[PATCH 0/1] Re: BUG: LUA txn:get_priv() scoped to connection, not transaction
Hi attached comes a reg-test that can be used to verify that the behaviour that Patrick described actually exists. I cannot comment on whether txn:get_priv() is working correctly or not, this is up to you. The test only checks that the value is reset for the second request. Best regards Tim Düsterhus Tim Duesterhus (1): TMP: Add reg-test to check scoping of txn:get_priv() reg-tests/lua/h1.lua | 15 +++ reg-tests/lua/h1.vtc | 36 2 files changed, 51 insertions(+) create mode 100644 reg-tests/lua/h1.lua create mode 100644 reg-tests/lua/h1.vtc -- 2.18.0
Re: BUG: LUA txn:get_priv() scoped to connection, not transaction
On 2018/8/22 05:16, Thierry Fournier wrote:
> Hi Patrick,
>
> Could you retry adding the keyword “local” before data. Unfortunately,
> by default, Lua variables are global.
>
Makes no difference, still get the same result. I don't think it would
do anything anyway as the `txn:get_priv()` will still return a value,
even if nil, and overwrite whatever is in a previous definition.
>
>> core.register_action("test", { "http-req" }, function(txn)
>> *local*data = txn:get_priv()
>> if not data then
>> data = 0
>> end
>> data = data + 1
>> print(string.format("set to %d", data))
>> txn:set_priv(data)
>> end)
>
> BR,
> Thierry
>
>
>> On 22 Aug 2018, at 05:57, Patrick Hemmer > > wrote:
>>
>> There is a bug in the current stable haproxy (1.8.13) where the LUA
>> function txn:get_priv() is returning data stored from other
>> transactions. This was discovered as we have code that triggers on
>> certain requests, and it was triggering on requests it should not
>> have been.
>>
>> You can reproduce with this config:
>> global
>> lua-load haproxy.lua
>>
>> defaults
>> mode http
>>
>> frontend f1
>> bind :8000
>> default_backend b1
>> http-request lua.test
>>
>> backend b1
>> http-request use-service lua.fakeserv
>>
>> And this lua file:
>> core.register_action("test", { "http-req" }, function(txn)
>> data = txn:get_priv()
>> if not data then
>> data = 0
>> end
>> data = data + 1
>> print(string.format("set to %d", data))
>> txn:set_priv(data)
>> end)
>>
>> core.register_service("fakeserv", "http", function(applet)
>> applet:set_status(200)
>> applet:start_response()
>> end)
>>
>> And this curl command:
>> curl http://localhost:8000 http://localhost:8000
>>
>> Which provides this output:
>> set to 1
>> set to 2
>>
>>
>>
>> Version information:
>> HA-Proxy version 1.8.13 2018/07/30
>> Copyright 2000-2018 Willy Tarreau
>>
>> Build options :
>> TARGET = osx
>> CPU = generic
>> CC = gcc
>> CFLAGS = -O0 -g -fno-strict-aliasing
>> -Wdeclaration-after-statement -fwrapv -fno-strict-overflow
>> -Wno-address-of-packed-member -Wno-null-dereference -Wno-unused-label
>> OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1
>>
>> Default settings :
>> maxconn = 2000, bufsize = 16384, maxrewrite = 1024,
>> maxpollevents = 200
>>
>> Built with OpenSSL version : OpenSSL 1.1.0h 27 Mar 2018
>> Running on OpenSSL version : OpenSSL 1.1.0h 27 Mar 2018
>> OpenSSL library supports TLS extensions : yes
>> OpenSSL library supports SNI : yes
>> OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
>> Built with Lua version : Lua 5.3.4
>> Built with transparent proxy support using:
>> Encrypted password support via crypt(3): yes
>> Built with PCRE version : 8.42 2018-03-20
>> Running on PCRE version : 8.42 2018-03-20
>> PCRE library supports JIT : no (USE_PCRE_JIT not set)
>> Built with zlib version : 1.2.11
>> Running on zlib version : 1.2.11
>> Compression algorithms supported : identity("identity"),
>> deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
>> Built with network namespace support.
