Coverage Report

Created: 2024-02-11 06:18

/src/haproxy/src/cfgparse.c
<
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Configuration parser
3
 *
4
 * Copyright 2000-2011 Willy Tarreau <w@1wt.eu>
5
 *
6
 * This program is free software; you can redistribute it and/or
7
 * modify it under the terms of the GNU General Public License
8
 * as published by the Free Software Foundation; either version
9
 * 2 of the License, or (at your option) any later version.
10
 *
11
 */
12
13
/* This is to have crypt() and sched_setaffinity() defined on Linux */
14
#define _GNU_SOURCE
15
16
#ifdef USE_LIBCRYPT
17
#ifdef USE_CRYPT_H
18
/* some platforms such as Solaris need this */
19
#include <crypt.h>
20
#endif
21
#endif /* USE_LIBCRYPT */
22
23
#include <dirent.h>
24
#include <stdio.h>
25
#include <stdlib.h>
26
#include <string.h>
27
#include <netdb.h>
28
#include <ctype.h>
29
#include <pwd.h>
30
#include <grp.h>
31
#include <errno.h>
32
#ifdef USE_CPU_AFFINITY
33
#include <sched.h>
34
#endif
35
#include <sys/types.h>
36
#include <sys/stat.h>
37
#include <unistd.h>
38
39
#include <haproxy/acl.h>
40
#include <haproxy/action.h>
41
#include <haproxy/api.h>
42
#include <haproxy/arg.h>
43
#include <haproxy/auth.h>
44
#include <haproxy/backend.h>
45
#include <haproxy/capture.h>
46
#include <haproxy/cfgcond.h>
47
#include <haproxy/cfgparse.h>
48
#include <haproxy/channel.h>
49
#include <haproxy/check.h>
50
#include <haproxy/chunk.h>
51
#include <haproxy/clock.h>
52
#ifdef USE_CPU_AFFINITY
53
#include <haproxy/cpuset.h>
54
#endif
55
#include <haproxy/connection.h>
56
#include <haproxy/errors.h>
57
#include <haproxy/filters.h>
58
#include <haproxy/frontend.h>
59
#include <haproxy/global.h>
60
#include <haproxy/http_ana.h>
61
#include <haproxy/http_rules.h>
62
#include <haproxy/lb_chash.h>
63
#include <haproxy/lb_fas.h>
64
#include <haproxy/lb_fwlc.h>
65
#include <haproxy/lb_fwrr.h>
66
#include <haproxy/lb_map.h>
67
#include <haproxy/listener.h>
68
#include <haproxy/log.h>
69
#include <haproxy/sink.h>
70
#include <haproxy/mailers.h>
71
#include <haproxy/namespace.h>
72
#include <haproxy/quic_sock.h>
73
#include <haproxy/obj_type-t.h>
74
#include <haproxy/openssl-compat.h>
75
#include <haproxy/peers-t.h>
76
#include <haproxy/peers.h>
77
#include <haproxy/pool.h>
78
#include <haproxy/protocol.h>
79
#include <haproxy/proxy.h>
80
#include <haproxy/resolvers.h>
81
#include <haproxy/sample.h>
82
#include <haproxy/server.h>
83
#include <haproxy/session.h>
84
#include <haproxy/stats-t.h>
85
#include <haproxy/stick_table.h>
86
#include <haproxy/stream.h>
87
#include <haproxy/task.h>
88
#include <haproxy/tcp_rules.h>
89
#include <haproxy/tcpcheck.h>
90
#include <haproxy/thread.h>
91
#include <haproxy/tools.h>
92
#include <haproxy/uri_auth-t.h>
93
94
95
/* Used to chain configuration sections definitions. This list
96
 * stores struct cfg_section
97
 */
98
struct list sections = LIST_HEAD_INIT(sections);
99
100
struct list postparsers = LIST_HEAD_INIT(postparsers);
101
102
extern struct proxy *mworker_proxy;
103
104
/* curproxy is only valid during parsing and will be NULL afterwards. */
105
struct proxy *curproxy = NULL;
106
107
char *cursection = NULL;
108
int cfg_maxpconn = 0;                   /* # of simultaneous connections per proxy (-N) */
109
int cfg_maxconn = 0;      /* # of simultaneous connections, (-n) */
110
char *cfg_scope = NULL;                 /* the current scope during the configuration parsing */
111
int non_global_section_parsed = 0;
112
113
/* how to handle default paths */
114
static enum default_path_mode {
115
  DEFAULT_PATH_CURRENT = 0,  /* "current": paths are relative to CWD (this is the default) */
116
  DEFAULT_PATH_CONFIG,       /* "config": paths are relative to config file */
117
  DEFAULT_PATH_PARENT,       /* "parent": paths are relative to config file's ".." */
118
  DEFAULT_PATH_ORIGIN,       /* "origin": paths are relative to default_path_origin */
119
} default_path_mode;
120
121
static char initial_cwd[PATH_MAX];
122
static char current_cwd[PATH_MAX];
123
124
/* List head of all known configuration keywords */
125
struct cfg_kw_list cfg_keywords = {
126
  .list = LIST_HEAD_INIT(cfg_keywords.list)
127
};
128
129
/*
130
 * converts <str> to a list of listeners which are dynamically allocated.
131
 * The format is "{addr|'*'}:port[-end][,{addr|'*'}:port[-end]]*", where :
132
 *  - <addr> can be empty or "*" to indicate INADDR_ANY ;
133
 *  - <port> is a numerical port from 1 to 65535 ;
134
 *  - <end> indicates to use the range from <port> to <end> instead (inclusive).
135
 * This can be repeated as many times as necessary, separated by a coma.
136
 * Function returns 1 for success or 0 if error. In case of errors, if <err> is
137
 * not NULL, it must be a valid pointer to either NULL or a freeable area that
138
 * will be replaced with an error message.
139
 */
140
int str2listener(char *str, struct proxy *curproxy, struct bind_conf *bind_conf, const char *file, int line, char **err)
141
0
{
142
0
  struct protocol *proto;
143
0
  char *next, *dupstr;
144
0
  int port, end;
145
146
0
  next = dupstr = strdup(str);
147
148
0
  while (next && *next) {
149
0
    struct sockaddr_storage *ss2;
150
0
    int fd = -1;
151
152
0
    str = next;
153
    /* 1) look for the end of the first address */
154
0
    if ((next = strchr(str, ',')) != NULL) {
155
0
      *next++ = 0;
156
0
    }
157
158
0
    ss2 = str2sa_range(str, NULL, &port, &end, &fd, &proto, NULL, err,
159
0
                       (curproxy == global.cli_fe || curproxy == mworker_proxy) ? NULL : global.unix_bind.prefix,
160
0
                       NULL, PA_O_RESOLVE | PA_O_PORT_OK | PA_O_PORT_MAND | PA_O_PORT_RANGE |
161
0
                              PA_O_SOCKET_FD | PA_O_STREAM | PA_O_XPRT);
162
0
    if (!ss2)
163
0
      goto fail;
164
165
0
    if (ss2->ss_family == AF_CUST_RHTTP_SRV) {
166
      /* Check if a previous non reverse HTTP present is
167
       * already defined. If DGRAM or STREAM is set, this
168
       * indicates that we are currently parsing the second
169
       * or more address.
170
       */
171
0
      if (bind_conf->options & (BC_O_USE_SOCK_DGRAM|BC_O_USE_SOCK_STREAM) &&
172
0
          !(bind_conf->options & BC_O_REVERSE_HTTP)) {
173
0
        memprintf(err, "Cannot mix reverse HTTP bind with others.\n");
174
0
        goto fail;
175
0
      }
176
177
0
      bind_conf->rhttp_srvname = strdup(str + strlen("rhttp@"));
178
0
      if (!bind_conf->rhttp_srvname) {
179
0
        memprintf(err, "Cannot allocate reverse HTTP bind.\n");
180
0
        goto fail;
181
0
      }
182
183
0
      bind_conf->options |= BC_O_REVERSE_HTTP;
184
0
    }
185
0
    else if (bind_conf->options & BC_O_REVERSE_HTTP) {
186
      /* Standard address mixed with a previous reverse HTTP one. */
187
0
      memprintf(err, "Cannot mix reverse HTTP bind with others.\n");
188
0
      goto fail;
189
0
    }
190
191
    /* OK the address looks correct */
192
0
    if (proto->proto_type == PROTO_TYPE_DGRAM)
193
0
      bind_conf->options |= BC_O_USE_SOCK_DGRAM;
194
0
    else
195
0
      bind_conf->options |= BC_O_USE_SOCK_STREAM;
196
197
0
    if (proto->xprt_type == PROTO_TYPE_DGRAM)
198
0
      bind_conf->options |= BC_O_USE_XPRT_DGRAM;
199
0
    else
200
0
      bind_conf->options |= BC_O_USE_XPRT_STREAM;
201
202
0
    if (!create_listeners(bind_conf, ss2, port, end, fd, proto, err)) {
203
0
      memprintf(err, "%s for address '%s'.\n", *err, str);
204
0
      goto fail;
205
0
    }
206
0
  } /* end while(next) */
207
0
  free(dupstr);
208
0
  return 1;
209
0
 fail:
210
0
  free(dupstr);
211
0
  return 0;
212
0
}
213
214
/*
215
 * converts <str> to a list of datagram-oriented listeners which are dynamically
216
 * allocated.
217
 * The format is "{addr|'*'}:port[-end][,{addr|'*'}:port[-end]]*", where :
218
 *  - <addr> can be empty or "*" to indicate INADDR_ANY ;
219
 *  - <port> is a numerical port from 1 to 65535 ;
220
 *  - <end> indicates to use the range from <port> to <end> instead (inclusive).
221
 * This can be repeated as many times as necessary, separated by a coma.
222
 * Function returns 1 for success or 0 if error. In case of errors, if <err> is
223
 * not NULL, it must be a valid pointer to either NULL or a freeable area that
224
 * will be replaced with an error message.
225
 */
226
int str2receiver(char *str, struct proxy *curproxy, struct bind_conf *bind_conf, const char *file, int line, char **err)
227
0
{
228
0
  struct protocol *proto;
229
0
  char *next, *dupstr;
230
0
  int port, end;
231
232
0
  next = dupstr = strdup(str);
233
234
0
  while (next && *next) {
235
0
    struct sockaddr_storage *ss2;
236
0
    int fd = -1;
237
238
0
    str = next;
239
    /* 1) look for the end of the first address */
240
0
    if ((next = strchr(str, ',')) != NULL) {
241
0
      *next++ = 0;
242
0
    }
243
244
0
    ss2 = str2sa_range(str, NULL, &port, &end, &fd, &proto, NULL, err,
245
0
                       curproxy == global.cli_fe ? NULL : global.unix_bind.prefix,
246
0
                       NULL, PA_O_RESOLVE | PA_O_PORT_OK | PA_O_PORT_MAND | PA_O_PORT_RANGE |
247
0
                              PA_O_SOCKET_FD | PA_O_DGRAM | PA_O_XPRT);
248
0
    if (!ss2)
249
0
      goto fail;
250
251
    /* OK the address looks correct */
252
0
    if (!create_listeners(bind_conf, ss2, port, end, fd, proto, err)) {
253
0
      memprintf(err, "%s for address '%s'.\n", *err, str);
254
0
      goto fail;
255
0
    }
256
0
  } /* end while(next) */
257
0
  free(dupstr);
258
0
  return 1;
259
0
 fail:
260
0
  free(dupstr);
261
0
  return 0;
262
0
}
263
264
/*
265
 * Sends a warning if proxy <proxy> does not have at least one of the
266
 * capabilities in <cap>. An optional <hint> may be added at the end
267
 * of the warning to help the user. Returns 1 if a warning was emitted
268
 * or 0 if the condition is valid.
269
 */
270
int warnifnotcap(struct proxy *proxy, int cap, const char *file, int line, const char *arg, const char *hint)
271
0
{
272
0
  char *msg;
273
274
0
  switch (cap) {
275
0
  case PR_CAP_BE: msg = "no backend"; break;
276
0
  case PR_CAP_FE: msg = "no frontend"; break;
277
0
  case PR_CAP_BE|PR_CAP_FE: msg = "neither frontend nor backend"; break;
278
0
  default: msg = "not enough"; break;
279
0
  }
280
281
0
  if (!(proxy->cap & cap)) {
282
0
    ha_warning("parsing [%s:%d] : '%s' ignored because %s '%s' has %s capability.%s\n",
283
0
         file, line, arg, proxy_type_str(proxy), proxy->id, msg, hint ? hint : "");
284
0
    return 1;
285
0
  }
286
0
  return 0;
287
0
}
288
289
/*
290
 * Sends an alert if proxy <proxy> does not have at least one of the
291
 * capabilities in <cap>. An optional <hint> may be added at the end
292
 * of the alert to help the user. Returns 1 if an alert was emitted
293
 * or 0 if the condition is valid.
294
 */
295
int failifnotcap(struct proxy *proxy, int cap, const char *file, int line, const char *arg, const char *hint)
296
0
{
297
0
  char *msg;
298
299
0
  switch (cap) {
300
0
  case PR_CAP_BE: msg = "no backend"; break;
301
0
  case PR_CAP_FE: msg = "no frontend"; break;
302
0
  case PR_CAP_BE|PR_CAP_FE: msg = "neither frontend nor backend"; break;
303
0
  default: msg = "not enough"; break;
304
0
  }
305
306
0
  if (!(proxy->cap & cap)) {
307
0
    ha_alert("parsing [%s:%d] : '%s' not allowed because %s '%s' has %s capability.%s\n",
308
0
       file, line, arg, proxy_type_str(proxy), proxy->id, msg, hint ? hint : "");
309
0
    return 1;
310
0
  }
311
0
  return 0;
312
0
}
313
314
/*
315
 * Report an error in <msg> when there are too many arguments. This version is
316
 * intended to be used by keyword parsers so that the message will be included
317
 * into the general error message. The index is the current keyword in args.
318
 * Return 0 if the number of argument is correct, otherwise build a message and
319
 * return 1. Fill err_code with an ERR_ALERT and an ERR_FATAL if not null. The
320
 * message may also be null, it will simply not be produced (useful to check only).
321
 * <msg> and <err_code> are only affected on error.
322
 */
323
int too_many_args_idx(int maxarg, int index, char **args, char **msg, int *err_code)
324
0
{
325
0
  int i;
326
327
0
  if (!*args[index + maxarg + 1])
328
0
    return 0;
329
330
0
  if (msg) {
331
0
    *msg = NULL;
332
0
    memprintf(msg, "%s", args[0]);
333
0
    for (i = 1; i <= index; i++)
334
0
      memprintf(msg, "%s %s", *msg, args[i]);
335
336
0
    memprintf(msg, "'%s' cannot handle unexpected argument '%s'.", *msg, args[index + maxarg + 1]);
337
0
  }
338
0
  if (err_code)
339
0
    *err_code |= ERR_ALERT | ERR_FATAL;
340
341
0
  return 1;
342
0
}
343
344
/*
345
 * same as too_many_args_idx with a 0 index
346
 */
347
int too_many_args(int maxarg, char **args, char **msg, int *err_code)
348
0
{
349
0
  return too_many_args_idx(maxarg, 0, args, msg, err_code);
350
0
}
351
352
/*
353
 * Report a fatal Alert when there is too much arguments
354
 * The index is the current keyword in args
355
 * Return 0 if the number of argument is correct, otherwise emit an alert and return 1
356
 * Fill err_code with an ERR_ALERT and an ERR_FATAL
357
 */
358
int alertif_too_many_args_idx(int maxarg, int index, const char *file, int linenum, char **args, int *err_code)
359
0
{
360
0
  char *kw = NULL;
361
0
  int i;
362
363
0
  if (!*args[index + maxarg + 1])
364
0
    return 0;
365
366
0
  memprintf(&kw, "%s", args[0]);
367
0
  for (i = 1; i <= index; i++) {
368
0
    memprintf(&kw, "%s %s", kw, args[i]);
369
0
  }
370
371
0
  ha_alert("parsing [%s:%d] : '%s' cannot handle unexpected argument '%s'.\n", file, linenum, kw, args[index + maxarg + 1]);
372
0
  free(kw);
373
0
  *err_code |= ERR_ALERT | ERR_FATAL;
374
0
  return 1;
375
0
}
376
377
/*
378
 * same as alertif_too_many_args_idx with a 0 index
379
 */
380
int alertif_too_many_args(int maxarg, const char *file, int linenum, char **args, int *err_code)
381
0
{
382
0
  return alertif_too_many_args_idx(maxarg, 0, file, linenum, args, err_code);
383
0
}
384
385
386
/* Report it if a request ACL condition uses some keywords that are incompatible
387
 * with the place where the ACL is used. It returns either 0 or ERR_WARN so that
388
 * its result can be or'ed with err_code. Note that <cond> may be NULL and then
389
 * will be ignored.
