_MAY_CHANGE) || len == 0)
545 return NULL;
546
547 /* note: we won't hash if there's only one server left */
548 if (px->lbprm.tot_used == 1)
549 goto hash_done;
550
551 /* Found the param_name in the headers.
552 * we will compute the hash based on this value ctx.val.
553 */
554 hash = gen_hash(px, smp.data.u.str.area, len);
555
556 if ((px->lbprm.algo & BE_LB_HASH_MOD) == BE_LB_HMOD_AVAL)
557 hash = full_hash(hash);
558 hash_done:
559 if ((px->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_CHTREE)
560 return chash_get_server_hash(px, hash, avoid);
561 else
562 return map_get_server_hash(px, hash);
563 }
564
565 /* random value */
get_server_rnd(struct stream * s,const struct server * avoid)566 static struct server *get_server_rnd(struct stream *s, const struct server *avoid)
567 {
568 unsigned int hash = 0;
569 struct proxy *px = s->be;
570
571 /* tot_weight appears to mean srv_count */
572 if (px->lbprm.tot_weight == 0)
573 return NULL;
574
575 /* ensure all 32 bits are covered as long as RAND_MAX >= 65535 */
576 hash = ((uint64_t)random() * ((uint64_t)RAND_MAX + 1)) ^ random();
577 return chash_get_server_hash(px, hash, avoid);
578 }
579
580 /*
581 * This function applies the load-balancing algorithm to the stream, as
582 * defined by the backend it is assigned to. The stream is then marked as
583 * 'assigned'.
584 *
585 * This function MAY NOT be called with SF_ASSIGNED already set. If the stream
586 * had a server previously assigned, it is rebalanced, trying to avoid the same
587 * server, which should still be present in target_srv(&s->target) before the call.
588 * The function tries to keep the original connection slot if it reconnects to
589 * the same server, otherwise it releases it and tries to offer it.
590 *
591 * It is illegal to call this function with a stream in a queue.
592 *
593 * It may return :
594 * SRV_STATUS_OK if everything is OK. ->srv and ->target are assigned.
595 * SRV_STATUS_NOSRV if no server is available. Stream is not ASSIGNED
596 * SRV_STATUS_FULL if all servers are saturated. Stream is not ASSIGNED
597 * SRV_STATUS_INTERNAL for other unrecoverable errors.
598 *
599 * Upon successful return, the stream flag SF_ASSIGNED is set to indicate that
600 * it does not need to be called anymore. This means that target_srv(&s->target)
601 * can be trusted in balance and direct modes.
602 *
603 */
604
assign_server(struct stream * s)605 int assign_server(struct stream *s)
606 {
607 struct connection *conn = NULL;
608 struct server *conn_slot;
609 struct server *srv = NULL, *prev_srv;
610 int err;
611
612 DPRINTF(stderr,"assign_server : s=%p\n",s);
613
614 err = SRV_STATUS_INTERNAL;
615 if (unlikely(s->pend_pos || s->flags & SF_ASSIGNED))
616 goto out_err;
617
618 prev_srv = objt_server(s->target);
619 conn_slot = s->srv_conn;
620
621 /* We have to release any connection slot before applying any LB algo,
622 * otherwise we may erroneously end up with no available slot.
623 */
624 if (conn_slot)
625 sess_change_server(s, NULL);
626
627 /* We will now try to find the good server and store it into <objt_server(s->target)>.
628 * Note that <objt_server(s->target)> may be NULL in case of dispatch or proxy mode,
629 * as well as if no server is available (check error code).
630 */
631
632 srv = NULL;
633 s->target = NULL;
634
635 if ((s->be->lbprm.algo & BE_LB_KIND) != BE_LB_KIND_HI &&
636 ((s->sess->flags & SESS_FL_PREFER_LAST) ||
637 (s->be->options & PR_O_PREF_LAST))) {
638 struct sess_srv_list *srv_list;
639 list_for_each_entry(srv_list, &s->sess->srv_list, srv_list) {
640 struct server *tmpsrv = objt_server(srv_list->target);
641
642 if (tmpsrv && tmpsrv->proxy == s->be &&
643 ((s->sess->flags & SESS_FL_PREFER_LAST) ||
644 (!s->be->max_ka_queue ||
645 server_has_room(tmpsrv) || (
646 tmpsrv->nbpend + 1 < s->be->max_ka_queue))) &&
647 srv_currently_usable(tmpsrv)) {
648 list_for_each_entry(conn, &srv_list->conn_list, session_list) {
649 if (conn->flags & CO_FL_CONNECTED) {
650
651 srv = tmpsrv;
652 s->target = &srv->obj_type;
653 if (conn->flags & CO_FL_SESS_IDLE) {
654 conn->flags &= ~CO_FL_SESS_IDLE;
655 s->sess->idle_conns--;
656 }
657 goto out_ok;
658 }
659 }
660 }
661 }
662 }
663 if (s->be->lbprm.algo & BE_LB_KIND) {
664
665 /* we must check if we have at least one server available */
666 if (!s->be->lbprm.tot_weight) {
667 err = SRV_STATUS_NOSRV;
668 goto out;
669 }
670
671 /* First check whether we need to fetch some data or simply call
672 * the LB lookup function. Only the hashing functions will need
673 * some input data in fact, and will support multiple algorithms.
674 */
675 switch (s->be->lbprm.algo & BE_LB_LKUP) {
676 case BE_LB_LKUP_RRTREE:
677 srv = fwrr_get_next_server(s->be, prev_srv);
678 break;
679
680 case BE_LB_LKUP_FSTREE:
681 srv = fas_get_next_server(s->be, prev_srv);
682 break;
683
684 case BE_LB_LKUP_LCTREE:
685 srv = fwlc_get_next_server(s->be, prev_srv);
686 break;
687
688 case BE_LB_LKUP_CHTREE:
689 case BE_LB_LKUP_MAP:
690 if ((s->be->lbprm.algo & BE_LB_KIND) == BE_LB_KIND_RR) {
691 if ((s->be->lbprm.algo & BE_LB_PARM) == BE_LB_RR_RANDOM)
692 srv = get_server_rnd(s, prev_srv);
693 else if ((s->be->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_CHTREE)
694 srv = chash_get_next_server(s->be, prev_srv);
695 else
696 srv = map_get_server_rr(s->be, prev_srv);
697 break;
698 }
699 else if ((s->be->lbprm.algo & BE_LB_KIND) != BE_LB_KIND_HI) {
700 /* unknown balancing algorithm */
701 err = SRV_STATUS_INTERNAL;
702 goto out;
703 }
704
705 switch (s->be->lbprm.algo & BE_LB_PARM) {
706 case BE_LB_HASH_SRC:
707 conn = objt_conn(strm_orig(s));
708 if (conn && conn->addr.from.ss_family == AF_INET) {
709 srv = get_server_sh(s->be,
710 (void *)&((struct sockaddr_in *)&conn->addr.from)->sin_addr,
711 4, prev_srv);
712 }
713 else if (conn && conn->addr.from.ss_family == AF_INET6) {
714 srv = get_server_sh(s->be,
715 (void *)&((struct sockaddr_in6 *)&conn->addr.from)->sin6_addr,
716 16, prev_srv);
717 }
718 else {
719 /* unknown IP family */
720 err = SRV_STATUS_INTERNAL;
721 goto out;
722 }
723 break;
724
725 case BE_LB_HASH_URI:
726 /* URI hashing */
727 if (!s->txn || s->txn->req.msg_state < HTTP_MSG_BODY)
728 break;
729 if (!IS_HTX_STRM(s))
730 srv = get_server_uh(s->be,
731 c_ptr(&s->req, -http_uri_rewind(&s->txn->req)),
732 s->txn->req.sl.rq.u_l, prev_srv);
733 else {
734 struct ist uri;
735
736 uri = htx_sl_req_uri(http_find_stline(htxbuf(&s->req.buf)));
737 srv = get_server_uh(s->be, uri.ptr, uri.len, prev_srv);
738 }
739 break;
740
741 case BE_LB_HASH_PRM:
742 /* URL Parameter hashing */
743 if (!s->txn || s->txn->req.msg_state < HTTP_MSG_BODY)
744 break;
745
746 if (!IS_HTX_STRM(s))
747 srv = get_server_ph(s->be,
748 c_ptr(&s->req, -http_uri_rewind(&s->txn->req)),
749 s->txn->req.sl.rq.u_l, prev_srv);
750 else {
751 struct ist uri;
752
753 uri = htx_sl_req_uri(http_find_stline(htxbuf(&s->req.buf)));
754 srv = get_server_ph(s->be, uri.ptr, uri.len, prev_srv);
755 }
756
757 if (!srv && s->txn->meth == HTTP_METH_POST)
758 srv = get_server_ph_post(s, prev_srv);
759 break;
760
761 case BE_LB_HASH_HDR:
762 /* Header Parameter hashing */
763 if (!s->txn || s->txn->req.msg_state < HTTP_MSG_BODY)
764 break;
765 srv = get_server_hh(s, prev_srv);
766 break;
767
768 case BE_LB_HASH_RDP:
769 /* RDP Cookie hashing */
770 srv = get_server_rch(s, prev_srv);
771 break;
772
773 default:
774 /* unknown balancing algorithm */
775 err = SRV_STATUS_INTERNAL;
776 goto out;
777 }
778
779 /* If the hashing parameter was not found, let's fall
780 * back to round robin on the map.