>>
>> Available polling systems :
>> kqueue : pref=300, test result OK
>> poll : pref=200, test result OK
>> select : pref=150, test result OK
>> Total: 3 (3 usable), will use kqueue.
>>
>> Available filters :
>> [SPOE] spoe
>> [COMP] compression
>> [TRACE] trace
>>
>>
>> -Patrick
>
Re: BUG: LUA txn:get_priv() scoped to connection, not transaction
Hi Patrick,
Could you retry adding the keyword “local” before data. Unfortunately, by
default, Lua variables are global.
> core.register_action("test", { "http-req" }, function(txn)
> local data = txn:get_priv()
> if not data then
> data = 0
> end
> data = data + 1
> print(string.format("set to %d", data))
> txn:set_priv(data)
> end)
BR,
Thierry
> On 22 Aug 2018, at 05:57, Patrick Hemmer wrote:
>
> There is a bug in the current stable haproxy (1.8.13) where the LUA function
> txn:get_priv() is returning data stored from other transactions. This was
> discovered as we have code that triggers on certain requests, and it was
> triggering on requests it should not have been.
>
> You can reproduce with this config:
> global
> lua-load haproxy.lua
>
> defaults
> mode http
>
> frontend f1
> bind :8000
> default_backend b1
> http-request lua.test
>
> backend b1
> http-request use-service lua.fakeserv
>
> And this lua file:
> core.register_action("test", { "http-req" }, function(txn)
> data = txn:get_priv()
> if not data then
> data = 0
> end
> data = data + 1
> print(string.format("set to %d", data))
> txn:set_priv(data)
> end)
>
> core.register_service("fakeserv", "http", function(applet)
> applet:set_status(200)
> applet:start_response()
> end)
>
> And this curl command:
> curl http://localhost:8000
>
> Build options :
> TARGET = osx
> CPU = generic
> CC = gcc
> CFLAGS = -O0 -g -fno-strict-aliasing -Wdeclaration-after-statement
> -fwrapv -fno-strict-overflow -Wno-address-of-packed-member
> -Wno-null-dereference -Wno-unused-label
> OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1
>
> Default settings :
> maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents =
> 200
>
> Built with OpenSSL version : OpenSSL 1.1.0h 27 Mar 2018
> Running on OpenSSL version : OpenSSL 1.1.0h 27 Mar 2018
> OpenSSL library supports TLS extensions : yes
> OpenSSL library supports SNI : yes
> OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
> Built with Lua version : Lua 5.3.4
> Built with transparent proxy support using:
> Encrypted password support via crypt(3): yes
> Built with PCRE version : 8.42 2018-03-20
> Running on PCRE version : 8.42 2018-03-20
> PCRE library supports JIT : no (USE_PCRE_JIT not set)
> Built with zlib version : 1.2.11
> Running on zlib version : 1.2.11
> Compression algorithms supported : identity("identity"),
> deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
> Built with network namespace support.
>
> Available polling systems :
> kqueue : pref=300, test result OK
> poll : pref=200, test result OK
> select : pref=150, test result OK
> Total: 3 (3 usable), will use kqueue.
>
> Available filters :
> [SPOE] spoe
> [COMP] compression
> [TRACE] trace
>
>
> -Patrick
Re: BUG: LUA txn:get_priv() scoped to connection, not transaction
CCing Thierry.
On Tue, Aug 21, 2018 at 11:57:52PM -0400, Patrick Hemmer wrote:
> There is a bug in the current stable haproxy (1.8.13) where the LUA
> function txn:get_priv() is returning data stored from other
> transactions. This was discovered as we have code that triggers on
> certain requests, and it was triggering on requests it should not have been.
