/* * Backend variables and functions. * * Copyright 2000-2013 Willy Tarreau * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. * */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define TRACE_SOURCE &trace_strm int be_lastsession(const struct proxy *be) { if (be->be_counters.last_sess) return ns_to_sec(now_ns) - be->be_counters.last_sess; return -1; } /* helper function to invoke the correct hash method */ unsigned int gen_hash(const struct proxy* px, const char* key, unsigned long len) { unsigned int hash; switch (px->lbprm.algo & BE_LB_HASH_FUNC) { case BE_LB_HFCN_DJB2: hash = hash_djb2(key, len); break; case BE_LB_HFCN_WT6: hash = hash_wt6(key, len); break; case BE_LB_HFCN_CRC32: hash = hash_crc32(key, len); break; case BE_LB_HFCN_NONE: /* use key as a hash */ { const char *_key = key; hash = read_int64(&_key, _key + len); } break; case BE_LB_HFCN_SDBM: /* this is the default hash function */ default: hash = hash_sdbm(key, len); break; } if ((px->lbprm.algo & BE_LB_HASH_MOD) == BE_LB_HMOD_AVAL) hash = full_hash(hash); return hash; } /* * This function recounts the number of usable active and backup servers for * proxy

. These numbers are returned into the p->srv_act and p->srv_bck. * This function also recomputes the total active and backup weights. However, * it does not update tot_weight nor tot_used. Use update_backend_weight() for * this. * This functions is designed to be called before server's weight and state * commit so it uses 'next' weight and states values. * * threads: this is the caller responsibility to lock data. For now, this * function is called from lb modules, so it should be ok. But if you need to * call it from another place, be careful (and update this comment). */ void recount_servers(struct proxy *px) { struct server *srv; px->srv_act = px->srv_bck = 0; px->lbprm.tot_wact = px->lbprm.tot_wbck = 0; px->lbprm.fbck = NULL; for (srv = px->srv; srv != NULL; srv = srv->next) { if (!srv_willbe_usable(srv)) continue; if (srv->flags & SRV_F_BACKUP) { if (!px->srv_bck && !(px->options & PR_O_USE_ALL_BK)) px->lbprm.fbck = srv; px->srv_bck++; srv->cumulative_weight = px->lbprm.tot_wbck; px->lbprm.tot_wbck += srv->next_eweight; } else { px->srv_act++; srv->cumulative_weight = px->lbprm.tot_wact; px->lbprm.tot_wact += srv->next_eweight; } } } /* This function simply updates the backend's tot_weight and tot_used values * after servers weights have been updated. It is designed to be used after * recount_servers() or equivalent. * * threads: this is the caller responsibility to lock data. For now, this * function is called from lb modules, so it should be ok. But if you need to * call it from another place, be careful (and update this comment). */ void update_backend_weight(struct proxy *px) { if (px->srv_act) { px->lbprm.tot_weight = px->lbprm.tot_wact; px->lbprm.tot_used = px->srv_act; } else if (px->lbprm.fbck) { /* use only the first backup server */ px->lbprm.tot_weight = px->lbprm.fbck->next_eweight; px->lbprm.tot_used = 1; } else { px->lbprm.tot_weight = px->lbprm.tot_wbck; px->lbprm.tot_used = px->srv_bck; } } /* * This function tries to find a running server for the proxy following * the source hash method. Depending on the number of active/backup servers, * it will either look for active servers, or for backup servers. * If any server is found, it will be returned. If no valid server is found, * NULL is returned. */ static struct server *get_server_sh(struct proxy *px, const char *addr, int len, const struct server *avoid) { unsigned int h, l; if (px->lbprm.tot_weight == 0) return NULL; l = h = 0; /* note: we won't hash if there's only one server left */ if (px->lbprm.tot_used == 1) goto hash_done; while ((l + sizeof (int)) <= len) { h ^= ntohl(*(unsigned int *)(&addr[l])); l += sizeof (int); } /* FIXME: why don't we use gen_hash() here as well? * -> we don't take into account hash function from "hash_type" * options here.. */ if ((px->lbprm.algo & BE_LB_HASH_MOD) == BE_LB_HMOD_AVAL) h = full_hash(h); hash_done: if ((px->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_CHTREE) return chash_get_server_hash(px, h, avoid); else return map_get_server_hash(px, h); } /* * This function tries to find a running server for the proxy following * the URI hash method. In order to optimize cache hits, the hash computation * ends at the question mark. Depending on the number of active/backup servers, * it will either look for active servers, or for backup servers. * If any server is found, it will be returned. If no valid server is found, * NULL is returned. The lbprm.arg_opt{1,2,3} values correspond respectively to * the "whole" optional argument (boolean, bit0), the "len" argument (numeric) * and the "depth" argument (numeric). * * This code was contributed by Guillaume Dallaire, who also selected this hash * algorithm out of a tens because it gave him the best results. * */ static struct server *get_server_uh(struct proxy *px, char *uri, int uri_len, const struct server *avoid) { unsigned int hash = 0; int c; int slashes = 0; const char *start, *end; if (px->lbprm.tot_weight == 0) return NULL; /* note: we won't hash if there's only one server left */ if (px->lbprm.tot_used == 1) goto hash_done; if (px->lbprm.arg_opt2) // "len" uri_len = MIN(uri_len, px->lbprm.arg_opt2); start = end = uri; while (uri_len--) { c = *end; if (c == '/') { slashes++; if (slashes == px->lbprm.arg_opt3) /* depth+1 */ break; } else if (c == '?' && !(px->lbprm.arg_opt1 & 1)) // "whole" break; end++; } hash = gen_hash(px, start, (end - start)); hash_done: if ((px->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_CHTREE) return chash_get_server_hash(px, hash, avoid); else return map_get_server_hash(px, hash); } /* * This function tries to find a running server for the proxy following * the URL parameter hash method. It looks for a specific parameter in the * URL and hashes it to compute the server ID. This is useful to optimize * performance by avoiding bounces between servers in contexts where sessions * are shared but cookies are not usable. If the parameter is not found, NULL * is returned. If any server is found, it will be returned. If no valid server * is found, NULL is returned. */ static struct server *get_server_ph(struct proxy *px, const char *uri, int uri_len, const struct server *avoid) { unsigned int hash = 0; const char *start, *end; const char *p; const char *params; int plen; /* when tot_weight is 0 then so is srv_count */ if (px->lbprm.tot_weight == 0) return NULL; if ((p = memchr(uri, '?', uri_len)) == NULL) return NULL; p++; uri_len -= (p - uri); plen = px->lbprm.arg_len; params = p; while (uri_len > plen) { /* Look for the parameter name followed by an equal symbol */ if (params[plen] == '=') { if (memcmp(params, px->lbprm.arg_str, plen) == 0) { /* OK, we have the parameter here at , and * the value after the equal sign, at

* skip the equal symbol */ p += plen + 1; start = end = p; uri_len -= plen + 1; while (uri_len && *end != '&') { uri_len--; end++; } hash = gen_hash(px, start, (end - start)); if ((px->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_CHTREE) return chash_get_server_hash(px, hash, avoid); else return map_get_server_hash(px, hash); } } /* skip to next parameter */ p = memchr(params, '&', uri_len); if (!p) return NULL; p++; uri_len -= (p - params); params = p; } return NULL; } /* * this does the same as the previous server_ph, but check the body contents */ static struct server *get_server_ph_post(struct stream *s, const struct server *avoid) { unsigned int hash = 0; struct channel *req = &s->req; struct proxy *px = s->be; struct htx *htx = htxbuf(&req->buf); struct htx_blk *blk; unsigned int plen = px->lbprm.arg_len; unsigned long len; const char *params, *p, *start, *end; if (px->lbprm.tot_weight == 0) return NULL; p = params = NULL; len = 0; for (blk = htx_get_first_blk(htx); blk; blk = htx_get_next_blk(htx, blk)) { enum htx_blk_type type = htx_get_blk_type(blk); struct ist v; if (type != HTX_BLK_DATA) continue; v = htx_get_blk_value(htx, blk); p = params = v.ptr; len = v.len; break; } while (len > plen) { /* Look for the parameter name followed by an equal symbol */ if (params[plen] == '=') { if (memcmp(params, px->lbprm.arg_str, plen) == 0) { /* OK, we have the parameter here at , and * the value after the equal sign, at

* skip the equal symbol */ p += plen + 1; start = end = p; len -= plen + 1; while (len && *end != '&') { if (unlikely(!HTTP_IS_TOKEN(*p))) { /* if in a POST, body must be URI encoded or it's not a URI. * Do not interpret any possible binary data as a parameter. */ if (likely(HTTP_IS_LWS(*p))) /* eol, uncertain uri len */ break; return NULL; /* oh, no; this is not uri-encoded. * This body does not contain parameters. */ } len--; end++; /* should we break if vlen exceeds limit? */ } hash = gen_hash(px, start, (end - start)); if ((px->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_CHTREE) return chash_get_server_hash(px, hash, avoid); else return map_get_server_hash(px, hash); } } /* skip to next parameter */ p = memchr(params, '&', len); if (!p) return NULL; p++; len -= (p - params); params = p; } return NULL; } /* * This function tries to find a running server for the proxy following * the Header parameter hash method. It looks for a specific parameter in the * URL and hashes it to compute the server ID. This is useful to optimize * performance by avoiding bounces between servers in contexts where sessions * are shared but cookies are not usable. If the parameter is not found, NULL * is returned. If any server is found, it will be returned. If no valid server * is found, NULL is returned. When lbprm.arg_opt1 is set, the hash will only * apply to the middle part of a domain name ("use_domain_only" option). */ static struct server *get_server_hh(struct stream *s, const struct server *avoid) { unsigned int hash = 0; struct proxy *px = s->be; unsigned int plen = px->lbprm.arg_len; unsigned long len; const char *p; const char *start, *end; struct htx *htx = htxbuf(&s->req.buf); struct http_hdr_ctx ctx = { .blk = NULL }; /* tot_weight appears to mean srv_count */ if (px->lbprm.tot_weight == 0) return NULL; /* note: we won't hash if there's only one server left */ if (px->lbprm.tot_used == 1) goto hash_done; http_find_header(htx, ist2(px->lbprm.arg_str, plen), &ctx, 0); /* if the header is not found or empty, let's fallback to round robin */ if (!ctx.blk || !ctx.value.len) return NULL; /* Found a the param_name in the headers. * we will compute the hash based on this value ctx.val. */ len = ctx.value.len; p = ctx.value.ptr; if (!px->lbprm.arg_opt1) { hash = gen_hash(px, p, len); } else { int dohash = 0; p += len; /* special computation, use only main domain name, not tld/host * going back from the end of string, start hashing at first * dot stop at next. * This is designed to work with the 'Host' header, and requires * a special option to activate this. */ end = p; while (len) { if (dohash) { /* Rewind the pointer until the previous char * is a dot, this will allow to set the start * position of the domain. */ if (*(p - 1) == '.') break; } else if (*p == '.') { /* The pointer is rewinded to the dot before the * tld, we memorize the end of the domain and * can enter the domain processing. */ end = p; dohash = 1; } p--; len--; } start = p; hash = gen_hash(px, start, (end - start)); } hash_done: if ((px->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_CHTREE) return chash_get_server_hash(px, hash, avoid); else return map_get_server_hash(px, hash); } /* RDP Cookie HASH. */ static struct server *get_server_rch(struct stream *s, const struct server *avoid) { unsigned int hash = 0; struct proxy *px = s->be; unsigned long len; int ret; struct sample smp; int rewind; /* tot_weight appears to mean srv_count */ if (px->lbprm.tot_weight == 0) return NULL; memset(&smp, 