781 */
782 if (!srv) {
783 if ((s->be->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_CHTREE)
784 srv = chash_get_next_server(s->be, prev_srv);
785 else
786 srv = map_get_server_rr(s->be, prev_srv);
787 }
788
789 /* end of map-based LB */
790 break;
791
792 default:
793 /* unknown balancing algorithm */
794 err = SRV_STATUS_INTERNAL;
795 goto out;
796 }
797
798 if (!srv) {
799 err = SRV_STATUS_FULL;
800 goto out;
801 }
802 else if (srv != prev_srv) {
803 HA_ATOMIC_ADD(&s->be->be_counters.cum_lbconn, 1);
804 HA_ATOMIC_ADD(&srv->counters.cum_lbconn, 1);
805 }
806 s->target = &srv->obj_type;
807 }
808 else if (s->be->options & (PR_O_DISPATCH | PR_O_TRANSP)) {
809 s->target = &s->be->obj_type;
810 }
811 else if ((s->be->options & PR_O_HTTP_PROXY)) {
812 conn = cs_conn(objt_cs(s->si[1].end));
813
814 if (conn && is_addr(&conn->addr.to)) {
815 /* in proxy mode, we need a valid destination address */
816 s->target = &s->be->obj_type;
817 } else {
818 err = SRV_STATUS_NOSRV;
819 goto out;
820 }
821 }
822 else {
823 err = SRV_STATUS_NOSRV;
824 goto out;
825 }
826
827 out_ok:
828 s->flags |= SF_ASSIGNED;
829 err = SRV_STATUS_OK;
830 out:
831
832 /* Either we take back our connection slot, or we offer it to someone
833 * else if we don't need it anymore.
834 */
835 if (conn_slot) {
836 if (conn_slot == srv) {
837 sess_change_server(s, srv);
838 } else {
839 if (may_dequeue_tasks(conn_slot, s->be))
840 process_srv_queue(conn_slot);
841 }
842 }
843
844 out_err:
845 return err;
846 }
847
848 /*
849 * This function assigns a server address to a stream, and sets SF_ADDR_SET.
850 * The address is taken from the currently assigned server, or from the
851 * dispatch or transparent address.
852 *
853 * It may return :
854 * SRV_STATUS_OK if everything is OK.
855 * SRV_STATUS_INTERNAL for other unrecoverable errors.
856 *
857 * Upon successful return, the stream flag SF_ADDR_SET is set. This flag is
858 * not cleared, so it's to the caller to clear it if required.
859 *
860 * The caller is responsible for having already assigned a connection
861 * to si->end.
862 *
863 */
assign_server_address(struct stream * s,struct connection * srv_conn)864 int assign_server_address(struct stream *s, struct connection *srv_conn)
865 {
866 struct connection *cli_conn = objt_conn(strm_orig(s));
867
868 DPRINTF(stderr,"assign_server_address : s=%p\n",s);
869
870 if ((s->flags & SF_DIRECT) || (s->be->lbprm.algo & BE_LB_KIND)) {
871 /* A server is necessarily known for this stream */
872 if (!(s->flags & SF_ASSIGNED))
873 return SRV_STATUS_INTERNAL;
874
875 srv_conn->addr.to = __objt_server(s->target)->addr;
876 set_host_port(&srv_conn->addr.to, __objt_server(s->target)->svc_port);
877
878 if (!is_addr(&srv_conn->addr.to) && cli_conn) {
879 /* if the server has no address, we use the same address
880 * the client asked, which is handy for remapping ports
881 * locally on multiple addresses at once. Nothing is done
882 * for AF_UNIX addresses.
883 */
884 conn_get_to_addr(cli_conn);
885
886 if (cli_conn->addr.to.ss_family == AF_INET) {
887 ((struct sockaddr_in *)&srv_conn->addr.to)->sin_addr = ((struct sockaddr_in *)&cli_conn->addr.to)->sin_addr;
888 } else if (cli_conn->addr.to.ss_family == AF_INET6) {
889 ((struct sockaddr_in6 *)&srv_conn->addr.to)->sin6_addr = ((struct sockaddr_in6 *)&cli_conn->addr.to)->sin6_addr;
890 }
891 }
892
893 /* if this server remaps proxied ports, we'll use
894 * the port the client connected to with an offset. */
895 if ((__objt_server(s->target)->flags & SRV_F_MAPPORTS) && cli_conn) {
896 int base_port;
897
898 conn_get_to_addr(cli_conn);
899
900 /* First, retrieve the port from the incoming connection */
901 base_port = get_host_port(&cli_conn->addr.to);
902
903 /* Second, assign the outgoing connection's port */
904 base_port += get_host_port(&srv_conn->addr.to);
905 set_host_port(&srv_conn->addr.to, base_port);
906 }
907 }
908 else if (s->be->options & PR_O_DISPATCH) {
909 /* connect to the defined dispatch addr */
910 srv_conn->addr.to = s->be->dispatch_addr;
911 }
912 else if ((s->be->options & PR_O_TRANSP) && cli_conn) {
913 /* in transparent mode, use the original dest addr if no dispatch specified */
914 conn_get_to_addr(cli_conn);
915
916 if (cli_conn->addr.to.ss_family == AF_INET || cli_conn->addr.to.ss_family == AF_INET6)
917 srv_conn->addr.to = cli_conn->addr.to;
918 }
919 else if (s->be->options & PR_O_HTTP_PROXY) {
920 /* If HTTP PROXY option is set, then server is already assigned
921 * during incoming client request parsing. */
922 }
923 else {
924 /* no server and no LB algorithm ! */
925 return SRV_STATUS_INTERNAL;
926 }
927
928 /* Copy network namespace from client connection */
929 srv_conn->proxy_netns = cli_conn ? cli_conn->proxy_netns : NULL;
930
931 s->flags |= SF_ADDR_SET;
932 return SRV_STATUS_OK;
933 }
934
935 /* This function assigns a server to stream <s> if required, and can add the
936 * connection to either the assigned server's queue or to the proxy's queue.
937 * If ->srv_conn is set, the stream is first released from the server.
938 * It may also be called with SF_DIRECT and/or SF_ASSIGNED though. It will
939 * be called before any connection and after any retry or redispatch occurs.
940 *
941 * It is not allowed to call this function with a stream in a queue.
942 *
943 * Returns :
944 *
945 * SRV_STATUS_OK if everything is OK.
946 * SRV_STATUS_NOSRV if no server is available. objt_server(s->target) = NULL.
947 * SRV_STATUS_QUEUED if the connection has been queued.
948 * SRV_STATUS_FULL if the server(s) is/are saturated and the
949 * connection could not be queued at the server's,
950 * which may be NULL if we queue on the backend.
951 * SRV_STATUS_INTERNAL for other unrecoverable errors.
952 *
953 */
assign_server_and_queue(struct stream * s)954 int assign_server_and_queue(struct stream *s)
955 {
956 struct pendconn *p;
957 struct server *srv;
958 int err;
959
960 if (s->pend_pos)
961 return SRV_STATUS_INTERNAL;
962
963 err = SRV_STATUS_OK;
964 if (!(s->flags & SF_ASSIGNED)) {
965 struct server *prev_srv = objt_server(s->target);
966
967 err = assign_server(s);
968 if (prev_srv) {
969 /* This stream was previously assigned to a server. We have to
970 * update the stream's and the server's stats :
971 * - if the server changed :
972 * - set TX_CK_DOWN if txn.flags was TX_CK_VALID
973 * - set SF_REDISP if it was successfully redispatched
974 * - increment srv->redispatches and be->redispatches
975 * - if the server remained the same : update retries.
976 */
977
978 if (prev_srv != objt_server(s->target)) {
979 if (s->txn && (s->txn->flags & TX_CK_MASK) == TX_CK_VALID) {
980 s->txn->flags &= ~TX_CK_MASK;
981 s->txn->flags |= TX_CK_DOWN;
982 }
983 s->flags |= SF_REDISP;
984 HA_ATOMIC_ADD(&prev_srv->counters.redispatches, 1);
985 HA_ATOMIC_ADD(&s->be->be_counters.redispatches, 1);
986 } else {
987 HA_ATOMIC_ADD(&prev_srv->counters.retries, 1);
988 HA_ATOMIC_ADD(&s->be->be_counters.retries, 1);
989 }
990 }
991 }
992
993 switch (err) {
994 case SRV_STATUS_OK:
995 /* we have SF_ASSIGNED set */
996 srv = objt_server(s->target);
997 if (!srv)
998 return SRV_STATUS_OK; /* dispatch or proxy mode */
999
1000 /* If we already have a connection slot, no need to check any queue */
1001 if (s->srv_conn == srv)
1002 return SRV_STATUS_OK;
1003
1004 /* OK, this stream already has an assigned server, but no
1005 * connection slot yet. Either it is a redispatch, or it was
1006 * assigned from persistence information (direct mode).
1007 */
1008 if ((s->flags & SF_REDIRECTABLE) && srv->rdr_len) {
1009 /* server scheduled for redirection, and already assigned. We
1010 * don't want to go further nor check the queue.
1011 */
1012 sess_change_server(s, srv); /* not really needed in fact */
1013 return SRV_STATUS_OK;
1014 }
1015
1016 /* We might have to queue this stream if the assigned server is full.
1017 * We know we have to queue it into the server's queue, so if a maxqueue
1018 * is set on the server, we must also check that the server's queue is
1019 * not full, in which case we have to return FULL.
