Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
packages/net/haproxy/patches/037-BUG-MINOR-http_act-dont-check-capture-id-in-backend.patch
Christian Lachner fdaa55a918 haproxy: Update HAProxy to v2.1.2 
- Major version jump from v2.0 to v2.1
- Update haproxy download URL and hash
- Add new patches (see https://www.haproxy.org/bugs/bugs-2.1.2.html)
- Stop building LUA 5.3 in the haproxy build-process and use liblua5.3 as a dependency instead

Signed-off-by: Christian Lachner <gladiac@gmail.com>
2020-02-03 07:54:31 +01:00

89 lines
4.1 KiB
Diff
Raw Blame History

commit 3480d55e0406e47214291eb8292a037fdca2859f
Author: Baptiste Assmann <bedis9@gmail.com>
Date: Thu Jan 16 14:34:22 2020 +0100
BUG/MINOR: http_act: don't check capture id in backend
A wrong behavior was introduced by
e9544935e86278dfa3d49fb4b97b860774730625, leading to preventing loading
any configuration where a capture slot id is used in a backend.
IE, the configuration below does not parse:
frontend f
bind *:80
declare capture request len 32
default_backend webserver
backend webserver
http-request capture req.hdr(Host) id 1
The point is that such type of configuration is valid and should run.
This patch enforces the check of capture slot id only if the action rule
is configured in a frontend.
The point is that at configuration parsing time, it is impossible to
check which frontend could point to this backend (furthermore if we use
dynamic backend name resolution at runtime).
The documentation has been updated to warn the user to ensure that
relevant frontends have required declaration when such rule has to be
used in a backend.
If no capture slot can be found, then the action will just not be
executed and HAProxy will process the next one in the list, as expected.
This should be backported to all supported branches (bug created as part
of a bug fix introduced into 1.7 and backported to 1.6).
(cherry picked from commit 19a69b3740702ce5503a063e9dfbcea5b9187d27)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/doc/configuration.txt b/doc/configuration.txt
index e0dc49880..36291a339 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -4278,9 +4278,12 @@ http-request capture <sample> [ len <length> | id <id> ]
If the keyword "id" is used instead of "len", the action tries to store the
captured string in a previously declared capture slot. This is useful to run
captures in backends. The slot id can be declared by a previous directive
- "http-request capture" or with the "declare capture" keyword. If the slot
- <id> doesn't exist, then HAProxy fails parsing the configuration to prevent
- unexpected behavior at run time.
+ "http-request capture" or with the "declare capture" keyword.
+
+ When using this action in a backend, double check that the relevant
+ frontend(s) have the required capture slots otherwise, this rule will be
+ ignored at run time. This can't be detected at configuration parsing time
+ due to HAProxy's ability to dynamically resolve backend name at runtime.
http-request del-acl(<file-name>) <key fmt> [ { if | unless } <condition> ]
@@ -4959,8 +4962,11 @@ http-response capture <sample> id <id> [ { if | unless } <condition> ]
This is useful to run captures in backends. The slot id can be declared by a
previous directive "http-response capture" or with the "declare capture"
keyword.
- If the slot <id> doesn't exist, then HAProxy fails parsing the configuration
- to prevent unexpected behavior at run time.
+
+ When using this action in a backend, double check that the relevant
+ frontend(s) have the required capture slots otherwise, this rule will be
+ ignored at run time. This can't be detected at configuration parsing time
+ due to HAProxy's ability to dynamically resolve backend name at runtime.
http-response del-acl(<file-name>) <key fmt> [ { if | unless } <condition> ]
diff --git a/src/http_act.c b/src/http_act.c
index c8d9220fe..8ff8e886d 100644
--- a/src/http_act.c
+++ b/src/http_act.c
@@ -424,7 +424,10 @@ static int check_http_req_capture(struct act_rule *rule, struct proxy *px, char
if (rule->action_ptr != http_action_req_capture_by_id)
return 1;
- if (rule->arg.capid.idx >= px->nb_req_cap) {
+ /* capture slots can only be declared in frontends, so we can't check their
+ * existence in backends at configuration parsing step
+ */
+ if (px->cap & PR_CAP_FE && rule->arg.capid.idx >= px->nb_req_cap) {
memprintf(err, "unable to find capture id '%d' referenced by http-request capture rule",
rule->arg.capid.idx);
return 0;
Reference in a new issue View git blame Copy permalink