[PATCH] DOC: typo: fix sc-set-gpt references
Only sc-inc-gpc and sc-set-gpt do exist. The mix-up sc-inc-gpt crept in in 71d189219 (DOC: config: Rework and uniformize how TCP/HTTP rules are documented, 2021-10-14) and got copied in a92480462 (MINOR: http-rules: Add missing actions in http-after-response ruleset, 2023-01-05). --- doc/configuration.txt | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index fa0f00927..8829c1faa 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -6287,7 +6287,7 @@ http-after-response sc-set-gpt0() { | } These actions set the 32-bit unsigned General Purpose Tags according to the sticky counter designated by . Please refer to "http-request - sc-inc-gpt" and "http-request sc-inc-gpt0" for a complete description. + sc-set-gpt" and "http-request sc-set-gpt0" for a complete description. http-after-response set-log-level [ { if | unless } ] @@ -8329,7 +8329,7 @@ http-response sc-set-gpt0() { | } These actions set the 32-bit unsigned General Purpose Tags according to the sticky counter designated by . Please refer to "http-request - sc-inc-gpt" and "http-request sc-inc-gpt0" for a complete description. + sc-set-gpt" and "http-request sc-set-gpt0" for a complete description. http-response send-spoe-group [ { if | unless } ] @@ -13315,7 +13315,7 @@ tcp-request connection sc-set-gpt0() { | } These actions set the 32-bit unsigned General Purpose Tags according to the sticky counter designated by . Please refer to "http-request - sc-inc-gpt" and "http-request sc-inc-gpt0" for a complete description. + sc-set-gpt" and "http-request sc-set-gpt0" for a complete description. tcp-request connection set-dst [ { if | unless } ] tcp-request connection set-dst-port [ { if | unless } ] @@ -13612,7 +13612,7 @@ tcp-request content sc-set-gpt0() { | } These actions set the 32-bit unsigned General Purpose Tags according to the sticky counter designated by . Please refer to "http-request - sc-inc-gpt" and "http-request sc-inc-gpt0" for a complete description. + sc-set-gpt" and "http-request sc-set-gpt0" for a complete description. tcp-request content send-spoe-group [ { if | unless } ] @@ -13914,7 +13914,7 @@ tcp-request session sc-set-gpt0() { | } These actions set the 32-bit unsigned General Purpose Tags according to the sticky counter designated by . Please refer to "tcp-request connection - sc-inc-gpt" and "tcp-request connection sc-inc-gpt0" for a complete + sc-set-gpt" and "tcp-request connection sc-set-gpt0" for a complete description. tcp-request session set-dst [ { if | unless } ] @@ -14083,7 +14083,7 @@ tcp-resposne content sc-set-gpt0() { | } These actions set the 32-bit unsigned General Purpose Tags according to the sticky counter designated by . Please refer to "http-request - sc-inc-gpt" and "http-request sc-inc-gpt0" for a complete description. + sc-set-gpt" and "http-request sc-set-gpt0" for a complete description. tcp-response content send-spoe-group [ { if | unless } ] -- 2.34.1
Re: sc-set-gpt with expression: internal error, unexpected rule->from=0, please report this bug!
On 8/9/23 17:53, Aurelien DARRAGON wrote: >> "http-request sc-set-gpt" does work, so does "tcp-request session". I.e. >> the bug seems to depend on "tcp-request connection". >> > > Indeed, according to both doc and code, sc-set-gpt and sc-set-gpt0 are > available from: > > - tcp-request session > - tcp-request content > - tcp-response content > - http-request > - http-response > - http-after-response > > But, according to the doc, they are also available from: > - tcp-request connection > > But the switch-cases in parse_set_gpt(), action_set_gpt(), and > action_set_gpt0() from stick_table.c don't allow this case, so it looks > like it was forgotten indeed when the expr support was added for > sc-set-gpt0 in 0d7712dff0 ("MINOR: stick-table: allow sc-set-gpt0 to set > value from an expression"). > > We have the same issue for the sc-add-gpc action which was greatly > inspired from set-gpt, where the switch cases defined in parse_add_gpc() > and action_add_gpc() from stick_table.c don't allow tcp-request > connection as origin. > > Please find the attached patches that should help solve the above issues. Thanks. With those patches "tcp-request connection" does work as well, even with setting session variables. Johannes
Re: sc-set-gpt with expression: internal error, unexpected rule->from=0, please report this bug!