390
 */
391
int warnif_cond_conflicts(const struct acl_cond *cond, unsigned int where, const char *file, int line)
392
0
{
393
0
  const struct acl *acl;
394
0
  const char *kw;
395
396
0
  if (!cond)
397
0
    return 0;
398
399
0
  acl = acl_cond_conflicts(cond, where);
400
0
  if (acl) {
401
0
    if (acl->name && *acl->name)
402
0
      ha_warning("parsing [%s:%d] : acl '%s' will never match because it only involves keywords that are incompatible with '%s'\n",
403
0
           file, line, acl->name, sample_ckp_names(where));
404
0
    else
405
0
      ha_warning("parsing [%s:%d] : anonymous acl will never match because it uses keyword '%s' which is incompatible with '%s'\n",
406
0
           file, line, LIST_ELEM(acl->expr.n, struct acl_expr *, list)->kw, sample_ckp_names(where));
407
0
    return ERR_WARN;
408
0
  }
409
0
  if (!acl_cond_kw_conflicts(cond, where, &acl, &kw))
410
0
    return 0;
411
412
0
  if (acl->name && *acl->name)
413
0
    ha_warning("parsing [%s:%d] : acl '%s' involves keywords '%s' which is incompatible with '%s'\n",
414
0
         file, line, acl->name, kw, sample_ckp_names(where));
415
0
  else
416
0
    ha_warning("parsing [%s:%d] : anonymous acl involves keyword '%s' which is incompatible with '%s'\n",
417
0
         file, line, kw, sample_ckp_names(where));
418
0
  return ERR_WARN;
419
0
}
420
421
/* Report it if an ACL uses a L6 sample fetch from an HTTP proxy.  It returns
422
 * either 0 or ERR_WARN so that its result can be or'ed with err_code. Note that
423
 * <cond> may be NULL and then will be ignored.
424
*/
425
int warnif_tcp_http_cond(const struct proxy *px, const struct acl_cond *cond)
426
0
{
427
0
  if (!cond || px->mode != PR_MODE_HTTP)
428
0
    return 0;
429
430
0
  if (cond->use & (SMP_USE_L6REQ|SMP_USE_L6RES)) {
431
0
    ha_warning("Proxy '%s': L6 sample fetches ignored on HTTP proxies (declared at %s:%d).\n",
432
0
         px->id, cond->file, cond->line);
433
0
    return ERR_WARN;
434
0
  }
435
0
  return 0;
436
0
}
437
438
/* try to find in <list> the word that looks closest to <word> by counting
439
 * transitions between letters, digits and other characters. Will return the
440
 * best matching word if found, otherwise NULL. An optional array of extra
441
 * words to compare may be passed in <extra>, but it must then be terminated
442
 * by a NULL entry. If unused it may be NULL.
443
 */
444
const char *cfg_find_best_match(const char *word, const struct list *list, int section, const char **extra)
445
0
{
446
0
  uint8_t word_sig[1024]; // 0..25=letter, 26=digit, 27=other, 28=begin, 29=end
447
0
  uint8_t list_sig[1024];
448
0
  const struct cfg_kw_list *kwl;
449
0
  int index;
450
0
  const char *best_ptr = NULL;
451
0
  int dist, best_dist = INT_MAX;
452
453
0
  make_word_fingerprint(word_sig, word);
454
0
  list_for_each_entry(kwl, list, list) {
455
0
    for (index = 0; kwl->kw[index].kw != NULL; index++) {
456
0
      if (kwl->kw[index].section != section)
457
0
        continue;
458
459
0
      make_word_fingerprint(list_sig, kwl->kw[index].kw);
460
0
      dist = word_fingerprint_distance(word_sig, list_sig);
461
0
      if (dist < best_dist) {
462
0
        best_dist = dist;
463
0
        best_ptr = kwl->kw[index].kw;
464
0
      }
465
0
    }
466
0
  }
467
468
0
  while (extra && *extra) {
469
0
    make_word_fingerprint(list_sig, *extra);
470
0
    dist = word_fingerprint_distance(word_sig, list_sig);
471
0
    if (dist < best_dist) {
472
0
      best_dist = dist;
473
0
      best_ptr = *extra;
474
0
    }
475
0
    extra++;
476
0
  }
477
478
0
  if (best_dist > 2 * strlen(word) || (best_ptr && best_dist > 2 * strlen(best_ptr)))
479
0
    best_ptr = NULL;
480
0
  return best_ptr;
481
0
}
482
483
/* Parse a string representing a process number or a set of processes. It must
484
 * be "all", "odd", "even", a number between 1 and <max> or a range with
485
 * two such numbers delimited by a dash ('-'). On success, it returns
486
 * 0. otherwise it returns 1 with an error message in <err>.
487
 *
488
 * Note: this function can also be used to parse a thread number or a set of
489
 * threads.
490
 */
491
int parse_process_number(const char *arg, unsigned long *proc, int max, int *autoinc, char **err)
492
0
{
493
0
  if (autoinc) {
494
0
    *autoinc = 0;
495
0
    if (strncmp(arg, "auto:", 5) == 0) {
496
0
      arg += 5;
497
0
      *autoinc = 1;
498
0
    }
499
0
  }
500
501
0
  if (strcmp(arg, "all") == 0)
502
0
    *proc |= ~0UL;
503
0
  else if (strcmp(arg, "odd") == 0)
504
0
    *proc |= ~0UL/3UL; /* 0x555....555 */
505
0
  else if (strcmp(arg, "even") == 0)
506
0
    *proc |= (~0UL/3UL) << 1; /* 0xAAA...AAA */
507
0
  else {
508
0
    const char *p, *dash = NULL;
509
0
    unsigned int low, high;
510
511
0
    for (p = arg; *p; p++) {
512
0
      if (*p == '-' && !dash)
513
0
        dash = p;
514
0
      else if (!isdigit((unsigned char)*p)) {
515
0
        memprintf(err, "'%s' is not a valid number/range.", arg);
516
0
        return -1;
517
0
      }
518
0
    }
519
520
0
    low = high = str2uic(arg);
521
0
    if (dash)
522
0
      high = ((!*(dash+1)) ? max : str2uic(dash + 1));
523
524
0
    if (high < low) {
525
0
      unsigned int swap = low;
526
0
      low  = high;
527
0
      high = swap;
528
0
    }
529
530
0
    if (low < 1 || low > max || high > max) {
531
0
      memprintf(err, "'%s' is not a valid number/range."
532
0
          " It supports numbers from 1 to %d.\n",
533
0
          arg, max);
534
0
      return 1;
535
0
    }
536
537
0
    for (;low <= high; low++)
538
0
      *proc |= 1UL << (low-1);
539
0
  }
540
0
  *proc &= ~0UL >> (LONGBITS - max);
541
542
0
  return 0;
543
0
}
544
545
/* Allocate and initialize the frontend of a "peers" section found in
546
 * file <file> at line <linenum> with <id> as ID.
547
 * Return 0 if succeeded, -1 if not.
548
 * Note that this function may be called from "default-server"
549
 * or "peer" lines.
550
 */
551
static int init_peers_frontend(const char *file, int linenum,
552
                               const char *id, struct peers *peers)
553
0
{
554
0
  struct proxy *p;
555
556
0
  if (peers->peers_fe) {
557
0
    p = peers->peers_fe;
558
0
    goto out;
559
0
  }
560
561
0
  p = calloc(1, sizeof *p);
562
0
  if (!p) {
563
0
    ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum);
564
0
    return -1;
565
0
  }
566
567
0
  init_new_proxy(p);
568
0
  peers_setup_frontend(p);
569
0
  p->parent = peers;
570
  /* Finally store this frontend. */
571
0
  peers->peers_fe = p;
572
573
0
 out:
574
0
  if (id && !p->id)
575
0
    p->id = strdup(id);
576
0
  free(p->conf.file);
577
0
  p->conf.args.file = p->conf.file = strdup(file);
578
0
  if (linenum != -1)
579
0
    p->conf.args.line = p->conf.line = linenum;
580
581
0
  return 0;
582
0
}
583
584
/* Only change ->file, ->line and ->arg struct bind_conf member values
585
 * if already present.
586
 */
587
static struct bind_conf *bind_conf_uniq_alloc(struct proxy *p,
588
                                              const char *file, int line,
589
                                              const char *arg, struct xprt_ops *xprt)
590
0
{
591
0
  struct bind_conf *bind_conf;
592
593
0
  if (!LIST_ISEMPTY(&p->conf.bind)) {
594
0
    bind_conf = LIST_ELEM((&p->conf.bind)->n, typeof(bind_conf), by_fe);
595
    /*
596
     * We keep bind_conf->file and bind_conf->line unchanged
597
     * to make them available for error messages
598
     */
599
0
    if (arg) {
600
0
      free(bind_conf->arg);
601
0
      bind_conf->arg = strdup(arg);
602
0
    }
603
0
  }
604
0
  else {
605
0
    bind_conf = bind_conf_alloc(p, file, line, arg, xprt);
606
0
  }
607
608
0
  return bind_conf;
609
0
}
610
611
/*
612
 * Allocate a new struct peer parsed at line <linenum> in file <file>
613
 * to be added to <peers>.
614
 * Returns the new allocated structure if succeeded, NULL if not.
615
 */
616
static struct peer *cfg_peers_add_peer(struct peers *peers,
617
                                       const char *file, int linenum,
618
                                       const char *id, int local)
619
0
{
620
0
  struct peer *p;
621
622
0
  p = calloc(1, sizeof *p);
623
0
  if (!p) {
624
0
    ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum);
625
0
    return NULL;
626
0
  }
627
628
  /* the peers are linked backwards first */
629
0
  peers->count++;
630
0
  p->peers = peers;
631
0
  p->next = peers->remote;
632
0
  peers->remote = p;
633
0
  p->conf.file = strdup(file);
634
0
  p->conf.line = linenum;
635
0
  p->last_change = ns_to_sec(now_ns);
636
0
  HA_SPIN_INIT(&p->lock);
637
0
  if (id)
638
0
    p->id = strdup(id);
639
0
  if (local) {
640
0
    p->local = 1;
641
0
    peers->local = p;
642
0
  }
643
644
0
  return p;
645
0
}
646
647
/*
648
 * Parse a line in a <listen>, <frontend> or <backend> section.
649
 * Returns the error code, 0 if OK, or any combination of :
650
 *  - ERR_ABORT: must abort ASAP
651
 *  - ERR_FATAL: we can continue parsing but not start the service
652
 *  - ERR_WARN: a warning has been emitted
653
 *  - ERR_ALERT: an alert has been emitted
654
 * Only the two first ones can stop processing, the two others are just
655
 * indicators.
656
 */
657
int cfg_parse_peers(const char *file, int linenum, char **args, int kwm)
658
0
{
659
0
  static struct peers *curpeers = NULL;
660
0
  static int nb_shards = 0;
661
0
  struct peer *newpeer = NULL;
662
0
  const char *err;
663
0
  struct bind_conf *bind_conf;
664
0
  int err_code = 0;
665
0
  char *errmsg = NULL;
666
0
  static int bind_line, peer_line;
667
668
0
  if (strcmp(args[0], "bind") == 0 || strcmp(args[0], "default-bind") == 0) {
669
0
    int cur_arg;
670
0
    struct bind_conf *bind_conf;
671
0
    int ret;
672
673
0
    cur_arg = 1;
674
675
0
    if (init_peers_frontend(file, linenum, NULL, curpeers) != 0) {
676
0
      err_code |= ERR_ALERT | ERR_ABORT;
677
0
      goto out;
678
0
    }
679
680
0
    bind_conf = bind_conf_uniq_alloc(curpeers->peers_fe, file, linenum,
681
0
                                     args[1], xprt_get(XPRT_RAW));
682
0
    if (!bind_conf) {
683
0
      ha_alert("parsing [%s:%d] : '%s %s' : cannot allocate memory.\n", file, linenum, args[0], args[1]);
684
0
      err_code |= ERR_FATAL;
685
0
      goto out;
686
0
    }
687
688
0
    bind_conf->maxaccept = 1;
689
0
    bind_conf->accept = session_accept_fd;
690
0
    bind_conf->options |= BC_O_UNLIMITED; /* don't make the peers subject to global limits */
691
692
0
    if (*args[0] == 'b') {
693
0
      struct listener *l;
694
695
0
      if (peer_line) {
696
0
        ha_alert("parsing [%s:%d] : mixing \"peer\" and \"bind\" line is forbidden\n", file, linenum);
697
0
        err_code |= ERR_ALERT | ERR_FATAL;
698
0
        goto out;
699
0
      }
700
701
0
      if (!LIST_ISEMPTY(&bind_conf->listeners)) {
702
0
        ha_alert("parsing [%s:%d] : One listener per \"peers\" section is authorized but another is already configured at [%s:%d].\n", file, linenum, bind_conf->file, bind_conf->line);
703
0
        err_code |= ERR_FATAL;
704
0
      }
705
706
0
      if (!str2listener(args[1], curpeers->peers_fe, bind_conf, file, linenum, &errmsg)) {
707
0
        if (errmsg && *errmsg) {
708
0
          indent_msg(&errmsg, 2);
709
0
          ha_alert("parsing [%s:%d] : '%s %s' : %s\n", file, linenum, args[0], args[1], errmsg);
710
0
        }
711
0
        else
712
0
          ha_alert("parsing [%s:%d] : '%s %s' : error encountered while parsing listening address %s.\n",
713
0
               file, linenum, args[0], args[1], args[1]);
714
0
        err_code |= ERR_FATAL;
715
0
        goto out;
716
0
      }
717
718
      /* Only one listener supported. Compare first listener
719
       * against the last one. It must be the same one.
720
       */
721
0
      if (bind_conf->listeners.n != bind_conf->listeners.p) {
722
0
        ha_alert("parsing [%s:%d] : Only one listener per \"peers\" section is authorized. Multiple listening addresses or port range are not supported.\n", file, linenum);
723
0
        err_code |= ERR_ALERT | ERR_FATAL;
724
0
        goto out;
725
0
      }
726
      /*
727
       * Newly allocated listener is at the end of the list
728
       */
729
0
      l = LIST_ELEM(bind_conf->listeners.p, typeof(l), by_bind);
730
731
0
      global.maxsock++; /* for the listening socket */
732
733
0
      bind_line = 1;
734
0
      if (cfg_peers->local) {
735
0
        newpeer = cfg_peers->local;
736
0
      }
737
0
      else {
738
        /* This peer is local.
739
         * Note that we do not set the peer ID. This latter is initialized
740
         * when parsing "peer" or "server" line.