1020 */
1021 if (srv->maxconn &&
1022 (srv->nbpend || srv->served >= srv_dynamic_maxconn(srv))) {
1023
1024 if (srv->maxqueue > 0 && srv->nbpend >= srv->maxqueue)
1025 return SRV_STATUS_FULL;
1026
1027 p = pendconn_add(s);
1028 if (p)
1029 return SRV_STATUS_QUEUED;
1030 else
1031 return SRV_STATUS_INTERNAL;
1032 }
1033
1034 /* OK, we can use this server. Let's reserve our place */
1035 sess_change_server(s, srv);
1036 return SRV_STATUS_OK;
1037
1038 case SRV_STATUS_FULL:
1039 /* queue this stream into the proxy's queue */
1040 p = pendconn_add(s);
1041 if (p)
1042 return SRV_STATUS_QUEUED;
1043 else
1044 return SRV_STATUS_INTERNAL;
1045
1046 case SRV_STATUS_NOSRV:
1047 return err;
1048
1049 case SRV_STATUS_INTERNAL:
1050 return err;
1051
1052 default:
1053 return SRV_STATUS_INTERNAL;
1054 }
1055 }
1056
1057 /* If an explicit source binding is specified on the server and/or backend, and
1058 * this source makes use of the transparent proxy, then it is extracted now and
1059 * assigned to the stream's pending connection. This function assumes that an
1060 * outgoing connection has already been assigned to s->si[1].end.
1061 */
assign_tproxy_address(struct stream * s)1062 static void assign_tproxy_address(struct stream *s)
1063 {
1064 #if defined(CONFIG_HAP_TRANSPARENT)
1065 struct server *srv = objt_server(s->target);
1066 struct conn_src *src;
1067 struct connection *cli_conn;
1068 struct connection *srv_conn;
1069
1070 if (objt_cs(s->si[1].end))
1071 srv_conn = cs_conn(__objt_cs(s->si[1].end));
1072 else
1073 srv_conn = objt_conn(s->si[1].end);
1074
1075 if (srv && srv->conn_src.opts & CO_SRC_BIND)
1076 src = &srv->conn_src;
1077 else if (s->be->conn_src.opts & CO_SRC_BIND)
1078 src = &s->be->conn_src;
1079 else
1080 return;
1081
1082 switch (src->opts & CO_SRC_TPROXY_MASK) {
1083 case CO_SRC_TPROXY_ADDR:
1084 srv_conn->addr.from = src->tproxy_addr;
1085 break;
1086 case CO_SRC_TPROXY_CLI:
1087 case CO_SRC_TPROXY_CIP:
1088 /* FIXME: what can we do if the client connects in IPv6 or unix socket ? */
1089 cli_conn = objt_conn(strm_orig(s));
1090 if (cli_conn)
1091 srv_conn->addr.from = cli_conn->addr.from;
1092 else
1093 memset(&srv_conn->addr.from, 0, sizeof(srv_conn->addr.from));
1094 break;
1095 case CO_SRC_TPROXY_DYN:
1096 if (src->bind_hdr_occ && s->txn) {
1097 char *vptr;
1098 size_t vlen;
1099
1100 /* bind to the IP in a header */
1101 ((struct sockaddr_in *)&srv_conn->addr.from)->sin_family = AF_INET;
1102 ((struct sockaddr_in *)&srv_conn->addr.from)->sin_port = 0;
1103 ((struct sockaddr_in *)&srv_conn->addr.from)->sin_addr.s_addr = 0;
1104 if (!IS_HTX_STRM(s)) {
1105 int rewind;
1106
1107 c_rew(&s->req, rewind = http_hdr_rewind(&s->txn->req));
1108 if (http_get_hdr(&s->txn->req, src->bind_hdr_name, src->bind_hdr_len,
1109 &s->txn->hdr_idx, src->bind_hdr_occ, NULL, &vptr, &vlen)) {
1110 ((struct sockaddr_in *)&srv_conn->addr.from)->sin_addr.s_addr =
1111 htonl(inetaddr_host_lim(vptr, vptr + vlen));
1112 }
1113 c_adv(&s->req, rewind);
1114 }
1115 else {
1116 if (http_get_htx_hdr(htxbuf(&s->req.buf),
1117 ist2(src->bind_hdr_name, src->bind_hdr_len),
1118 src->bind_hdr_occ, NULL, &vptr, &vlen)) {
1119 ((struct sockaddr_in *)&srv_conn->addr.from)->sin_addr.s_addr =
1120 htonl(inetaddr_host_lim(vptr, vptr + vlen));
1121 }
1122 }
1123 }
1124 break;
1125 default:
1126 memset(&srv_conn->addr.from, 0, sizeof(srv_conn->addr.from));
1127 }
1128 #endif
1129 }
1130
1131 #if defined(USE_OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
1132 /*
1133 * Pick the right mux once the connection is established, we should now have
1134 * an alpn if available, so we are now able to choose. In this specific case
1135 * the connection's context is &si[i].end.
1136 */
conn_complete_server(struct connection * conn)1137 static int conn_complete_server(struct connection *conn)
1138 {
1139 struct conn_stream *cs = NULL;
1140 struct stream *s = container_of(conn->ctx, struct stream, si[1].end);
1141 struct server *srv;
1142
1143 task_wakeup(s->task, TASK_WOKEN_IO);
1144 conn_clear_xprt_done_cb(conn);
1145 /* Verify if the connection just established. */
1146 if (unlikely(!(conn->flags & (CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN | CO_FL_CONNECTED))))
1147 conn->flags |= CO_FL_CONNECTED;
1148
1149 if (conn->flags & CO_FL_ERROR)
1150 goto fail;
1151 si_detach_endpoint(&s->si[1]);
1152 cs = si_alloc_cs(&s->si[1], conn);
1153 if (!cs)
1154 goto fail;
1155 if (conn_install_mux_be(conn, cs, s->sess) < 0)
1156 goto fail;
1157 srv = objt_server(s->target);
1158 if (srv && ((s->be->options & PR_O_REUSE_MASK) != PR_O_REUSE_NEVR) &&
1159 conn->mux->avail_streams(conn) > 0)
1160 LIST_ADD(&srv->idle_conns[tid], &conn->list);
1161
1162 return 0;
1163
1164 fail:
1165 si_detach_endpoint(&s->si[1]);
1166
1167 if (cs)
1168 cs_free(cs);
1169 /* kill the connection now */
1170 conn_stop_tracking(conn);
1171 conn_full_close(conn);
1172 conn_free(conn);
1173 /* Let process_stream know it went wrong */
1174 s->si[1].flags |= SI_FL_ERR;
1175 return -1;
1176 }
1177 #endif
1178
1179
1180 /*
1181 * This function initiates a connection to the server assigned to this stream
1182 * (s->target, s->si[1].addr.to). It will assign a server if none
1183 * is assigned yet.
1184 * It can return one of :
1185 * - SF_ERR_NONE if everything's OK
1186 * - SF_ERR_SRVTO if there are no more servers
1187 * - SF_ERR_SRVCL if the connection was refused by the server
1188 * - SF_ERR_PRXCOND if the connection has been limited by the proxy (maxconn)
1189 * - SF_ERR_RESOURCE if a system resource is lacking (eg: fd limits, ports, ...)
1190 * - SF_ERR_INTERNAL for any other purely internal errors
1191 * Additionally, in the case of SF_ERR_RESOURCE, an emergency log will be emitted.
1192 * The server-facing stream interface is expected to hold a pre-allocated connection
1193 * in s->si[1].conn.
1194 */
connect_server(struct stream * s)1195 int connect_server(struct stream *s)
1196 {
1197 struct connection *cli_conn = NULL;
1198 struct connection *srv_conn = NULL;
1199 struct connection *old_conn = NULL;
1200 struct conn_stream *srv_cs = NULL;
1201 struct server *srv;
1202 int reuse = 0;
1203 int reuse_orphan = 0;
1204 int init_mux = 0;
1205 int alloced_cs = 0;
1206 int err;
1207
1208
1209 /* Some, such as http_proxy and the LUA, create their connection and
1210 * conn_stream manually, so if we already have a conn_stream, try
1211 * to use it.