Hi Willy, On 8/9/23 13:48, Willy Tarreau wrote: > Hi Johannes, > > On Wed, Aug 09, 2023 at 01:02:29PM +0200, Johannes Naab wrote: >> Hi, >> >> I'm trying to use a stick table with general purpose tags (gpt) to do longer >> term (beyond the window itself) maximum connection rate tracking: >> - stick table with conn_rate and one gpt >> - update/set gpt0 if the current conn_rate is greater than what is stored in >> the gpt. >> >> But I have trouble setting the gpt even from a trivial sample expression, >> erroring during config parsing with `internal error, unexpected rule->from=0, >> please report this bug!`. > > At first glance I can't find a reason why your config would not work, > so you've definitely discovered a bug. > > I have no idea what causes it at the moment. A few things you could try, > in any order, to help locate the bug: > > - check if it accepts it using "http-request sc-set-gpt" instead of > "tcp-request connection" so that we know if it's related to the ruleset > or something else ; > Thanks, that seems to narrow the problem down. "http-request sc-set-gpt" does work, so does "tcp-request session". I.e. the bug seems to depend on "tcp-request connection". "session" works for me, for setting session variables it might even be necessary, but those might be avoidable by setting the conditional directly. (But not trivially since "sub()" only takes values or variables but not fetches and "-m int gt " only seem to takes direct values). "tcp-request connection" state could be helpful to avoid TLS handshakes. > - please also try sc0-set-gpt(0) instead of sc-set-gpt(0,0), maybe there > is something wrong in the latter's parser. > That does not seem to make any difference. > - does your other test with "int(1)" as the expression also fail or did > it work ? If it did work, maybe forcing a cat to integer on the variable > using "var(proc.baz),add(0)" could work. > Any expression fails in "tcp-request connection", even the more trivial "int(1)", "var(proc.baz),add(0)" does fail as well. > In any case some feedback on these points could be useful. The last two > ones would be safe workarounds if they work. > > For completeness a running/working config for tracking the max conn_rate (https://xkcd.com/979/): ``` frontend foo bind :::8080 v4v6 default_backend bar tcp-request connection track-sc0 src table stick1 ## track max conn_rate tcp-request session set-var(sess.prev_conn_rate) sc_get_gpt(0,0,stick1) tcp-request session set-var(sess.cur_conn_rate) sc_conn_rate(0,stick1) tcp-request session sc-set-gpt(0,0) var(sess.cur_conn_rate) if { var(sess.cur_conn_rate),sub(sess.prev_conn_rate) -m int gt 0 } http-response set-header cur-conn-rate %[var(sess.cur_conn_rate)] http-response set-header prev-conn-rate %[var(sess.prev_conn_rate)] backend stick1 stick-table type ipv6 size 1m expire 1h store conn_rate(10s),gpt(1) ``` Thanks! Johannes >> Config, output, and haproxy -vv below. >> >> Should this work, or do I misunderstand what sc-set-gpt can achieve? > > For me it should work, and if there's a corner case that makes it > impossible with your config, I'm not seeing it and we should report it > in a much more user-friendly way! > > Thanks! > Willy >
sc-set-gpt with expression: internal error, unexpected rule->from=0, please report this bug!