741
         */
742
0
        newpeer = cfg_peers_add_peer(curpeers, file, linenum, NULL, 1);
743
0
        if (!newpeer) {
744
0
          err_code |= ERR_ALERT | ERR_ABORT;
745
0
          goto out;
746
0
        }
747
0
      }
748
0
      cur_arg++;
749
0
    }
750
751
0
    ret = bind_parse_args_list(bind_conf, args, cur_arg, cursection, file, linenum);
752
0
    err_code |= ret;
753
0
    if (ret != 0)
754
0
      goto out;
755
0
  }
756
0
  else if (strcmp(args[0], "default-server") == 0) {
757
0
    if (init_peers_frontend(file, -1, NULL, curpeers) != 0) {
758
0
      err_code |= ERR_ALERT | ERR_ABORT;
759
0
      goto out;
760
0
    }
761
0
    err_code |= parse_server(file, linenum, args, curpeers->peers_fe, NULL,
762
0
                             SRV_PARSE_DEFAULT_SERVER|SRV_PARSE_IN_PEER_SECTION|SRV_PARSE_INITIAL_RESOLVE);
763
0
  }
764
0
  else if (strcmp(args[0], "log") == 0) {
765
0
    if (init_peers_frontend(file, linenum, NULL, curpeers) != 0) {
766
0
      err_code |= ERR_ALERT | ERR_ABORT;
767
0
      goto out;
768
0
    }
769
0
    if (!parse_logger(args, &curpeers->peers_fe->loggers, (kwm == KWM_NO), file, linenum, &errmsg)) {
770
0
      ha_alert("parsing [%s:%d] : %s : %s\n", file, linenum, args[0], errmsg);
771
0
      err_code |= ERR_ALERT | ERR_FATAL;
772
0
      goto out;
773
0
    }
774
0
  }
775
0
  else if (strcmp(args[0], "peers") == 0) { /* new peers section */
776
    /* Initialize these static variables when entering a new "peers" section*/
777
0
    bind_line = peer_line = 0;
778
0
    if (!*args[1]) {
779
0
      ha_alert("parsing [%s:%d] : missing name for peers section.\n", file, linenum);
780
0
      err_code |= ERR_ALERT | ERR_ABORT;
781
0
      goto out;
782
0
    }
783
784
0
    if (alertif_too_many_args(1, file, linenum, args, &err_code))
785
0
      goto out;
786
787
0
    err = invalid_char(args[1]);
788
0
    if (err) {
789
0
      ha_alert("parsing [%s:%d] : character '%c' is not permitted in '%s' name '%s'.\n",
790
0
         file, linenum, *err, args[0], args[1]);
791
0
      err_code |= ERR_ALERT | ERR_ABORT;
792
0
      goto out;
793
0
    }
794
795
0
    for (curpeers = cfg_peers; curpeers != NULL; curpeers = curpeers->next) {
796
      /*
797
       * If there are two proxies with the same name only following
798
       * combinations are allowed:
799
       */
800
0
      if (strcmp(curpeers->id, args[1]) == 0) {
801
0
        ha_alert("Parsing [%s:%d]: peers section '%s' has the same name as another peers section declared at %s:%d.\n",
802
0
           file, linenum, args[1], curpeers->conf.file, curpeers->conf.line);
803
0
        err_code |= ERR_ALERT | ERR_FATAL;
804
0
      }
805
0
    }
806
807
0
    if ((curpeers = calloc(1, sizeof(*curpeers))) == NULL) {
808
0
      ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum);
809
0
      err_code |= ERR_ALERT | ERR_ABORT;
810
0
      goto out;
811
0
    }
812
813
0
    curpeers->next = cfg_peers;
814
0
    cfg_peers = curpeers;
815
0
    curpeers->conf.file = strdup(file);
816
0
    curpeers->conf.line = linenum;
817
0
    curpeers->last_change = ns_to_sec(now_ns);
818
0
    curpeers->id = strdup(args[1]);
819
0
    curpeers->disabled = 0;
820
0
  }
821
0
  else if (strcmp(args[0], "peer") == 0 ||
822
0
           strcmp(args[0], "server") == 0) { /* peer or server definition */
823
0
    int local_peer, peer;
824
0
    int parse_addr = 0;
825
826
0
    peer = *args[0] == 'p';
827
0
    local_peer = strcmp(args[1], localpeer) == 0;
828
    /* The local peer may have already partially been parsed on a "bind" line. */
829
0
    if (*args[0] == 'p') {
830
0
      if (bind_line) {
831
0
        ha_alert("parsing [%s:%d] : mixing \"peer\" and \"bind\" line is forbidden\n", file, linenum);
832
0
        err_code |= ERR_ALERT | ERR_FATAL;
833
0
        goto out;
834
0
      }
835
0
      peer_line = 1;
836
0
    }
837
0
    if (cfg_peers->local && !cfg_peers->local->id && local_peer) {
838
      /* The local peer has already been initialized on a "bind" line.
839
       * Let's use it and store its ID.
840
       */
841
0
      newpeer = cfg_peers->local;
842
0
      newpeer->id = strdup(localpeer);
843
0
    }
844
0
    else {
845
0
      if (local_peer && cfg_peers->local) {
846
0
        ha_alert("parsing [%s:%d] : '%s %s' : local peer name already referenced at %s:%d. %s\n",
847
0
                 file, linenum, args[0], args[1],
848
0
         curpeers->peers_fe->conf.file, curpeers->peers_fe->conf.line, cfg_peers->local->id);
849
0
        err_code |= ERR_FATAL;
850
0
        goto out;
851
0
      }
852
0
      newpeer = cfg_peers_add_peer(curpeers, file, linenum, args[1], local_peer);
853
0
      if (!newpeer) {
854
0
        err_code |= ERR_ALERT | ERR_ABORT;
855
0
        goto out;
856
0
      }
857
0
    }
858
859
    /* Line number and peer ID are updated only if this peer is the local one. */
860
0
    if (init_peers_frontend(file,
861
0
                            newpeer->local ? linenum: -1,
862
0
                            newpeer->local ? newpeer->id : NULL,
863
0
                            curpeers) != 0) {
864
0
      err_code |= ERR_ALERT | ERR_ABORT;
865
0
      goto out;
866
0
    }
867
868
    /* This initializes curpeer->peers->peers_fe->srv.
869
     * The server address is parsed only if we are parsing a "peer" line,
870
     * or if we are parsing a "server" line and the current peer is not the local one.
871
     */
872
0
    parse_addr = (peer || !local_peer) ? SRV_PARSE_PARSE_ADDR : 0;
873
0
    err_code |= parse_server(file, linenum, args, curpeers->peers_fe, NULL,
874
0
                             SRV_PARSE_IN_PEER_SECTION|parse_addr|SRV_PARSE_INITIAL_RESOLVE);
875
0
    if (!curpeers->peers_fe->srv) {
876
      /* Remove the newly allocated peer. */
877
0
      if (newpeer != curpeers->local) {
878
0
        struct peer *p;
879
880
0
        p = curpeers->remote;
881
0
        curpeers->remote = curpeers->remote->next;
882
0
        free(p->id);
883
0
        free(p);
884
0
      }
885
0
      goto out;
886
0
    }
887
888
0
    if (nb_shards && curpeers->peers_fe->srv->shard > nb_shards) {
889
0
      ha_warning("parsing [%s:%d] : '%s %s' : %d peer shard greater value than %d shards value is ignored.\n",
890
0
                 file, linenum, args[0], args[1], curpeers->peers_fe->srv->shard, nb_shards);
891
0
      curpeers->peers_fe->srv->shard = 0;
892
0
      err_code |= ERR_WARN;
893
0
    }
894
895
0
    if (curpeers->peers_fe->srv->init_addr_methods || curpeers->peers_fe->srv->resolvers_id ||
896
0
        curpeers->peers_fe->srv->do_check || curpeers->peers_fe->srv->do_agent) {
897
0
      ha_warning("parsing [%s:%d] : '%s %s' : init_addr, resolvers, check and agent are ignored for peers.\n", file, linenum, args[0], args[1]);
898
0
      err_code |= ERR_WARN;
899
0
    }
900
901
0
    HA_SPIN_INIT(&newpeer->lock);
902
903
0
    newpeer->srv = curpeers->peers_fe->srv;
904
0
    if (!newpeer->local)
905
0
      goto out;
906
907
    /* The lines above are reserved to "peer" lines. */
908
0
    if (*args[0] == 's')
909
0
      goto out;
910
911
0
    bind_conf = bind_conf_uniq_alloc(curpeers->peers_fe, file, linenum, args[2], xprt_get(XPRT_RAW));
912
0
    if (!bind_conf) {
913
0
      ha_alert("parsing [%s:%d] : '%s %s' : Cannot allocate memory.\n", file, linenum, args[0], args[1]);
914
0
      err_code |= ERR_FATAL;
915
0
      goto out;
916
0
    }
917
918
0
    bind_conf->maxaccept = 1;
919
0
    bind_conf->accept = session_accept_fd;
920
0
    bind_conf->options |= BC_O_UNLIMITED; /* don't make the peers subject to global limits */
921
922
0
    if (!LIST_ISEMPTY(&bind_conf->listeners)) {
923
0
      ha_alert("parsing [%s:%d] : One listener per \"peers\" section is authorized but another is already configured at [%s:%d].\n", file, linenum, bind_conf->file, bind_conf->line);
924
0
      err_code |= ERR_FATAL;
925
0
    }
926
927
0
    if (!str2listener(args[2], curpeers->peers_fe, bind_conf, file, linenum, &errmsg)) {
928
0
      if (errmsg && *errmsg) {
929
0
        indent_msg(&errmsg, 2);
930
0
        ha_alert("parsing [%s:%d] : '%s %s' : %s\n", file, linenum, args[0], args[1], errmsg);
931
0
      }
932
0
      else
933
0
        ha_alert("parsing [%s:%d] : '%s %s' : error encountered while parsing listening address %s.\n",
934
0
                 file, linenum, args[0], args[1], args[2]);
935
0
      err_code |= ERR_FATAL;
936
0
      goto out;
937
0
    }
938
939
0
    global.maxsock++; /* for the listening socket */
940
0
  }
941
0
  else if (strcmp(args[0], "shards") == 0) {
942
0
    char *endptr;
943
944
0
    if (!*args[1]) {
945
0
      ha_alert("parsing [%s:%d] : '%s' : missing value\n", file, linenum, args[0]);
946
0
      err_code |= ERR_FATAL;
947
0
      goto out;
948
0
    }
949
950
0
    curpeers->nb_shards = strtol(args[1], &endptr, 10);
951
0
    if (*endptr != '\0') {
952
0
      ha_alert("parsing [%s:%d] : '%s' : expects an integer argument, found '%s'\n",
953
0
               file, linenum, args[0], args[1]);
954
0
      err_code |= ERR_FATAL;
955
0
      goto out;
956
0
    }
957
958
0
    if (!curpeers->nb_shards) {
959
0
      ha_alert("parsing [%s:%d] : '%s' : expects a strictly positive integer argument\n",
960
0
               file, linenum, args[0]);
961
0
      err_code |= ERR_FATAL;
962
0
      goto out;
963
0
    }
964
965
0
    nb_shards = curpeers->nb_shards;
966
0
  }
967
0
  else if (strcmp(args[0], "table") == 0) {
968
0
    struct stktable *t, *other;
969
0
    char *id;
970
0
    size_t prefix_len;
971
972
    /* Line number and peer ID are updated only if this peer is the local one. */
973
0
    if (init_peers_frontend(file, -1, NULL, curpeers) != 0) {
974
0
      err_code |= ERR_ALERT | ERR_ABORT;
975
0
      goto out;
976
0
    }
977
978
    /* Build the stick-table name, concatenating the "peers" section name
979
     * followed by a '/' character and the table name argument.
980
     */
981
0
    chunk_reset(&trash);
982
0
    if (!chunk_strcpy(&trash, curpeers->id)) {
983
0
      ha_alert("parsing [%s:%d]: '%s %s' : stick-table name too long.\n",
984
0
               file, linenum, args[0], args[1]);
985
0
      err_code |= ERR_ALERT | ERR_FATAL;
986
0
      goto out;
987
0
    }
988
989
0
    prefix_len = trash.data;
990
0
    if (!chunk_memcat(&trash, "/", 1) || !chunk_strcat(&trash, args[1])) {
991
0
      ha_alert("parsing [%s:%d]: '%s %s' : stick-table name too long.\n",
992
0
               file, linenum, args[0], args[1]);
993
0
      err_code |= ERR_ALERT | ERR_FATAL;
994
0
      goto out;
995
0
    }
996
997
0
    t = calloc(1, sizeof *t);
998
0
    id = strdup(trash.area);
999
0
    if (!t || !id) {
1000
0
      ha_alert("parsing [%s:%d]: '%s %s' : memory allocation failed\n",
1001
0
               file, linenum, args[0], args[1]);
1002
0
      free(t);
1003
0
      free(id);
1004
0
      err_code |= ERR_ALERT | ERR_FATAL;
1005
0
      goto out;
1006
0
    }
1007
1008
0
    other = stktable_find_by_name(trash.area);
1009
0
    if (other) {
1010
0
      ha_alert("parsing [%s:%d] : stick-table name '%s' conflicts with table declared in %s '%s' at %s:%d.\n",
1011
0
               file, linenum, args[1],
1012
0
               other->proxy ? proxy_cap_str(other->proxy->cap) : "peers",
1013
0
               other->proxy ? other->id : other->peers.p->id,
1014
0
               other->conf.file, other->conf.line);
1015
0
      err_code |= ERR_ALERT | ERR_FATAL;
1016
0
      goto out;
1017
0
    }
1018
1019
1020
0
    err_code |= parse_stick_table(file, linenum, args, t, id, id + prefix_len, curpeers);
1021
0
    if (err_code & ERR_FATAL) {
1022
0
      free(t);
1023
0
      free(id);
1024
0
      goto out;
1025
0
    }
1026
1027
0
    stktable_store_name(t);
1028
0
    t->next = stktables_list;
1029
0
    stktables_list = t;
1030
0
  }
1031
0
  else if (strcmp(args[0], "disabled") == 0) {  /* disables this peers section */
1032
0
    curpeers->disabled |= PR_FL_DISABLED;
1033
0
  }
1034
0
  else if (strcmp(args[0], "enabled") == 0) {  /* enables this peers section (used to revert a disabled default) */
1035
0
    curpeers->disabled = 0;
1036
0
  }
1037
0
  else if (*args[0] != 0) {
1038
0
    struct peers_kw_list *pkwl;
1039
0
    int index;
1040
0
    int rc = -1;
1041
1042
0
    list_for_each_entry(pkwl, &peers_keywords.list, list) {
1043
0
      for (index = 0; pkwl->kw[index].kw != NULL; index++) {
1044
0
        if (strcmp(pkwl->kw[index].kw, args[0]) == 0) {
1045
0
          rc = pkwl->kw[index].parse(args, curpeers, file, linenum, &errmsg);
1046
0
          if (rc < 0) {
1047
0
            ha_alert("parsing [%s:%d] : %s\n", file, linenum, errmsg);
1048
0
            err_code |= ERR_ALERT | ERR_FATAL;
1049
0
            goto out;
1050
0
          }
1051
0
          else if (rc > 0) {
1052
0
            ha_warning("parsing [%s:%d] : %s\n", file, linenum, errmsg);
1053
0
            err_code |= ERR_WARN;
1054
0
            goto out;
1055
0
          }
1056
0
          goto out;
1057
0
        }
1058
0
      }
1059
0
    }
1060
1061
0
    ha_alert("parsing [%s:%d] : unknown keyword '%s' in '%s' section\n", file, linenum, args[0], cursection);
1062
0
    err_code |= ERR_ALERT | ERR_FATAL;
1063
0
    goto out;
1064
0
  }
1065
1066
0
out:
1067
0
  free(errmsg);
1068
0
  return err_code;
1069
0
}
1070
1071
/*
1072
 * Parse a line in a <listen>, <frontend> or <backend> section.
1073
 * Returns the error code, 0 if OK, or any combination of :
1074
 *  - ERR_ABORT: must abort ASAP
1075
 *  - ERR_FATAL: we can continue parsing but not start the service
1076
 *  - ERR_WARN: a warning has been emitted
1077
 *  - ERR_ALERT: an alert has been emitted
1078
 * Only the two first ones can stop processing, the two others are just
1079
 * indicators.
1080
 */
1081
int cfg_parse_mailers(const char *file, int linenum, char **args, int kwm)
1082
0
{
1083
0
  static struct mailers *curmailers = NULL;
1084
0
  struct mailer *newmailer = NULL;
1085
0
  const char *err;
1086
0
  int err_code = 0;
1087
0
  char *errmsg = NULL;
1088
1089
0
  if (strcmp(args[0], "mailers") == 0) { /* new mailers section */
1090
0
    if (!*args[1]) {
1091
0
      ha_alert("parsing [%s:%d] : missing name for mailers section.\n", file, linenum);
1092
0
      err_code |= ERR_ALERT | ERR_ABORT;
1093
0
      goto out;
1094
0
    }
1095
1096
0
    err = invalid_char(args[1]);
1097
0
    if (err) {
1098
0
      ha_alert("parsing [%s:%d] : character '%c' is not permitted in '%s' name '%s'.\n",
1099
0
         file, linenum, *err, args[0], args[1]);
1100
0
      err_code |= ERR_ALERT | ERR_ABORT;
1101
0
      goto out;
1102
0
    }
1103
1104
0
    for (curmailers = mailers; curmailers != NULL; curmailers = curmailers->next) {
1105
      /*
1106
       * If there are two proxies with the same name only following
1107
       * combinations are allowed:
1108
       */
1109
0
      if (strcmp(curmailers->id, args[1]) == 0) {
1110
0
        ha_alert("Parsing [%s:%d]: mailers section '%s' has the same name as another mailers section declared at %s:%d.\n",
1111
0
           file, linenum, args[1], curmailers->conf.file, curmailers->conf.line);
1112
0
        err_code |= ERR_ALERT | ERR_FATAL;
1113
0
      }
1114
0
    }
1115
1116
0
    if ((curmailers = calloc(1, sizeof(*curmailers))) == NULL) {
1117
0
      ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum);
1118
0
      err_code |= ERR_ALERT | ERR_ABORT;
1119
0
      goto out;
1120
0
    }
1121
1122
0
    curmailers->next = mailers;
1123
0
    mailers = curmailers;
1124
0
    curmailers->conf.file = strdup(file);
1125
0
    curmailers->conf.line = linenum;
1126
0
    curmailers->id = strdup(args[1]);
1127
0
    curmailers->timeout.mail = DEF_MAILALERTTIME;/* XXX: Would like to Skip to the next alert, if any, ASAP.