0, sizeof(smp)); rewind = co_data(&s->req); c_rew(&s->req, rewind); ret = fetch_rdp_cookie_name(s, &smp, px->lbprm.arg_str, px->lbprm.arg_len); len = smp.data.u.str.data; c_adv(&s->req, rewind); if (ret == 0 || (smp.flags & SMP_F_MAY_CHANGE) || len == 0) return NULL; /* note: we won't hash if there's only one server left */ if (px->lbprm.tot_used == 1) goto hash_done; /* Found the param_name in the headers. * we will compute the hash based on this value ctx.val. */ hash = gen_hash(px, smp.data.u.str.area, len); hash_done: if ((px->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_CHTREE) return chash_get_server_hash(px, hash, avoid); else return map_get_server_hash(px, hash); } /* sample expression HASH. Returns NULL if the sample is not found or if there * are no server, relying on the caller to fall back to round robin instead. */ static struct server *get_server_expr(struct stream *s, const struct server *avoid) { struct proxy *px = s->be; struct sample *smp; unsigned int hash = 0; if (px->lbprm.tot_weight == 0) return NULL; /* note: no need to hash if there's only one server left */ if (px->lbprm.tot_used == 1) goto hash_done; smp = sample_fetch_as_type(px, s->sess, s, SMP_OPT_DIR_REQ | SMP_OPT_FINAL, px->lbprm.expr, SMP_T_BIN); if (!smp) return NULL; /* We have the desired data. Let's hash it according to the configured * options and algorithm. */ hash = gen_hash(px, smp->data.u.str.area, smp->data.u.str.data); hash_done: if ((px->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_CHTREE) return chash_get_server_hash(px, hash, avoid); else return map_get_server_hash(px, hash); } /* random value */ static struct server *get_server_rnd(struct stream *s, const struct server *avoid) { unsigned int hash = 0; struct proxy *px = s->be; struct server *prev, *curr; int draws = px->lbprm.arg_opt1; // number of draws /* tot_weight appears to mean srv_count */ if (px->lbprm.tot_weight == 0) return NULL; curr = NULL; do { prev = curr; hash = statistical_prng(); curr = chash_get_server_hash(px, hash, avoid); if (!curr) break; /* compare the new server to the previous best choice and pick * the one with the least currently served requests. */ if (prev && prev != curr && curr->served * prev->cur_eweight > prev->served * curr->cur_eweight) curr = prev; } while (--draws > 0); /* if the selected server is full, pretend we have none so that we reach * the backend's queue instead. */ if (curr && (curr->queue.length || (curr->maxconn && curr->served >= srv_dynamic_maxconn(curr)))) curr = NULL; return curr; } /* * This function applies the load-balancing algorithm to the stream, as * defined by the backend it is assigned to. The stream is then marked as * 'assigned'. * * This function MAY NOT be called with SF_ASSIGNED already set. If the stream * had a server previously assigned, it is rebalanced, trying to avoid the same * server, which should still be present in target_srv(&s->target) before the call. * The function tries to keep the original connection slot if it reconnects to * the same server, otherwise it releases it and tries to offer it. * * It is illegal to call this function with a stream in a queue. * * It may return : * SRV_STATUS_OK if everything is OK. ->srv and ->target are assigned. * SRV_STATUS_NOSRV if no server is available. Stream is not ASSIGNED * SRV_STATUS_FULL if all servers are saturated. Stream is not ASSIGNED * SRV_STATUS_INTERNAL for other unrecoverable errors. * * Upon successful return, the stream flag SF_ASSIGNED is set to indicate that * it does not need to be called anymore. This means that target_srv(&s->target) * can be trusted in balance and direct modes. * */ int assign_server(struct stream *s) { struct connection *conn = NULL; struct server *conn_slot; struct server *srv = NULL, *prev_srv; int err; err = SRV_STATUS_INTERNAL; if (unlikely(s->pend_pos || s->flags & SF_ASSIGNED)) goto out_err; prev_srv = objt_server(s->target); conn_slot = s->srv_conn; /* We have to release any connection slot before applying any LB algo, * otherwise we may erroneously end up with no available slot. */ if (conn_slot) sess_change_server(s, NULL); /* We will now try to find the good server and store it into target)>. * Note that target)> may be NULL in case of dispatch or proxy mode, * as well as if no server is available (check error code). */ srv = NULL; s->target = NULL; if ((s->be->lbprm.algo & BE_LB_KIND) != BE_LB_KIND_HI && ((s->sess->flags & SESS_FL_PREFER_LAST) || (s->be->options & PR_O_PREF_LAST))) { struct sess_srv_list *srv_list; list_for_each_entry(srv_list, &s->sess->srv_list, srv_list) { struct server *tmpsrv = objt_server(srv_list->target); if (tmpsrv && tmpsrv->proxy == s->be && ((s->sess->flags & SESS_FL_PREFER_LAST) || (!s->be->max_ka_queue || server_has_room(tmpsrv) || ( tmpsrv->queue.length + 1 < s->be->max_ka_queue))) && srv_currently_usable(tmpsrv)) { list_for_each_entry(conn, &srv_list->conn_list, session_list) { if (!(conn->flags & CO_FL_WAIT_XPRT)) { srv = tmpsrv; s->target = &srv->obj_type; if (conn->flags & CO_FL_SESS_IDLE) { conn->flags &= ~CO_FL_SESS_IDLE; s->sess->idle_conns--; } goto out_ok; } } } } } if (s->be->lbprm.algo & BE_LB_KIND) { /* we must check if we have at least one server available */ if (!s->be->lbprm.tot_weight) { err = SRV_STATUS_NOSRV; goto out; } /* if there's some queue on the backend, with certain algos we * know it's because all servers are full. */ if (s->be->queue.length && s->be->queue.length != s->be->beconn && (((s->be->lbprm.algo & (BE_LB_KIND|BE_LB_NEED|BE_LB_PARM)) == BE_LB_ALGO_FAS)|| // first ((s->be->lbprm.algo & (BE_LB_KIND|BE_LB_NEED|BE_LB_PARM)) == BE_LB_ALGO_RR) || // roundrobin ((s->be->lbprm.algo & (BE_LB_KIND|BE_LB_NEED|BE_LB_PARM)) == BE_LB_ALGO_SRR))) { // static-rr err = SRV_STATUS_FULL; goto out; } /* First check whether we need to fetch some data or simply call * the LB lookup function. Only the hashing functions will need * some input data in fact, and will support multiple algorithms. */ switch (s->be->lbprm.algo & BE_LB_LKUP) { case BE_LB_LKUP_RRTREE: srv = fwrr_get_next_server(s->be, prev_srv); break; case BE_LB_LKUP_FSTREE: srv = fas_get_next_server(s->be, prev_srv); break; case BE_LB_LKUP_LCTREE: srv = fwlc_get_next_server(s->be, prev_srv); break; case BE_LB_LKUP_CHTREE: case BE_LB_LKUP_MAP: if ((s->be->lbprm.algo & BE_LB_KIND) == BE_LB_KIND_RR) { /* static-rr (map) or random (chash) */ if ((s->be->lbprm.algo & BE_LB_PARM) == BE_LB_RR_RANDOM) srv = get_server_rnd(s, prev_srv); else srv = map_get_server_rr(s->be, prev_srv); break; } else if ((s->be->lbprm.algo & BE_LB_KIND) != BE_LB_KIND_HI) { /* unknown balancing algorithm */ err = SRV_STATUS_INTERNAL; goto out; } switch (s->be->lbprm.algo & BE_LB_PARM) { const struct sockaddr_storage *src; case BE_LB_HASH_SRC: src = sc_src(s->scf); if (src && src->ss_family == AF_INET) { srv = get_server_sh(s->be, (void *)&((struct sockaddr_in *)src)->sin_addr, 4, prev_srv); } else if (src && src->ss_family == AF_INET6) { srv = get_server_sh(s->be, (void *)&((struct sockaddr_in6 *)src)->sin6_addr, 16, prev_srv); } break; case BE_LB_HASH_URI: /* URI hashing */ if (IS_HTX_STRM(s) && s->txn->req.msg_state >= HTTP_MSG_BODY) { struct ist uri; uri = htx_sl_req_uri(http_get_stline(htxbuf(&s->req.buf))); if (s->be->lbprm.arg_opt1 & 2) { struct http_uri_parser parser = http_uri_parser_init(uri); uri = http_parse_path(&parser); if (!isttest(uri)) uri = ist(""); } srv = get_server_uh(s->be, uri.ptr, uri.len, prev_srv); } break; case BE_LB_HASH_PRM: /* URL Parameter hashing */ if (IS_HTX_STRM(s) && s->txn->req.msg_state >= HTTP_MSG_BODY) { struct ist uri; uri = htx_sl_req_uri(http_get_stline(htxbuf(&s->req.buf))); srv = get_server_ph(s->be, uri.ptr, uri.len, prev_srv); if (!srv && s->txn->meth == HTTP_METH_POST) srv = get_server_ph_post(s, prev_srv); } break; case BE_LB_HASH_HDR: /* Header Parameter hashing */ if (IS_HTX_STRM(s) && s->txn->req.msg_state >= HTTP_MSG_BODY) srv = get_server_hh(s, prev_srv); break; case BE_LB_HASH_RDP: /* RDP Cookie hashing */ srv = get_server_rch(s, prev_srv); break; case BE_LB_HASH_SMP: /* sample expression hashing */ srv = get_server_expr(s, prev_srv); break; default: /* unknown balancing algorithm */ err = SRV_STATUS_INTERNAL; goto out; } /* If the hashing parameter was not found, let's fall * back to round robin on the map. */ if (!srv) { if ((s->be->lbprm.algo & BE_LB_LKUP) == BE_LB_LKUP_CHTREE) srv = chash_get_next_server(s->be, prev_srv); else srv = map_get_server_rr(s->be, prev_srv); } /* end of map-based LB */ break; default: /* unknown balancing algorithm */ err = SRV_STATUS_INTERNAL; goto out; } if (!srv) { err = SRV_STATUS_FULL; goto out; } else if (srv != prev_srv) { _HA_ATOMIC_INC(&s->be->be_counters.cum_lbconn); _HA_ATOMIC_INC(&srv->counters.cum_lbconn); } s->target = &srv->obj_type; } else if (s->be->options & (PR_O_DISPATCH | PR_O_TRANSP)) { s->target = &s->be->obj_type; } else { err = SRV_STATUS_NOSRV; goto out; } out_ok: s->flags |= SF_ASSIGNED; err = SRV_STATUS_OK; out: /* Either we take back our connection slot, or we offer it to someone * else if we don't need it anymore. */ if (conn_slot) { if (conn_slot == srv) { sess_change_server(s, srv); } else { if (may_dequeue_tasks(conn_slot, s->be)) process_srv_queue(conn_slot); } } out_err: return err; } /* Allocate an address for the destination endpoint * The address is taken from the currently assigned server, or from the * dispatch or transparent address. * * Returns SRV_STATUS_OK on success. Does nothing if the address was * already set. * On error, no address is allocated and SRV_STATUS_INTERNAL is returned. */ static int alloc_dst_address(struct sockaddr_storage **ss, struct server *srv, struct stream *s) { const struct sockaddr_storage *dst; if (*ss) return SRV_STATUS_OK; if ((s->flags & SF_DIRECT) || (s->be->lbprm.algo & BE_LB_KIND)) { /* A server is necessarily known for this stream */ if (!(s->flags & SF_ASSIGNED)) return SRV_STATUS_INTERNAL; if (!sockaddr_alloc(ss, NULL, 0)) return SRV_STATUS_INTERNAL; **ss = srv->addr; set_host_port(*ss, srv->svc_port); if (!is_addr(*ss)) { /* if the server has no address, we use the same address * the client asked, which is handy for remapping ports * locally on multiple addresses at once. Nothing is done * for AF_UNIX addresses. */ dst = sc_dst(s->scf); if (dst && dst->ss_family == AF_INET) { ((struct sockaddr_in *)*ss)->sin_family = AF_INET; ((struct sockaddr_in *)*ss)->sin_addr = ((struct sockaddr_in *)dst)->sin_addr; } else if (dst && dst->ss_family == AF_INET6) { ((struct sockaddr_in6 *)*ss)->sin6_family = AF_INET6; ((struct sockaddr_in6 *)*ss)->sin6_addr = ((struct sockaddr_in6 *)dst)->sin6_addr; } } /* if this server remaps proxied ports, we'll use * the port the client connected to with an offset. */ if ((srv->flags & SRV_F_MAPPORTS)) { int base_port; dst = sc_dst(s->scf); if (dst) { /* First, retrieve the port from the incoming connection */ base_port = get_host_port(dst); /* Second, assign the outgoing connection's port */ base_port += get_host_port(*ss); set_host_port(*ss, base_port); } } } else if (s->be->options & PR_O_DISPATCH) { if (!sockaddr_alloc(ss, NULL, 0)) return SRV_STATUS_INTERNAL; /* connect to the defined dispatch addr */ **ss = s->be->dispatch_addr; } else if ((s->be->options & PR_O_TRANSP)) { if (!sockaddr_alloc(ss, NULL, 0)) return SRV_STATUS_INTERNAL; /* in transparent mode, use the original dest addr if no dispatch specified */ dst = sc_dst(s->scf); if (dst && (dst->ss_family == AF_INET || dst->ss_family == AF_INET6)) **ss = *dst; } else { /* no server and no LB algorithm ! */ return SRV_STATUS_INTERNAL; } return SRV_STATUS_OK; } /* This function assigns a server to stream if required, and can add the * connection to either the assigned server's queue or to the proxy's queue. * If ->srv_conn is set, the stream is first released from the server. * It may also be called with SF_DIRECT and/or SF_ASSIGNED though. It will * be called before any connection and after any retry or redispatch occurs. * * It is not allowed to call this function with a stream in a queue. * * Returns : * * SRV_STATUS_OK if everything is OK. * SRV_STATUS_NOSRV if no server is available. objt_server(s->target) = NULL. * SRV_STATUS_QUEUED if the connection has been queued. * SRV_STATUS_FULL if the server(s) is/are saturated and the * connection could not be queued at the server's, * which may be NULL if we queue on the backend. * SRV_STATUS_INTERNAL for other unrecoverable errors. * */ int assign_server_and_queue(struct stream *s) { struct pendconn *p; struct server *srv; int err; if (s->pend_pos) return SRV_STATUS_INTERNAL; err = SRV_STATUS_OK; if (!