Hi Daniel, On Tue, Mar 29, 2016 at 02:16:55PM +0200, Daniel Schneller wrote: > Hi! > > I am seeing a segfault upon the first request coming through the > configuration below. > > My intention is to enforce a) a total request limit per minute and b) a > separate limit for certain API paths. For that purpose, in addition to the > be_api_external table, which I intend to use for the total request rate, I > created a separate dummy backend to get another table (be_tbl_search) for > search API calls. In the real config, there would be a handful of these. > > I reduced the config as far as I could to demonstrate. > > =================== > ... > > frontend fe_http > bind 192.168.1.3:80 > http-request capture hdr(Authorization) len 64 # id 2 > default_backend be_api_external > > backend be_tbl_search > stick-table type string len 64 size 50k expire 60s store gpc0_rate(60s) > > backend be_api_external > balance leastconn > option httplog > option http-buffer-request > > stick-table type string len 64 size 50k expire 60s store http_req_rate(60s) > > http-request track-sc1 hdr(Authorization) table be_api_external > http-request track-sc1 hdr(Authorization) table be_tbl_search > > acl do_count_search sc1_inc_gpc0(be_tbl_search) gt 0 > http-request add-header X-Rate-All > %[hdr(Authorization),table_http_req_rate(be_api_external)] > http-request add-header X-Rate-Search > %[hdr(Authorization),table_gpc0_rate(be_tbl_search)] if do_count_search > > server s1 app-server-01:8081 > ================= > > > The first request I make crashes haproxy 1.6.4 (on Ubuntu 14.04, from > https://launchpad.net/~vbernat/+archive/ubuntu/haproxy-1.6). > > It will not crash if I remove the ???if do_count_search??? ACL or use > track-sc2.
I suspect its a by-product of the recent fix to ensure we don't dereference the stream in some checks, probably one of the checks itself may fail the way it was written. Your config will help me figure this out, thanks for that! > Just removing the ACL, though, leaves be_tbl_search table empty. > Using track-sc2 fills both tables, even with the ACL in place. > > Is what I am trying to do even possible? From some older mailing list > postings I was under the impression I could use multiple tables to track > requests in a more fine-grained fashion, at the expense of memory and CPU, of > course. You can track multiple entries where you want, there's no such limitation. If something is not permitted, the config parser must reject it (or fix it for and tell you). > From what I see here, it would seem I am limited to at most three tables > (using all of sc0, sc1 and sc2)? Not exactly, 3 trackers per session/request in fact. Two or 3 trackers could track the same table just like you could have rules setting up trackers to follow up to any combination of 3 tables among many. Usually 3 far more than enough. > I would much appreciate a clarification/correction of my understanding of how > these two concepts play together. Still, a segfaulting crash at runtime > should not happen anyway, IMO. A segfault is necessarily a bug (and this is valid for any product). Under no circumstance a process must die this way due to a user error. I'll check. Thanks, Willy