1128
      * But need enough time so that timeouts don't occur
1129
      * during tcp procssing. For now just us an arbitrary default. */
1130
0
  }
1131
0
  else if (strcmp(args[0], "mailer") == 0) { /* mailer definition */
1132
0
    struct sockaddr_storage *sk;
1133
0
    int port1, port2;
1134
0
    struct protocol *proto;
1135
1136
0
    if (!*args[2]) {
1137
0
      ha_alert("parsing [%s:%d] : '%s' expects <name> and <addr>[:<port>] as arguments.\n",
1138
0
         file, linenum, args[0]);
1139
0
      err_code |= ERR_ALERT | ERR_FATAL;
1140
0
      goto out;
1141
0
    }
1142
1143
0
    err = invalid_char(args[1]);
1144
0
    if (err) {
1145
0
      ha_alert("parsing [%s:%d] : character '%c' is not permitted in server name '%s'.\n",
1146
0
         file, linenum, *err, args[1]);
1147
0
      err_code |= ERR_ALERT | ERR_FATAL;
1148
0
      goto out;
1149
0
    }
1150
1151
0
    if ((newmailer = calloc(1, sizeof(*newmailer))) == NULL) {
1152
0
      ha_alert("parsing [%s:%d] : out of memory.\n", file, linenum);
1153
0
      err_code |= ERR_ALERT | ERR_ABORT;
1154
0
      goto out;
1155
0
    }
1156
1157
    /* the mailers are linked backwards first */
1158
0
    curmailers->count++;
1159
0
    newmailer->next = curmailers->mailer_list;
1160
0
    curmailers->mailer_list = newmailer;
1161
0
    newmailer->mailers = curmailers;
1162
0
    newmailer->conf.file = strdup(file);
1163
0
    newmailer->conf.line = linenum;
1164
1165
0
    newmailer->id = strdup(args[1]);
1166
1167
0
    sk = str2sa_range(args[2], NULL, &port1, &port2, NULL, &proto, NULL,
1168
0
                      &errmsg, NULL, NULL,
1169
0
                      PA_O_RESOLVE | PA_O_PORT_OK | PA_O_PORT_MAND | PA_O_STREAM | PA_O_XPRT | PA_O_CONNECT);
1170
0
    if (!sk) {
1171
0
      ha_alert("parsing [%s:%d] : '%s %s' : %s\n", file, linenum, args[0], args[1], errmsg);
1172
0
      err_code |= ERR_ALERT | ERR_FATAL;
1173
0
      goto out;
1174
0
    }
1175
1176
0
    if (proto->sock_prot != IPPROTO_TCP) {
1177
0
      ha_alert("parsing [%s:%d] : '%s %s' : TCP not supported for this address family.\n",
1178
0
         file, linenum, args[0], args[1]);
1179
0
      err_code |= ERR_ALERT | ERR_FATAL;
1180
0
      goto out;
1181
0
    }
1182
1183
0
    newmailer->addr = *sk;
1184
0
    newmailer->proto = proto;
1185
0
    newmailer->xprt  = xprt_get(XPRT_RAW);
1186
0
    newmailer->sock_init_arg = NULL;
1187
0
  }
1188
0
  else if (strcmp(args[0], "timeout") == 0) {
1189
0
    if (!*args[1]) {
1190
0
      ha_alert("parsing [%s:%d] : '%s' expects 'mail' and <time> as arguments.\n",
1191
0
         file, linenum, args[0]);
1192
0
      err_code |= ERR_ALERT | ERR_FATAL;
1193
0
      goto out;
1194
0
    }
1195
0
    else if (strcmp(args[1], "mail") == 0) {
1196
0
      const char *res;
1197
0
      unsigned int timeout_mail;
1198
0
      if (!*args[2]) {
1199
0
        ha_alert("parsing [%s:%d] : '%s %s' expects <time> as argument.\n",
1200
0
           file, linenum, args[0], args[1]);
1201
0
        err_code |= ERR_ALERT | ERR_FATAL;
1202
0
        goto out;
1203
0
      }
1204
0
      res = parse_time_err(args[2], &timeout_mail, TIME_UNIT_MS);
1205
0
      if (res == PARSE_TIME_OVER) {
1206
0
        ha_alert("parsing [%s:%d]: timer overflow in argument <%s> to <%s %s>, maximum value is 2147483647 ms (~24.8 days).\n",
1207
0
           file, linenum, args[2], args[0], args[1]);
1208
0
        err_code |= ERR_ALERT | ERR_FATAL;
1209
0
        goto out;
1210
0
      }
1211
0
      else if (res == PARSE_TIME_UNDER) {
1212
0
        ha_alert("parsing [%s:%d]: timer underflow in argument <%s> to <%s %s>, minimum non-null value is 1 ms.\n",
1213
0
           file, linenum, args[2], args[0], args[1]);
1214
0
        err_code |= ERR_ALERT | ERR_FATAL;
1215
0
        goto out;
1216
0
      }
1217
0
      else if (res) {
1218
0
        ha_alert("parsing [%s:%d]: unexpected character '%c' in argument to <%s %s>.\n",
1219
0
           file, linenum, *res, args[0], args[1]);
1220
0
        err_code |= ERR_ALERT | ERR_FATAL;
1221
0
        goto out;
1222
0
      }
1223
0
      curmailers->timeout.mail = timeout_mail;
1224
0
    } else {
1225
0
      ha_alert("parsing [%s:%d] : '%s' expects 'mail' and <time> as arguments got '%s'.\n",
1226
0
        file, linenum, args[0], args[1]);
1227
0
      err_code |= ERR_ALERT | ERR_FATAL;
1228
0
      goto out;
1229
0
    }
1230
0
  }
1231
0
  else if (*args[0] != 0) {
1232
0
    ha_alert("parsing [%s:%d] : unknown keyword '%s' in '%s' section\n", file, linenum, args[0], cursection);
1233
0
    err_code |= ERR_ALERT | ERR_FATAL;
1234
0
    goto out;
1235
0
  }
1236
1237
0
out:
1238
0
  free(errmsg);
1239
0
  return err_code;
1240
0
}
1241
1242
void free_email_alert(struct proxy *p)
1243
0
{
1244
0
  ha_free(&p->email_alert.mailers.name);
1245
0
  ha_free(&p->email_alert.from);
1246
0
  ha_free(&p->email_alert.to);
1247
0
  ha_free(&p->email_alert.myhostname);
1248
0
}
1249
1250
1251
int
1252
cfg_parse_netns(const char *file, int linenum, char **args, int kwm)
1253
0
{
1254
#ifdef USE_NS
1255
  const char *err;
1256
  const char *item = args[0];
1257
1258
  if (strcmp(item, "namespace_list") == 0) {
1259
    return 0;
1260
  }
1261
  else if (strcmp(item, "namespace") == 0) {
1262
    size_t idx = 1;
1263
    const char *current;
1264
    while (*(current = args[idx++])) {
1265
      err = invalid_char(current);
1266
      if (err) {
1267
        ha_alert("parsing [%s:%d]: character '%c' is not permitted in '%s' name '%s'.\n",
1268
           file, linenum, *err, item, current);
1269
        return ERR_ALERT | ERR_FATAL;
1270
      }
1271
1272
      if (netns_store_lookup(current, strlen(current))) {
1273
        ha_alert("parsing [%s:%d]: Namespace '%s' is already added.\n",
1274
           file, linenum, current);
1275
        return ERR_ALERT | ERR_FATAL;
1276
      }
1277
      if (!netns_store_insert(current)) {
1278
        ha_alert("parsing [%s:%d]: Cannot open namespace '%s'.\n",
1279
           file, linenum, current);
1280
        return ERR_ALERT | ERR_FATAL;
1281
      }
1282
    }
1283
  }
1284
1285
  return 0;
1286
#else
1287
0
  ha_alert("parsing [%s:%d]: namespace support is not compiled in.",
1288
0
     file, linenum);
1289
0
  return ERR_ALERT | ERR_FATAL;
1290
0
#endif
1291
0
}
1292
1293
int
1294
cfg_parse_users(const char *file, int linenum, char **args, int kwm)
1295
0
{
1296
1297
0
  int err_code = 0;
1298
0
  const char *err;
1299
1300
0
  if (strcmp(args[0], "userlist") == 0) {   /* new userlist */
1301
0
    struct userlist *newul;
1302
1303
0
    if (!*args[1]) {
1304
0
      ha_alert("parsing [%s:%d]: '%s' expects <name> as arguments.\n",
1305
0
         file, linenum, args[0]);
1306
0
      err_code |= ERR_ALERT | ERR_FATAL;
1307
0
      goto out;
1308
0
    }
1309
0
    if (alertif_too_many_args(1, file, linenum, args, &err_code))
1310
0
      goto out;
1311
1312
0
    err = invalid_char(args[1]);
1313
0
    if (err) {
1314
0
      ha_alert("parsing [%s:%d]: character '%c' is not permitted in '%s' name '%s'.\n",
1315
0
         file, linenum, *err, args[0], args[1]);
1316
0
      err_code |= ERR_ALERT | ERR_FATAL;
1317
0
      goto out;
1318
0
    }
1319
1320
0
    for (newul = userlist; newul; newul = newul->next)
1321
0
      if (strcmp(newul->name, args[1]) == 0) {
1322
0
        ha_warning("parsing [%s:%d]: ignoring duplicated userlist '%s'.\n",
1323
0
             file, linenum, args[1]);
1324
0
        err_code |= ERR_WARN;
1325
0
        goto out;
1326
0
      }
1327
1328
0
    newul = calloc(1, sizeof(*newul));
1329
0
    if (!newul) {
1330
0
      ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum);
1331
0
      err_code |= ERR_ALERT | ERR_ABORT;
1332
0
      goto out;
1333
0
    }
1334
1335
0
    newul->name = strdup(args[1]);
1336
0
    if (!newul->name) {
1337
0
      ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum);
1338
0
      err_code |= ERR_ALERT | ERR_ABORT;
1339
0
      free(newul);
1340
0
      goto out;
1341
0
    }
1342
1343
0
    newul->next = userlist;
1344
0
    userlist = newul;
1345
1346
0
  } else if (strcmp(args[0], "group") == 0) {   /* new group */
1347
0
    int cur_arg;
1348
0
    const char *err;
1349
0
    struct auth_groups *ag;
1350
1351
0
    if (!*args[1]) {
1352
0
      ha_alert("parsing [%s:%d]: '%s' expects <name> as arguments.\n",
1353
0
         file, linenum, args[0]);
1354
0
      err_code |= ERR_ALERT | ERR_FATAL;
1355
0
      goto out;
1356
0
    }
1357
1358
0
    err = invalid_char(args[1]);
1359
0
    if (err) {
1360
0
      ha_alert("parsing [%s:%d]: character '%c' is not permitted in '%s' name '%s'.\n",
1361
0
         file, linenum, *err, args[0], args[1]);
1362
0
      err_code |= ERR_ALERT | ERR_FATAL;
1363
0
      goto out;
1364
0
    }
1365
1366
0
    if (!userlist)
1367
0
      goto out;
1368
1369
0
    for (ag = userlist->groups; ag; ag = ag->next)
1370
0
      if (strcmp(ag->name, args[1]) == 0) {
1371
0
        ha_warning("parsing [%s:%d]: ignoring duplicated group '%s' in userlist '%s'.\n",
1372
0
             file, linenum, args[1], userlist->name);
1373
0
        err_code |= ERR_ALERT;
1374
0
        goto out;
1375
0
      }
1376
1377
0
    ag = calloc(1, sizeof(*ag));
1378
0
    if (!ag) {
1379
0
      ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum);
1380
0
      err_code |= ERR_ALERT | ERR_ABORT;
1381
0
      goto out;
1382
0
    }
1383
1384
0
    ag->name = strdup(args[1]);
1385
0
    if (!ag->name) {
1386
0
      ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum);
1387
0
      err_code |= ERR_ALERT | ERR_ABORT;
1388
0
      free(ag);
1389
0
      goto out;
1390
0
    }
1391
1392
0
    cur_arg = 2;
1393
1394
0
    while (*args[cur_arg]) {
1395
0
      if (strcmp(args[cur_arg], "users") == 0) {
1396
0
        ag->groupusers = strdup(args[cur_arg + 1]);
1397
0
        cur_arg += 2;
1398
0
        continue;
1399
0
      } else {
1400
0
        ha_alert("parsing [%s:%d]: '%s' only supports 'users' option.\n",
1401
0
           file, linenum, args[0]);
1402
0
        err_code |= ERR_ALERT | ERR_FATAL;
1403
0
        free(ag->groupusers);
1404
0
        free(ag->name);
1405
0
        free(ag);
1406
0
        goto out;
1407
0
      }
1408
0
    }
1409
1410
0
    ag->next = userlist->groups;
1411
0
    userlist->groups = ag;
1412
1413
0
  } else if (strcmp(args[0], "user") == 0) {   /* new user */
1414
0
    struct auth_users *newuser;
1415
0
    int cur_arg;
1416
1417
0
    if (!*args[1]) {
1418
0
      ha_alert("parsing [%s:%d]: '%s' expects <name> as arguments.\n",
1419
0
         file, linenum, args[0]);
1420
0
      err_code |= ERR_ALERT | ERR_FATAL;
1421
0
      goto out;
1422
0
    }
1423
0
    if (!userlist)
1424
0
      goto out;
1425
1426
0
    for (newuser = userlist->users; newuser; newuser = newuser->next)
1427
0
      if (strcmp(newuser->user, args[1]) == 0) {
1428
0
        ha_warning("parsing [%s:%d]: ignoring duplicated user '%s' in userlist '%s'.\n",
1429
0
             file, linenum, args[1], userlist->name);
1430
0
        err_code |= ERR_ALERT;
1431
0
        goto out;
1432
0
      }
1433
1434
0
    newuser = calloc(1, sizeof(*newuser));
1435
0
    if (!newuser) {
1436
0
      ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum);
1437
0
      err_code |= ERR_ALERT | ERR_ABORT;
1438
0
      goto out;
1439
0
    }
1440
1441
0
    newuser->user = strdup(args[1]);
1442
1443
0
    newuser->next = userlist->users;
1444
0
    userlist->users = newuser;
1445
1446
0
    cur_arg = 2;
1447
1448
0
    while (*args[cur_arg]) {
1449
0
      if (strcmp(args[cur_arg], "password") == 0) {
1450
#ifdef USE_LIBCRYPT
1451
        if (!crypt("", args[cur_arg + 1])) {
1452
          ha_alert("parsing [%s:%d]: the encrypted password used for user '%s' is not supported by crypt(3).\n",
1453
             file, linenum, newuser->user);
1454
          err_code |= ERR_ALERT | ERR_FATAL;
1455
          goto out;
1456
        }
1457
#else
1458
0
        ha_warning("parsing [%s:%d]: no crypt(3) support compiled, encrypted passwords will not work.\n",
1459
0
             file, linenum);
1460
0
        err_code |= ERR_ALERT;
1461
0
#endif
1462
0
        newuser->pass = strdup(args[cur_arg + 1]);
1463
0
        cur_arg += 2;
1464
0
        continue;
1465
0
      } else if (strcmp(args[cur_arg], "insecure-password") == 0) {
1466
0
        newuser->pass = strdup(args[cur_arg + 1]);
1467
0
        newuser->flags |= AU_O_INSECURE;
1468
0
        cur_arg += 2;
1469
0
        continue;
1470
0
      } else if (strcmp(args[cur_arg], "groups") == 0) {
1471
0
        newuser->u.groups_names = strdup(args[cur_arg + 1]);
1472
0
        cur_arg += 2;
1473
0
        continue;
1474
0
      } else {
1475
0
        ha_alert("parsing [%s:%d]: '%s' only supports 'password', 'insecure-password' and 'groups' options.\n",
1476
0
           file, linenum, args[0]);
1477
0
        err_code |= ERR_ALERT | ERR_FATAL;
1478
0
        goto out;
1479
0
      }
1480
0
    }
1481
0
  } else {
1482
0
    ha_alert("parsing [%s:%d]: unknown keyword '%s' in '%s' section\n", file, linenum, args[0], "users");
1483
0
    err_code |= ERR_ALERT | ERR_FATAL;
1484
0
  }
1485
1486
0
out:
1487
0
  return err_code;
1488
0
}
1489
1490
int
1491
cfg_parse_scope(const char *file, int linenum, char *line)
1492
16.3k
{
1493
16.3k
  char *beg, *end, *scope = NULL;
1494
16.3k
  int err_code = 0;
1495
16.3k
  const char *err;
1496
1497
16.3k
  beg = line + 1;
1498
16.3k
  end = strchr(beg, ']');
1499
1500
  /* Detect end of scope declaration */
1501
16.3k
  if (!end || end == beg) {
1502
1.20k
    ha_alert("parsing [%s:%d] : empty scope name is forbidden.\n",
1503
1.20k
       file, linenum);
1504
1.20k
    err_code |= ERR_ALERT | ERR_FATAL;
1505
1.20k
    goto out;
1506
1.20k
  }
1507
1508
  /* Get scope name and check its validity */
1509
15.1k
  scope = my_strndup(beg, end-beg);
1510
15.1k
  err = invalid_char(scope);
1511
15.1k
  if (err) {
1512
2.09k
    ha_alert("parsing [%s:%d] : character '%c' is not permitted in a scope name.\n",
1513
2.09k
       file, linenum, *err);
1514
2.09k
    err_code |= ERR_ALERT | ERR_ABORT;
1515
2.09k
    goto out;
1516
2.09k
  }
1517
1518
  /* Be sure to have a scope declaration alone on its line */
1519
13.0k
  line = end+1;
1520
13.0k
  while (isspace((unsigned char)*line))
1521
132
    line++;
1522
13.0k
  if (*line && *line != '#' && *line != '\n' && *line != '\r') {
1523
662
    ha_alert("parsing [%s:%d] : character '%c' is not permitted after scope declaration.\n",
1524
662
       file, linenum, *line);
1525
662
    err_code |= ERR_ALERT | ERR_ABORT;
1526
662
    goto out;
1527
662
  }
1528
1529
  /* We have a valid scope declaration, save it */
1530
12.4k
  free(cfg_scope);
1531
12.4k
  cfg_scope = scope;
1532
12.4k
  scope = NULL;
1533
1534
16.3k
  out:
1535
16.3k
  free(scope);
1536
16.3k
  return err_code;
1537
12.4k
}
1538
1539
int
1540
cfg_parse_track_sc_num(unsigned int *track_sc_num,
1541
                       const char *arg, const char *end, char **errmsg)
1542
0
{
1543
0
  const char *p;
1544
0
  unsigned int num;
1545
1546
0
  p = arg;
1547
0
  num = read_uint64(&arg, end);
1548
1549
0
  if (arg != end) {
1550
0
    memprintf(errmsg, "Wrong track-sc number '%s'", p);
1551
0
    return -1;
1552
0
  }
1553
1554
0
  if (num >= global.tune.nb_stk_ctr) {
1555
0
    if (!global.tune.nb_stk_ctr)
1556
0
      memprintf(errmsg, "%u track-sc number not usable, stick-counters "
1557
0
                "are disabled by tune.stick-counters", num);
1558
0
    else
1559
0
      memprintf(errmsg, "%u track-sc number exceeding "
1560
0
                "%d (tune.stick-counters-1) value", num, global.tune.nb_stk_ctr - 1);
1561
0
    return -1;
1562
0
  }
1563
1564
0
  *track_sc_num = num;
1565
0
  return 0;
1566
0
}
1567
1568
/*
1569
 * Detect a global section after a non-global one and output a diagnostic
1570
 * warning.
