Re: "Success" logs in HTTP frontends
On 2022-08-19 11:50, Christian Ruppert wrote: On 2022-08-01 09:45, Christian Ruppert wrote: On 2022-07-29 13:59, William Lallemand wrote: On Fri, Jul 29, 2022 at 11:10:32AM +0200, Christopher Faulet wrote: Le 7/29/22 à 10:13, Christian Ruppert a écrit : > Hi list, > > so I noticed on my private HAProxy I have 2 of those logs within the > past ~1-2 months: > haproxy[28669]: 1.2.3.4:48596 [17/Jun/2022:13:55:18.530] public/HTTPSv4: > Success > > So that's nothing so far but still no idea what that means. > At work, of 250 mio log entries per day, there are about 600k of those > "Success" ones. > haproxy[27892]: 192.168.70.102:7904 [29/May/2022:00:13:37.316] > genfrontend_35310-foobar/3: Success > > I'm not sure what it means by "3". Is it the third bind? > > I couldn't trigger those "Success" logs by either restarting or > reloading. What is it for / where does it come from? > Hi Christian, What is your version ? At first glance, I can't find such log message in the code. It could come from a lua module. In fact, I found something. It is probably because an "embryonic" session is killed with no connection/ssl error. For instance, an SSL connection rejected because of a "tcp-request session" rule (so after the SSL handshake). The same may happen with a listener using the PROXY protocol. Regards, Could be something like that indeed, the "Success" message is the string for CO_ER_NONE in the fc_err_str fetch. (The default error string) Maybe we lack some intermediate state, or we could just change the string ? It is only the string for the handshake status so this is confusing when used as an error. Since it's that much every day I'd agree to change/improve it. If it's the connection one then I only see it in combination with SOCKS. There is no SOCKS in my config though, unless that also triggers if something does a SOCKS request on that bind anyway. I wasn't able to reproduce/trigger it that way yet. Does anybody know how to trigger that on purpose? Would be really interesting. So we have one system that does some DNAT stuff, well kind of at least, and triggers around ~700k of those "Success" logs per day. I still couldn't figure out the exact reason. The only hint I have is that it's really mostly that "DNAT" host. Some others also have some but by far not that much. On the same day, the others are all between 0 and 50. -- Regards, Christian Ruppert
Re: "Success" logs in HTTP frontends
On 2022-08-01 09:45, Christian Ruppert wrote: On 2022-07-29 13:59, William Lallemand wrote: On Fri, Jul 29, 2022 at 11:10:32AM +0200, Christopher Faulet wrote: Le 7/29/22 à 10:13, Christian Ruppert a écrit : > Hi list, > > so I noticed on my private HAProxy I have 2 of those logs within the > past ~1-2 months: > haproxy[28669]: 1.2.3.4:48596 [17/Jun/2022:13:55:18.530] public/HTTPSv4: > Success > > So that's nothing so far but still no idea what that means. > At work, of 250 mio log entries per day, there are about 600k of those > "Success" ones. > haproxy[27892]: 192.168.70.102:7904 [29/May/2022:00:13:37.316] > genfrontend_35310-foobar/3: Success > > I'm not sure what it means by "3". Is it the third bind? > > I couldn't trigger those "Success" logs by either restarting or > reloading. What is it for / where does it come from? > Hi Christian, What is your version ? At first glance, I can't find such log message in the code. It could come from a lua module. In fact, I found something. It is probably because an "embryonic" session is killed with no connection/ssl error. For instance, an SSL connection rejected because of a "tcp-request session" rule (so after the SSL handshake). The same may happen with a listener using the PROXY protocol. Regards, Could be something like that indeed, the "Success" message is the string for CO_ER_NONE in the fc_err_str fetch. (The default error string) Maybe we lack some intermediate state, or we could just change the string ? It is only the string for the handshake status so this is confusing when used as an error. Since it's that much every day I'd agree to change/improve it. If it's the connection one then I only see it in combination with SOCKS. There is no SOCKS in my config though, unless that also triggers if something does a SOCKS request on that bind anyway. I wasn't able to reproduce/trigger it that way yet. Does anybody know how to trigger that on purpose? Would be really interesting. -- Regards, Christian Ruppert
Re: "Success" logs in HTTP frontends