(s->flags & SF_ASSIGNED)) { struct server *prev_srv = objt_server(s->target); err = assign_server(s); if (prev_srv) { /* This stream was previously assigned to a server. We have to * update the stream's and the server's stats : * - if the server changed : * - set TX_CK_DOWN if txn.flags was TX_CK_VALID * - set SF_REDISP if it was successfully redispatched * - increment srv->redispatches and be->redispatches * - if the server remained the same : update retries. */ if (prev_srv != objt_server(s->target)) { if (s->txn && (s->txn->flags & TX_CK_MASK) == TX_CK_VALID) { s->txn->flags &= ~TX_CK_MASK; s->txn->flags |= TX_CK_DOWN; } s->flags |= SF_REDISP; _HA_ATOMIC_INC(&prev_srv->counters.redispatches); _HA_ATOMIC_INC(&s->be->be_counters.redispatches); } else { _HA_ATOMIC_INC(&prev_srv->counters.retries); _HA_ATOMIC_INC(&s->be->be_counters.retries); } } } switch (err) { case SRV_STATUS_OK: /* we have SF_ASSIGNED set */ srv = objt_server(s->target); if (!srv) return SRV_STATUS_OK; /* dispatch or proxy mode */ /* If we already have a connection slot, no need to check any queue */ if (s->srv_conn == srv) return SRV_STATUS_OK; /* OK, this stream already has an assigned server, but no * connection slot yet. Either it is a redispatch, or it was * assigned from persistence information (direct mode). */ if ((s->flags & SF_REDIRECTABLE) && srv->rdr_len) { /* server scheduled for redirection, and already assigned. We * don't want to go further nor check the queue. */ sess_change_server(s, srv); /* not really needed in fact */ return SRV_STATUS_OK; } /* We might have to queue this stream if the assigned server is full. * We know we have to queue it into the server's queue, so if a maxqueue * is set on the server, we must also check that the server's queue is * not full, in which case we have to return FULL. */ if (srv->maxconn && (srv->queue.length || srv->served >= srv_dynamic_maxconn(srv))) { if (srv->maxqueue > 0 && srv->queue.length >= srv->maxqueue) return SRV_STATUS_FULL; p = pendconn_add(s); if (p) return SRV_STATUS_QUEUED; else return SRV_STATUS_INTERNAL; } /* OK, we can use this server. Let's reserve our place */ sess_change_server(s, srv); return SRV_STATUS_OK; case SRV_STATUS_FULL: /* queue this stream into the proxy's queue */ p = pendconn_add(s); if (p) return SRV_STATUS_QUEUED; else return SRV_STATUS_INTERNAL; case SRV_STATUS_NOSRV: return err; case SRV_STATUS_INTERNAL: return err; default: return SRV_STATUS_INTERNAL; } } /* Allocate an address if an explicit source address must be used for a backend * connection. * * Two parameters are taken into account to check if specific source address is * configured. The first one is which is the server instance to connect * to. It may be NULL when dispatching is used. The second one is the * backend instance which contains the target server or dispatch. * * A stream instance can be used to set the stream owner of the backend * connection. It is a required parameter if the source address is a dynamic * parameter. * * Returns SRV_STATUS_OK if either no specific source address specified or its * allocation is done correctly. On error returns SRV_STATUS_INTERNAL. */ int alloc_bind_address(struct sockaddr_storage **ss, struct server *srv, struct proxy *be, struct stream *s) { #if defined(CONFIG_HAP_TRANSPARENT) const struct sockaddr_storage *addr; struct conn_src *src = NULL; struct sockaddr_in *sin; char *vptr; size_t vlen; #endif /* Ensure the function will not overwrite an allocated address. */ BUG_ON(*ss); #if defined(CONFIG_HAP_TRANSPARENT) if (srv && srv->conn_src.opts & CO_SRC_BIND) src = &srv->conn_src; else if (be->conn_src.opts & CO_SRC_BIND) src = &be->conn_src; /* no transparent mode, no need to allocate an address, returns OK */ if (!src) return SRV_STATUS_OK; switch (src->opts & CO_SRC_TPROXY_MASK) { case CO_SRC_TPROXY_ADDR: if (!sockaddr_alloc(ss, NULL, 0)) return SRV_STATUS_INTERNAL; **ss = src->tproxy_addr; break; case CO_SRC_TPROXY_CLI: case CO_SRC_TPROXY_CIP: BUG_ON(!s); /* Dynamic source setting requires a stream instance. */ /* FIXME: what can we do if the client connects in IPv6 or unix socket ? */ addr = sc_src(s->scf); if (!addr) return SRV_STATUS_INTERNAL; if (!sockaddr_alloc(ss, NULL, 0)) return SRV_STATUS_INTERNAL; **ss = *addr; break; case CO_SRC_TPROXY_DYN: BUG_ON(!s); /* Dynamic source setting requires a stream instance. */ if (!src->bind_hdr_occ || !IS_HTX_STRM(s)) return SRV_STATUS_INTERNAL; if (!sockaddr_alloc(ss, NULL, 0)) return SRV_STATUS_INTERNAL; /* bind to the IP in a header */ sin = (struct sockaddr_in *)*ss; sin->sin_family = AF_INET; sin->sin_port = 0; sin->sin_addr.s_addr = 0; if (!http_get_htx_hdr(htxbuf(&s->req.buf), ist2(src->bind_hdr_name, src->bind_hdr_len), src->bind_hdr_occ, NULL, &vptr, &vlen)) { sockaddr_free(ss); return SRV_STATUS_INTERNAL; } sin->sin_addr.s_addr = htonl(inetaddr_host_lim(vptr, vptr + vlen)); break; default: ; } #endif return SRV_STATUS_OK; } /* Attempt to get a backend connection from the specified mt_list array * (safe or idle connections). The argument means what type of * connection the caller wants. */ struct connection *conn_backend_get(struct stream *s, struct server *srv, int is_safe, int64_t hash) { struct connection *conn = NULL; int i; // thread number int found = 0; int stop; /* We need to lock even if this is our own list, because another * thread may be trying to migrate that connection, and we don't want * to end up with two threads using the same connection. */ i = tid; HA_SPIN_LOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock); conn = srv_lookup_conn(is_safe ? &srv->per_thr[tid].safe_conns : &srv->per_thr[tid].idle_conns, hash); if (conn) conn_delete_from_tree(conn); /* If we failed to pick a connection from the idle list, let's try again with * the safe list. */ if (!conn && !is_safe && srv->curr_safe_nb > 0) { conn = srv_lookup_conn(&srv->per_thr[tid].safe_conns, hash); if (conn) { conn_delete_from_tree(conn); is_safe = 1; } } HA_SPIN_UNLOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock); /* If we found a connection in our own list, and we don't have to * steal one from another thread, then we're done. */ if (conn) goto done; /* pool sharing globally disabled ? */ if (!(global.tune.options & GTUNE_IDLE_POOL_SHARED)) goto done; /* Are we allowed to pick from another thread ? We'll still try * it if we're running low on FDs as we don't want to create * extra conns in this case, otherwise we can give up if we have * too few idle conns and the server protocol supports establishing * connections (i.e. not a reverse-http server for example). */ if (srv->curr_idle_conns < srv->low_idle_conns && ha_used_fds < global.tune.pool_low_count) { const struct protocol *srv_proto = protocol_lookup(srv->addr.ss_family, PROTO_TYPE_STREAM, 0); if (srv_proto && srv_proto->connect) goto done; } /* Lookup all other threads for an idle connection, starting from last * unvisited thread, but always staying in the same group. */ stop = srv->per_tgrp[tgid - 1].next_takeover; if (stop >= tg->count) stop %= tg->count; stop += tg->base; i = stop; do { if (!srv->curr_idle_thr[i] || i == tid) continue; if (HA_SPIN_TRYLOCK(IDLE_CONNS_LOCK, &idle_conns[i].idle_conns_lock) != 0) continue; conn = srv_lookup_conn(is_safe ? &srv->per_thr[i].safe_conns : &srv->per_thr[i].idle_conns, hash); while (conn) { if (conn->mux->takeover && conn->mux->takeover(conn, i) == 0) { conn_delete_from_tree(conn); _HA_ATOMIC_INC(&activity[tid].fd_takeover); found = 1; break; } conn = srv_lookup_conn_next(conn); } if (!found && !is_safe && srv->curr_safe_nb > 0) { conn = srv_lookup_conn(&srv->per_thr[i].safe_conns, hash); while (conn) { if (conn->mux->takeover && conn->mux->takeover(conn, i) == 0) { conn_delete_from_tree(conn); _HA_ATOMIC_INC(&activity[tid].fd_takeover); found = 1; is_safe = 1; break; } conn = srv_lookup_conn_next(conn); } } HA_SPIN_UNLOCK(IDLE_CONNS_LOCK, &idle_conns[i].idle_conns_lock); } while (!found && (i = (i + 1 == tg->base + tg->count) ? tg->base : i + 1) != stop); if (!found) conn = NULL; done: if (conn) { _HA_ATOMIC_STORE(&srv->per_tgrp[tgid - 1].next_takeover, (i + 1 == tg->base + tg->count) ? tg->base : i + 1); srv_use_conn(srv, conn); _HA_ATOMIC_DEC(&srv->curr_idle_conns); _HA_ATOMIC_DEC(conn->flags & CO_FL_SAFE_LIST ? &srv->curr_safe_nb : &srv->curr_idle_nb); _HA_ATOMIC_DEC(&srv->curr_idle_thr[i]); conn->flags &= ~CO_FL_LIST_MASK; __ha_barrier_atomic_store(); if ((s->be->options & PR_O_REUSE_MASK) == PR_O_REUSE_SAFE && conn->mux->flags & MX_FL_HOL_RISK) { /* attach the connection to the session private list */ conn->owner = s->sess; session_add_conn(s->sess, conn, conn->target); } else { srv_add_to_avail_list(srv, conn); } } return conn; } static int do_connect_server(struct stream *s, struct connection *conn) { int ret = SF_ERR_NONE; int conn_flags = 0; if (unlikely(!conn || !conn->ctrl || !conn->ctrl->connect)) return SF_ERR_INTERNAL; if (co_data(&s->res)) conn_flags |= CONNECT_HAS_DATA; if (s->conn_retries == s->be->conn_retries) conn_flags |= CONNECT_CAN_USE_TFO; if (!conn_ctrl_ready(conn) || !conn_xprt_ready(conn)) { ret = conn->ctrl->connect(conn, conn_flags); if (ret != SF_ERR_NONE) return ret; /* we're in the process of establishing a connection */ s->scb->state = SC_ST_CON; } else { /* try to reuse the existing connection, it will be * confirmed once we can send on it. */ /* Is the connection really ready ? */ if (conn->mux->ctl(conn, MUX_CTL_STATUS, NULL) & MUX_STATUS_READY) s->scb->state = SC_ST_RDY; else s->scb->state = SC_ST_CON; } /* needs src ip/port for logging */ if (s->flags & SF_SRC_ADDR) conn_get_src(conn); return ret; } /* * This function initiates a connection to the server assigned to this stream * (s->target, (s->scb)->addr.to). It will assign a server if none * is assigned yet. * It can return one of : * - SF_ERR_NONE if everything's OK * - SF_ERR_SRVTO if there are no more servers * - SF_ERR_SRVCL if the connection was refused by the server * - SF_ERR_PRXCOND if the connection has been limited by the proxy (maxconn) * - SF_ERR_RESOURCE if a system resource is lacking (eg: fd limits, ports, ...) * - SF_ERR_INTERNAL for any other purely internal errors * Additionally, in the case of SF_ERR_RESOURCE, an emergency log will be emitted. * The server-facing stream connector is expected to hold a pre-allocated connection. */ int connect_server(struct stream *s) { struct connection *cli_conn = objt_conn(strm_orig(s)); struct connection *srv_conn = NULL; struct server *srv; int reuse_mode = s->be->options & PR_O_REUSE_MASK; int reuse = 0; int init_mux = 0; int err; #ifdef USE_OPENSSL struct sample *sni_smp = NULL; #endif struct sockaddr_storage *bind_addr = NULL; int proxy_line_ret; int64_t hash = 0; struct conn_hash_params hash_params; /* in standard configuration, srv will be valid * it can be NULL for dispatch mode or transparent backend */ srv = objt_server(s->target); /* Override reuse-mode if reverse-connect is used. */ if (srv && srv->flags & SRV_F_RHTTP) reuse_mode = PR_O_REUSE_ALWS; err = alloc_dst_address(&s->scb->dst, srv, s); if (err != SRV_STATUS_OK) return SF_ERR_INTERNAL; err = alloc_bind_address(&bind_addr, srv, s->be, s); if (err != SRV_STATUS_OK) return SF_ERR_INTERNAL; #ifdef USE_OPENSSL if (srv && srv->ssl_ctx.sni) { sni_smp = sample_fetch_as_type(s->be, s->sess, s, SMP_OPT_DIR_REQ | SMP_OPT_FINAL, srv->ssl_ctx.sni, SMP_T_STR); } #endif /* do not reuse if mode is not http */ if (!IS_HTX_STRM(s)) { DBG_TRACE_STATE("skip idle connections reuse: no htx", STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); goto skip_reuse; } /* disable reuse if websocket stream and the protocol to use is not the * same as the main protocol of the server. */ if (unlikely(s->flags & SF_WEBSOCKET) && srv) { if (!srv_check_reuse_ws(srv)) { DBG_TRACE_STATE("skip idle connections reuse: websocket stream", STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); goto skip_reuse; } } /* first, set unique connection parameters and then calculate hash */ memset(&hash_params, 0, sizeof(hash_params)); /* 1. target */ hash_params.target = s->target; #ifdef USE_OPENSSL /* 2. sni * only test if the sample is not null as smp_make_safe (called before * ssl_sock_set_servername) can only fails if this is not the case */ if (sni_smp) { hash_params.sni_prehash = conn_hash_prehash(sni_smp->data.u.str.area, sni_smp->data.u.str.data); } #endif /* USE_OPENSSL */ /* 3. destination address */ if (srv && srv_is_transparent(srv)) hash_params.dst_addr = s->scb->dst; /* 4. source address */ hash_params.src_addr = bind_addr; /* 5. proxy protocol */ if (srv && srv->pp_opts) { proxy_line_ret = make_proxy_line(trash.area, trash.size, srv, cli_conn, s); if (proxy_line_ret) { hash_params.proxy_prehash = conn_hash_prehash(trash.area, proxy_line_ret); } } hash = conn_calculate_hash(&hash_params); /* first, search for a matching connection in the session's idle conns */ srv_conn = session_get_conn(s->sess, s->target, hash); if (srv_conn) { DBG_TRACE_STATE("reuse connection from session", STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); reuse = 1; } if (srv && !reuse && reuse_mode != PR_O_REUSE_NEVR) { /* Below we pick connections from the safe, idle or * available (which are safe too) lists based * on the strategy, the fact that this is a first or second * (retryable) request, with the indicated priority (1 or 2) : * * SAFE AGGR ALWS * * +-----+-----+ +-----+-----+ +-----+-----+ * req| 1st | 2nd | req| 1st | 2nd | req| 1st | 2nd | * ----+-----+-----+ ----+-----+-----+ ----+-----+-----+ * safe| - | 2 | safe| 1 | 2 | safe| 1 | 2 | * ----+-----+-----+ ----+-----+-----+ ----+-----+-----+ * idle| - | 1 | idle| - | 1 | idle| 2 | 1 | * ----+-----+-----+ ----+-----+-----+ ----+-----+-----+ * * Idle conns are necessarily looked up on the same thread so * that there is no concurrency issues. */ if (!eb_is_empty(&srv->per_thr[tid].avail_conns)) { srv_conn = srv_lookup_conn(&srv->per_thr[tid].avail_conns, hash); if (srv_conn) { /* connection cannot be in idle list if used as an avail idle conn. */ BUG_ON(LIST_INLIST(&srv_conn->idle_list)); DBG_TRACE_STATE("reuse connection from avail", STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); reuse = 1; } } /* if no available connections found, search for an idle/safe */ if (!srv_conn && srv->max_idle_conns && srv->curr_idle_conns > 0) { const int not_first_req = s->txn && s->txn->flags & TX_NOT_FIRST; const int idle = srv->curr_idle_nb > 0; const int safe = srv->curr_safe_nb > 0; const int retry_safe = (s->be->retry_type & (PR_RE_CONN_FAILED | PR_RE_DISCONNECTED | PR_RE_TIMEOUT)) == (PR_RE_CONN_FAILED | PR_RE_DISCONNECTED | PR_RE_TIMEOUT); /* second column of the tables above, * search for an idle then safe conn */ if (not_first_req || retry_safe) { if (idle || safe) srv_conn = conn_backend_get(s, srv, 0, hash); } /* first column of the tables above */ else if (reuse_mode >= PR_O_REUSE_AGGR) { /* search for a safe conn */ if (safe) srv_conn = conn_backend_get(s, srv, 1, hash); /* search for an idle conn if no safe conn found * on always reuse mode */ if (!srv_conn && reuse_mode == PR_O_REUSE_ALWS && idle) { /* TODO conn_backend_get should not check the * safe list is this case */ srv_conn = conn_backend_get(s, srv, 0, hash); } } if (srv_conn) { DBG_TRACE_STATE("reuse connection from idle/safe", STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); reuse = 1; } } } /* here reuse might have been set above, indicating srv_conn finally * is OK. */ if (ha_used_fds > global.tune.pool_high_count && srv) { struct connection *tokill_conn = NULL; /* We can't reuse a connection, and e have more FDs than deemd * acceptable, attempt to kill an idling connection */ /* First, try from our own idle list */ HA_SPIN_LOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock); if (!LIST_ISEMPTY(&srv->per_thr[tid].idle_conn_list)) { tokill_conn = LIST_ELEM(srv->per_thr[tid].idle_conn_list.n, struct connection *, idle_list); conn_delete_from_tree(tokill_conn); HA_SPIN_UNLOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock); /* Release the idle lock before calling mux->destroy. * It will in turn call srv_release_conn through * conn_free which also uses it. */ tokill_conn->mux->destroy(tokill_conn->ctx); } else { HA_SPIN_UNLOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock); } /* If not, iterate over other thread's idling pool, and try to grab one */ if (!tokill_conn) { int i; for (i = tid; (i = ((i + 1 == global.nbthread) ? 0 : i + 1)) != tid;) { // just silence stupid gcc which reports an absurd // out-of-bounds warning for which is always // exactly zero without threads, but it seems to // see it possibly larger. ALREADY_CHECKED(i); if (HA_SPIN_TRYLOCK(IDLE_CONNS_LOCK, &idle_conns[i].idle_conns_lock) != 0) continue; if (!LIST_ISEMPTY(&srv->per_thr[i].idle_conn_list)) { tokill_conn = LIST_ELEM(srv->per_thr[i].idle_conn_list.n, struct connection *, idle_list); conn_delete_from_tree(tokill_conn); } HA_SPIN_UNLOCK(IDLE_CONNS_LOCK, &idle_conns[i].idle_conns_lock); if (tokill_conn) { /* We got one, put it into the concerned thread's to kill list, and wake it's kill task */ MT_LIST_APPEND(&idle_conns[i].toremove_conns, &tokill_conn->toremove_list); task_wakeup(idle_conns[i].cleanup_task, TASK_WOKEN_OTHER); break; } } } } if (reuse) { if (srv_conn->mux) { int avail = srv_conn->mux->avail_streams(srv_conn); if (avail <= 1) { /* No more streams available, remove it from the list */ HA_SPIN_LOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock); conn_delete_from_tree(srv_conn); HA_SPIN_UNLOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock); } if (avail >= 1) { if (srv_conn->mux->attach(srv_conn, s->scb->sedesc, s->sess) == -1) { srv_conn = NULL; if (sc_reset_endp(s->scb) < 0) return SF_ERR_INTERNAL; sc_ep_clr(s->scb, ~SE_FL_DETACHED); } } else srv_conn = NULL; } /* otherwise srv_conn is left intact */ } else srv_conn = NULL; skip_reuse: /* no reuse or failed to reuse the connection above, pick a new one */ if (!srv_conn) { if (srv && (srv->flags & SRV_F_RHTTP)) { DBG_TRACE_USER("cannot open a new connection for reverse server", STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); s->conn_err_type = STRM_ET_CONN_ERR; return SF_ERR_INTERNAL; } srv_conn = conn_new(s->target); if (srv_conn) { DBG_TRACE_STATE("alloc new be connection", STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); srv_conn->owner = s->sess; /* connection will be attached to the session if * http-reuse mode is never or it is not targeted to a * server */ if (reuse_mode == PR_O_REUSE_NEVR || !srv) conn_set_private(srv_conn); /* assign bind_addr to srv_conn */ srv_conn->src = bind_addr; bind_addr = NULL; srv_conn->hash_node->node.key = hash; } } /* if bind_addr is non NULL free it */ sockaddr_free(&bind_addr); /* srv_conn is still NULL only on allocation failure */ if (!srv_conn) return SF_ERR_RESOURCE; /* copy the target address into the connection */ *srv_conn->dst = *s->scb->dst; /* Copy network namespace from client connection */ srv_conn->proxy_netns = cli_conn ? cli_conn->proxy_netns : NULL; if (!srv_conn->xprt) { /* set the correct protocol on the output stream connector */ if (srv) { if (conn_prepare(srv_conn, protocol_lookup(srv_conn->dst->ss_family, PROTO_TYPE_STREAM, 0), srv->xprt)) { conn_free(srv_conn); return SF_ERR_INTERNAL; } } else if (obj_type(s->target) == OBJ_TYPE_PROXY) { int ret; /* proxies exclusively run on raw_sock right now */ ret = conn_prepare(srv_conn, protocol_lookup(srv_conn->dst->ss_family, PROTO_TYPE_STREAM, 0), xprt_get(XPRT_RAW)); if (ret < 0 || !(srv_conn->ctrl)) { conn_free(srv_conn); return SF_ERR_INTERNAL; } } else { conn_free(srv_conn); return SF_ERR_INTERNAL; /* how did we get there ? */ } if (sc_attach_mux(s->scb, NULL, srv_conn) < 0) { conn_free(srv_conn); return SF_ERR_INTERNAL; /* how did we get there ? */ } srv_conn->ctx = s->scb; #if defined(USE_OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation) if (!srv || (srv->use_ssl != 1 || (!(srv->ssl_ctx.alpn_str) && !(srv->ssl_ctx.npn_str)) || srv->mux_proto || !IS_HTX_STRM(s))) #endif init_mux = 1; /* process the case where the server requires the PROXY protocol to be sent */ srv_conn->send_proxy_ofs = 0; if (srv && srv->pp_opts) { srv_conn->flags |= CO_FL_SEND_PROXY; srv_conn->send_proxy_ofs = 1; /* must compute size */ } if (srv && (srv->flags & SRV_F_SOCKS4_PROXY)) { srv_conn->send_proxy_ofs = 1; srv_conn->flags |= CO_FL_SOCKS4; } #if defined(USE_OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation) /* if websocket stream, try to update connection ALPN. */ if (unlikely(s->flags & SF_WEBSOCKET) && srv && srv->use_ssl && srv->ssl_ctx.alpn_str) { char *alpn = ""; int force = 0; switch (srv->ws) { case SRV_WS_AUTO: alpn = "\x08http/1.1"; force = 0; break; case SRV_WS_H1: alpn = "\x08http/1.1"; force = 1; break; case SRV_WS_H2: alpn = "\x02h2"; force = 1; break; } if (!conn_update_alpn(srv_conn, ist(alpn), force)) DBG_TRACE_STATE("update alpn for websocket", STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); } #endif } else { s->flags |= SF_SRV_REUSED; /* Currently there seems to be no known cases of xprt ready * without the mux installed here. */ BUG_ON(!srv_conn->mux); if (!(srv_conn->mux->ctl(srv_conn, MUX_CTL_STATUS, NULL) & MUX_STATUS_READY)) s->flags |= SF_SRV_REUSED_ANTICIPATED; } /* flag for logging source ip/port */ if (strm_fe(s)->options2 & PR_O2_SRC_ADDR) s->flags |= SF_SRC_ADDR; /* disable lingering */ if (s->be->options & PR_O_TCP_NOLING) s->scb->flags |= SC_FL_NOLINGER; if (s->flags & SF_SRV_REUSED) { _HA_ATOMIC_INC(&s->be->be_counters.reuse); if (srv) _HA_ATOMIC_INC(&srv->counters.reuse); } else { _HA_ATOMIC_INC(&s->be->be_counters.connect); if (srv) _HA_ATOMIC_INC(&srv->counters.connect); } err = do_connect_server(s, srv_conn); if (err != SF_ERR_NONE) return err; #ifdef USE_OPENSSL if (!(s->flags & SF_SRV_REUSED)) { if (smp_make_safe(sni_smp)) ssl_sock_set_servername(srv_conn, sni_smp->data.u.str.area); } #endif /* USE_OPENSSL */ /* The CO_FL_SEND_PROXY flag may have been set by the connect method, * if so, add our handshake pseudo-XPRT now. */ if ((srv_conn->flags & CO_FL_HANDSHAKE)) { if (xprt_add_hs(srv_conn) < 0) { conn_full_close(srv_conn); return SF_ERR_INTERNAL; } } conn_xprt_start(srv_conn); /* We have to defer the mux initialization until after si_connect() * has been called, as we need the xprt to have been properly * initialized, or any attempt to recv during the mux init may * fail, and flag the connection as CO_FL_ERROR. */ if (init_mux) { const struct mux_ops *alt_mux = likely(!(s->flags & SF_WEBSOCKET)) ? NULL : srv_get_ws_proto(srv); if (conn_install_mux_be(srv_conn, s->scb, s->sess, alt_mux) < 0) { conn_full_close(srv_conn); return SF_ERR_INTERNAL; } if (IS_HTX_STRM(s)) { /* If we're doing http-reuse always, and the connection * is not private with available streams (an http2 * connection), add it to the available list, so that * others can use it right away. If the connection is * private or we're doing http-reuse safe and the mux * protocol supports multiplexing, add it in the * session server list. */ if (srv && reuse_mode == PR_O_REUSE_ALWS && !