1571
 */
1572
static void check_section_position(char *section_name, const char *file, int linenum)
1573
0
{
1574
0
  if (strcmp(section_name, "global") == 0) {
1575
0
    if ((global.mode & MODE_DIAG) && non_global_section_parsed == 1)
1576
0
            _ha_diag_warning("parsing [%s:%d] : global section detected after a non-global one, the prevalence of their statements is unspecified\n", file, linenum);
1577
0
  }
1578
0
  else if (non_global_section_parsed == 0) {
1579
0
    non_global_section_parsed = 1;
1580
0
  }
1581
0
}
1582
1583
/* apply the current default_path setting for config file <file>, and
1584
 * optionally replace the current path to <origin> if not NULL while the
1585
 * default-path mode is set to "origin". Errors are returned into an
1586
 * allocated string passed to <err> if it's not NULL. Returns 0 on failure
1587
 * or non-zero on success.
1588
 */
1589
static int cfg_apply_default_path(const char *file, const char *origin, char **err)
1590
1.35k
{
1591
1.35k
  const char *beg, *end;
1592
1593
  /* make path start at <beg> and end before <end>, and switch it to ""
1594
   * if no slash was passed.
1595
   */
1596
1.35k
  beg = file;
1597
1.35k
  end = strrchr(beg, '/');
1598
1.35k
  if (!end)
1599
0
    end = beg;
1600
1601
1.35k
  if (!*initial_cwd) {
1602
1
    if (getcwd(initial_cwd, sizeof(initial_cwd)) == NULL) {
1603
0
      if (err)
1604
0
        memprintf(err, "Impossible to retrieve startup directory name: %s", strerror(errno));
1605
0
      return 0;
1606
0
    }
1607
1
  }
1608
1.35k
  else if (chdir(initial_cwd) == -1) {
1609
0
    if (err)
1610
0
      memprintf(err, "Impossible to get back to initial directory '%s': %s", initial_cwd, strerror(errno));
1611
0
    return 0;
1612
0
  }
1613
1614
  /* OK now we're (back) to initial_cwd */
1615
1616
1.35k
  switch (default_path_mode) {
1617
1.35k
  case DEFAULT_PATH_CURRENT:
1618
    /* current_cwd never set, nothing to do */
1619
1.35k
    return 1;
1620
1621
0
  case DEFAULT_PATH_ORIGIN:
1622
    /* current_cwd set in the config */
1623
0
    if (origin &&
1624
0
        snprintf(current_cwd, sizeof(current_cwd), "%s", origin) > sizeof(current_cwd)) {
1625
0
      if (err)
1626
0
        memprintf(err, "Absolute path too long: '%s'", origin);
1627
0
      return 0;
1628
0
    }
1629
0
    break;
1630
1631
0
  case DEFAULT_PATH_CONFIG:
1632
0
    if (end - beg >= sizeof(current_cwd)) {
1633
0
      if (err)
1634
0
        memprintf(err, "Config file path too long, cannot use for relative paths: '%s'", file);
1635
0
      return 0;
1636
0
    }
1637
0
    memcpy(current_cwd, beg, end - beg);
1638
0
    current_cwd[end - beg] = 0;
1639
0
    break;
1640
1641
0
  case DEFAULT_PATH_PARENT:
1642
0
    if (end - beg + 3 >= sizeof(current_cwd)) {
1643
0
      if (err)
1644
0
        memprintf(err, "Config file path too long, cannot use for relative paths: '%s'", file);
1645
0
      return 0;
1646
0
    }
1647
0
    memcpy(current_cwd, beg, end - beg);
1648
0
    if (end > beg)
1649
0
      memcpy(current_cwd + (end - beg), "/..\0", 4);
1650
0
    else
1651
0
      memcpy(current_cwd + (end - beg), "..\0", 3);
1652
0
    break;
1653
1.35k
  }
1654
1655
0
  if (*current_cwd && chdir(current_cwd) == -1) {
1656
0
    if (err)
1657
0
      memprintf(err, "Impossible to get back to directory '%s': %s", initial_cwd, strerror(errno));
1658
0
    return 0;
1659
0
  }
1660
1661
0
  return 1;
1662
0
}
1663
1664
/* parses a global "default-path" directive. */
1665
static int cfg_parse_global_def_path(char **args, int section_type, struct proxy *curpx,
1666
                                     const struct proxy *defpx, const char *file, int line,
1667
                                     char **err)
1668
0
{
1669
0
  int ret = -1;
1670
1671
  /* "current", "config", "parent", "origin <path>" */
1672
1673
0
  if (strcmp(args[1], "current") == 0)
1674
0
    default_path_mode = DEFAULT_PATH_CURRENT;
1675
0
  else if (strcmp(args[1], "config") == 0)
1676
0
    default_path_mode = DEFAULT_PATH_CONFIG;
1677
0
  else if (strcmp(args[1], "parent") == 0)
1678
0
    default_path_mode = DEFAULT_PATH_PARENT;
1679
0
  else if (strcmp(args[1], "origin") == 0)
1680
0
    default_path_mode = DEFAULT_PATH_ORIGIN;
1681
0
  else {
1682
0
    memprintf(err, "%s default-path mode '%s' for '%s', supported modes include 'current', 'config', 'parent', and 'origin'.", *args[1] ? "unsupported" : "missing", args[1], args[0]);
1683
0
    goto end;
1684
0
  }
1685
1686
0
  if (default_path_mode == DEFAULT_PATH_ORIGIN) {
1687
0
    if (!*args[2]) {
1688
0
      memprintf(err, "'%s %s' expects a directory as an argument.", args[0], args[1]);
1689
0
      goto end;
1690
0
    }
1691
0
    if (!cfg_apply_default_path(file, args[2], err)) {
1692
0
      memprintf(err, "couldn't set '%s' to origin '%s': %s.", args[0], args[2], *err);
1693
0
      goto end;
1694
0
    }
1695
0
  }
1696
0
  else if (!cfg_apply_default_path(file, NULL, err)) {
1697
0
    memprintf(err, "couldn't set '%s' to '%s': %s.", args[0], args[1], *err);
1698
0
    goto end;
1699
0
  }
1700
1701
  /* note that once applied, the path is immediately updated */
1702
1703
0
  ret = 0;
1704
0
 end:
1705
0
  return ret;
1706
0
}
1707
1708
/*
1709
 * This function reads and parses the configuration file given in the argument.
1710
 * Returns the error code, 0 if OK, -1 if the config file couldn't be opened,
1711
 * or any combination of :
1712
 *  - ERR_ABORT: must abort ASAP
1713
 *  - ERR_FATAL: we can continue parsing but not start the service
1714
 *  - ERR_WARN: a warning has been emitted
1715
 *  - ERR_ALERT: an alert has been emitted
1716
 * Only the two first ones can stop processing, the two others are just
1717
 * indicators.
1718
 */
1719
int readcfgfile(const char *file)
1720
1.35k
{
1721
1.35k
  char *thisline = NULL;
1722
1.35k
  int linesize = LINESIZE;
1723
1.35k
  FILE *f = NULL;
1724
1.35k
  int linenum = 0;
1725
1.35k
  int err_code = 0;
1726
1.35k
  struct cfg_section *cs = NULL, *pcs = NULL;
1727
1.35k
  struct cfg_section *ics;
1728
1.35k
  int readbytes = 0;
1729
1.35k
  char *outline = NULL;
1730
1.35k
  size_t outlen = 0;
1731
1.35k
  size_t outlinesize = 0;
1732
1.35k
  int fatal = 0;
1733
1.35k
  int missing_lf = -1;
1734
1.35k
  int nested_cond_lvl = 0;
1735
1.35k
  enum nested_cond_state nested_conds[MAXNESTEDCONDS];
1736
1.35k
  char *errmsg = NULL;
1737
1738
1.35k
  global.cfg_curr_line = 0;
1739
1.35k
  global.cfg_curr_file = file;
1740
1741
1.35k
  if ((thisline = malloc(sizeof(*thisline) * linesize)) == NULL) {
1742
0
    ha_alert("Out of memory trying to allocate a buffer for a configuration line.\n");
1743
0
    err_code = -1;
1744
0
    goto err;
1745
0
  }
1746
1747
1.35k
  if ((f = fopen(file,"r")) == NULL) {
1748
0
    err_code = -1;
1749
0
    goto err;
1750
0
  }
1751
1752
  /* change to the new dir if required */
1753
1.35k
  if (!cfg_apply_default_path(file, NULL, &errmsg)) {
1754
0
    ha_alert("parsing [%s:%d]: failed to apply default-path: %s.\n", file, linenum, errmsg);
1755
0
    free(errmsg);
1756
0
    err_code = -1;
1757
0
    goto err;
1758
0
  }
1759
1760
47.5k
next_line:
1761
133k
  while (fgets(thisline + readbytes, linesize - readbytes, f) != NULL) {
1762
132k
    int arg, kwm = KWM_STD;
1763
132k
    char *end;
1764
132k
    char *args[MAX_LINE_ARGS + 1];
1765
132k
    char *line = thisline;
1766
1767
132k
    if (missing_lf != -1) {
1768
47
      ha_alert("parsing [%s:%d]: Stray NUL character at position %d.\n",
1769
47
               file, linenum, (missing_lf + 1));
1770
47
      err_code |= ERR_ALERT | ERR_FATAL;
1771
47
      missing_lf = -1;
1772
47
      break;
1773
47
    }
1774
1775
132k
    linenum++;
1776
132k
    global.cfg_curr_line = linenum;
1777
1778
132k
    if (fatal >= 50) {
1779
6
      ha_alert("parsing [%s:%d]: too many fatal errors (%d), stopping now.\n", file, linenum, fatal);
1780
6
      break;
1781
6
    }
1782
1783
132k
    end = line + strlen(line);
1784
1785
132k
    if (end-line == linesize-1 && *(end-1) != '\n') {
1786
      /* Check if we reached the limit and the last char is not \n.
1787
       * Watch out for the last line without the terminating '\n'!
