Re: http-request capture id frontend/backend not working?

2016-03-22 Thread Baptiste 
Hi Daniel,

Good catch
I propose to return an alert only if the proxy being tested is
frontend or a listen.

There is no way from the backend to know which frontends points to it,
so we can't check if memory will be allocated or not.

Baptiste


On Fri, Mar 18, 2016 at 2:28 PM, Daniel Schneller
 wrote:
> Trying to understand this better, I came across
>
> commit 3e7d15e744d5f0137dd266efba1f317895a31273
> Author: Baptiste Assmann 
> Date:   Tue Nov 3 23:31:35 2015 +0100
>
> BUG/MINOR: http rule: http capture 'id' rule points to a non existing id
>
> It is possible to create a http capture rule which points to a capture
> slot
> id which does not exist.
>
> ...
>
> It applies of course to both http-request and http-response rules.
> (cherry picked from commit e9544935e86278dfa3d49fb4b97b860774730625)
>
>
> Which changes this piece of code in cfgparse.c
>
> /* parse http-request capture rules to ensure id really exists */
> list_for_each_entry(hrqrule, >http_req_rules, list) {
>   if (hrqrule->action  != ACT_CUSTOM ||
>   hrqrule->action_ptr != http_action_req_capture_by_id)
> continue;
>   if (hrqrule->arg.capid.idx >= curproxy->nb_req_cap) {
> Alert("Proxy '%s': unable to find capture id '%d' referenced by
> http-request capture rule.\n",
>   curproxy->id, hrqrule->arg.capid.idx);
> cfgerr++;
>   }
> }
>
>
> I am not a C programmer, but to me it seems it will bail if it does find a
> referenced ID that is not declared in the current proxy entry. As my
> declaration is in the frontend, but the actual capture tries to reference it
> in the backend, they are in different proxies, making this check fail?
>
> Daniel
>
>
> On 18.03.2016, at 13:43, Daniel Schneller
>  wrote:
>
> Hi!
>
> I am trying to capture an HTTP Request Header that gets added under certain
> circumstances in the backend. From the documentation I understand I can use
> a capture slot for that. This is what I tried in my stripped down config
> file:
>
> ...
> frontend fe_http
>   bind 192.168.1.3:80
>   declare capture request len 32
>   default_backend be_api
>
> backend be_api
>   balance leastconn
>   option httplog
>   # this would have ACLs in the real use case
>   http-request add-header  X-CD-Operation Upload
>   http-request capture hdr(X-CD-Operation) id 0
>
>   server api01 api01:8081
>
>
> However, when I start HAProxy (1.6.3 from the ppa:vbernat/haproxy1.6 repo),
> I get this error message:
>
> $ haproxy -d -f test.cfg
> [ALERT] 077/124109 (13586) : Proxy 'be_api': unable to find capture id '0'
> referenced by http-request capture rule.
> [ALERT] 077/124109 (13586) : Fatal errors found in configuration
>
> $ haproxy --version
> HA-Proxy version 1.6.3 2015/12/25
>
> I assume I misunderstood something thoroughly, but I am at a loss.
>
> Cheers,
> Daniel
>
>
>

http-request capture id frontend/backend not working?

2016-03-19 Thread Daniel Schneller 
Hi!

I am trying to capture an HTTP Request Header that gets added under certain 
circumstances in the backend. From the documentation I understand I can use a 
capture slot for that. This is what I tried in my stripped down config file:

...
frontend fe_http
  bind 192.168.1.3:80
  declare capture request len 32
  default_backend be_api

backend be_api
  balance leastconn
  option httplog
  # this would have ACLs in the real use case
  http-request add-header  X-CD-Operation Upload
  http-request capture hdr(X-CD-Operation) id 0

  server api01 api01:8081


However, when I start HAProxy (1.6.3 from the ppa:vbernat/haproxy1.6 repo), I 
get this error message:

$ haproxy -d -f test.cfg 
[ALERT] 077/124109 (13586) : Proxy 'be_api': unable to find capture id '0' 
referenced by http-request capture rule.
[ALERT] 077/124109 (13586) : Fatal errors found in configuration

$ haproxy --version
HA-Proxy version 1.6.3 2015/12/25

I assume I misunderstood something thoroughly, but I am at a loss.

Cheers,
Daniel

Re: http-request capture id frontend/backend not working?

2016-03-19 Thread Daniel Schneller 
Trying to understand this better, I came across 

commit 3e7d15e744d5f0137dd266efba1f317895a31273
Author: Baptiste Assmann 
Date:   Tue Nov 3 23:31:35 2015 +0100

BUG/MINOR: http rule: http capture 'id' rule points to a non existing id

It is possible to create a http capture rule which points to a capture slot
id which does not exist.

...

It applies of course to both http-request and http-response rules.
(cherry picked from commit e9544935e86278dfa3d49fb4b97b860774730625)


Which changes this piece of code in cfgparse.c

/* parse http-request capture rules to ensure id really exists */
list_for_each_entry(hrqrule, >http_req_rules, list) {
  if (hrqrule->action  != ACT_CUSTOM ||
  hrqrule->action_ptr != http_action_req_capture_by_id)
continue;
  if (hrqrule->arg.capid.idx >= curproxy->nb_req_cap) { 

Alert("Proxy '%s': unable to find capture id '%d' referenced by 
http-request capture rule.\n",
  curproxy->id, hrqrule->arg.capid.idx);
cfgerr++;
  }
}


I am not a C programmer, but to me it seems it will bail if it does find a 
referenced ID that is not declared in the current proxy entry. As my 
declaration is in the frontend, but the actual capture tries to reference it in 
the backend, they are in different proxies, making this check fail?

Daniel


> On 18.03.2016, at 13:43, Daniel Schneller  
> wrote:
> 
> Hi!
> 
> I am trying to capture an HTTP Request Header that gets added under certain 
> circumstances in the backend. From the documentation I understand I can use a 
> capture slot for that. This is what I tried in my stripped down config file:
> 
> ...
> frontend fe_http
>   bind 192.168.1.3:80
>   declare capture request len 32
>   default_backend be_api
> 
> backend be_api
>   balance leastconn
>   option httplog
>   # this would have ACLs in the real use case
>   http-request add-header  X-CD-Operation Upload
>   http-request capture hdr(X-CD-Operation) id 0
> 
>   server api01 api01:8081
> 
> 
> However, when I start HAProxy (1.6.3 from the ppa:vbernat/haproxy1.6 repo), I 
> get this error message:
> 
> $ haproxy -d -f test.cfg 
> [ALERT] 077/124109 (13586) : Proxy 'be_api': unable to find capture id '0' 
> referenced by http-request capture rule.
> [ALERT] 077/124109 (13586) : Fatal errors found in configuration
> 
> $ haproxy --version
> HA-Proxy version 1.6.3 2015/12/25
> 
> I assume I misunderstood something thoroughly, but I am at a loss.
> 
> Cheers,
> Daniel
> 
>