On Fri, Jul 29, 2022 at 11:10:32AM +0200, Christopher Faulet wrote: > Le 7/29/22 à 10:13, Christian Ruppert a écrit : > > Hi list, > > > > so I noticed on my private HAProxy I have 2 of those logs within the > > past ~1-2 months: > > haproxy[28669]: 1.2.3.4:48596 [17/Jun/2022:13:55:18.530] public/HTTPSv4: > > Success > > > > So that's nothing so far but still no idea what that means. > > At work, of 250 mio log entries per day, there are about 600k of those > > "Success" ones. > > haproxy[27892]: 192.168.70.102:7904 [29/May/2022:00:13:37.316] > > genfrontend_35310-foobar/3: Success > > > > I'm not sure what it means by "3". Is it the third bind? > > > > I couldn't trigger those "Success" logs by either restarting or > > reloading. What is it for / where does it come from? > > > > Hi Christian, > > What is your version ? At first glance, I can't find such log message in the > code. It could come from a lua module. > > In fact, I found something. It is probably because an "embryonic" session is > killed with no connection/ssl error. For instance, an SSL connection rejected > because of a "tcp-request session" rule (so after the SSL handshake). The > same > may happen with a listener using the PROXY protocol. > > Regards, Could be something like that indeed, the "Success" message is the string for CO_ER_NONE in the fc_err_str fetch. (The default error string) Maybe we lack some intermediate state, or we could just change the string ? It is only the string for the handshake status so this is confusing when used as an error. -- William Lallemand
Re: "Success" logs in HTTP frontends
Le 7/29/22 à 11:21, Tim Düsterhus a écrit : Hi On 7/29/22 11:10, Christopher Faulet wrote: What is your version ? At first glance, I can't find such log message in the code. It could come from a lua module. I'm seeing the same for both 2.4.x and 2.6.x. Christian and I had a short chat about this in IRC. In fact, I found something. It is probably because an "embryonic" session is killed with no connection/ssl error. For instance, an SSL connection rejected because of a "tcp-request session" rule (so after the SSL handshake). The same may happen with a listener using the PROXY protocol. On one of the machines I'm seeing it, we neither have 'tcp-' rules, nor do we use PROXY protocol: Well, it may have several reason to kill an embryonic session with no error. a reject at the session level is one of them. Probably the most common. It may also be an error when we try to install the client mux. The configuration may help in this case. I don't know if it is possible to have an handshake failure without setting any error. However, at first glance, the error is always set in this case. Of course, it may be a bug. If not, such messages can be removed by setting "dontlognull" option. -- Christopher Faulet
Re: "Success" logs in HTTP frontends
Hi On 7/29/22 11:10, Christopher Faulet wrote: What is your version ? At first glance, I can't find such log message in the code. It could come from a lua module. I'm seeing the same for both 2.4.x and 2.6.x. Christian and I had a short chat about this in IRC. In fact, I found something. It is probably because an "embryonic" session is killed with no connection/ssl error. For instance, an SSL connection rejected because of a "tcp-request session" rule (so after the SSL handshake). The same may happen with a listener using the PROXY protocol. On one of the machines I'm seeing it, we neither have 'tcp-' rules, nor do we use PROXY protocol: $ cat /etc/haproxy/haproxy.cfg |grep proxy |grep -v /etc/haproxy chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners user haproxy group haproxy $ cat /etc/haproxy/haproxy.cfg |grep tcp- > $ Best regards Tim Düsterhus
Re: "Success" logs in HTTP frontends
Le 7/29/22 à 10:13, Christian Ruppert a écrit : Hi list, so I noticed on my private HAProxy I have 2 of those logs within the past ~1-2 months: haproxy[28669]: 1.2.3.4:48596 [17/Jun/2022:13:55:18.530] public/HTTPSv4: Success So that's nothing so far but still no idea what that means. At work, of 250 mio log entries per day, there are about 600k of those "Success" ones. haproxy[27892]: 192.168.70.102:7904 [29/May/2022:00:13:37.316] genfrontend_35310-foobar/3: Success I'm not sure what it means by "3". Is it the third bind? I couldn't trigger those "Success" logs by either restarting or reloading. What is it for / where does it come from? Hi Christian, What is your version ? At first glance, I can't find such log message in the code. It could come from a lua module. In fact, I found something. It is probably because an "embryonic" session is killed with no connection/ssl error. For instance, an SSL connection rejected because of a "tcp-request session" rule (so after the SSL handshake). The same may happen with a listener using the PROXY protocol. Regards, -- Christopher Faulet