1788
       */
1789
1.14k
      char *newline;
1790
1.14k
      int newlinesize = linesize * 2;
1791
1792
1.14k
      newline = realloc(thisline, sizeof(*thisline) * newlinesize);
1793
1.14k
      if (newline == NULL) {
1794
0
        ha_alert("parsing [%s:%d]: line too long, cannot allocate memory.\n",
1795
0
           file, linenum);
1796
0
        err_code |= ERR_ALERT | ERR_FATAL;
1797
0
        fatal++;
1798
0
        linenum--;
1799
0
        continue;
1800
0
      }
1801
1802
1.14k
      readbytes = linesize - 1;
1803
1.14k
      linesize = newlinesize;
1804
1.14k
      thisline = newline;
1805
1.14k
      linenum--;
1806
1.14k
      continue;
1807
1.14k
    }
1808
1809
131k
    readbytes = 0;
1810
1811
131k
    if (end > line && *(end-1) == '\n') {
1812
      /* kill trailing LF */
1813
129k
      *(end - 1) = 0;
1814
129k
    }
1815
1.20k
    else {
1816
      /* mark this line as truncated */
1817
1.20k
      missing_lf = end - line;
1818
1.20k
    }
1819
1820
    /* skip leading spaces */
1821
131k
    while (isspace((unsigned char)*line))
1822
2.51k
      line++;
1823
1824
131k
    if (*line == '[') {/* This is the beginning if a scope */
1825
16.3k
      err_code |= cfg_parse_scope(file, linenum, line);
1826
16.3k
      goto next_line;
1827
16.3k
    }
1828
1829
115k
    while (1) {
1830
115k
      uint32_t err;
1831
115k
      const char *errptr;
1832
1833
115k
      arg = sizeof(args) / sizeof(*args);
1834
115k
      outlen = outlinesize;
1835
115k
      err = parse_line(line, outline, &outlen, args, &arg,
1836
115k
           PARSE_OPT_ENV | PARSE_OPT_DQUOTE | PARSE_OPT_SQUOTE |
1837
115k
           PARSE_OPT_BKSLASH | PARSE_OPT_SHARP | PARSE_OPT_WORD_EXPAND,
1838
115k
           &errptr);
1839
1840
115k
      if (err & PARSE_ERR_QUOTE) {
1841
408
        size_t newpos = sanitize_for_printing(line, errptr - line, 80);
1842
1843
408
        ha_alert("parsing [%s:%d]: unmatched quote at position %d:\n"
1844
408
           "  %s\n  %*s\n", file, linenum, (int)(errptr-thisline+1), line, (int)(newpos+1), "^");
1845
408
        err_code |= ERR_ALERT | ERR_FATAL;
1846
408
        fatal++;
1847
408
        goto next_line;
1848
408
      }
1849
1850
115k
      if (err & PARSE_ERR_BRACE) {
1851
169
        size_t newpos = sanitize_for_printing(line, errptr - line, 80);
1852
1853
169
        ha_alert("parsing [%s:%d]: unmatched brace in environment variable name at position %d:\n"
1854
169
           "  %s\n  %*s\n", file, linenum, (int)(errptr-thisline+1), line, (int)(newpos+1), "^");
1855
169
        err_code |= ERR_ALERT | ERR_FATAL;
1856
169
        fatal++;
1857
169
        goto next_line;
1858
169
      }
1859
1860
115k
      if (err & PARSE_ERR_VARNAME) {
1861
384
        size_t newpos = sanitize_for_printing(line, errptr - line, 80);
1862
1863
384
        ha_alert("parsing [%s:%d]: forbidden first char in environment variable name at position %d:\n"
1864
384
           "  %s\n  %*s\n", file, linenum, (int)(errptr-thisline+1), line, (int)(newpos+1), "^");
1865
384
        err_code |= ERR_ALERT | ERR_FATAL;
1866
384
        fatal++;
1867
384
        goto next_line;
1868
384
      }
1869
1870
114k
      if (err & PARSE_ERR_HEX) {
1871
125
        size_t newpos = sanitize_for_printing(line, errptr - line, 80);
1872
1873
125
        ha_alert("parsing [%s:%d]: truncated or invalid hexadecimal sequence at position %d:\n"
1874
125
           "  %s\n  %*s\n", file, linenum, (int)(errptr-thisline+1), line, (int)(newpos+1), "^");
1875
125
        err_code |= ERR_ALERT | ERR_FATAL;
1876
125
        fatal++;
1877
125
        goto next_line;
1878
125
      }
1879
1880
114k
      if (err & PARSE_ERR_WRONG_EXPAND) {
1881
133
        size_t newpos = sanitize_for_printing(line, errptr - line, 80);
1882
1883
133
        ha_alert("parsing [%s:%d]: truncated or invalid word expansion sequence at position %d:\n"
1884
133
           "  %s\n  %*s\n", file, linenum, (int)(errptr-thisline+1), line, (int)(newpos+1), "^");
1885
133
        err_code |= ERR_ALERT | ERR_FATAL;
1886
133
        fatal++;
1887
133
        goto next_line;
1888
133
      }
1889
1890
114k
      if (err & (PARSE_ERR_TOOLARGE|PARSE_ERR_OVERLAP)) {
1891
1.17k
        outlinesize = (outlen + 1023) & -1024;
1892
1.17k
        outline = my_realloc2(outline, outlinesize);
1893
1.17k
        if (outline == NULL) {
1894
0
          ha_alert("parsing [%s:%d]: line too long, cannot allocate memory.\n",
1895
0
             file, linenum);
1896
0
          err_code |= ERR_ALERT | ERR_FATAL | ERR_ABORT;
1897
0
          fatal++;
1898
0
          outlinesize = 0;
1899
0
          goto err;
1900
0
        }
1901
        /* try again */
1902
1.17k
        continue;
1903
1.17k
      }
1904
1905
113k
      if (err & PARSE_ERR_TOOMANY) {
1906
        /* only check this *after* being sure the output is allocated */
1907
277
        ha_alert("parsing [%s:%d]: too many words, truncating after word %d, position %ld: <%s>.\n",
1908
277
           file, linenum, MAX_LINE_ARGS, (long)(args[MAX_LINE_ARGS-1] - outline + 1), args[MAX_LINE_ARGS-1]);
1909
277
        err_code |= ERR_ALERT | ERR_FATAL;
1910
277
        fatal++;
1911
277
        goto next_line;
1912
277
      }
1913
1914
      /* everything's OK */
1915
113k
      break;
1916
113k
    }
1917
1918
    /* dump cfg */
1919
113k
    if (global.mode & MODE_DUMP_CFG) {
1920
0
      if (args[0] != NULL) {
1921
0
        struct cfg_section *sect;
1922
0
        int is_sect = 0;
1923
0
        int i = 0;
1924
0
        uint32_t g_key = HA_ATOMIC_LOAD(&global.anon_key);
1925
1926
0
        if (global.mode & MODE_DUMP_NB_L)
1927
0
          qfprintf(stdout, "%d\t", linenum);
1928
1929
        /* if a word is in sections list, is_sect = 1 */
1930
0
        list_for_each_entry(sect, &sections, list) {
1931
0
          if (strcmp(args[0], sect->section_name) == 0) {
1932
0
            is_sect = 1;
1933
0
            break;
1934
0
          }
1935
0
        }
1936
1937
0
        if (g_key == 0) {
1938
          /* no anonymizing needed, dump the config as-is (but without comments).
1939
           * Note: tabs were lost during tokenizing, so we reinsert for non-section
1940
           * keywords.
1941
           */
1942
0
          if (!is_sect)
1943
0
            qfprintf(stdout, "\t");
1944
1945
0
          for (i = 0; i < arg; i++) {
1946
0
            qfprintf(stdout, "%s ", args[i]);
1947
0
          }
1948
0
          qfprintf(stdout, "\n");
1949
0
          continue;
1950
0
        }
1951
1952
        /* We're anonymizing */
1953
1954
0
        if (is_sect) {
1955
          /* new sections are optionally followed by an identifier */
1956
0
          if (arg >= 2) {
1957
0
            qfprintf(stdout, "%s %s\n", args[0], HA_ANON_ID(g_key, args[1]));
1958
0
          }
1959
0
          else {
1960
0
            qfprintf(stdout, "%s\n", args[0]);
1961
0
          }
1962
0
          continue;
1963
0
        }
1964
1965
        /* non-section keywords start indented */
1966
0
        qfprintf(stdout, "\t");
1967
1968
        /* some keywords deserve special treatment */
1969
0
        if (!*args[0]) {
1970
0
          qfprintf(stdout, "\n");
1971
0
        }
1972
1973
0
        else if (strcmp(args[0], "anonkey") == 0) {
1974
0
          qfprintf(stdout, "%s [...]\n", args[0]);
1975
0
        }
1976
1977
0
        else if (strcmp(args[0], "maxconn") == 0) {
1978
0
          qfprintf(stdout, "%s %s\n", args[0], args[1]);
1979
0
        }
1980
1981
0
        else if (strcmp(args[0], "stats") == 0 &&
1982
0
           (strcmp(args[1], "timeout") == 0 || strcmp(args[1], "maxconn") == 0)) {
1983
0
          qfprintf(stdout, "%s %s %s\n", args[0], args[1], args[2]);
1984
0
        }
1985
1986
0
        else if (strcmp(args[0], "stats") == 0 && strcmp(args[1], "socket") == 0) {
1987
0
          qfprintf(stdout, "%s %s ", args[0], args[1]);
1988
1989
0
          if (arg > 2) {
1990
0
            qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2], 1));
1991
1992
0
            if (arg > 3) {
1993
0
              qfprintf(stdout, "[...]\n");
1994
0
            }
1995
0
            else {
1996
0
              qfprintf(stdout, "\n");
1997
0
            }
1998
0
          }
1999
0
          else {
2000
0
            qfprintf(stdout, "\n");
2001
0
          }
2002
0
        }
2003
2004
0
        else if (strcmp(args[0], "timeout") == 0) {
2005
0
          qfprintf(stdout, "%s %s %s\n", args[0], args[1], args[2]);
2006
0
        }
2007
2008
0
        else if (strcmp(args[0], "mode") == 0) {
2009
0
          qfprintf(stdout, "%s %s\n", args[0], args[1]);
2010
0
        }
2011
2012
        /* It concerns user in global section and in userlist */
2013
0
        else if (strcmp(args[0], "user") == 0) {
2014
0
          qfprintf(stdout, "%s %s ", args[0], HA_ANON_ID(g_key, args[1]));
2015
2016
0
          if (arg > 2) {
2017
0
            qfprintf(stdout, "[...]\n");
2018
0
          }
2019
0
          else {
2020
0
            qfprintf(stdout, "\n");
2021
0
          }
2022
0
        }
2023
2024
0
        else if (strcmp(args[0], "bind") == 0) {
2025
0
          qfprintf(stdout, "%s ", args[0]);
2026
0
          qfprintf(stdout, "%s ", hash_ipanon(g_key, args[1], 1));
2027
0
          if (arg > 2) {
2028
0
            qfprintf(stdout, "[...]\n");
2029
0
          }
2030
0
          else {
2031
0
            qfprintf(stdout, "\n");
2032
0
          }
2033
0
        }
2034
2035
0
        else if (strcmp(args[0], "server") == 0) {
2036
0
          qfprintf(stdout, "%s %s ", args[0], HA_ANON_ID(g_key, args[1]));
2037
2038
0
          if (arg > 2) {
2039
0
            qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2], 1));
2040
0
          }
2041
0
          if (arg > 3) {
2042
0
            qfprintf(stdout, "[...]\n");
2043
0
          }
2044
0
          else {
2045
0
            qfprintf(stdout, "\n");
2046
0
          }
2047
0
        }
2048
2049
0
        else if (strcmp(args[0], "redirect") == 0) {
2050
0
          qfprintf(stdout, "%s %s ", args[0], args[1]);
2051
2052
0
          if (strcmp(args[1], "prefix") == 0 || strcmp(args[1], "location") == 0) {
2053
0
            qfprintf(stdout, "%s ", HA_ANON_PATH(g_key, args[2]));
2054
0
          }
2055
0
          else {
2056
0
            qfprintf(stdout, "%s ", args[2]);
2057
0
          }
2058
0
          if (arg > 3) {
2059
0
            qfprintf(stdout, "[...]");
2060
0
          }
2061
0
          qfprintf(stdout, "\n");
2062
0
        }
2063
2064
0
        else if (strcmp(args[0], "acl") == 0) {
2065
0
          qfprintf(stdout, "%s %s %s ", args[0], HA_ANON_ID(g_key, args[1]), args[2]);
2066
2067
0
          if (arg > 3) {
2068
0
            qfprintf(stdout, "[...]");
2069
0
          }
2070
0
          qfprintf(stdout, "\n");
2071
0
        }
2072
2073
0
        else if (strcmp(args[0], "log") == 0) {
2074
0
          qfprintf(stdout, "log ");
2075
2076
0
          if (strcmp(args[1], "global") == 0) {
2077
0
            qfprintf(stdout, "%s ", args[1]);
2078
0
          }
2079
0
          else {
2080
0
            qfprintf(stdout, "%s ", hash_ipanon(g_key, args[1], 1));
2081
0
          }
2082
0
          if (arg > 2) {
2083
0
            qfprintf(stdout, "[...]");
2084
0
          }
2085
0
          qfprintf(stdout, "\n");
2086
0
        }
2087
2088
0
        else if (strcmp(args[0], "peer") == 0) {
2089
0
          qfprintf(stdout, "%s %s ", args[0], HA_ANON_ID(g_key, args[1]));
2090
0
          qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2], 1));
2091
2092
0
          if (arg > 3) {
2093
0
            qfprintf(stdout, "[...]");
2094
0
          }
2095
0
          qfprintf(stdout, "\n");
2096
0
        }
2097
2098
0
        else if (strcmp(args[0], "use_backend") == 0) {
2099
0
          qfprintf(stdout, "%s %s ", args[0], HA_ANON_ID(g_key, args[1]));
2100
2101
0
          if (arg > 2) {
2102
0
            qfprintf(stdout, "[...]");
2103
0
          }
2104
0
          qfprintf(stdout, "\n");
2105
0
        }
2106
2107
0
        else if (strcmp(args[0], "default_backend") == 0) {
2108
0
          qfprintf(stdout, "%s %s\n", args[0], HA_ANON_ID(g_key, args[1]));
2109
0
        }
2110
2111
0
        else if (strcmp(args[0], "source") == 0) {
2112
0
          qfprintf(stdout, "%s %s ", args[0], hash_ipanon(g_key, args[1], 1));
2113
2114
0
          if (arg > 2) {
2115
0
            qfprintf(stdout, "[...]");
2116
0
          }
2117
0
          qfprintf(stdout, "\n");
2118
0
        }
2119
2120
0
        else if (strcmp(args[0], "nameserver") == 0) {
2121
0
          qfprintf(stdout, "%s %s %s ", args[0],
2122
0
            HA_ANON_ID(g_key, args[1]), hash_ipanon(g_key, args[2], 1));
2123
0
          if (arg > 3) {
2124
0
            qfprintf(stdout, "[...]");
2125
0
          }
2126
0
          qfprintf(stdout, "\n");
2127
0
        }
2128
2129
0
        else if (strcmp(args[0], "http-request") == 0) {
2130
0
          qfprintf(stdout, "%s %s ", args[0], args[1]);
2131
0
          if (arg > 2)
2132
0
            qfprintf(stdout, "[...]");
2133
0
          qfprintf(stdout, "\n");
2134
0
        }
2135
2136
0
        else if (strcmp(args[0], "http-response") == 0) {
2137
0
          qfprintf(stdout, "%s %s ", args[0], args[1]);
2138
0
          if (arg > 2)
2139
0
            qfprintf(stdout, "[...]");
2140
0
          qfprintf(stdout, "\n");
2141
0
        }
2142
2143
0
        else if (strcmp(args[0], "http-after-response") == 0) {
2144
0
          qfprintf(stdout, "%s %s ", args[0], args[1]);
2145
0
          if (arg > 2)
2146
0
            qfprintf(stdout, "[...]");
2147
0
          qfprintf(stdout, "\n");
2148
0
        }
2149
2150
0
        else if (strcmp(args[0], "filter") == 0) {
2151
0
          qfprintf(stdout, "%s %s ", args[0], args[1]);
2152
0
          if (arg > 2)
2153
0
            qfprintf(stdout, "[...]");
2154
0
          qfprintf(stdout, "\n");
2155
0
        }
2156
2157
0
        else if (strcmp(args[0], "errorfile") == 0) {
2158
0
          qfprintf(stdout, "%s %s %s\n", args[0], args[1], HA_ANON_PATH(g_key, args[2]));
2159
0
        }
2160
2161
0
        else if (strcmp(args[0], "cookie") == 0) {
2162
0
          qfprintf(stdout, "%s %s ", args[0], HA_ANON_ID(g_key, args[1]));
2163
0
          if (arg > 2)
2164
0
            qfprintf(stdout, "%s ", args[2]);
2165
0
          if (arg > 3)
2166
0
            qfprintf(stdout, "[...]");
2167
0
          qfprintf(stdout, "\n");
2168
0
        }
2169
2170
0
        else if (strcmp(args[0], "stats") == 0 && strcmp(args[1], "auth") == 0) {
2171
0
          qfprintf(stdout, "%s %s %s\n", args[0], args[1], HA_ANON_STR(g_key, args[2]));
2172
0
        }
2173
2174
0
        else {
2175
          /* display up to 3 words and mask the rest which might be confidential */
2176
0
          for (i = 0; i < MIN(arg, 3); i++) {
2177
0
            qfprintf(stdout, "%s ", args[i]);
2178
0
          }
2179
0
          if (arg > 3) {
2180
0
            qfprintf(stdout, "[...]");
2181
0
          }
2182
0
          qfprintf(stdout, "\n");
2183
0
        }
2184
0
      }
2185
0
      continue;
2186
0
    }
2187
    /* end of config dump */
2188
2189
    /* empty line */
2190
113k
    if (!**args)
2191
82.6k
      continue;
2192
2193
    /* check for config macros */