(srv_conn->flags & CO_FL_PRIVATE) && srv_conn->mux->avail_streams(srv_conn) > 0) { srv_add_to_avail_list(srv, srv_conn); } else if (srv_conn->flags & CO_FL_PRIVATE || (reuse_mode == PR_O_REUSE_SAFE && srv_conn->mux->flags & MX_FL_HOL_RISK)) { /* If it fail now, the same will be done in mux->detach() callback */ session_add_conn(s->sess, srv_conn, srv_conn->target); } } } #if defined(USE_OPENSSL) && (defined(OPENSSL_IS_BORINGSSL) || (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)) if (!reuse && cli_conn && srv && srv_conn->mux && (srv->ssl_ctx.options & SRV_SSL_O_EARLY_DATA) && /* Only attempt to use early data if either the client sent * early data, so that we know it can handle a 425, or if * we are allowed to retry requests on early data failure, and * it's our first try */ ((cli_conn->flags & CO_FL_EARLY_DATA) || ((s->be->retry_type & PR_RE_EARLY_ERROR) && !s->conn_retries)) && co_data(sc_oc(s->scb)) && srv_conn->flags & CO_FL_SSL_WAIT_HS) srv_conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN); #endif /* set connect timeout */ s->conn_exp = tick_add_ifset(now_ms, s->be->timeout.connect); if (srv) { int count; s->flags |= SF_CURR_SESS; count = _HA_ATOMIC_ADD_FETCH(&srv->cur_sess, 1); HA_ATOMIC_UPDATE_MAX(&srv->counters.cur_sess_max, count); if (s->be->lbprm.server_take_conn) s->be->lbprm.server_take_conn(srv); } /* Now handle synchronously connected sockets. We know the stream connector * is at least in state SC_ST_CON. These ones typically are UNIX * sockets, socket pairs, andoccasionally TCP connections on the * loopback on a heavily loaded system. */ if (srv_conn->flags & CO_FL_ERROR) s->scb->flags |= SC_FL_ERROR; /* If we had early data, and the handshake ended, then * we can remove the flag, and attempt to wake the task up, * in the event there's an analyser waiting for the end of * the handshake. */ if (!(srv_conn->flags & (CO_FL_WAIT_XPRT | CO_FL_EARLY_SSL_HS))) sc_ep_clr(s->scb, SE_FL_WAIT_FOR_HS); if (!sc_state_in(s->scb->state, SC_SB_EST|SC_SB_DIS|SC_SB_CLO) && (srv_conn->flags & CO_FL_WAIT_XPRT) == 0) { s->conn_exp = TICK_ETERNITY; sc_oc(s->scb)->flags |= CF_WRITE_EVENT; if (s->scb->state == SC_ST_CON) s->scb->state = SC_ST_RDY; } /* Report EOI on the channel if it was reached from the mux point of * view. * * Note: This test is only required because si_cs_process is also the SI * wake callback. Otherwise si_cs_recv()/si_cs_send() already take * care of it. */ if (sc_ep_test(s->scb, SE_FL_EOI) && !(s->scb->flags & SC_FL_EOI)) { s->scb->flags |= SC_FL_EOI; sc_ic(s->scb)->flags |= CF_READ_EVENT; } /* catch all sync connect while the mux is not already installed */ if (!srv_conn->mux && !(srv_conn->flags & CO_FL_WAIT_XPRT)) { if (conn_create_mux(srv_conn) < 0) { conn_full_close(srv_conn); return SF_ERR_INTERNAL; } } return SF_ERR_NONE; /* connection is OK */ } /* This function performs the "redispatch" part of a connection attempt. It * will assign a server if required, queue the connection if required, and * handle errors that might arise at this level. It can change the server * state. It will return 1 if it encounters an error, switches the server * state, or has to queue a connection. Otherwise, it will return 0 indicating * that the connection is ready to use. */ int srv_redispatch_connect(struct stream *s) { struct server *srv; int conn_err; /* We know that we don't have any connection pending, so we will * try to get a new one, and wait in this state if it's queued */ redispatch: conn_err = assign_server_and_queue(s); srv = objt_server(s->target); switch (conn_err) { case SRV_STATUS_OK: break; case SRV_STATUS_FULL: /* The server has reached its maxqueue limit. Either PR_O_REDISP is set * and we can redispatch to another server, or it is not and we return * 503. This only makes sense in DIRECT mode however, because normal LB * algorithms would never select such a server, and hash algorithms * would bring us on the same server again. Note that s->target is set * in this case. */ if (((s->flags & (SF_DIRECT|SF_FORCE_PRST)) == SF_DIRECT) && (s->be->options & PR_O_REDISP)) { s->flags &= ~(SF_DIRECT | SF_ASSIGNED); sockaddr_free(&s->scb->dst); goto redispatch; } if (!s->conn_err_type) { s->conn_err_type = STRM_ET_QUEUE_ERR; } _HA_ATOMIC_INC(&srv->counters.failed_conns); _HA_ATOMIC_INC(&s->be->be_counters.failed_conns); return 1; case SRV_STATUS_NOSRV: /* note: it is guaranteed that srv == NULL here */ if (!s->conn_err_type) { s->conn_err_type = STRM_ET_CONN_ERR; } _HA_ATOMIC_INC(&s->be->be_counters.failed_conns); return 1; case SRV_STATUS_QUEUED: s->conn_exp = tick_add_ifset(now_ms, s->be->timeout.queue); s->scb->state = SC_ST_QUE; /* do nothing else and do not wake any other stream up */ return 1; case SRV_STATUS_INTERNAL: default: if (!s->conn_err_type) { s->conn_err_type = STRM_ET_CONN_OTHER; } if (srv) srv_inc_sess_ctr(srv); if (srv) srv_set_sess_last(srv); if (srv) _HA_ATOMIC_INC(&srv->counters.failed_conns); _HA_ATOMIC_INC(&s->be->be_counters.failed_conns); /* release other streams waiting for this server */ if (may_dequeue_tasks(srv, s->be)) process_srv_queue(srv); return 1; } /* if we get here, it's because we got SRV_STATUS_OK, which also * means that the connection has not been queued. */ return 0; } /* Check if the connection request is in such a state that it can be aborted. */ static int back_may_abort_req(struct channel *req, struct stream *s) { return ((s->scf->flags & SC_FL_ERROR) || ((s->scb->flags & (SC_FL_SHUT_WANTED|SC_FL_SHUT_DONE)) && /* empty and client aborted */ (!co_data(req) || (s->be->options & PR_O_ABRT_CLOSE)))); } /* Update back stream connector status for input states SC_ST_ASS, SC_ST_QUE, * SC_ST_TAR. Other input states are simply ignored. * Possible output states are SC_ST_CLO, SC_ST_TAR, SC_ST_ASS, SC_ST_REQ, SC_ST_CON * and SC_ST_EST. Flags must have previously been updated for timeouts and other * conditions. */ void back_try_conn_req(struct stream *s) { struct server *srv = objt_server(s->target); struct stconn *sc = s->scb; struct channel *req = &s->req; DBG_TRACE_ENTER(STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); if (sc->state == SC_ST_ASS) { /* Server assigned to connection request, we have to try to connect now */ int conn_err; /* Before we try to initiate the connection, see if the * request may be aborted instead. */ if (back_may_abort_req(req, s)) { s->conn_err_type |= STRM_ET_CONN_ABRT; DBG_TRACE_STATE("connection aborted", STRM_EV_STRM_PROC|STRM_EV_CS_ST|STRM_EV_STRM_ERR, s); goto abort_connection; } conn_err = connect_server(s); srv = objt_server(s->target); if (conn_err == SF_ERR_NONE) { /* state = SC_ST_CON or SC_ST_EST now */ if (srv) srv_inc_sess_ctr(srv); if (srv) srv_set_sess_last(srv); DBG_TRACE_STATE("connection attempt", STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); goto end; } /* We have received a synchronous error. We might have to * abort, retry immediately or redispatch. */ if (conn_err == SF_ERR_INTERNAL) { if (!s->conn_err_type) { s->conn_err_type = STRM_ET_CONN_OTHER; } if (srv) srv_inc_sess_ctr(srv); if (srv) srv_set_sess_last(srv); if (srv) _HA_ATOMIC_INC(&srv->counters.failed_conns); _HA_ATOMIC_INC(&s->be->be_counters.failed_conns); /* release other streams waiting for this server */ sess_change_server(s, NULL); if (may_dequeue_tasks(srv, s->be)) process_srv_queue(srv); /* Failed and not retryable. */ sc_abort(sc); sc_shutdown(sc); sc->flags |= SC_FL_ERROR; s->logs.t_queue = ns_to_ms(now_ns - s->logs.accept_ts); /* we may need to know the position in the queue for logging */ pendconn_cond_unlink(s->pend_pos); /* no stream was ever accounted for this server */ sc->state = SC_ST_CLO; if (s->srv_error) s->srv_error(s, sc); DBG_TRACE_STATE("internal error during connection", STRM_EV_STRM_PROC|STRM_EV_CS_ST|STRM_EV_STRM_ERR, s); goto end; } /* We are facing a retryable error, but we don't want to run a * turn-around now, as the problem is likely a source port * allocation problem, so we want to retry now. */ sc->state = SC_ST_CER; sc->flags &= ~SC_FL_ERROR; back_handle_st_cer(s); DBG_TRACE_STATE("connection error, retry", STRM_EV_STRM_PROC|STRM_EV_CS_ST|STRM_EV_STRM_ERR, s); /* now sc->state is one of SC_ST_CLO, SC_ST_TAR, SC_ST_ASS, SC_ST_REQ */ } else if (sc->state == SC_ST_QUE) { /* connection request was queued, check for any update */ if (!pendconn_dequeue(s)) { /* The connection is not in the queue anymore. Either * we have a server connection slot available and we * go directly to the assigned state, or we need to * load-balance first and go to the INI state. */ s->conn_exp = TICK_ETERNITY; if (unlikely(!(s->flags & SF_ASSIGNED))) sc->state = SC_ST_REQ; else { s->logs.t_queue = ns_to_ms(now_ns - s->logs.accept_ts); sc->state = SC_ST_ASS; } DBG_TRACE_STATE("dequeue connection request", STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); goto end; } /* Connection request still in queue... */ if (s->flags & SF_CONN_EXP) { /* ... and timeout expired */ s->conn_exp = TICK_ETERNITY; s->flags &= ~SF_CONN_EXP; s->logs.t_queue = ns_to_ms(now_ns - s->logs.accept_ts); /* we may need to know the position in the queue for logging */ pendconn_cond_unlink(s->pend_pos); if (srv) _HA_ATOMIC_INC(&srv->counters.failed_conns); _HA_ATOMIC_INC(&s->be->be_counters.failed_conns); sc_abort(sc); sc_shutdown(sc); req->flags |= CF_WRITE_TIMEOUT; if (!s->conn_err_type) s->conn_err_type = STRM_ET_QUEUE_TO; sc->state = SC_ST_CLO; if (s->srv_error) s->srv_error(s, sc); DBG_TRACE_STATE("connection request still queued", STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); goto end; } /* Connection remains in queue, check if we have to abort it */ if (back_may_abort_req(req, s)) { s->logs.t_queue = ns_to_ms(now_ns - s->logs.accept_ts); /* we may need to know the position in the queue for logging */ pendconn_cond_unlink(s->pend_pos); s->conn_err_type |= STRM_ET_QUEUE_ABRT; DBG_TRACE_STATE("abort queued connection request", STRM_EV_STRM_PROC|STRM_EV_CS_ST|STRM_EV_STRM_ERR, s); goto abort_connection; } /* Nothing changed */ } else if (sc->state == SC_ST_TAR) { /* Connection request might be aborted */ if (back_may_abort_req(req, s)) { s->conn_err_type |= STRM_ET_CONN_ABRT; DBG_TRACE_STATE("connection aborted", STRM_EV_STRM_PROC|STRM_EV_CS_ST|STRM_EV_STRM_ERR, s); goto abort_connection; } if (!