1212 */
1213 srv_cs = objt_cs(s->si[1].end);
1214 if (!srv_cs)
1215 srv_conn = objt_conn(s->si[1].end);
1216 else
1217 srv_conn = cs_conn(srv_cs);
1218
1219 if (srv_conn) {
1220 if (!srv_conn->target || srv_conn->target == s->target) {
1221 srv_conn->flags &= ~(CO_FL_ERROR | CO_FL_SOCK_RD_SH | CO_FL_SOCK_WR_SH);
1222 if (srv_cs)
1223 srv_cs->flags &= ~(CS_FL_ERROR | CS_FL_EOS | CS_FL_REOS);
1224 reuse = 1;
1225 old_conn = srv_conn;
1226 } else {
1227 srv_conn = NULL;
1228 srv_cs = NULL;
1229 si_release_endpoint(&s->si[1]);
1230 }
1231 }
1232
1233 if (!old_conn) {
1234 struct sess_srv_list *srv_list;
1235 list_for_each_entry(srv_list, &s->sess->srv_list, srv_list) {
1236 if (srv_list->target == s->target) {
1237 list_for_each_entry(srv_conn, &srv_list->conn_list,
1238 session_list) {
1239 if (conn_xprt_ready(srv_conn) &&
1240 srv_conn->mux && (srv_conn->mux->avail_streams(srv_conn) > 0)) {
1241 reuse = 1;
1242 break;
1243 }
1244 }
1245 break;
1246 }
1247 }
1248 if (reuse == 0) {
1249 srv_conn = NULL;
1250 if (!LIST_ISEMPTY(&s->sess->srv_list)) {
1251 srv_list = LIST_ELEM(s->sess->srv_list.n,
1252 struct sess_srv_list *, srv_list);
1253 if (!LIST_ISEMPTY(&srv_list->conn_list))
1254 srv_conn = LIST_ELEM(srv_list->conn_list.n,
1255 struct connection *, session_list);
1256 }
1257
1258 }
1259 }
1260 old_conn = srv_conn;
1261
1262 srv = objt_server(s->target);
1263
1264 if (srv && !reuse) {
1265 srv_conn = NULL;
1266
1267 /* Below we pick connections from the safe or idle lists based
1268 * on the strategy, the fact that this is a first or second
1269 * (retryable) request, with the indicated priority (1 or 2) :
1270 *
1271 * SAFE AGGR ALWS
1272 *
1273 * +-----+-----+ +-----+-----+ +-----+-----+
1274 * req| 1st | 2nd | req| 1st | 2nd | req| 1st | 2nd |
1275 * ----+-----+-----+ ----+-----+-----+ ----+-----+-----+
1276 * safe| - | 2 | safe| 1 | 2 | safe| 1 | 2 |
1277 * ----+-----+-----+ ----+-----+-----+ ----+-----+-----+
1278 * idle| - | 1 | idle| - | 1 | idle| 2 | 1 |
1279 * ----+-----+-----+ ----+-----+-----+ ----+-----+-----+
1280 */
1281 if (srv->idle_conns && !LIST_ISEMPTY(&srv->idle_conns[tid]) &&
1282 ((s->be->options & PR_O_REUSE_MASK) != PR_O_REUSE_NEVR &&
1283 s->txn && (s->txn->flags & TX_NOT_FIRST))) {
1284 srv_conn = LIST_ELEM(srv->idle_conns[tid].n, struct connection *, list);
1285 }
1286 else if (srv->safe_conns && !LIST_ISEMPTY(&srv->safe_conns[tid]) &&
1287 ((s->txn && (s->txn->flags & TX_NOT_FIRST)) ||
1288 (s->be->options & PR_O_REUSE_MASK) >= PR_O_REUSE_AGGR)) {
1289 srv_conn = LIST_ELEM(srv->safe_conns[tid].n, struct connection *, list);
1290 }
1291 else if (srv->idle_conns && !LIST_ISEMPTY(&srv->idle_conns[tid]) &&
1292 (s->be->options & PR_O_REUSE_MASK) == PR_O_REUSE_ALWS) {
1293 srv_conn = LIST_ELEM(srv->idle_conns[tid].n, struct connection *, list);
1294 } else if (srv->idle_orphan_conns && !LIST_ISEMPTY(&srv->idle_orphan_conns[tid]) &&
1295 (((s->be->options & PR_O_REUSE_MASK) == PR_O_REUSE_ALWS) ||
1296 (((s->be->options & PR_O_REUSE_MASK) != PR_O_REUSE_NEVR) &&
1297 s->txn && (s->txn->flags & TX_NOT_FIRST)))) {
1298 srv_conn = LIST_ELEM(srv->idle_orphan_conns[tid].n,
1299 struct connection *, list);
1300 reuse_orphan = 1;
1301 }
1302
1303 /* If we've picked a connection from the pool, we now have to
1304 * detach it. We may have to get rid of the previous idle
1305 * connection we had, so for this we try to swap it with the
1306 * other owner's. That way it may remain alive for others to
1307 * pick.
1308 */
1309 if (srv_conn)
1310 reuse = 1;
1311 }
1312
1313 if (reuse) {
1314 /* Disable connection reuse if a dynamic source is used.
1315 * As long as we don't share connections between servers,
1316 * we don't need to disable connection reuse on no-idempotent
1317 * requests nor when PROXY protocol is used.
1318 */
1319 if (srv && srv->conn_src.opts & CO_SRC_BIND) {
1320 if ((srv->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_DYN)
1321 reuse = 0;
1322 }
1323 else if (s->be->conn_src.opts & CO_SRC_BIND) {
1324 if ((s->be->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_DYN)
1325 reuse = 0;
1326 }
1327 }
1328 /* If we're really reusing the connection, remove it from the orphan
1329 * list and add it back to the idle list.
1330 */
1331 if (reuse && reuse_orphan) {
1332 LIST_DEL(&srv_conn->list);
1333 srv_conn->idle_time = 0;
1334 HA_ATOMIC_SUB(&srv->curr_idle_conns, 1);
1335 srv->curr_idle_thr[tid]--;
1336 LIST_ADDQ(&srv->idle_conns[tid], &srv_conn->list);
1337 if (LIST_ISEMPTY(&srv->idle_orphan_conns[tid]))
1338 task_unlink_wq(srv->idle_task[tid]);
1339 } else if (reuse) {
1340 if (srv_conn->flags & CO_FL_SESS_IDLE) {
1341 struct session *sess = srv_conn->owner;
1342
1343 srv_conn->flags &= ~CO_FL_SESS_IDLE;
1344 sess->idle_conns--;
1345 }
1346 }
1347
1348 /* We're about to use another connection, let the mux know we're
1349 * done with this one
1350 */
1351 if (old_conn != srv_conn && old_conn && reuse && !reuse_orphan) {
1352 struct session *sess = srv_conn->owner;
1353
1354 if (sess) {
1355 if (old_conn && !(old_conn->flags & CO_FL_PRIVATE) &&
1356 old_conn->mux != NULL) {
1357 if (old_conn->flags & CO_FL_SESS_IDLE)
1358 s->sess->idle_conns--;
1359 session_unown_conn(s->sess, old_conn);
1360 old_conn->owner = sess;
1361 if (!session_add_conn(sess, old_conn, old_conn->target)) {
1362 old_conn->flags &= ~CO_FL_SESS_IDLE;
1363 old_conn->owner = NULL;
1364 old_conn->mux->destroy(old_conn);
1365 } else
1366 session_check_idle_conn(sess, old_conn);
1367 }
1368 }
1369 }
1370
1371 if (reuse) {
1372 /* We already created a cs earlier when using http_proxy, so
1373 * only create a new one if we don't have one already.
1374 */
1375 if (!srv_cs && srv_conn->mux) {
1376 int avail = srv_conn->mux->avail_streams(srv_conn);
1377
1378 if (avail <= 1) {
1379 /* No more streams available, remove it from the list */
1380 LIST_DEL(&srv_conn->list);
1381 LIST_INIT(&srv_conn->list);
1382 }
1383
1384 if (avail >= 1) {
1385 srv_cs = srv_conn->mux->attach(srv_conn, s->sess);
1386 if (srv_cs) {
1387 alloced_cs = 1;
1388 si_attach_cs(&s->si[1], srv_cs);
1389 } else
1390 srv_conn = NULL;
1391 }
1392 else
1393 srv_conn = NULL;
1394 }
1395 /* otherwise srv_conn is left intact */
1396 }
1397 else
1398 srv_conn = NULL;
1399
1400 /* no reuse or failed to reuse the connection above, pick a new one */
1401 if (!srv_conn) {
1402 srv_conn = conn_new();
1403 if (srv_conn)
1404 srv_conn->target = s->target;
1405 srv_cs = NULL;
1406 }
1407
1408 if (srv_conn && old_conn != srv_conn) {
1409 if (srv_conn->owner)
1410 session_unown_conn(srv_conn->owner, srv_conn);
1411 srv_conn->owner = s->sess;
1412 if (!session_add_conn(s->sess, srv_conn, srv_conn->target)) {
1413 /* If we failed to attach the connection, detach the
1414 * conn_stream, possibly destroying the connection */
1415 if (alloced_cs)
1416 si_release_endpoint(&s->si[1]);
1417 srv_conn->owner = NULL;
1418 if (srv_conn->mux && !srv_add_to_idle_list(objt_server(srv_conn->target), srv_conn))
1419 /* The server doesn't want it, let's kill the connection right away */
1420 srv_conn->mux->destroy(srv_conn);
1421 srv_conn = NULL;
1422
1423 }
1424 }
1425
1426 if (!srv_conn) {
1427 if (srv_conn)
1428 conn_free(srv_conn);
1429 return SF_ERR_RESOURCE;
1430 }
1431
1432 if (!(s->flags & SF_ADDR_SET)) {
1433 err = assign_server_address(s, srv_conn);
1434 if (err != SRV_STATUS_OK) {
1435 conn_free(srv_conn);
1436 return SF_ERR_INTERNAL;
1437 }
1438 }
1439
1440 if (!conn_xprt_ready(srv_conn) && !srv_conn->mux) {
1441 /* set the correct protocol on the output stream interface */
1442 if (srv)
1443 conn_prepare(srv_conn, protocol_by_family(srv_conn->addr.to.ss_family), srv->xprt);
1444 else if (obj_type(s->target) == OBJ_TYPE_PROXY) {
1445 /* proxies exclusively run on raw_sock right now */
1446 conn_prepare(srv_conn, protocol_by_family(srv_conn->addr.to.ss_family), xprt_get(XPRT_RAW));
1447 if (!(srv_conn->ctrl)) {
1448 conn_free(srv_conn);
1449 return SF_ERR_INTERNAL;
1450 }
1451 }
1452 else {
1453 conn_free(srv_conn);
1454 return SF_ERR_INTERNAL; /* how did we get there ? */
1455 }
1456
1457 #if defined(USE_OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
1458 if (!srv ||
1459 ((!(srv->ssl_ctx.alpn_str) && !(srv->ssl_ctx.npn_str)) ||
1460 srv->mux_proto || s->be->mode != PR_MODE_HTTP))
1461 #endif
1462 {
1463 srv_cs = objt_cs(s->si[1].end);
1464 if (!srv_cs || srv_cs->conn != srv_conn)
1465 srv_cs = si_alloc_cs(&s->si[1], srv_conn);
1466 if (!srv_cs) {
1467 conn_free(srv_conn);
1468 return SF_ERR_RESOURCE;
1469 }
1470 init_mux = 1;
1471 }
1472 #if defined(USE_OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
1473 else {
1474 srv_conn->ctx = &s->si[1].end;
1475 /* Store the connection into the stream interface,
1476 * while we still don't have a mux, so that if the
1477 * stream is destroyed before the connection is
1478 * established, we have a chance to destroy it even
1479 * if it is no longer referenced in the session.