2194
30.5k
    if (*args[0] == '.') {
2195
18.8k
      if (strcmp(args[0], ".if") == 0) {
2196
6.40k
        const char *errptr = NULL;
2197
6.40k
        char *errmsg = NULL;
2198
6.40k
        int cond;
2199
6.40k
        char *w;
2200
2201
        /* remerge all words into a single expression */
2202
9.06k
        for (w = *args; (w += strlen(w)) < outline + outlen - 1; *w = ' ')
2203
2.66k
          ;
2204
2205
6.40k
        nested_cond_lvl++;
2206
6.40k
        if (nested_cond_lvl >= MAXNESTEDCONDS) {
2207
4
          ha_alert("parsing [%s:%d]: too many nested '.if', max is %d.\n", file, linenum, MAXNESTEDCONDS);
2208
4
          err_code |= ERR_ALERT | ERR_FATAL | ERR_ABORT;
2209
4
          goto err;
2210
4
        }
2211
2212
6.39k
        if (nested_cond_lvl > 1 &&
2213
6.39k
            (nested_conds[nested_cond_lvl - 1] == NESTED_COND_IF_DROP ||
2214
4.83k
             nested_conds[nested_cond_lvl - 1] == NESTED_COND_IF_SKIP ||
2215
4.83k
             nested_conds[nested_cond_lvl - 1] == NESTED_COND_ELIF_DROP ||
2216
4.83k
             nested_conds[nested_cond_lvl - 1] == NESTED_COND_ELIF_SKIP ||
2217
4.83k
             nested_conds[nested_cond_lvl - 1] == NESTED_COND_ELSE_DROP)) {
2218
3.98k
          nested_conds[nested_cond_lvl] = NESTED_COND_IF_SKIP;
2219
3.98k
          goto next_line;
2220
3.98k
        }
2221
2222
2.41k
        cond = cfg_eval_condition(args + 1, &errmsg, &errptr);
2223
2.41k
        if (cond < 0) {
2224
259
          size_t newpos = sanitize_for_printing(args[1], errptr - args[1], 76);
2225
2226
259
          ha_alert("parsing [%s:%d]: %s in '.if' at position %d:\n  .if %s\n  %*s\n",
2227
259
             file, linenum, errmsg,
2228
259
                   (int)(errptr-args[1]+1), args[1], (int)(newpos+5), "^");
2229
2230
259
          free(errmsg);
2231
259
          err_code |= ERR_ALERT | ERR_FATAL | ERR_ABORT;
2232
259
          goto err;
2233
259
        }
2234
2235
2.15k
        if (cond)
2236
822
          nested_conds[nested_cond_lvl] = NESTED_COND_IF_TAKE;
2237
1.32k
        else
2238
1.32k
          nested_conds[nested_cond_lvl] = NESTED_COND_IF_DROP;
2239
2240
2.15k
        goto next_line;
2241
2.41k
      }
2242
12.4k
      else if (strcmp(args[0], ".elif") == 0) {
2243
3.76k
        const char *errptr = NULL;
2244
3.76k
        char *errmsg = NULL;
2245
3.76k
        int cond;
2246
3.76k
        char *w;
2247
2248
        /* remerge all words into a single expression */
2249
5.03k
        for (w = *args; (w += strlen(w)) < outline + outlen - 1; *w = ' ')
2250
1.27k
          ;
2251
2252
3.76k
        if (!nested_cond_lvl) {
2253
1
          ha_alert("parsing [%s:%d]: lone '.elif' with no matching '.if'.\n", file, linenum);
2254
1
          err_code |= ERR_ALERT | ERR_FATAL | ERR_ABORT;
2255
1
          goto err;
2256
1
        }
2257
2258
3.76k
        if (nested_conds[nested_cond_lvl] == NESTED_COND_ELSE_TAKE ||
2259
3.76k
            nested_conds[nested_cond_lvl] == NESTED_COND_ELSE_DROP) {
2260
0
          ha_alert("parsing [%s:%d]: '.elif' after '.else' is not permitted.\n", file, linenum);
2261
0
          err_code |= ERR_ALERT | ERR_FATAL | ERR_ABORT;
2262
0
          goto err;
2263
0
        }
2264
2265
3.76k
        if (nested_conds[nested_cond_lvl] == NESTED_COND_IF_TAKE ||
2266
3.76k
            nested_conds[nested_cond_lvl] == NESTED_COND_IF_SKIP ||
2267
3.76k
            nested_conds[nested_cond_lvl] == NESTED_COND_ELIF_TAKE ||
2268
3.76k
            nested_conds[nested_cond_lvl] == NESTED_COND_ELIF_SKIP) {
2269
2.45k
          nested_conds[nested_cond_lvl] = NESTED_COND_ELIF_SKIP;
2270
2.45k
          goto next_line;
2271
2.45k
        }
2272
2273
1.31k
        cond = cfg_eval_condition(args + 1, &errmsg, &errptr);
2274
1.31k
        if (cond < 0) {
2275
2
          size_t newpos = sanitize_for_printing(args[1], errptr - args[1], 74);
2276
2277
2
          ha_alert("parsing [%s:%d]: %s in '.elif' at position %d:\n  .elif %s\n  %*s\n",
2278
2
             file, linenum, errmsg,
2279
2
                   (int)(errptr-args[1]+1), args[1], (int)(newpos+7), "^");
2280
2281
2
          free(errmsg);
2282
2
          err_code |= ERR_ALERT | ERR_FATAL | ERR_ABORT;
2283
2
          goto err;
2284
2
        }
2285
2286
1.30k
        if (cond)
2287
574
          nested_conds[nested_cond_lvl] = NESTED_COND_ELIF_TAKE;
2288
735
        else
2289
735
          nested_conds[nested_cond_lvl] = NESTED_COND_ELIF_DROP;
2290
2291
1.30k
        goto next_line;
2292
1.31k
      }
2293
8.64k
      else if (strcmp(args[0], ".else") == 0) {
2294
1.17k
        if (*args[1]) {
2295
0
          ha_alert("parsing [%s:%d]: Unexpected argument '%s' for '%s'.\n",
2296
0
                   file, linenum, args[1], args[0]);
2297
0
          err_code |= ERR_ALERT | ERR_FATAL | ERR_ABORT;
2298
0
          break;
2299
0
        }
2300
2301
1.17k
        if (!nested_cond_lvl) {
2302
0
          ha_alert("parsing [%s:%d]: lone '.else' with no matching '.if'.\n", file, linenum);
2303
0
          err_code |= ERR_ALERT | ERR_FATAL | ERR_ABORT;
2304
0
          goto err;
2305
0
        }
2306
2307
1.17k
        if (nested_conds[nested_cond_lvl] == NESTED_COND_ELSE_TAKE ||
2308
1.17k
            nested_conds[nested_cond_lvl] == NESTED_COND_ELSE_DROP) {
2309
0
          ha_alert("parsing [%s:%d]: '.else' after '.else' is not permitted.\n", file, linenum);
2310
0
          err_code |= ERR_ALERT | ERR_FATAL | ERR_ABORT;
2311
0
          goto err;
2312
0
        }
2313
2314
1.17k
        if (nested_conds[nested_cond_lvl] == NESTED_COND_IF_TAKE ||
2315
1.17k
            nested_conds[nested_cond_lvl] == NESTED_COND_IF_SKIP ||
2316
1.17k
            nested_conds[nested_cond_lvl] == NESTED_COND_ELIF_TAKE ||
2317
1.17k
            nested_conds[nested_cond_lvl] == NESTED_COND_ELIF_SKIP) {
2318
922
          nested_conds[nested_cond_lvl] = NESTED_COND_ELSE_DROP;
2319
922
        } else {
2320
          /* otherwise we take the "else" */
2321
253
          nested_conds[nested_cond_lvl] = NESTED_COND_ELSE_TAKE;
2322
253
        }
2323
1.17k
        goto next_line;
2324
1.17k
      }
2325
7.46k
      else if (strcmp(args[0], ".endif") == 0) {
2326
2.96k
        if (*args[1]) {
2327
2
          ha_alert("parsing [%s:%d]: Unexpected argument '%s' for '%s'.\n",
2328
2
                   file, linenum, args[1], args[0]);
2329
2
          err_code |= ERR_ALERT | ERR_FATAL | ERR_ABORT;
2330
2
          break;
2331
2
        }
2332
2333
2.95k
        if (!nested_cond_lvl) {
2334
0
          ha_alert("parsing [%s:%d]: lone '.endif' with no matching '.if'.\n", file, linenum);
2335
0
          err_code |= ERR_ALERT | ERR_FATAL | ERR_ABORT;
2336
0
          break;
2337
0
        }
2338
2.95k
        nested_cond_lvl--;
2339
2.95k
        goto next_line;
2340
2.95k
      }
2341
18.8k
    }
2342
2343
16.2k
    if (nested_cond_lvl &&
2344
16.2k
        (nested_conds[nested_cond_lvl] == NESTED_COND_IF_DROP ||
2345
12.9k
         nested_conds[nested_cond_lvl] == NESTED_COND_IF_SKIP ||
2346
12.9k
         nested_conds[nested_cond_lvl] == NESTED_COND_ELIF_DROP ||
2347
12.9k
         nested_conds[nested_cond_lvl] == NESTED_COND_ELIF_SKIP ||
2348
12.9k
         nested_conds[nested_cond_lvl] == NESTED_COND_ELSE_DROP)) {
2349
      /* The current block is masked out by the conditions */
2350
12.7k
      goto next_line;
2351
12.7k
    }
2352
2353
    /* .warning/.error/.notice/.diag */
2354
3.48k
    if (*args[0] == '.') {
2355
1.61k
      if (strcmp(args[0], ".alert") == 0) {
2356
195
        if (*args[2]) {
2357
195
          ha_alert("parsing [%s:%d]: Unexpected argument '%s' for '%s'. Use quotes if the message should contain spaces.\n",
2358
195
                     file, linenum, args[2], args[0]);
2359
195
          err_code |= ERR_ALERT | ERR_FATAL;
2360
195
          goto next_line;
2361
195
        }
2362
2363
0
        ha_alert("parsing [%s:%d]: '%s'.\n", file, linenum, args[1]);
2364
0
        err_code |= ERR_ALERT | ERR_FATAL | ERR_ABORT;
2365
0
        goto err;
2366
195
      }
2367
1.41k
      else if (strcmp(args[0], ".warning") == 0) {
2368
399
        if (*args[2]) {
2369
207
          ha_alert("parsing [%s:%d]: Unexpected argument '%s' for '%s'. Use quotes if the message should contain spaces.\n",
2370
207
                     file, linenum, args[2], args[0]);
2371
207
          err_code |= ERR_ALERT | ERR_FATAL;
2372
207
          goto next_line;
2373
207
        }
2374
2375
192
        ha_warning("parsing [%s:%d]: '%s'.\n", file, linenum, args[1]);
2376
192
        err_code |= ERR_WARN;
2377
192
        goto next_line;
2378
399
      }
2379
1.01k
      else if (strcmp(args[0], ".notice") == 0) {
2380
386
        if (*args[2]) {
2381
190
          ha_alert("parsing [%s:%d]: Unexpected argument '%s' for '%s'. Use quotes if the message should contain spaces.\n",
2382
190
                   file, linenum, args[2], args[0]);
2383
190
          err_code |= ERR_ALERT | ERR_FATAL;
2384
190
          goto next_line;
2385
190
        }
2386
2387
196
        ha_notice("parsing [%s:%d]: '%s'.\n", file, linenum, args[1]);
2388
196
        goto next_line;
2389
386
      }
2390
632
      else if (strcmp(args[0], ".diag") == 0) {
2391
532
        if (*args[2]) {
2392
191
          ha_alert("parsing [%s:%d]: Unexpected argument '%s' for '%s'. Use quotes if the message should contain spaces.\n",
2393
191
                   file, linenum, args[2], args[0]);
2394
191
          err_code |= ERR_ALERT | ERR_FATAL;
2395
191
          goto next_line;
2396
191
        }
2397
2398
341
        ha_diag_warning("parsing [%s:%d]: '%s'.\n", file, linenum, args[1]);
2399
341
        goto next_line;
2400
532
      }
2401
100
      else {
2402
100
        ha_alert("parsing [%s:%d]: unknown directive '%s'.\n", file, linenum, args[0]);
2403
100
        err_code |= ERR_ALERT | ERR_FATAL;
2404
100
        fatal++;
2405
100
        break;
2406
100
      }
2407
1.61k
    }
2408
2409
    /* check for keyword modifiers "no" and "default" */
2410
1.86k
    if (strcmp(args[0], "no") == 0) {
2411
979
      char *tmp;
2412
2413
979
      kwm = KWM_NO;
2414
979
      tmp = args[0];
2415
2.05k
      for (arg=0; *args[arg+1]; arg++)
2416
1.07k
        args[arg] = args[arg+1];   // shift args after inversion
2417
979
      *tmp = '\0';          // fix the next arg to \0
2418
979
      args[arg] = tmp;
2419
979
    }
2420
889
    else if (strcmp(args[0], "default") == 0) {
2421
103
      kwm = KWM_DEF;
2422
364
      for (arg=0; *args[arg+1]; arg++)
2423
261
        args[arg] = args[arg+1];   // shift args after inversion
2424
103
    }
2425
2426
1.86k
    if (kwm != KWM_STD && strcmp(args[0], "option") != 0 &&
2427
1.86k
        strcmp(args[0], "log") != 0 && strcmp(args[0], "busy-polling") != 0 &&
2428
1.86k
        strcmp(args[0], "set-dumpable") != 0 && strcmp(args[0], "strict-limits") != 0 &&
2429
1.86k
        strcmp(args[0], "insecure-fork-wanted") != 0 &&
2430
1.86k
        strcmp(args[0], "numa-cpu-mapping") != 0) {
2431
593
      ha_alert("parsing [%s:%d]: negation/default currently "
2432
593
         "supported only for options, log, busy-polling, "
2433
593
         "set-dumpable, strict-limits, insecure-fork-wanted "
2434
593
         "and numa-cpu-mapping.\n", file, linenum);
2435
593
      err_code |= ERR_ALERT | ERR_FATAL;
2436
593
      fatal++;
2437
593
    }
2438
2439
    /* detect section start */
2440
1.86k
    list_for_each_entry(ics, &sections, list) {
2441
0
      if (strcmp(args[0], ics->section_name) == 0) {
2442
0
        cursection = ics->section_name;
2443
0
        pcs = cs;
2444
0
        cs = ics;
2445
0
        free(global.cfg_curr_section);
2446
0
        global.cfg_curr_section = strdup(*args[1] ? args[1] : args[0]);
2447
0
        check_section_position(args[0], file, linenum);
2448
0
        break;
2449
0
      }
2450
0
    }
2451
2452
1.86k
    if (pcs && pcs->post_section_parser) {
2453
0
      int status;
2454
2455
0
      status = pcs->post_section_parser();
2456
0
      err_code |= status;
2457
0
      if (status & ERR_FATAL)
2458
0
        fatal++;
2459
2460
0
      if (err_code & ERR_ABORT)
2461
0
        goto err;
2462
0
    }
2463
1.86k
    pcs = NULL;
2464
2465
1.86k
    if (!cs) {
2466
1.86k
      ha_alert("parsing [%s:%d]: unknown keyword '%s' out of section.\n", file, linenum, args[0]);
2467
1.86k
      err_code |= ERR_ALERT | ERR_FATAL;
2468
1.86k
      fatal++;
2469
1.86k
    } else {
2470
0
      int status;
2471
2472
0
      status = cs->section_parser(file, linenum, args, kwm);
2473
0
      err_code |= status;
2474
0
      if (status & ERR_FATAL)
2475
0
        fatal++;
2476
2477
0
      if (err_code & ERR_ABORT)
2478
0
        goto err;
2479
0
    }
2480
1.86k
  }
2481
2482
1.09k
  if (missing_lf != -1) {
2483
918
    ha_alert("parsing [%s:%d]: Missing LF on last line, file might have been truncated at position %d.\n",
2484
918
             file, linenum, (missing_lf + 1));
2485
918
    err_code |= ERR_ALERT | ERR_FATAL;
2486
918
  }
2487
2488
1.09k
  ha_free(&global.cfg_curr_section);
2489
1.09k
  if (cs && cs->post_section_parser)
2490
0
    err_code |= cs->post_section_parser();
2491
2492
1.09k
  if (nested_cond_lvl) {
2493
226
    ha_alert("parsing [%s:%d]: non-terminated '.if' block.\n", file, linenum);
2494
226
    err_code |= ERR_ALERT | ERR_FATAL | ERR_ABORT;
2495
226
  }
2496
2497
1.09k
  if (*initial_cwd && chdir(initial_cwd) == -1) {
2498
0
    ha_alert("Impossible to get back to initial directory '%s' : %s\n", initial_cwd, strerror(errno));
2499
0
    err_code |= ERR_ALERT | ERR_FATAL;
2500
0
  }
2501
2502
1.35k
err:
2503
1.35k
  ha_free(&cfg_scope);
2504
1.35k
  cursection = NULL;
2505
1.35k
  free(thisline);
2506
1.35k
  free(outline);
2507
1.35k
  global.cfg_curr_line = 0;
2508
1.35k
  global.cfg_curr_file = NULL;
2509
2510
1.35k
  if (f)
2511
1.35k
    fclose(f);
2512
2513
1.35k
  return err_code;
2514
1.09k
}
2515
2516
#if defined(USE_THREAD) && defined USE_CPU_AFFINITY
2517
#if defined(__linux__)
2518
2519
/* filter directory name of the pattern node<X> */
2520
static int numa_filter(const struct dirent *dir)
2521
{
2522
  char *endptr;
2523
2524
  /* dir name must start with "node" prefix */
2525
  if (strncmp(dir->d_name, "node", 4))
2526
    return 0;
2527
2528
  /* dir name must be at least 5 characters long */
2529
  if (!dir->d_name[4])
2530
    return 0;
2531
2532
  /* dir name must end with a numeric id */
2533
  if (strtol(&dir->d_name[4], &endptr, 10) < 0 || *endptr)
2534
    return 0;
2535
2536
  /* all tests succeeded */
2537
  return 1;
2538
}
2539
2540
/* Inspect the cpu topology of the machine on startup. If a multi-socket
2541
 * machine is detected, try to bind on the first node with active cpu. This is
2542
 * done to prevent an impact on the overall performance when the topology of
2543
 * the machine is unknown. This function is not called if one of the conditions
2544
 * is met :
2545
 * - a non-null nbthread directive is active
2546
 * - a restrictive cpu-map directive is active
2547
 * - a restrictive affinity is already applied, for example via taskset
2548
 *
2549
 * Returns the count of cpus selected. If no automatic binding was required or
2550
 * an error occurred and the topology is unknown, 0 is returned.