Hi, I'm trying to use a stick table with general purpose tags (gpt) to do longer term (beyond the window itself) maximum connection rate tracking: - stick table with conn_rate and one gpt - update/set gpt0 if the current conn_rate is greater than what is stored in the gpt. But I have trouble setting the gpt even from a trivial sample expression, erroring during config parsing with `internal error, unexpected rule->from=0, please report this bug!`. Config, output, and haproxy -vv below. Should this work, or do I misunderstand what sc-set-gpt can achieve? Best regards, Johannes config ``` global log stdout format raw local0 stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s set-var proc.baz int(3) defaults log global modehttp timeout connect 5000 timeout client 5 timeout server 5 frontend foo bind :::8080 v4v6 default_backend bar tcp-request connection track-sc0 src table stick1 tcp-request connection sc-set-gpt(0,0) var(proc.baz) # tcp-request connection sc-set-gpt(0,0) int(1) http-response set-header conn-rate %[sc_get_gpt(0,0,stick1)] ## track max conn_rate #tcp-request connection set-var(sess.prev_conn_rate) sc_get_gpt(0,0,stick1) #tcp-request connection set-var(sess.cur_conn_rate) sc_conn_rate(0,stick1) #tcp-request connection sc-set-gpt(0,0) var(sess.cur_conn_rate) if { var(sess.cur_conn_rate),sub(sess.prev_conn_rate) -m int gt 0 } backend bar server localhost 127.0.0.1:80 backend stick1 stick-table type ipv6 size 1m expire 1h store conn_rate(10s),gpt(1) ``` error ``` # ./haproxy -f ~/haproxy.cfg [NOTICE] (139304) : haproxy version is 2.9-dev2-227317-63 [NOTICE] (139304) : path to executable is ./haproxy [ALERT](139304) : config : parsing [/root/haproxy.cfg:19] : internal error, unexpected rule->from=0, please report this bug! [ALERT](139304) : config : Error(s) found in configuration file : /root/haproxy.cfg [ALERT](139304) : config : Fatal errors found in configuration. ``` `haproxy -vv` (initally on 2.6, but it still occurs in recent git) ``` HAProxy version 2.9-dev2-227317-63 2023/08/09 - https://haproxy.org/ Status: development branch - not safe for use in production. Known bugs: https://github.com/haproxy/haproxy/issues?q=is:issue+is:open Running on: Linux 5.15.0-73-generic #80-Ubuntu SMP Mon May 15 15:18:26 UTC 2023 x86_64 Build options : TARGET = linux-glibc CPU = generic CC = cc CFLAGS = -O2 -g -Wall -Wextra -Wundef -Wdeclaration-after-statement -Wfatal-errors -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference -fwrapv -Wno-address-of-packed-member -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wno-cast-function-type -Wno-string-plus-int -Wno-atomic-alignment OPTIONS = USE_OPENSSL=1 USE_SYSTEMD=1 USE_PCRE=1 DEBUG = -DDEBUG_STRICT -DDEBUG_MEMORY_POOLS Feature list : -51DEGREES +ACCEPT4 +BACKTRACE -CLOSEFROM +CPU_AFFINITY +CRYPT_H -DEVICEATLAS +DL -ENGINE +EPOLL -EVPORTS +GETADDRINFO -KQUEUE -LIBATOMIC +LIBCRYPT +LINUX_SPLICE +LINUX_TPROXY -LUA -MATH -MEMORY_PROFILING +NETFILTER +NS -OBSOLETE_LINKER +OPENSSL -OPENSSL_WOLFSSL -OT +PCRE -PCRE2 -PCRE2_JIT -PCRE_JIT +POLL +PRCTL -PROCCTL -PROMEX -PTHREAD_EMULATION -QUIC -QUIC_OPENSSL_COMPAT +RT +SHM_OPEN +SLZ +SSL -STATIC_PCRE -STATIC_PCRE2 +SYSTEMD +TFO +THREAD +THREAD_DUMP +TPROXY -WURFL -ZLIB Default settings : bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with multi-threading support (MAX_TGROUPS=16, MAX_THREADS=256, default=2). Built with OpenSSL version : OpenSSL 3.0.2 15 Mar 2022 Running on OpenSSL version : OpenSSL 3.0.2 15 Mar 2022 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 OpenSSL providers loaded : default Built with network namespace support. Built with libslz for stateless compression. Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with PCRE version : 8.39 2016-06-14 Running on PCRE version : 8.39 2016-06-14 PCRE library supports JIT : no (USE_PCRE_JIT not set) Encrypted password support via crypt(3): yes Built with gcc compiler version 11.4.0 Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available multiplexer protocols : (protocols marked as cannot be specified using 'proto' keyword) h2 : mode=HTTP side=FE|BE mux=H2flags=HTX|HOL_RISK|NO_UPG fcgi : mode=HTTP side=BE mux=FCGI flags=HTX|HOL_RISK|NO_UPG :