1480 */
1481 s->si[1].end = &srv_conn->obj_type;
1482 conn_set_xprt_done_cb(srv_conn, conn_complete_server);
1483 }
1484
1485 #endif
1486
1487
1488 /* process the case where the server requires the PROXY protocol to be sent */
1489 srv_conn->send_proxy_ofs = 0;
1490 cli_conn = objt_conn(strm_orig(s));
1491
1492 if (srv && srv->pp_opts) {
1493 srv_conn->flags |= CO_FL_PRIVATE;
1494 srv_conn->send_proxy_ofs = 1; /* must compute size */
1495 if (cli_conn)
1496 conn_get_to_addr(cli_conn);
1497 }
1498
1499 assign_tproxy_address(s);
1500 }
1501 else if (!srv_conn->mux) {
1502 /* No mux? We possibly asked for ALPN during a first failed
1503 * attempt and are trying to start again from this connection,
1504 * thus we have nothing to do.
1505 */
1506 }
1507 else if (!conn_xprt_ready(srv_conn)) {
1508 if (srv_conn->mux->reset)
1509 srv_conn->mux->reset(srv_conn);
1510 }
1511 else {
1512 /* Only consider we're doing reuse if the connection was
1513 * ready.
1514 */
1515 if (srv_conn->mux->ctl(srv_conn, MUX_STATUS, NULL) & MUX_STATUS_READY)
1516 s->flags |= SF_SRV_REUSED;
1517 }
1518
1519 /* flag for logging source ip/port */
1520 if (strm_fe(s)->options2 & PR_O2_SRC_ADDR)
1521 s->si[1].flags |= SI_FL_SRC_ADDR;
1522
1523 /* disable lingering */
1524 if (s->be->options & PR_O_TCP_NOLING)
1525 s->si[1].flags |= SI_FL_NOLINGER;
1526
1527 if (s->flags & SF_SRV_REUSED) {
1528 HA_ATOMIC_ADD(&s->be->be_counters.reuse, 1);
1529 if (srv)
1530 HA_ATOMIC_ADD(&srv->counters.reuse, 1);
1531 } else {
1532 HA_ATOMIC_ADD(&s->be->be_counters.connect, 1);
1533 if (srv)
1534 HA_ATOMIC_ADD(&srv->counters.connect, 1);
1535 }
1536
1537 err = si_connect(&s->si[1], srv_conn);
1538 if (err != SF_ERR_NONE)
1539 return err;
1540
1541 /* We have to defer the mux initialization until after si_connect()
1542 * has been called, as we need the xprt to have been properly
1543 * initialized, or any attempt to recv during the mux init may
1544 * fail, and flag the connection as CO_FL_ERROR.
1545 */
1546 if (init_mux) {
1547 if (conn_install_mux_be(srv_conn, srv_cs, s->sess) < 0) {
1548 conn_full_close(srv_conn);
1549 return SF_ERR_INTERNAL;
1550 }
1551 /* If we're doing http-reuse always, and the connection
1552 * is an http2 connection, add it to the available list,
1553 * so that others can use it right away.
1554 */
1555 if (srv && ((s->be->options & PR_O_REUSE_MASK) == PR_O_REUSE_ALWS) &&
1556 srv_conn->mux->avail_streams(srv_conn) > 0)
1557 LIST_ADD(&srv->idle_conns[tid], &srv_conn->list);
1558 }
1559
1560
1561 #if USE_OPENSSL && (defined(OPENSSL_IS_BORINGSSL) || \
1562 ((OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)))
1563
1564 if (!reuse && cli_conn && srv && srv_conn->mux &&
1565 (srv->ssl_ctx.options & SRV_SSL_O_EARLY_DATA) &&
1566 (cli_conn->flags & CO_FL_EARLY_DATA) &&
1567 !channel_is_empty(si_oc(&s->si[1])) &&
1568 srv_conn->flags & CO_FL_SSL_WAIT_HS)
1569 srv_conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
1570 #endif
1571
1572 /* set connect timeout */
1573 s->si[1].exp = tick_add_ifset(now_ms, s->be->timeout.connect);
1574
1575 if (srv) {
1576 int count;
1577
1578 s->flags |= SF_CURR_SESS;
1579 count = HA_ATOMIC_ADD(&srv->cur_sess, 1);
1580 HA_ATOMIC_UPDATE_MAX(&srv->counters.cur_sess_max, count);
1581 if (s->be->lbprm.server_take_conn)
1582 s->be->lbprm.server_take_conn(srv);
1583
1584 #ifdef USE_OPENSSL
1585 if (srv->ssl_ctx.sni) {
1586 struct sample *smp;
1587 int rewind;
1588
1589 if (!IS_HTX_STRM(s)) {
1590 /* Tricky case : we have already scheduled the pending
1591 * HTTP request or TCP data for leaving. So in HTTP we
1592 * rewind exactly the headers, otherwise we rewind the
1593 * output data.
1594 */
1595 rewind = s->txn ? http_hdr_rewind(&s->txn->req) : co_data(&s->req);
1596 c_rew(&s->req, rewind);
1597
1598 smp = sample_fetch_as_type(s->be, s->sess, s, SMP_OPT_DIR_REQ | SMP_OPT_FINAL,
1599 srv->ssl_ctx.sni, SMP_T_STR);
1600
1601 /* restore the pointers */
1602 c_adv(&s->req, rewind);
1603 }
1604 else {
1605 /* rewind the output data. */
1606 rewind = co_data(&s->req);
1607 c_rew(&s->req, rewind);
1608
1609 smp = sample_fetch_as_type(s->be, s->sess, s, SMP_OPT_DIR_REQ | SMP_OPT_FINAL,
1610 srv->ssl_ctx.sni, SMP_T_STR);
1611
1612 /* restore the pointers */
1613 c_adv(&s->req, rewind);
1614 }
1615
1616 if (smp_make_safe(smp)) {
1617 ssl_sock_set_servername(srv_conn,
1618 smp->data.u.str.area);
1619 srv_conn->flags |= CO_FL_PRIVATE;
1620 }
1621 }
1622 #endif /* USE_OPENSSL */
1623
1624 }
1625
1626 return SF_ERR_NONE; /* connection is OK */
1627 }
1628
1629
1630 /* This function performs the "redispatch" part of a connection attempt. It
1631 * will assign a server if required, queue the connection if required, and
1632 * handle errors that might arise at this level. It can change the server
1633 * state. It will return 1 if it encounters an error, switches the server
1634 * state, or has to queue a connection. Otherwise, it will return 0 indicating
1635 * that the connection is ready to use.
1636 */
1637
srv_redispatch_connect(struct stream * s)1638 int srv_redispatch_connect(struct stream *s)
1639 {
1640 struct server *srv;
1641 int conn_err;
1642
1643 /* We know that we don't have any connection pending, so we will
1644 * try to get a new one, and wait in this state if it's queued
1645 */
1646 redispatch:
1647 conn_err = assign_server_and_queue(s);
1648 srv = objt_server(s->target);
1649
1650 switch (conn_err) {
1651 case SRV_STATUS_OK:
1652 break;
1653
1654 case SRV_STATUS_FULL:
1655 /* The server has reached its maxqueue limit. Either PR_O_REDISP is set
1656 * and we can redispatch to another server, or it is not and we return
1657 * 503. This only makes sense in DIRECT mode however, because normal LB
1658 * algorithms would never select such a server, and hash algorithms
1659 * would bring us on the same server again. Note that s->target is set
1660 * in this case.
1661 */
1662 if (((s->flags & (SF_DIRECT|SF_FORCE_PRST)) == SF_DIRECT) &&
1663 (s->be->options & PR_O_REDISP)) {
1664 s->flags &= ~(SF_DIRECT | SF_ASSIGNED | SF_ADDR_SET);
1665 goto redispatch;
1666 }
1667
1668 if (!s->si[1].err_type) {
1669 s->si[1].err_type = SI_ET_QUEUE_ERR;
1670 }
1671
1672 HA_ATOMIC_ADD(&srv->counters.failed_conns, 1);
1673 HA_ATOMIC_ADD(&s->be->be_counters.failed_conns, 1);
1674 return 1;
1675
1676 case SRV_STATUS_NOSRV:
1677 /* note: it is guaranteed that srv == NULL here */
1678 if (!s->si[1].err_type) {
1679 s->si[1].err_type = SI_ET_CONN_ERR;
1680 }
1681
1682 HA_ATOMIC_ADD(&s->be->be_counters.failed_conns, 1);
1683 return 1;
1684
1685 case SRV_STATUS_QUEUED:
1686 s->si[1].exp = tick_add_ifset(now_ms, s->be->timeout.queue);
1687 s->si[1].state = SI_ST_QUE;
1688 /* do nothing else and do not wake any other stream up */
1689 return 1;
1690
1691 case SRV_STATUS_INTERNAL:
1692 default:
1693 if (!s->si[1].err_type) {
1694 s->si[1].err_type = SI_ET_CONN_OTHER;
1695 }
1696
1697 if (srv)
1698 srv_inc_sess_ctr(srv);
1699 if (srv)
1700 srv_set_sess_last(srv);
1701 if (srv)
1702 HA_ATOMIC_ADD(&srv->counters.failed_conns, 1);
1703 HA_ATOMIC_ADD(&s->be->be_counters.failed_conns, 1);
1704
1705 /* release other streams waiting for this server */
1706 if (may_dequeue_tasks(srv, s->be))
1707 process_srv_queue(srv);
1708 return 1;
1709 }
1710 /* if we get here, it's because we got SRV_STATUS_OK, which also
1711 * means that the connection has not been queued.