>
> You can reproduce with this config:
> global
> lua-load haproxy.lua
>
> defaults
> mode http
>
> frontend f1
> bind :8000
> default_backend b1
> http-request lua.test
>
> backend b1
> http-request use-service lua.fakeserv
>
> And this lua file:
> core.register_action("test", { "http-req" }, function(txn)
> data = txn:get_priv()
> if not data then
> data = 0
> end
> data = data + 1
> print(string.format("set to %d", data))
> txn:set_priv(data)
> end)
>
> core.register_service("fakeserv", "http", function(applet)
> applet:set_status(200)
> applet:start_response()
> end)
>
> And this curl command:
> curl http://localhost:8000 http://localhost:8000
>
> Which provides this output:
> set to 1
> set to 2
>
>
>
> Version information:
> HA-Proxy version 1.8.13 2018/07/30
> Copyright 2000-2018 Willy Tarreau
>
> Build options :
> TARGET = osx
> CPU = generic
> CC = gcc
> CFLAGS = -O0 -g -fno-strict-aliasing
> -Wdeclaration-after-statement -fwrapv -fno-strict-overflow
> -Wno-address-of-packed-member -Wno-null-dereference -Wno-unused-label
> OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1
>
> Default settings :
> maxconn = 2000, bufsize = 16384, maxrewrite = 1024,
> maxpollevents = 200
>
> Built with OpenSSL version : OpenSSL 1.1.0h 27 Mar 2018
> Running on OpenSSL version : OpenSSL 1.1.0h 27 Mar 2018
> OpenSSL library supports TLS extensions : yes
> OpenSSL library supports SNI : yes
> OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
> Built with Lua version : Lua 5.3.4
> Built with transparent proxy support using:
> Encrypted password support via crypt(3): yes
> Built with PCRE version : 8.42 2018-03-20
> Running on PCRE version : 8.42 2018-03-20
> PCRE library supports JIT : no (USE_PCRE_JIT not set)
> Built with zlib version : 1.2.11
> Running on zlib version : 1.2.11
> Compression algorithms supported : identity("identity"),
> deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
> Built with network namespace support.
>
> Available polling systems :
> kqueue : pref=300, test result OK
> poll : pref=200, test result OK
> select : pref=150, test result OK
> Total: 3 (3 usable), will use kqueue.
>
> Available filters :
> [SPOE] spoe
> [COMP] compression
> [TRACE] trace
>
>
> -Patrick
BUG: LUA txn:get_priv() scoped to connection, not transaction
There is a bug in the current stable haproxy (1.8.13) where the LUA
function txn:get_priv() is returning data stored from other
transactions. This was discovered as we have code that triggers on
certain requests, and it was triggering on requests it should not have been.
You can reproduce with this config:
global
lua-load haproxy.lua
defaults
mode http
frontend f1
bind :8000
default_backend b1
http-request lua.test
backend b1
http-request use-service lua.fakeserv
And this lua file:
core.register_action("test", { "http-req" }, function(txn)
data = txn:get_priv()
if not data then
data = 0
end
data = data + 1
print(string.format("set to %d", data))
txn:set_priv(data)
end)
core.register_service("fakeserv", "http", function(applet)
applet:set_status(200)
applet:start_response()
end)
And this curl command:
curl http://localhost:8000 http://localhost:8000
Which provides this output:
set to 1
set to 2
Version information:
HA-Proxy version 1.8.13 2018/07/30
Copyright 2000-2018 Willy Tarreau
Build options :
TARGET = osx
CPU = generic
CC = gcc
CFLAGS = -O0 -g -fno-strict-aliasing
-Wdeclaration-after-statement -fwrapv -fno-strict-overflow
-Wno-address-of-packed-member -Wno-null-dereference -Wno-unused-label
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024,
maxpollevents = 200
Built with OpenSSL version : OpenSSL 1.1.0h 27 Mar 2018
Running on OpenSSL version : OpenSSL 1.1.0h 27 Mar 2018
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.4
Built with transparent proxy support using:
Encrypted password support via crypt(3): yes
Built with PCRE version : 8.42 2018-03-20
Running on PCRE version : 8.42 2018-03-20
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with zlib version : 1.2.11
Running on zlib version : 1.2.11
Compression algorithms supported : identity("identity"),
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with network namespace support.
Available polling systems :
kqueue : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use kqueue.
Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace
-Patrick