(s->flags & SF_CONN_EXP)) return; /* still in turn-around */ s->flags &= ~SF_CONN_EXP; s->conn_exp = TICK_ETERNITY; /* we keep trying on the same server as long as the stream is * marked "assigned". * FIXME: Should we force a redispatch attempt when the server is down ? */ if (s->flags & SF_ASSIGNED) sc->state = SC_ST_ASS; else sc->state = SC_ST_REQ; DBG_TRACE_STATE("retry connection now", STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); } end: DBG_TRACE_LEAVE(STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); return; abort_connection: /* give up */ s->conn_exp = TICK_ETERNITY; s->flags &= ~SF_CONN_EXP; sc_abort(sc); sc_shutdown(sc); sc->state = SC_ST_CLO; if (s->srv_error) s->srv_error(s, sc); DBG_TRACE_DEVEL("leaving on error", STRM_EV_STRM_PROC|STRM_EV_CS_ST|STRM_EV_STRM_ERR, s); return; } /* This function initiates a server connection request on a stream connector * already in SC_ST_REQ state. Upon success, the state goes to SC_ST_ASS for * a real connection to a server, indicating that a server has been assigned, * or SC_ST_RDY for a successful connection to an applet. It may also return * SC_ST_QUE, or SC_ST_CLO upon error. */ void back_handle_st_req(struct stream *s) { struct stconn *sc = s->scb; if (sc->state != SC_ST_REQ) return; DBG_TRACE_ENTER(STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); if (unlikely(obj_type(s->target) == OBJ_TYPE_APPLET)) { struct appctx *appctx; /* The target is an applet but the SC is in SC_ST_REQ. Thus it * means no appctx are attached to the SC. Otherwise, it will be * in SC_ST_RDY state. So, try to create the appctx now. */ BUG_ON(sc_appctx(sc)); appctx = sc_applet_create(sc, objt_applet(s->target)); if (!appctx) { /* No more memory, let's immediately abort. Force the * error code to ignore the ERR_LOCAL which is not a * real error. */ s->flags &= ~(SF_ERR_MASK | SF_FINST_MASK); sc_abort(sc); sc_shutdown(sc); sc->flags |= SC_FL_ERROR; s->conn_err_type = STRM_ET_CONN_RES; sc->state = SC_ST_CLO; if (s->srv_error) s->srv_error(s, sc); DBG_TRACE_STATE("failed to register applet", STRM_EV_STRM_PROC|STRM_EV_CS_ST|STRM_EV_STRM_ERR, s); goto end; } DBG_TRACE_STATE("applet registered", STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); goto end; } /* Try to assign a server */ if (srv_redispatch_connect(s) != 0) { /* We did not get a server. Either we queued the * connection request, or we encountered an error. */ if (sc->state == SC_ST_QUE) { DBG_TRACE_STATE("connection request queued", STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); goto end; } /* we did not get any server, let's check the cause */ sc_abort(sc); sc_shutdown(sc); sc->flags |= SC_FL_ERROR; if (!s->conn_err_type) s->conn_err_type = STRM_ET_CONN_OTHER; sc->state = SC_ST_CLO; if (s->srv_error) s->srv_error(s, sc); DBG_TRACE_STATE("connection request failed", STRM_EV_STRM_PROC|STRM_EV_CS_ST|STRM_EV_STRM_ERR, s); goto end; } /* The server is assigned */ s->logs.t_queue = ns_to_ms(now_ns - s->logs.accept_ts); sc->state = SC_ST_ASS; be_set_sess_last(s->be); DBG_TRACE_STATE("connection request assigned to a server", STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); end: DBG_TRACE_LEAVE(STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); } /* This function is called with (sc->state == SC_ST_CON) meaning that a * connection was attempted and that the file descriptor is already allocated. * We must check for timeout, error and abort. Possible output states are * SC_ST_CER (error), SC_ST_DIS (abort), and SC_ST_CON (no change). This only * works with connection-based streams. We know that there were no I/O event * when reaching this function. Timeouts and errors are *not* cleared. */ void back_handle_st_con(struct stream *s) { struct stconn *sc = s->scb; struct channel *req = &s->req; DBG_TRACE_ENTER(STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); /* the client might want to abort */ if ((s->scf->flags & SC_FL_SHUT_DONE) || ((s->scb->flags & SC_FL_SHUT_WANTED) && (!co_data(req) || (s->be->options & PR_O_ABRT_CLOSE)))) { sc->flags |= SC_FL_NOLINGER; sc_shutdown(sc); s->conn_err_type |= STRM_ET_CONN_ABRT; if (s->srv_error) s->srv_error(s, sc); /* Note: state = SC_ST_DIS now */ DBG_TRACE_STATE("client abort during connection attempt", STRM_EV_STRM_PROC|STRM_EV_CS_ST|STRM_EV_STRM_ERR, s); goto end; } done: /* retryable error ? */ if ((s->flags & SF_CONN_EXP) || (sc->flags & SC_FL_ERROR)) { if (!s->conn_err_type) { if ((sc->flags & SC_FL_ERROR)) s->conn_err_type = STRM_ET_CONN_ERR; else s->conn_err_type = STRM_ET_CONN_TO; } sc->state = SC_ST_CER; DBG_TRACE_STATE("connection failed, retry", STRM_EV_STRM_PROC|STRM_EV_CS_ST|STRM_EV_STRM_ERR, s); } end: DBG_TRACE_LEAVE(STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); } /* This function is called with (sc->state == SC_ST_CER) meaning that a * previous connection attempt has failed and that the file descriptor * has already been released. Possible causes include asynchronous error * notification and time out. Possible output states are SC_ST_CLO when * retries are exhausted, SC_ST_TAR when a delay is wanted before a new * connection attempt, SC_ST_ASS when it's wise to retry on the same server, * and SC_ST_REQ when an immediate redispatch is wanted. The buffers are * marked as in error state. Timeouts and errors are cleared before retrying. */ void back_handle_st_cer(struct stream *s) { struct stconn *sc = s->scb; int must_tar = !!(sc->flags & SC_FL_ERROR); DBG_TRACE_ENTER(STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); s->conn_exp = TICK_ETERNITY; s->flags &= ~SF_CONN_EXP; /* we probably have to release last stream from the server */ if (objt_server(s->target)) { struct connection *conn = sc_conn(sc); health_adjust(__objt_server(s->target), HANA_STATUS_L4_ERR); if (s->flags & SF_CURR_SESS) { s->flags &= ~SF_CURR_SESS; _HA_ATOMIC_DEC(&__objt_server(s->target)->cur_sess); } if ((sc->flags & SC_FL_ERROR) && conn && conn->err_code == CO_ER_SSL_MISMATCH_SNI) { /* We tried to connect to a server which is configured * with "verify required" and which doesn't have the * "verifyhost" directive. The server presented a wrong * certificate (a certificate for an unexpected name), * which implies that we have used SNI in the handshake, * and that the server doesn't have the associated cert * and presented a default one. * * This is a serious enough issue not to retry. It's * especially important because this wrong name might * either be the result of a configuration error, and * retrying will only hammer the server, or is caused * by the use of a wrong SNI value, most likely * provided by the client and we don't want to let the * client provoke retries. */ s->conn_retries = s->be->conn_retries; DBG_TRACE_DEVEL("Bad SSL cert, disable connection retries", STRM_EV_STRM_PROC|STRM_EV_CS_ST|STRM_EV_STRM_ERR, s); } } /* ensure that we have enough retries left */ if (s->conn_retries >= s->be->conn_retries || !(s->be->retry_type & PR_RE_CONN_FAILED)) { if (!s->conn_err_type) { s->conn_err_type = STRM_ET_CONN_ERR; } if (objt_server(s->target)) _HA_ATOMIC_INC(&objt_server(s->target)->counters.failed_conns); _HA_ATOMIC_INC(&s->be->be_counters.failed_conns); sess_change_server(s, NULL); if (may_dequeue_tasks(objt_server(s->target), s->be)) process_srv_queue(objt_server(s->target)); /* shutw is enough to stop a connecting socket */ sc_shutdown(sc); sc->flags |= SC_FL_ERROR; sc->state = SC_ST_CLO; if (s->srv_error) s->srv_error(s, sc); DBG_TRACE_STATE("connection failed", STRM_EV_STRM_PROC|STRM_EV_CS_ST|STRM_EV_STRM_ERR, s); goto end; } /* At this stage, we will trigger a connection retry (with or without * redispatch). Thus we must reset the SI endpoint on the server side * an close the attached connection. It is especially important to do it * now if the retry is not immediately performed, to be sure to release * resources as soon as possible and to not catch errors from the lower * layers in an unexpected state (i.e < ST_CONN). * * Note: the stream connector will be switched to ST_REQ, ST_ASS or * ST_TAR and SC_FL_ERROR and SF_CONN_EXP flags will be unset. */ if (sc_reset_endp(sc) < 0) { if (!s->conn_err_type) s->conn_err_type = STRM_ET_CONN_OTHER; if (objt_server(s->target)) _HA_ATOMIC_INC(&objt_server(s->target)->counters.internal_errors); _HA_ATOMIC_INC(&s->be->be_counters.internal_errors); sess_change_server(s, NULL); if (may_dequeue_tasks(objt_server(s->target), s->be)) process_srv_queue(objt_server(s->target)); /* shutw is enough to stop a connecting socket */ sc_shutdown(sc); sc->flags |= SC_FL_ERROR; sc->state = SC_ST_CLO; if (s->srv_error) s->srv_error(s, sc); DBG_TRACE_STATE("error resetting endpoint", STRM_EV_STRM_PROC|STRM_EV_CS_ST|STRM_EV_STRM_ERR, s); goto end; } s->conn_retries++; stream_choose_redispatch(s); if (must_tar) { /* The error was an asynchronous connection error, and we will * likely have to retry connecting to the same server, most * likely leading to the same result. To avoid this, we wait * MIN(one second, connect timeout) before retrying. We don't * do it when the failure happened on a reused connection * though. */ int delay = 1000; const int reused = (s->flags & SF_SRV_REUSED) && !(s->flags & SF_SRV_REUSED_ANTICIPATED); if (s->be->timeout.connect && s->be->timeout.connect < delay) delay = s->be->timeout.connect; if (!s->conn_err_type) s->conn_err_type = STRM_ET_CONN_ERR; /* only wait when we're retrying on the same server */ if ((sc->state == SC_ST_ASS || (s->be->srv_act <= 1)) && !reused) { sc->state = SC_ST_TAR; s->conn_exp = tick_add(now_ms, MS_TO_TICKS(delay)); } DBG_TRACE_STATE("retry a new connection", STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); } end: DBG_TRACE_LEAVE(STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); } /* This function is called with (sc->state == SC_ST_RDY) meaning that a * connection was attempted, that the file descriptor is already allocated, * and that it has succeeded. We must still check for errors and aborts. * Possible output states are SC_ST_EST (established), SC_ST_CER (error), * and SC_ST_DIS (abort). This only works with connection-based streams. * Timeouts and errors are *not* cleared. */ void back_handle_st_rdy(struct stream *s) { struct stconn *sc = s->scb; struct channel *req = &s->req; DBG_TRACE_ENTER(STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); if (unlikely(obj_type(s->target) == OBJ_TYPE_APPLET)) { /* Here the appctx must exists because the SC was set to * SC_ST_RDY state when the appctx was created. */ BUG_ON(!sc_appctx(s->scb)); if (!s->logs.request_ts) s->logs.request_ts = now_ns; s->logs.t_queue = ns_to_ms(now_ns - s->logs.accept_ts); be_set_sess_last(s->be); } /* We know the connection at least succeeded, though it could have * since met an error for any other reason. At least it didn't time out * even though the timeout might have been reported right after success. * We need to take care of various situations here : * - everything might be OK. We have to switch to established. * - an I/O error might have been reported after a successful transfer, * which is not retryable and needs to be logged correctly, and needs * established as well * - SC_ST_CON implies !CF_WROTE_DATA but not conversely as we could * have validated a connection with incoming data (e.g. TCP with a * banner protocol), or just a successful connect() probe. * - the client might have requested a connection abort, this needs to * be checked before we decide to retry anything. */ /* it's still possible to handle client aborts or connection retries * before any data were sent. */ if (!(req->flags & CF_WROTE_DATA)) { /* client abort ? */ if ((s->scf->flags & SC_FL_SHUT_DONE) || ((s->scb->flags & SC_FL_SHUT_WANTED) && (!co_data(req) || (s->be->options & PR_O_ABRT_CLOSE)))) { /* give up */ sc->flags |= SC_FL_NOLINGER; sc_shutdown(sc); s->conn_err_type |= STRM_ET_CONN_ABRT; if (s->srv_error) s->srv_error(s, sc); DBG_TRACE_STATE("client abort during connection attempt", STRM_EV_STRM_PROC|STRM_EV_CS_ST|STRM_EV_STRM_ERR, s); goto end; } /* retryable error ? */ if (sc->flags & SC_FL_ERROR) { if (!s->conn_err_type) s->conn_err_type = STRM_ET_CONN_ERR; sc->state = SC_ST_CER; DBG_TRACE_STATE("connection failed, retry", STRM_EV_STRM_PROC|STRM_EV_CS_ST|STRM_EV_STRM_ERR, s); goto end; } } /* data were sent and/or we had no error, back_establish() will * now take over. */ DBG_TRACE_STATE("connection established", STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); s->conn_err_type = STRM_ET_NONE; sc->state = SC_ST_EST; end: DBG_TRACE_LEAVE(STRM_EV_STRM_PROC|STRM_EV_CS_ST, s); } /* sends a log message when a backend goes down, and also sets last * change date. */ void set_backend_down(struct proxy *be) { be->last_change = ns_to_sec(now_ns); _HA_ATOMIC_INC(&be->down_trans); if (!(global.mode & MODE_STARTING)) { ha_alert("%s '%s' has no server available!\n", proxy_type_str(be), be->id); send_log(be, LOG_EMERG, "%s %s has no server available!