1712 */
1713 return 0;
1714 }
1715
1716 /* sends a log message when a backend goes down, and also sets last
1717 * change date.
1718 */
set_backend_down(struct proxy * be)1719 void set_backend_down(struct proxy *be)
1720 {
1721 be->last_change = now.tv_sec;
1722 HA_ATOMIC_ADD(&be->down_trans, 1);
1723
1724 if (!(global.mode & MODE_STARTING)) {
1725 ha_alert("%s '%s' has no server available!\n", proxy_type_str(be), be->id);
1726 send_log(be, LOG_EMERG, "%s %s has no server available!\n", proxy_type_str(be), be->id);
1727 }
1728 }
1729
1730 /* Apply RDP cookie persistence to the current stream. For this, the function
1731 * tries to extract an RDP cookie from the request buffer, and look for the
1732 * matching server in the list. If the server is found, it is assigned to the
1733 * stream. This always returns 1, and the analyser removes itself from the
1734 * list. Nothing is performed if a server was already assigned.
1735 */
tcp_persist_rdp_cookie(struct stream * s,struct channel * req,int an_bit)1736 int tcp_persist_rdp_cookie(struct stream *s, struct channel *req, int an_bit)
1737 {
1738 struct proxy *px = s->be;
1739 int ret;
1740 struct sample smp;
1741 struct server *srv = px->srv;
1742 uint16_t port;
1743 uint32_t addr;
1744 char *p;
1745
1746 DPRINTF(stderr,"[%u] %s: stream=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%lu analysers=%02x\n",
1747 now_ms, __FUNCTION__,
1748 s,
1749 req,
1750 req->rex, req->wex,
1751 req->flags,
1752 ci_data(req),
1753 req->analysers);
1754
1755 if (s->flags & SF_ASSIGNED)
1756 goto no_cookie;
1757
1758 memset(&smp, 0, sizeof(smp));
1759
1760 ret = fetch_rdp_cookie_name(s, &smp, s->be->rdp_cookie_name, s->be->rdp_cookie_len);
1761 if (ret == 0 || (smp.flags & SMP_F_MAY_CHANGE) || smp.data.u.str.data == 0)
1762 goto no_cookie;
1763
1764 /* Considering an rdp cookie detected using acl, str ended with <cr><lf> and should return.
1765 * The cookie format is <ip> "." <port> where "ip" is the integer corresponding to the
1766 * server's IP address in network order, and "port" is the integer corresponding to the
1767 * server's port in network order. Comments please Emeric.
1768 */
1769 addr = strtoul(smp.data.u.str.area, &p, 10);
1770 if (*p != '.')
1771 goto no_cookie;
1772 p++;
1773
1774 port = ntohs(strtoul(p, &p, 10));
1775 if (*p != '.')
1776 goto no_cookie;
1777
1778 s->target = NULL;
1779 while (srv) {
1780 if (srv->addr.ss_family == AF_INET &&
1781 port == srv->svc_port &&
1782 addr == ((struct sockaddr_in *)&srv->addr)->sin_addr.s_addr) {
1783 if ((srv->cur_state != SRV_ST_STOPPED) || (px->options & PR_O_PERSIST)) {
1784 /* we found the server and it is usable */
1785 s->flags |= SF_DIRECT | SF_ASSIGNED;
1786 s->target = &srv->obj_type;
1787 break;
1788 }
1789 }
1790 srv = srv->next;
1791 }
1792
1793 no_cookie:
1794 req->analysers &= ~an_bit;
1795 req->analyse_exp = TICK_ETERNITY;
1796 return 1;
1797 }
1798
be_downtime(struct proxy * px)1799 int be_downtime(struct proxy *px) {
1800 if (px->lbprm.tot_weight && px->last_change < now.tv_sec) // ignore negative time
1801 return px->down_time;
1802
1803 return now.tv_sec - px->last_change + px->down_time;
1804 }
1805
1806 /*
1807 * This function returns a string containing the balancing
1808 * mode of the proxy in a format suitable for stats.
1809 */
1810
backend_lb_algo_str(int algo)1811 const char *backend_lb_algo_str(int algo) {
1812
1813 if (algo == BE_LB_ALGO_RR)
1814 return "roundrobin";
1815 else if (algo == BE_LB_ALGO_SRR)
1816 return "static-rr";
1817 else if (algo == BE_LB_ALGO_FAS)
1818 return "first";
1819 else if (algo == BE_LB_ALGO_LC)
1820 return "leastconn";
1821 else if (algo == BE_LB_ALGO_SH)
1822 return "source";
1823 else if (algo == BE_LB_ALGO_UH)
1824 return "uri";
1825 else if (algo == BE_LB_ALGO_PH)
1826 return "url_param";
1827 else if (algo == BE_LB_ALGO_HH)
1828 return "hdr";
1829 else if (algo == BE_LB_ALGO_RCH)
1830 return "rdp-cookie";
1831 else if (algo == BE_LB_ALGO_NONE)
1832 return "none";
1833 else
1834 return "unknown";
1835 }
1836
1837 /* This function parses a "balance" statement in a backend section describing
1838 * <curproxy>. It returns -1 if there is any error, otherwise zero. If it
1839 * returns -1, it will write an error message into the <err> buffer which will
1840 * automatically be allocated and must be passed as NULL. The trailing '\n'
1841 * will not be written. The function must be called with <args> pointing to the
1842 * first word after "balance".
1843 */
backend_parse_balance(const char ** args,char ** err,struct proxy * curproxy)1844 int backend_parse_balance(const char **args, char **err, struct proxy *curproxy)
1845 {
1846 if (!*(args[0])) {
1847 /* if no option is set, use round-robin by default */
1848 curproxy->lbprm.algo &= ~BE_LB_ALGO;
1849 curproxy->lbprm.algo |= BE_LB_ALGO_RR;
1850 return 0;
1851 }
1852
1853 if (!strcmp(args[0], "roundrobin")) {
1854 curproxy->lbprm.algo &= ~BE_LB_ALGO;
1855 curproxy->lbprm.algo |= BE_LB_ALGO_RR;
1856 }
1857 else if (!strcmp(args[0], "static-rr")) {
1858 curproxy->lbprm.algo &= ~BE_LB_ALGO;
1859 curproxy->lbprm.algo |= BE_LB_ALGO_SRR;
1860 }
1861 else if (!strcmp(args[0], "first")) {
1862 curproxy->lbprm.algo &= ~BE_LB_ALGO;
1863 curproxy->lbprm.algo |= BE_LB_ALGO_FAS;
1864 }
1865 else if (!strcmp(args[0], "leastconn")) {
1866 curproxy->lbprm.algo &= ~BE_LB_ALGO;
1867 curproxy->lbprm.algo |= BE_LB_ALGO_LC;
1868 }
1869 else if (!strcmp(args[0], "random")) {
1870 curproxy->lbprm.algo &= ~BE_LB_ALGO;
1871 curproxy->lbprm.algo |= BE_LB_ALGO_RND;
1872 }
1873 else if (!strcmp(args[0], "source")) {
1874 curproxy->lbprm.algo &= ~BE_LB_ALGO;
1875 curproxy->lbprm.algo |= BE_LB_ALGO_SH;
1876 }
1877 else if (!strcmp(args[0], "uri")) {
1878 int arg = 1;
1879
1880 curproxy->lbprm.algo &= ~BE_LB_ALGO;
1881 curproxy->lbprm.algo |= BE_LB_ALGO_UH;
1882 curproxy->lbprm.arg_opt1 = 0; // "whole"
1883 curproxy->lbprm.arg_opt2 = 0; // "len"
1884 curproxy->lbprm.arg_opt3 = 0; // "depth"
1885
1886 while (*args[arg]) {
1887 if (!strcmp(args[arg], "len")) {
1888 if (!*args[arg+1] || (atoi(args[arg+1]) <= 0)) {
1889 memprintf(err, "%s : '%s' expects a positive integer (got '%s').", args[0], args[arg], args[arg+1]);
1890 return -1;
1891 }
1892 curproxy->lbprm.arg_opt2 = atoi(args[arg+1]);
1893 arg += 2;
1894 }
1895 else if (!strcmp(args[arg], "depth")) {
1896 if (!*args[arg+1] || (atoi(args[arg+1]) <= 0)) {
1897 memprintf(err, "%s : '%s' expects a positive integer (got '%s').", args[0], args[arg], args[arg+1]);
1898 return -1;
1899 }
1900 /* hint: we store the position of the ending '/' (depth+1) so
1901 * that we avoid a comparison while computing the hash.
1902 */
1903 curproxy->lbprm.arg_opt3 = atoi(args[arg+1]) + 1;
1904 arg += 2;
1905 }
1906 else if (!strcmp(args[arg], "whole")) {
1907 curproxy->lbprm.arg_opt1 = 1;
1908 arg += 1;
1909 }
1910 else {
1911 memprintf(err, "%s only accepts parameters 'len', 'depth', and 'whole' (got '%s').", args[0], args[arg]);
1912 return -1;
1913 }
1914 }
1915 }
1916 else if (!strcmp(args[0], "url_param")) {
1917 if (!*args[1]) {
1918 memprintf(err, "%s requires an URL parameter name.", args[0]);
1919 return -1;
1920 }
1921 curproxy->lbprm.algo &= ~BE_LB_ALGO;
1922 curproxy->lbprm.algo |= BE_LB_ALGO_PH;
1923
1924 free(curproxy->lbprm.arg_str);
1925 curproxy->lbprm.arg_str = strdup(args[1]);
1926 curproxy->lbprm.arg_len = strlen(args[1]);
1927 if (*args[2]) {
1928 if (strcmp(args[2], "check_post")) {
1929 memprintf(err, "%s only accepts 'check_post' modifier (got '%s').", args[0], args[2]);
1930 return -1;
1931 }
1932 }
1933 }
1934 else if (!strncmp(args[0], "hdr(", 4)) {
1935 const char *beg, *end;
1936
1937 beg = args[0] + 4;
1938 end = strchr(beg, ')');
1939
1940 if (!end || end == beg) {
1941 memprintf(err, "hdr requires an http header field name.");
1942 return -1;
1943 }
1944
1945 curproxy->lbprm.algo &= ~BE_LB_ALGO;
1946 curproxy->lbprm.algo |= BE_LB_ALGO_HH;
1947
1948 free(curproxy->lbprm.arg_str);
1949 curproxy->lbprm.arg_len = end - beg;
1950 curproxy->lbprm.arg_str = my_strndup(beg, end - beg);
1951 curproxy->lbprm.arg_opt1 = 0;
1952
1953 if (*args[1]) {
1954 if (strcmp(args[1], "use_domain_only")) {
1955 memprintf(err, "%s only accepts 'use_domain_only' modifier (got '%s').", args[0], args[1]);
1956 return -1;
1957 }
1958 curproxy->lbprm.arg_opt1 = 1;
1959 }
1960 }
1961 else if (!strncmp(args[0], "rdp-cookie", 10)) {
1962 curproxy->lbprm.algo &= ~BE_LB_ALGO;
1963 curproxy->lbprm.algo |= BE_LB_ALGO_RCH;
1964
1965 if ( *(args[0] + 10 ) == '(' ) { /* cookie name */
1966 const char *beg, *end;
1967
1968 beg = args[0] + 11;
1969 end = strchr(beg, ')');
1970
1971 if (!end || end == beg) {
1972 memprintf(err, "rdp-cookie : missing cookie name.");
1973 return -1;
1974 }
1975
1976 free(curproxy->lbprm.arg_str);
1977 curproxy->lbprm.arg_str = my_strndup(beg, end - beg);
1978 curproxy->lbprm.arg_len = end - beg;
1979 }
1980 else if ( *(args[0] + 10 ) == '\0' ) { /* default cookie name 'mstshash' */
1981 free(curproxy->lbprm.arg_str);
1982 curproxy->lbprm.arg_str = strdup("mstshash");
1983 curproxy->lbprm.arg_len = strlen(curproxy->lbprm.arg_str);
1984 }
1985 else { /* syntax */
1986 memprintf(err, "rdp-cookie : missing cookie name.");
1987 return -1;
1988 }
1989 }
1990 else {
1991 memprintf(err, "only supports 'roundrobin', 'static-rr', 'leastconn', 'source', 'uri', 'url_param', 'hdr(name)' and 'rdp-cookie(name)' options.");
1992 return -1;
1993 }
1994 return 0;
1995 }
1996
1997
1998 /************************************************************************/
1999 /* All supported sample and ACL keywords must be declared here. */
2000 /************************************************************************/
2001
2002 /* set temp integer to the number of enabled servers on the proxy.
2003 * Accepts exactly 1 argument. Argument is a backend, other types will lead to
2004 * undefined behaviour.
2005 */
2006 static int
smp_fetch_nbsrv(const struct arg * args,struct sample * smp,const char * kw,void * private)2007 smp_fetch_nbsrv(const struct arg *args, struct sample *smp, const char *kw, void *private)
2008 {
2009 struct proxy *px;
2010
2011 smp->flags = SMP_F_VOL_TEST;
2012 smp->data.type = SMP_T_SINT;
2013 px = args->data.prx;
2014
2015 smp->data.u.sint = be_usable_srv(px);
2016
2017 return 1;
2018 }
2019
2020 /* report in smp->flags a success or failure depending on the designated
2021 * server's state. There is no match function involved since there's no pattern.
2022 * Accepts exactly 1 argument. Argument is a server, other types will lead to
2023 * undefined behaviour.
2024 */
2025 static int
smp_fetch_srv_is_up(const struct arg * args,struct sample * smp,const char * kw,void * private)2026 smp_fetch_srv_is_up(const struct arg *args, struct sample *smp, const char *kw, void *private)
2027 {
2028 struct server *srv = args->data.srv;
2029
2030 smp->flags = SMP_F_VOL_TEST;
2031 smp->data.type = SMP_T_BOOL;
2032 if (!(srv->cur_admin & SRV_ADMF_MAINT) &&
2033 (!(srv->check.state & CHK_ST_CONFIGURED) || (srv->cur_state != SRV_ST_STOPPED)))
2034 smp->data.u.sint = 1;
2035 else
2036 smp->data.u.sint = 0;
2037 return 1;
2038 }
2039
2040 /* set temp integer to the number of enabled servers on the proxy.
2041 * Accepts exactly 1 argument. Argument is a backend, other types will lead to
2042 * undefined behaviour.
2043 */
2044 static int
smp_fetch_connslots(const struct arg * args,struct sample * smp,const char * kw,void * private)2045 smp_fetch_connslots(const struct arg *args, struct sample *smp, const char *kw, void *private)
2046 {
2047 struct server *iterator;
2048
2049 smp->flags = SMP_F_VOL_TEST;
2050 smp->data.type = SMP_T_SINT;
2051 smp->data.u.sint = 0;
2052
2053 for (iterator = args->data.prx->srv; iterator; iterator = iterator->next) {
2054 if (iterator->cur_state == SRV_ST_STOPPED)
2055 continue;
2056
2057 if (iterator->maxconn == 0 || iterator->maxqueue == 0) {
2058 /* configuration is stupid */
2059 smp->data.u.sint = -1; /* FIXME: stupid value! */
2060 return 1;
2061 }
2062
2063 smp->data.u.sint += (iterator->maxconn - iterator->cur_sess)
2064 + (iterator->maxqueue - iterator->nbpend);
2065 }
2066
2067 return 1;
2068 }
2069
2070 /* set temp integer to the id of the backend */
2071 static int
smp_fetch_be_id(const struct arg * args,struct sample * smp,const char * kw,void * private)2072 smp_fetch_be_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
2073 {
2074 if (!smp->strm)
2075 return 0;
2076
2077 smp->flags = SMP_F_VOL_TXN;
2078 smp->data.type = SMP_T_SINT;
2079 smp->data.u.sint = smp->strm->be->uuid;
2080 return 1;
2081 }
2082
2083 /* set string to the name of the backend */
2084 static int
smp_fetch_be_name(const struct arg * args,struct sample * smp,const char * kw,void * private)2085 smp_fetch_be_name(const struct arg *args, struct sample *smp, const char *kw, void *private)
2086 {
2087 if (!smp->strm)
2088 return 0;
2089
2090 smp->data.u.str.area = (char *)smp->strm->be->id;
2091 if (!smp->data.u.str.area)
2092 return 0;
2093
2094 smp->data.type = SMP_T_STR;
2095 smp->flags = SMP_F_CONST;
2096 smp->data.u.str.data = strlen(smp->data.u.str.area);
2097
2098 return 1;
2099 }
2100
2101 /* set temp integer to the id of the server */
2102 static int
smp_fetch_srv_id(const struct arg * args,struct sample * smp,const char * kw,void * private)2103 smp_fetch_srv_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
2104 {
2105 if (!smp->strm)
2106 return 0;
2107
2108 if (!objt_server(smp->strm->target))
2109 return 0;
2110
2111 smp->data.type = SMP_T_SINT;
2112 smp->data.u.sint = __objt_server(smp->strm->target)->puid;
2113
2114 return 1;
2115 }
2116
2117 /* set temp integer to the number of connections per second reaching the backend.
2118 * Accepts exactly 1 argument. Argument is a backend, other types will lead to
2119 * undefined behaviour.
2120 */
2121 static int
smp_fetch_be_sess_rate(const struct arg * args,struct sample * smp,const char * kw,void * private)2122 smp_fetch_be_sess_rate(const struct arg *args, struct sample *smp, const char *kw, void *private)
2123 {
2124 smp->flags = SMP_F_VOL_TEST;
2125 smp->data.type = SMP_T_SINT;
2126 smp->data.u.sint = read_freq_ctr(&args->data.prx->be_sess_per_sec);
2127 return 1;
2128 }
2129
2130 /* set temp integer to the number of concurrent connections on the backend.
2131 * Accepts exactly 1 argument. Argument is a backend, other types will lead to
2132 * undefined behaviour.
2133 */
2134 static int
smp_fetch_be_conn(const struct arg * args,struct sample * smp,const char * kw,void * private)2135 smp_fetch_be_conn(const struct arg *args, struct sample *smp, const char *kw, void *private)
2136 {
2137 smp->flags = SMP_F_VOL_TEST;
2138 smp->data.type = SMP_T_SINT;
2139 smp->data.u.sint = args->data.prx->beconn;
2140 return 1;
2141 }
2142
2143 /* set temp integer to the number of available connections across available
2144 * servers on the backend.
2145 * Accepts exactly 1 argument. Argument is a backend, other types will lead to
2146 * undefined behaviour.