\n", proxy_type_str(be), be->id); } } /* Apply RDP cookie persistence to the current stream. For this, the function * tries to extract an RDP cookie from the request buffer, and look for the * matching server in the list. If the server is found, it is assigned to the * stream. This always returns 1, and the analyser removes itself from the * list. Nothing is performed if a server was already assigned. */ int tcp_persist_rdp_cookie(struct stream *s, struct channel *req, int an_bit) { struct proxy *px = s->be; int ret; struct sample smp; struct server *srv = px->srv; uint16_t port; uint32_t addr; char *p; DBG_TRACE_ENTER(STRM_EV_STRM_ANA|STRM_EV_TCP_ANA, s); if (s->flags & SF_ASSIGNED) goto no_cookie; memset(&smp, 0, sizeof(smp)); ret = fetch_rdp_cookie_name(s, &smp, s->be->rdp_cookie_name, s->be->rdp_cookie_len); if (ret == 0 || (smp.flags & SMP_F_MAY_CHANGE) || smp.data.u.str.data == 0) goto no_cookie; /* Considering an rdp cookie detected using acl, str ended with and should return. * The cookie format is "." where "ip" is the integer corresponding to the * server's IP address in network order, and "port" is the integer corresponding to the * server's port in network order. Comments please Emeric. */ addr = strtoul(smp.data.u.str.area, &p, 10); if (*p != '.') goto no_cookie; p++; port = ntohs(strtoul(p, &p, 10)); if (*p != '.') goto no_cookie; s->target = NULL; while (srv) { if (srv->addr.ss_family == AF_INET && port == srv->svc_port && addr == ((struct sockaddr_in *)&srv->addr)->sin_addr.s_addr) { if ((srv->cur_state != SRV_ST_STOPPED) || (px->options & PR_O_PERSIST)) { /* we found the server and it is usable */ s->flags |= SF_DIRECT | SF_ASSIGNED; s->target = &srv->obj_type; break; } } srv = srv->next; } no_cookie: req->analysers &= ~an_bit; req->analyse_exp = TICK_ETERNITY; DBG_TRACE_LEAVE(STRM_EV_STRM_ANA|STRM_EV_TCP_ANA, s); return 1; } int be_downtime(struct proxy *px) { if (px->lbprm.tot_weight && px->last_change < ns_to_sec(now_ns)) // ignore negative time return px->down_time; return ns_to_sec(now_ns) - px->last_change + px->down_time; } /* * This function returns a string containing the balancing * mode of the proxy in a format suitable for stats. */ const char *backend_lb_algo_str(int algo) { if (algo == BE_LB_ALGO_RR) return "roundrobin"; else if (algo == BE_LB_ALGO_SRR) return "static-rr"; else if (algo == BE_LB_ALGO_FAS) return "first"; else if (algo == BE_LB_ALGO_LC) return "leastconn"; else if (algo == BE_LB_ALGO_SH) return "source"; else if (algo == BE_LB_ALGO_UH) return "uri"; else if (algo == BE_LB_ALGO_PH) return "url_param"; else if (algo == BE_LB_ALGO_HH) return "hdr"; else if (algo == BE_LB_ALGO_RCH) return "rdp-cookie"; else if (algo == BE_LB_ALGO_SMP) return "hash"; else if (algo == BE_LB_ALGO_NONE) return "none"; else return "unknown"; } /* This function parses a "balance" statement in a backend section describing * . It returns -1 if there is any error, otherwise zero. If it * returns -1, it will write an error message into the buffer which will * automatically be allocated and must be passed as NULL. The trailing '\n' * will not be written. The function must be called with pointing to the * first word after "balance". */ int backend_parse_balance(const char **args, char **err, struct proxy *curproxy) { if (!*(args[0])) { /* if no option is set, use round-robin by default */ curproxy->lbprm.algo &= ~BE_LB_ALGO; curproxy->lbprm.algo |= BE_LB_ALGO_RR; return 0; } if (strcmp(args[0], "roundrobin") == 0) { curproxy->lbprm.algo &= ~BE_LB_ALGO; curproxy->lbprm.algo |= BE_LB_ALGO_RR; } else if (strcmp(args[0], "static-rr") == 0) { curproxy->lbprm.algo &= ~BE_LB_ALGO; curproxy->lbprm.algo |= BE_LB_ALGO_SRR; } else if (strcmp(args[0], "first") == 0) { curproxy->lbprm.algo &= ~BE_LB_ALGO; curproxy->lbprm.algo |= BE_LB_ALGO_FAS; } else if (strcmp(args[0], "leastconn") == 0) { curproxy->lbprm.algo &= ~BE_LB_ALGO; curproxy->lbprm.algo |= BE_LB_ALGO_LC; } else if (!strncmp(args[0], "random", 6)) { curproxy->lbprm.algo &= ~BE_LB_ALGO; curproxy->lbprm.algo |= BE_LB_ALGO_RND; curproxy->lbprm.arg_opt1 = 2; if (*(args[0] + 6) == '(' && *(args[0] + 7) != ')') { /* number of draws */ const char *beg; char *end; beg = args[0] + 7; curproxy->lbprm.arg_opt1 = strtol(beg, &end, 0); if (*end != ')') { if (!*end) memprintf(err, "random : missing closing parenthesis."); else memprintf(err, "random : unexpected character '%c' after argument.", *end); return -1; } if (curproxy->lbprm.arg_opt1 < 1) { memprintf(err, "random : number of draws must be at least 1."); return -1; } } } else if (strcmp(args[0], "source") == 0) { curproxy->lbprm.algo &= ~BE_LB_ALGO; curproxy->lbprm.algo |= BE_LB_ALGO_SH; } else if (strcmp(args[0], "uri") == 0) { int arg = 1; curproxy->lbprm.algo &= ~BE_LB_ALGO; curproxy->lbprm.algo |= BE_LB_ALGO_UH; curproxy->lbprm.arg_opt1 = 0; // "whole", "path-only" curproxy->lbprm.arg_opt2 = 0; // "len" curproxy->lbprm.arg_opt3 = 0; // "depth" while (*args[arg]) { if (strcmp(args[arg], "len") == 0) { if (!*args[arg+1] || (atoi(args[arg+1]) <= 0)) { memprintf(err, "%s : '%s' expects a positive integer (got '%s').", args[0], args[arg], args[arg+1]); return -1; } curproxy->lbprm.arg_opt2 = atoi(args[arg+1]); arg += 2; } else if (strcmp(args[arg], "depth") == 0) { if (!*args[arg+1] || (atoi(args[arg+1]) <= 0)) { memprintf(err, "%s : '%s' expects a positive integer (got '%s').", args[0], args[arg], args[arg+1]); return -1; } /* hint: we store the position of the ending '/' (depth+1) so * that we avoid a comparison while computing the hash. */ curproxy->lbprm.arg_opt3 = atoi(args[arg+1]) + 1; arg += 2; } else if (strcmp(args[arg], "whole") == 0) { curproxy->lbprm.arg_opt1 |= 1; arg += 1; } else if (strcmp(args[arg], "path-only") == 0) { curproxy->lbprm.arg_opt1 |= 2; arg += 1; } else { memprintf(err, "%s only accepts parameters 'len', 'depth', 'path-only', and 'whole' (got '%s').", args[0], args[arg]); return -1; } } } else if (strcmp(args[0], "url_param") == 0) { if (!*args[1]) { memprintf(err, "%s requires an URL parameter name.", args[0]); return -1; } curproxy->lbprm.algo &= ~BE_LB_ALGO; curproxy->lbprm.algo |= BE_LB_ALGO_PH; free(curproxy->lbprm.arg_str); curproxy->lbprm.arg_str = strdup(args[1]); curproxy->lbprm.arg_len = strlen(args[1]); if (*args[2]) { if (strcmp(args[2], "check_post") != 0) { memprintf(err, "%s only accepts 'check_post' modifier (got '%s').", args[0], args[2]); return -1; } } } else if (strcmp(args[0], "hash") == 0) { if (!*args[1]) { memprintf(err, "%s requires a sample expression.", args[0]); return -1; } curproxy->lbprm.algo &= ~BE_LB_ALGO; curproxy->lbprm.algo |= BE_LB_ALGO_SMP; ha_free(&curproxy->lbprm.arg_str); curproxy->lbprm.arg_str = strdup(args[1]); curproxy->lbprm.arg_len = strlen(args[1]); if (*args[2]) { memprintf(err, "%s takes no other argument (got '%s').", args[0], args[2]); return -1; } } else if (!strncmp(args[0], "hdr(", 4)) { const char *beg, *end; beg = args[0] + 4; end = strchr(beg, ')'); if (!end || end == beg) { memprintf(err, "hdr requires an http header field name."); return -1; } curproxy->lbprm.algo &= ~BE_LB_ALGO; curproxy->lbprm.algo |= BE_LB_ALGO_HH; free(curproxy->lbprm.arg_str); curproxy->lbprm.arg_len = end - beg; curproxy->lbprm.arg_str = my_strndup(beg, end - beg); curproxy->lbprm.arg_opt1 = 0; if (*args[1]) { if (strcmp(args[1], "use_domain_only") != 0) { memprintf(err, "%s only accepts 'use_domain_only' modifier (got '%s').", args[0], args[1]); return -1; } curproxy->lbprm.arg_opt1 = 1; } } else if (!strncmp(args[0], "rdp-cookie", 10)) { curproxy->lbprm.algo &= ~BE_LB_ALGO; curproxy->lbprm.algo |= BE_LB_ALGO_RCH; if ( *(args[0] + 10 ) == '(' ) { /* cookie name */ const char *beg, *end; beg = args[0] + 11; end = strchr(beg, ')'); if (!end || end == beg) { memprintf(err, "rdp-cookie : missing cookie name."); return -1; } free(curproxy->lbprm.arg_str); curproxy->lbprm.arg_str = my_strndup(beg, end - beg); curproxy->lbprm.arg_len = end - beg; } else if ( *(args[0] + 10 ) == '\0' ) { /* default cookie name 'mstshash' */ free(curproxy->lbprm.arg_str); curproxy->lbprm.arg_str = strdup("mstshash"); curproxy->lbprm.arg_len = strlen(curproxy->lbprm.arg_str); } else { /* syntax */ memprintf(err, "rdp-cookie : missing cookie name."); return -1; } } else if (strcmp(args[0], "log-hash") == 0) { if (!*args[1]) { memprintf(err, "%s requires a converter list.", args[0]); return -1; } curproxy->lbprm.algo &= ~BE_LB_ALGO; curproxy->lbprm.algo |= BE_LB_ALGO_LH; ha_free(&curproxy->lbprm.arg_str); curproxy->lbprm.arg_str = strdup(args[1]); } else if (strcmp(args[0], "sticky") == 0) { curproxy->lbprm.algo &= ~BE_LB_ALGO; curproxy->lbprm.algo |= BE_LB_ALGO_LS; } else { memprintf(err, "only supports 'roundrobin', 'static-rr', 'leastconn', 'source', 'uri', 'url_param', 'hash', 'hdr(name)', 'rdp-cookie(name)', 'log-hash' and 'sticky' options."); return -1; } return 0; } /************************************************************************/ /* All supported sample and ACL keywords must be declared here. */ /************************************************************************/ /* set temp integer to the number of enabled servers on the proxy. * Accepts exactly 1 argument. Argument is a backend, other types will lead to * undefined behaviour. */ static int smp_fetch_nbsrv(const struct arg *args, struct sample *smp, const char *kw, void *private) { struct proxy *px = args->data.prx; if (px == NULL) return 0; if (px->cap & PR_CAP_DEF) px = smp->px; smp->flags = SMP_F_VOL_TEST; smp->data.type = SMP_T_SINT; smp->data.u.sint = be_usable_srv(px); return 1; } /* report in smp->flags a success or failure depending on the designated * server's state. There is no match function involved since there's no pattern. * Accepts exactly 1 argument. Argument is a server, other types will lead to * undefined behaviour. */ static int smp_fetch_srv_is_up(const struct arg *args, struct sample *smp, const char *kw, void *private) { struct server *srv = args->data.srv; smp->flags = SMP_F_VOL_TEST; smp->data.type = SMP_T_BOOL; if (!(srv->cur_admin & SRV_ADMF_MAINT) && (!(srv->check.state & CHK_ST_CONFIGURED) || (srv->cur_state != SRV_ST_STOPPED))) smp->data.u.sint = 1; else smp->data.u.sint = 0; return 1; } /* set temp integer to the number of enabled servers on the proxy. * Accepts exactly 1 argument. Argument is a backend, other types will lead to * undefined behaviour. */ static int smp_fetch_connslots(const struct arg *args, struct sample *smp, const char *kw, void *private) { struct server *iterator; struct proxy *px = args->data.prx; if (px == NULL) return 0; if (px->cap & PR_CAP_DEF) px = smp->px; smp->flags = SMP_F_VOL_TEST; smp->data.type = SMP_T_SINT; smp->data.u.sint = 0; for (iterator = px->srv; iterator; iterator = iterator->next) { if (iterator->cur_state == SRV_ST_STOPPED) continue; if (iterator->maxconn == 0 || iterator->maxqueue == 0) { /* configuration is stupid */ smp->data.u.sint = -1; /* FIXME: stupid value! */ return 1; } smp->data.u.sint += (iterator->maxconn - iterator->cur_sess) + (iterator->maxqueue - iterator->queue.length); } return 1; } /* set temp integer to the id of the backend */ static int smp_fetch_be_id(const struct arg *args, struct sample *smp, const char *kw, void *private) { struct proxy *px = NULL; if (smp->strm) px = smp->strm->be; else if (obj_type(smp->sess->origin) == OBJ_TYPE_CHECK) px = __objt_check(smp->sess->origin)->proxy; if (!px) return 0; smp->flags = SMP_F_VOL_TXN; smp->data.type = SMP_T_SINT; smp->data.u.sint = px->uuid; return 1; } /* set string to the name of the backend */ static int smp_fetch_be_name(const struct arg *args, struct sample *smp, const char *kw, void *private) { struct proxy *px = NULL; if (smp->strm) px = smp->strm->be; else if (obj_type(smp->sess->origin) == OBJ_TYPE_CHECK) px = __objt_check(smp->sess->origin)->proxy; if (!px) return 0; smp->data.u.str.area = (char *)px->id; if (!smp->data.u.str.area) return 0; smp->data.type = SMP_T_STR; smp->flags = SMP_F_CONST; smp->data.u.str.data = strlen(smp->data.u.str.area); return 1; } /* set temp integer to the id of the server */ static int smp_fetch_srv_id(const struct