2147 */
2148 static int
smp_fetch_be_conn_free(const struct arg * args,struct sample * smp,const char * kw,void * private)2149 smp_fetch_be_conn_free(const struct arg *args, struct sample *smp, const char *kw, void *private)
2150 {
2151 struct server *iterator;
2152 struct proxy *px;
2153 unsigned int maxconn;
2154
2155 smp->flags = SMP_F_VOL_TEST;
2156 smp->data.type = SMP_T_SINT;
2157 smp->data.u.sint = 0;
2158
2159 for (iterator = args->data.prx->srv; iterator; iterator = iterator->next) {
2160 if (iterator->cur_state == SRV_ST_STOPPED)
2161 continue;
2162
2163 px = iterator->proxy;
2164 if (!srv_currently_usable(iterator) ||
2165 ((iterator->flags & SRV_F_BACKUP) &&
2166 (px->srv_act || (iterator != px->lbprm.fbck && !(px->options & PR_O_USE_ALL_BK)))))
2167 continue;
2168
2169 if (iterator->maxconn == 0) {
2170 /* one active server is unlimited, return -1 */
2171 smp->data.u.sint = -1;
2172 return 1;
2173 }
2174
2175 maxconn = srv_dynamic_maxconn(iterator);
2176 if (maxconn > iterator->cur_sess)
2177 smp->data.u.sint += maxconn - iterator->cur_sess;
2178 }
2179
2180 return 1;
2181 }
2182
2183 /* set temp integer to the total number of queued connections on the backend.
2184 * Accepts exactly 1 argument. Argument is a backend, other types will lead to
2185 * undefined behaviour.
2186 */
2187 static int
smp_fetch_queue_size(const struct arg * args,struct sample * smp,const char * kw,void * private)2188 smp_fetch_queue_size(const struct arg *args, struct sample *smp, const char *kw, void *private)
2189 {
2190 smp->flags = SMP_F_VOL_TEST;
2191 smp->data.type = SMP_T_SINT;
2192 smp->data.u.sint = args->data.prx->totpend;
2193 return 1;
2194 }
2195
2196 /* set temp integer to the total number of queued connections on the backend divided
2197 * by the number of running servers and rounded up. If there is no running
2198 * server, we return twice the total, just as if we had half a running server.
2199 * This is more or less correct anyway, since we expect the last server to come
2200 * back soon.
2201 * Accepts exactly 1 argument. Argument is a backend, other types will lead to
2202 * undefined behaviour.
2203 */
2204 static int
smp_fetch_avg_queue_size(const struct arg * args,struct sample * smp,const char * kw,void * private)2205 smp_fetch_avg_queue_size(const struct arg *args, struct sample *smp, const char *kw, void *private)
2206 {
2207 int nbsrv;
2208 struct proxy *px;
2209
2210 smp->flags = SMP_F_VOL_TEST;
2211 smp->data.type = SMP_T_SINT;
2212 px = args->data.prx;
2213
2214 nbsrv = be_usable_srv(px);
2215
2216 if (nbsrv > 0)
2217 smp->data.u.sint = (px->totpend + nbsrv - 1) / nbsrv;
2218 else
2219 smp->data.u.sint = px->totpend * 2;
2220
2221 return 1;
2222 }
2223
2224 /* set temp integer to the number of concurrent connections on the server in the backend.
2225 * Accepts exactly 1 argument. Argument is a server, other types will lead to
2226 * undefined behaviour.
2227 */
2228 static int
smp_fetch_srv_conn(const struct arg * args,struct sample * smp,const char * kw,void * private)2229 smp_fetch_srv_conn(const struct arg *args, struct sample *smp, const char *kw, void *private)
2230 {
2231 smp->flags = SMP_F_VOL_TEST;
2232 smp->data.type = SMP_T_SINT;
2233 smp->data.u.sint = args->data.srv->cur_sess;
2234 return 1;
2235 }
2236
2237 /* set temp integer to the number of available connections on the server in the backend.
2238 * Accepts exactly 1 argument. Argument is a server, other types will lead to
2239 * undefined behaviour.
2240 */
2241 static int
smp_fetch_srv_conn_free(const struct arg * args,struct sample * smp,const char * kw,void * private)2242 smp_fetch_srv_conn_free(const struct arg *args, struct sample *smp, const char *kw, void *private)
2243 {
2244 unsigned int maxconn;
2245
2246 smp->flags = SMP_F_VOL_TEST;
2247 smp->data.type = SMP_T_SINT;
2248
2249 if (args->data.srv->maxconn == 0) {
2250 /* one active server is unlimited, return -1 */
2251 smp->data.u.sint = -1;
2252 return 1;
2253 }
2254
2255 maxconn = srv_dynamic_maxconn(args->data.srv);
2256 if (maxconn > args->data.srv->cur_sess)
2257 smp->data.u.sint = maxconn - args->data.srv->cur_sess;
2258 else
2259 smp->data.u.sint = 0;
2260
2261 return 1;
2262 }
2263
2264 /* set temp integer to the number of connections pending in the server's queue.
2265 * Accepts exactly 1 argument. Argument is a server, other types will lead to
2266 * undefined behaviour.
2267 */
2268 static int
smp_fetch_srv_queue(const struct arg * args,struct sample * smp,const char * kw,void * private)2269 smp_fetch_srv_queue(const struct arg *args, struct sample *smp, const char *kw, void *private)
2270 {
2271 smp->flags = SMP_F_VOL_TEST;
2272 smp->data.type = SMP_T_SINT;
2273 smp->data.u.sint = args->data.srv->nbpend;
2274 return 1;
2275 }
2276
2277 /* set temp integer to the number of enabled servers on the proxy.
2278 * Accepts exactly 1 argument. Argument is a server, other types will lead to
2279 * undefined behaviour.
2280 */
2281 static int
smp_fetch_srv_sess_rate(const struct arg * args,struct sample * smp,const char * kw,void * private)2282 smp_fetch_srv_sess_rate(const struct arg *args, struct sample *smp, const char *kw, void *private)
2283 {
2284 smp->flags = SMP_F_VOL_TEST;
2285 smp->data.type = SMP_T_SINT;
2286 smp->data.u.sint = read_freq_ctr(&args->data.srv->sess_per_sec);
2287 return 1;
2288 }
2289
sample_conv_nbsrv(const struct arg * args,struct sample * smp,void * private)2290 static int sample_conv_nbsrv(const struct arg *args, struct sample *smp, void *private)
2291 {
2292
2293 struct proxy *px;
2294
2295 if (!smp_make_safe(smp))
2296 return 0;
2297
2298 px = proxy_find_by_name(smp->data.u.str.area, PR_CAP_BE, 0);
2299 if (!px)
2300 return 0;
2301
2302 smp->data.type = SMP_T_SINT;
2303 smp->data.u.sint = be_usable_srv(px);
2304
2305 return 1;
2306 }
2307
2308
2309 /* Note: must not be declared <const> as its list will be overwritten.
2310 * Please take care of keeping this list alphabetically sorted.
2311 */
2312 static struct sample_fetch_kw_list smp_kws = {ILH, {
2313 { "avg_queue", smp_fetch_avg_queue_size, ARG1(1,BE), NULL, SMP_T_SINT, SMP_USE_INTRN, },
2314 { "be_conn", smp_fetch_be_conn, ARG1(1,BE), NULL, SMP_T_SINT, SMP_USE_INTRN, },
2315 { "be_conn_free", smp_fetch_be_conn_free, ARG1(1,BE), NULL, SMP_T_SINT, SMP_USE_INTRN, },
2316 { "be_id", smp_fetch_be_id, 0, NULL, SMP_T_SINT, SMP_USE_BKEND, },
2317 { "be_name", smp_fetch_be_name, 0, NULL, SMP_T_STR, SMP_USE_BKEND, },
2318 { "be_sess_rate", smp_fetch_be_sess_rate, ARG1(1,BE), NULL, SMP_T_SINT, SMP_USE_INTRN, },
2319 { "connslots", smp_fetch_connslots, ARG1(1,BE), NULL, SMP_T_SINT, SMP_USE_INTRN, },
2320 { "nbsrv", smp_fetch_nbsrv, ARG1(1,BE), NULL, SMP_T_SINT, SMP_USE_INTRN, },
2321 { "queue", smp_fetch_queue_size, ARG1(1,BE), NULL, SMP_T_SINT, SMP_USE_INTRN, },
2322 { "srv_conn", smp_fetch_srv_conn, ARG1(1,SRV), NULL, SMP_T_SINT, SMP_USE_INTRN, },
2323 { "srv_conn_free", smp_fetch_srv_conn_free, ARG1(1,SRV), NULL, SMP_T_SINT, SMP_USE_INTRN, },
2324 { "srv_id", smp_fetch_srv_id, 0, NULL, SMP_T_SINT, SMP_USE_SERVR, },
2325 { "srv_is_up", smp_fetch_srv_is_up, ARG1(1,SRV), NULL, SMP_T_BOOL, SMP_USE_INTRN, },
2326 { "srv_queue", smp_fetch_srv_queue, ARG1(1,SRV), NULL, SMP_T_SINT, SMP_USE_INTRN, },
2327 { "srv_sess_rate", smp_fetch_srv_sess_rate, ARG1(1,SRV), NULL, SMP_T_SINT, SMP_USE_INTRN, },
2328 { /* END */ },
2329 }};
2330
2331 INITCALL1(STG_REGISTER, sample_register_fetches, &smp_kws);
2332
2333 /* Note: must not be declared <const> as its list will be overwritten */
2334 static struct sample_conv_kw_list sample_conv_kws = {ILH, {
2335 { "nbsrv", sample_conv_nbsrv, 0, NULL, SMP_T_STR, SMP_T_SINT },
2336 { /* END */ },
2337 }};
2338
2339 INITCALL1(STG_REGISTER, sample_register_convs, &sample_conv_kws);
2340
2341 /* Note: must not be declared <const> as its list will be overwritten.
2342 * Please take care of keeping this list alphabetically sorted.
2343 */
2344 static struct acl_kw_list acl_kws = {ILH, {
2345 { /* END */ },
2346 }};
2347
2348 INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
2349
2350 /*
2351 * Local variables:
2352 * c-indent-level: 8
2353 * c-basic-offset: 8
2354 * End:
2355 */
2356