arg *args, struct sample *smp, const char *kw, void *private) { struct server *srv = NULL; if (smp->strm) srv = objt_server(smp->strm->target); else if (obj_type(smp->sess->origin) == OBJ_TYPE_CHECK) srv = __objt_check(smp->sess->origin)->server; if (!srv) return 0; smp->data.type = SMP_T_SINT; smp->data.u.sint = srv->puid; return 1; } /* set string to the name of the server */ static int smp_fetch_srv_name(const struct arg *args, struct sample *smp, const char *kw, void *private) { struct server *srv = NULL; if (smp->strm) srv = objt_server(smp->strm->target); else if (obj_type(smp->sess->origin) == OBJ_TYPE_CHECK) srv = __objt_check(smp->sess->origin)->server; if (!srv) return 0; smp->data.u.str.area = srv->id; if (!smp->data.u.str.area) return 0; smp->data.type = SMP_T_STR; smp->data.u.str.data = strlen(smp->data.u.str.area); return 1; } /* set temp integer to the number of connections per second reaching the backend. * Accepts exactly 1 argument. Argument is a backend, other types will lead to * undefined behaviour. */ static int smp_fetch_be_sess_rate(const struct arg *args, struct sample *smp, const char *kw, void *private) { struct proxy *px = args->data.prx; if (px == NULL) return 0; if (px->cap & PR_CAP_DEF) px = smp->px; smp->flags = SMP_F_VOL_TEST; smp->data.type = SMP_T_SINT; smp->data.u.sint = read_freq_ctr(&px->be_sess_per_sec); return 1; } /* set temp integer to the number of concurrent connections on the backend. * Accepts exactly 1 argument. Argument is a backend, other types will lead to * undefined behaviour. */ static int smp_fetch_be_conn(const struct arg *args, struct sample *smp, const char *kw, void *private) { struct proxy *px = args->data.prx; if (px == NULL) return 0; if (px->cap & PR_CAP_DEF) px = smp->px; smp->flags = SMP_F_VOL_TEST; smp->data.type = SMP_T_SINT; smp->data.u.sint = px->beconn; return 1; } /* set temp integer to the number of available connections across available * servers on the backend. * Accepts exactly 1 argument. Argument is a backend, other types will lead to * undefined behaviour. */ static int smp_fetch_be_conn_free(const struct arg *args, struct sample *smp, const char *kw, void *private) { struct server *iterator; struct proxy *px = args->data.prx; unsigned int maxconn; if (px == NULL) return 0; if (px->cap & PR_CAP_DEF) px = smp->px; smp->flags = SMP_F_VOL_TEST; smp->data.type = SMP_T_SINT; smp->data.u.sint = 0; for (iterator = px->srv; iterator; iterator = iterator->next) { if (iterator->cur_state == SRV_ST_STOPPED) continue; px = iterator->proxy; if (!srv_currently_usable(iterator) || ((iterator->flags & SRV_F_BACKUP) && (px->srv_act || (iterator != px->lbprm.fbck && !(px->options & PR_O_USE_ALL_BK))))) continue; if (iterator->maxconn == 0) { /* one active server is unlimited, return -1 */ smp->data.u.sint = -1; return 1; } maxconn = srv_dynamic_maxconn(iterator); if (maxconn > iterator->cur_sess) smp->data.u.sint += maxconn - iterator->cur_sess; } return 1; } /* set temp integer to the total number of queued connections on the backend. * Accepts exactly 1 argument. Argument is a backend, other types will lead to * undefined behaviour. */ static int smp_fetch_queue_size(const struct arg *args, struct sample *smp, const char *kw, void *private) { struct proxy *px = args->data.prx; if (px == NULL) return 0; if (px->cap & PR_CAP_DEF) px = smp->px; smp->flags = SMP_F_VOL_TEST; smp->data.type = SMP_T_SINT; smp->data.u.sint = px->totpend; return 1; } /* set temp integer to the total number of queued connections on the backend divided * by the number of running servers and rounded up. If there is no running * server, we return twice the total, just as if we had half a running server. * This is more or less correct anyway, since we expect the last server to come * back soon. * Accepts exactly 1 argument. Argument is a backend, other types will lead to * undefined behaviour. */ static int smp_fetch_avg_queue_size(const struct arg *args, struct sample *smp, const char *kw, void *private) { struct proxy *px = args->data.prx; int nbsrv; if (px == NULL) return 0; if (px->cap & PR_CAP_DEF) px = smp->px; smp->flags = SMP_F_VOL_TEST; smp->data.type = SMP_T_SINT; nbsrv = be_usable_srv(px); if (nbsrv > 0) smp->data.u.sint = (px->totpend + nbsrv - 1) / nbsrv; else smp->data.u.sint = px->totpend * 2; return 1; } /* set temp integer to the number of concurrent connections on the server in the backend. * Accepts exactly 1 argument. Argument is a server, other types will lead to * undefined behaviour. */ static int smp_fetch_srv_conn(const struct arg *args, struct sample *smp, const char *kw, void *private) { smp->flags = SMP_F_VOL_TEST; smp->data.type = SMP_T_SINT; smp->data.u.sint = args->data.srv->cur_sess; return 1; } /* set temp integer to the number of available connections on the server in the backend. * Accepts exactly 1 argument. Argument is a server, other types will lead to * undefined behaviour. */ static int smp_fetch_srv_conn_free(const struct arg *args, struct sample *smp, const char *kw, void *private) { unsigned int maxconn; smp->flags = SMP_F_VOL_TEST; smp->data.type = SMP_T_SINT; if (args->data.srv->maxconn == 0) { /* one active server is unlimited, return -1 */ smp->data.u.sint = -1; return 1; } maxconn = srv_dynamic_maxconn(args->data.srv); if (maxconn > args->data.srv->cur_sess) smp->data.u.sint = maxconn - args->data.srv->cur_sess; else smp->data.u.sint = 0; return 1; } /* set temp integer to the number of connections pending in the server's queue. * Accepts exactly 1 argument. Argument is a server, other types will lead to * undefined behaviour. */ static int smp_fetch_srv_queue(const struct arg *args, struct sample *smp, const char *kw, void *private) { smp->flags = SMP_F_VOL_TEST; smp->data.type = SMP_T_SINT; smp->data.u.sint = args->data.srv->queue.length; return 1; } /* set temp integer to the number of enabled servers on the proxy. * Accepts exactly 1 argument. Argument is a server, other types will lead to * undefined behaviour. */ static int smp_fetch_srv_sess_rate(const struct arg *args, struct sample *smp, const char *kw, void *private) { smp->flags = SMP_F_VOL_TEST; smp->data.type = SMP_T_SINT; smp->data.u.sint = read_freq_ctr(&args->data.srv->sess_per_sec); return 1; } /* set temp integer to the server weight. * Accepts exactly 1 argument. Argument is a server, other types will lead to * undefined behaviour. */ static int smp_fetch_srv_weight(const struct arg *args, struct sample *smp, const char *kw, void *private) { struct server *srv = args->data.srv; struct proxy *px = srv->proxy; smp->flags = SMP_F_VOL_TEST; smp->data.type = SMP_T_SINT; smp->data.u.sint = (srv->cur_eweight * px->lbprm.wmult + px->lbprm.wdiv - 1) / px->lbprm.wdiv; return 1; } /* set temp integer to the server initial weight. * Accepts exactly 1 argument. Argument is a server, other types will lead to * undefined behaviour. */ static int smp_fetch_srv_iweight(const struct arg *args, struct sample *smp, const char *kw, void *private) { smp->flags = SMP_F_VOL_TEST; smp->data.type = SMP_T_SINT; smp->data.u.sint = args->data.srv->iweight; return 1; } /* set temp integer to the server user-specified weight. * Accepts exactly 1 argument. Argument is a server, other types will lead to * undefined behaviour. */ static int smp_fetch_srv_uweight(const struct arg *args, struct sample *smp, const char *kw, void *private) { smp->flags = SMP_F_VOL_TEST; smp->data.type = SMP_T_SINT; smp->data.u.sint = args->data.srv->uweight; return 1; } static int smp_fetch_be_server_timeout(const struct arg *args, struct sample *smp, const char *km, void *private) { struct proxy *px = NULL; if (smp->strm) px = smp->strm->be; else if (obj_type(smp->sess->origin) == OBJ_TYPE_CHECK) px = __objt_check(smp->sess->origin)->proxy; if (!px) return 0; smp->flags = SMP_F_VOL_TXN; smp->data.type = SMP_T_SINT; smp->data.u.sint = TICKS_TO_MS(px->timeout.server); return 1; } static int smp_fetch_be_tunnel_timeout(const struct arg *args, struct sample *smp, const char *km, void *private) { struct proxy *px = NULL; if (smp->strm) px = smp->strm->be; else if (obj_type(smp->sess->origin) == OBJ_TYPE_CHECK) px = __objt_check(smp->sess->origin)->proxy; if (!px) return 0; smp->flags = SMP_F_VOL_TXN; smp->data.type = SMP_T_SINT; smp->data.u.sint = TICKS_TO_MS(px->timeout.tunnel); return 1; } static int sample_conv_nbsrv(const struct arg *args, struct sample *smp, void *private) { struct proxy *px; if (!smp_make_safe(smp)) return 0; px = proxy_find_by_name(smp->data.u.str.area, PR_CAP_BE, 0); if (!px) return 0; smp->data.type = SMP_T_SINT; smp->data.u.sint = be_usable_srv(px); return 1; } static int sample_conv_srv_queue(const struct arg *args, struct sample *smp, void *private) { struct proxy *px; struct server *srv; char *bksep; if (!smp_make_safe(smp)) return 0; bksep = strchr(smp->data.u.str.area, '/'); if (bksep) { *bksep = '\0'; px = proxy_find_by_name(smp->data.u.str.area, PR_CAP_BE, 0); if (!px) return 0; smp->data.u.str.area = bksep + 1; } else { if (!(smp->px->cap & PR_CAP_BE)) return 0; px = smp->px; } srv = server_find_by_name(px, smp->data.u.str.area); if (!srv) return 0; smp->data.type = SMP_T_SINT; smp->data.u.sint = srv->queue.length; return 1; } /* Note: must not be declared as its list will be overwritten. * Please take care of keeping this list alphabetically sorted. */ static struct sample_fetch_kw_list smp_kws = {ILH, { { "avg_queue", smp_fetch_avg_queue_size, ARG1(1,BE), NULL, SMP_T_SINT, SMP_USE_INTRN, }, { "be_conn", smp_fetch_be_conn, ARG1(1,BE), NULL, SMP_T_SINT, SMP_USE_INTRN, }, { "be_conn_free", smp_fetch_be_conn_free, ARG1(1,BE), NULL, SMP_T_SINT, SMP_USE_INTRN, }, { "be_id", smp_fetch_be_id, 0, NULL, SMP_T_SINT, SMP_USE_BKEND, }, { "be_name", smp_fetch_be_name, 0, NULL, SMP_T_STR, SMP_USE_BKEND, }, { "be_server_timeout", smp_fetch_be_server_timeout, 0, NULL, SMP_T_SINT, SMP_USE_BKEND, }, { "be_sess_rate", smp_fetch_be_sess_rate, ARG1(1,BE), NULL, SMP_T_SINT, SMP_USE_INTRN, }, { "be_tunnel_timeout", smp_fetch_be_tunnel_timeout, 0, NULL, SMP_T_SINT, SMP_USE_BKEND, }, { "connslots", smp_fetch_connslots, ARG1(1,BE), NULL, SMP_T_SINT, SMP_USE_INTRN, }, { "nbsrv", smp_fetch_nbsrv, ARG1(1,BE), NULL, SMP_T_SINT, SMP_USE_INTRN, }, { "queue", smp_fetch_queue_size, ARG1(1,BE), NULL, SMP_T_SINT, SMP_USE_INTRN, }, { "srv_conn", smp_fetch_srv_conn, ARG1(1,SRV), NULL, SMP_T_SINT, SMP_USE_INTRN, }, { "srv_conn_free", smp_fetch_srv_conn_free, ARG1(1,SRV), NULL, SMP_T_SINT, SMP_USE_INTRN, }, { "srv_id", smp_fetch_srv_id, 0, NULL, SMP_T_SINT, SMP_USE_SERVR, }, { "srv_is_up", smp_fetch_srv_is_up, ARG1(1,SRV), NULL, SMP_T_BOOL, SMP_USE_INTRN, }, { "srv_name", smp_fetch_srv_name, 0, NULL, SMP_T_STR, SMP_USE_SERVR, }, { "srv_queue", smp_fetch_srv_queue, ARG1(1,SRV), NULL, SMP_T_SINT, SMP_USE_INTRN, }, { "srv_sess_rate", smp_fetch_srv_sess_rate, ARG1(1,SRV), NULL, SMP_T_SINT, SMP_USE_INTRN, }, { "srv_weight", smp_fetch_srv_weight, ARG1(1,SRV), NULL, SMP_T_SINT, SMP_USE_INTRN, }, { "srv_iweight", smp_fetch_srv_iweight, ARG1(1,SRV), NULL, SMP_T_SINT, SMP_USE_INTRN, }, { "srv_uweight", smp_fetch_srv_uweight, ARG1(1,SRV), NULL, SMP_T_SINT, SMP_USE_INTRN, }, { /* END */ }, }}; INITCALL1(STG_REGISTER, sample_register_fetches, &smp_kws); /* Note: must not be declared as its list will be overwritten */ static struct sample_conv_kw_list sample_conv_kws = {ILH, { { "nbsrv", sample_conv_nbsrv, 0, NULL, SMP_T_STR, SMP_T_SINT }, { "srv_queue", sample_conv_srv_queue, 0, NULL, SMP_T_STR, SMP_T_SINT }, { /* END */ }, }}; INITCALL1(STG_REGISTER, sample_register_convs, &sample_conv_kws); /* Note: must not be declared as its list will be overwritten. * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {ILH, { { /* END */ }, }}; INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws); /* * Local variables: * c-indent-level: 8 * c-basic-offset: 8 * End: */