2551
 */
2552
static int numa_detect_topology()
2553
{
2554
  struct dirent **node_dirlist;
2555
  int node_dirlist_size;
2556
2557
  struct hap_cpuset active_cpus, node_cpu_set;
2558
  const char *parse_cpu_set_args[2];
2559
  char *err = NULL;
2560
  int grp, thr;
2561
2562
  /* node_cpu_set count is used as return value */
2563
  ha_cpuset_zero(&node_cpu_set);
2564
2565
  /* 1. count the sysfs node<X> directories */
2566
  node_dirlist = NULL;
2567
  node_dirlist_size = scandir(NUMA_DETECT_SYSTEM_SYSFS_PATH"/node", &node_dirlist, numa_filter, alphasort);
2568
  if (node_dirlist_size <= 1)
2569
    goto free_scandir_entries;
2570
2571
  /* 2. read and parse the list of currently online cpu */
2572
  if (read_line_to_trash("%s/cpu/online", NUMA_DETECT_SYSTEM_SYSFS_PATH) < 0) {
2573
    ha_notice("Cannot read online CPUs list, will not try to refine binding\n");
2574
    goto free_scandir_entries;
2575
  }
2576
2577
  parse_cpu_set_args[0] = trash.area;
2578
  parse_cpu_set_args[1] = "\0";
2579
  if (parse_cpu_set(parse_cpu_set_args, &active_cpus, &err) != 0) {
2580
    ha_notice("Cannot read online CPUs list: '%s'. Will not try to refine binding\n", err);
2581
    free(err);
2582
    goto free_scandir_entries;
2583
  }
2584
2585
  /* 3. loop through nodes dirs and find the first one with active cpus */
2586
  while (node_dirlist_size--) {
2587
    const char *node = node_dirlist[node_dirlist_size]->d_name;
2588
    ha_cpuset_zero(&node_cpu_set);
2589
2590
    if (read_line_to_trash("%s/node/%s/cpumap", NUMA_DETECT_SYSTEM_SYSFS_PATH, node) < 0) {
2591
      ha_notice("Cannot read CPUs list of '%s', will not select them to refine binding\n", node);
2592
      free(node_dirlist[node_dirlist_size]);
2593
      continue;
2594
    }
2595
2596
    parse_cpumap(trash.area, &node_cpu_set);
2597
    ha_cpuset_and(&node_cpu_set, &active_cpus);
2598
2599
    /* 5. set affinity on the first found node with active cpus */
2600
    if (!ha_cpuset_count(&node_cpu_set)) {
2601
      free(node_dirlist[node_dirlist_size]);
2602
      continue;
2603
    }
2604
2605
    ha_diag_warning("Multi-socket cpu detected, automatically binding on active CPUs of '%s' (%u active cpu(s))\n", node, ha_cpuset_count(&node_cpu_set));
2606
    for (grp = 0; grp < MAX_TGROUPS; grp++)
2607
      for (thr = 0; thr < MAX_THREADS_PER_GROUP; thr++)
2608
        ha_cpuset_assign(&cpu_map[grp].thread[thr], &node_cpu_set);
2609
2610
    free(node_dirlist[node_dirlist_size]);
2611
    break;
2612
  }
2613
2614
 free_scandir_entries:
2615
  while (node_dirlist_size-- > 0)
2616
    free(node_dirlist[node_dirlist_size]);
2617
  free(node_dirlist);
2618
2619
  return ha_cpuset_count(&node_cpu_set);
2620
}
2621
2622
#elif defined(__FreeBSD__)
2623
static int numa_detect_topology()
2624
{
2625
  struct hap_cpuset node_cpu_set;
2626
  int ndomains = 0, i;
2627
  size_t len = sizeof(ndomains);
2628
  int grp, thr;
2629
2630
  if (sysctlbyname("vm.ndomains", &ndomains, &len, NULL, 0) == -1) {
2631
    ha_notice("Cannot assess the number of CPUs domains\n");
2632
    return 0;
2633
  }
2634
2635
  BUG_ON(ndomains > MAXMEMDOM);
2636
  ha_cpuset_zero(&node_cpu_set);
2637
2638
  if (ndomains < 2)
2639
    goto leave;
2640
2641
  /*
2642
   * We retrieve the first active valid CPU domain
2643
   * with active cpu and binding it, we returns
2644
   * the number of cpu from the said domain
2645
   */
2646
  for (i = 0; i < ndomains; i ++) {
2647
    struct hap_cpuset dom;
2648
    ha_cpuset_zero(&dom);
2649
    if (cpuset_getaffinity(CPU_LEVEL_WHICH, CPU_WHICH_DOMAIN, i, sizeof(dom.cpuset), &dom.cpuset) == -1)
2650
      continue;
2651
2652
    if (!ha_cpuset_count(&dom))
2653
      continue;
2654
2655
    ha_cpuset_assign(&node_cpu_set, &dom);
2656
2657
    ha_diag_warning("Multi-socket cpu detected, automatically binding on active CPUs of '%d' (%u active cpu(s))\n", i, ha_cpuset_count(&node_cpu_set));
2658
    for (grp = 0; grp < MAX_TGROUPS; grp++)
2659
      for (thr = 0; thr < MAX_THREADS_PER_GROUP; thr++)
2660
        ha_cpuset_assign(&cpu_map[grp].thread[thr], &node_cpu_set);
2661
    break;
2662
  }
2663
 leave:
2664
  return ha_cpuset_count(&node_cpu_set);
2665
}
2666
2667
#else
2668
static int numa_detect_topology()
2669
{
2670
  return 0;
2671
}
2672
2673
#endif
2674
#endif /* USE_THREAD && USE_CPU_AFFINITY */
2675
2676
/*
2677
 * Returns the error code, 0 if OK, or any combination of :
2678
 *  - ERR_ABORT: must abort ASAP
2679
 *  - ERR_FATAL: we can continue parsing but not start the service
2680
 *  - ERR_WARN: a warning has been emitted
2681
 *  - ERR_ALERT: an alert has been emitted
2682
 * Only the two first ones can stop processing, the two others are just
2683
 * indicators.
2684
 */
2685
int check_config_validity()
2686
0
{
2687
0
  int cfgerr = 0;
2688
0
  struct proxy *curproxy = NULL;
2689
0
  struct proxy *init_proxies_list = NULL;
2690
0
  struct stktable *t;
2691
0
  struct server *newsrv = NULL;
2692
0
  int err_code = 0;
2693
0
  unsigned int next_pxid = 1;
2694
0
  struct bind_conf *bind_conf;
2695
0
  char *err;
2696
0
  struct cfg_postparser *postparser;
2697
0
  struct resolvers *curr_resolvers = NULL;
2698
0
  int i;
2699
2700
0
  bind_conf = NULL;
2701
  /*
2702
   * Now, check for the integrity of all that we have collected.
2703
   */
2704
2705
0
  if (!global.tune.max_http_hdr)
2706
0
    global.tune.max_http_hdr = MAX_HTTP_HDR;
2707
2708
0
  if (!global.tune.cookie_len)
2709
0
    global.tune.cookie_len = CAPTURE_LEN;
2710
2711
0
  if (!global.tune.requri_len)
2712
0
    global.tune.requri_len = REQURI_LEN;
2713
2714
0
  if (!global.nbthread) {
2715
    /* nbthread not set, thus automatic. In this case, and only if
2716
     * running on a single process, we enable the same number of
2717
     * threads as the number of CPUs the process is bound to. This
2718
     * allows to easily control the number of threads using taskset.
2719
     */
2720
0
    global.nbthread = 1;
2721
2722
#if defined(USE_THREAD)
2723
    {
2724
      int numa_cores = 0;
2725
#if defined(USE_CPU_AFFINITY)
2726
      if (global.numa_cpu_mapping && !thread_cpu_mask_forced() && !cpu_map_configured())
2727
        numa_cores = numa_detect_topology();
2728
#endif
2729
      global.nbthread = numa_cores ? numa_cores :
2730
                                     thread_cpus_enabled_at_boot;
2731
2732
      /* Note that we cannot have more than 32 or 64 threads per group */
2733
      if (!global.nbtgroups)
2734
        global.nbtgroups = 1;
2735
2736
      if (global.nbthread > MAX_THREADS_PER_GROUP * global.nbtgroups) {
2737
        ha_diag_warning("nbthread not set, found %d CPUs, limiting to %d threads (maximum is %d per thread group). Please set nbthreads and/or increase thread-groups in the global section to silence this warning.\n",
2738
             global.nbthread, MAX_THREADS_PER_GROUP * global.nbtgroups, MAX_THREADS_PER_GROUP);
2739
        global.nbthread = MAX_THREADS_PER_GROUP * global.nbtgroups;
2740
      }
2741
    }
2742
#endif
2743
0
  }
2744
2745
0
  if (!global.nbtgroups)
2746
0
    global.nbtgroups = 1;
2747
2748
0
  if (thread_map_to_groups() < 0) {
2749
0
    err_code |= ERR_ALERT | ERR_FATAL;
2750
0
    goto out;
2751
0
  }
2752
2753
0
  pool_head_requri = create_pool("requri", global.tune.requri_len , MEM_F_SHARED);
2754
2755
0
  pool_head_capture = create_pool("capture", global.tune.cookie_len, MEM_F_SHARED);
2756
2757
  /* Post initialisation of the users and groups lists. */
2758
0
  err_code = userlist_postinit();
2759
0
  if (err_code != ERR_NONE)
2760
0
    goto out;
2761
2762
  /* first, we will invert the proxy list order */
2763
0
  curproxy = NULL;
2764
0
  while (proxies_list) {
2765
0
    struct proxy *next;
2766
2767
0
    next = proxies_list->next;
2768
0
    proxies_list->next = curproxy;
2769
0
    curproxy = proxies_list;
2770
0
    if (!next)
2771
0
      break;
2772
0
    proxies_list = next;
2773
0
  }
2774
2775
  /* starting to initialize the main proxies list */
2776
0
  init_proxies_list = proxies_list;
2777
2778
0
init_proxies_list_stage1:
2779
0
  for (curproxy = init_proxies_list; curproxy; curproxy = curproxy->next) {
2780
0
    struct switching_rule *rule;
2781
0
    struct server_rule *srule;
2782
0
    struct sticking_rule *mrule;
2783
0
    struct logger *tmplogger;
2784
0
    unsigned int next_id;
2785
2786
0
    if (!(curproxy->cap & PR_CAP_INT) && curproxy->uuid < 0) {
2787
      /* proxy ID not set, use automatic numbering with first
2788
       * spare entry starting with next_pxid. We don't assign
2789
       * numbers for internal proxies as they may depend on
2790
       * build or config options and we don't want them to
2791
       * possibly reuse existing IDs.
2792
       */
2793
0
      next_pxid = get_next_id(&used_proxy_id, next_pxid);
2794
0
      curproxy->conf.id.key = curproxy->uuid = next_pxid;
2795
0
      eb32_insert(&used_proxy_id, &curproxy->conf.id);
2796
0
    }
2797
2798
0
    if (curproxy->mode == PR_MODE_HTTP && global.tune.bufsize >= (256 << 20) && ONLY_ONCE()) {
2799
0
      ha_alert("global.tune.bufsize must be below 256 MB when HTTP is in use (current value = %d).\n",
2800
0
         global.tune.bufsize);
2801
0
      cfgerr++;
2802
0
    }
2803
2804
    /* next IDs are shifted even if the proxy is disabled, this
2805
     * guarantees that a proxy that is temporarily disabled in the
2806
     * configuration doesn't cause a renumbering. Internal proxies
2807
     * that are not assigned a static ID must never shift the IDs
2808
     * either since they may appear in any order (Lua, logs, etc).
2809
     * The GLOBAL proxy that carries the stats socket has its ID
2810
     * forced to zero.
2811
     */
2812
0
    if (curproxy->uuid >= 0)
2813
0
      next_pxid++;
2814
2815
0
    if (curproxy->flags & PR_FL_DISABLED) {
2816
      /* ensure we don't keep listeners uselessly bound. We
2817
       * can't disable their listeners yet (fdtab not
2818
       * allocated yet) but let's skip them.
2819
       */
2820
0
      if (curproxy->table) {
2821
0
        ha_free(&curproxy->table->peers.name);
2822
0
        curproxy->table->peers.p = NULL;
2823
0
      }
2824
0
      continue;
2825
0
    }
2826
2827
    /* The current proxy is referencing a default proxy. We must
2828
     * finalize its config, but only once. If the default proxy is
2829
     * ready (PR_FL_READY) it means it was already fully configured.
2830
     */
2831
0
    if (curproxy->defpx) {
2832
0
      if (!(curproxy->defpx->flags & PR_FL_READY)) {
2833
        /* check validity for 'tcp-request' layer 4/5/6/7 rules */
2834
0
        cfgerr += check_action_rules(&curproxy->defpx->tcp_req.l4_rules, curproxy->defpx, &err_code);
2835
0
        cfgerr += check_action_rules(&curproxy->defpx->tcp_req.l5_rules, curproxy->defpx, &err_code);
2836
0
        cfgerr += check_action_rules(&curproxy->defpx->tcp_req.inspect_rules, curproxy->defpx, &err_code);
2837
0
        cfgerr += check_action_rules(&curproxy->defpx->tcp_rep.inspect_rules, curproxy->defpx, &err_code);
2838
0
        cfgerr += check_action_rules(&curproxy->defpx->http_req_rules, curproxy->defpx, &err_code);
2839
0
        cfgerr += check_action_rules(&curproxy->defpx->http_res_rules, curproxy->defpx, &err_code);
2840
0
        cfgerr += check_action_rules(&curproxy->defpx->http_after_res_rules, curproxy->defpx, &err_code);
2841
2842
0
        err = NULL;
2843
0
        i = smp_resolve_args(curproxy->defpx, &err);
2844
0
        cfgerr += i;
2845
0
        if (i) {
2846
0
          indent_msg(&err, 8);
2847
0
          ha_alert("%s%s\n", i > 1 ? "multiple argument resolution errors:" : "", err);
2848
0
          ha_free(&err);
2849
0
        }
2850
0
        else
2851
0
          cfgerr += acl_find_targets(curproxy->defpx);
2852
2853
        /* default proxy is now ready. Set the right FE/BE capabilities */
2854
0
        curproxy->defpx->flags |= PR_FL_READY;
2855
0
      }
2856
0
    }
2857
2858
    /* check and reduce the bind-proc of each listener */
2859
0
    list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
2860
0
      int ret;
2861
2862
      /* HTTP frontends with "h2" as ALPN/NPN will work in
2863
       * HTTP/2 and absolutely require buffers 16kB or larger.
2864
       */
2865
#ifdef USE_OPENSSL
2866
      /* no-alpn ? If so, it's the right moment to remove it */
2867
      if (bind_conf->ssl_conf.alpn_str && !bind_conf->ssl_conf.alpn_len) {
2868
        free(bind_conf->ssl_conf.alpn_str);
2869
        bind_conf->ssl_conf.alpn_str = NULL;
2870
      }
2871
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
2872
      else if (!bind_conf->ssl_conf.alpn_str && !bind_conf->ssl_conf.npn_str &&
2873
         ((bind_conf->options & BC_O_USE_SSL) || bind_conf->xprt == xprt_get(XPRT_QUIC)) &&
2874
         curproxy->mode == PR_MODE_HTTP && global.tune.bufsize >= 16384) {
2875
2876
        /* Neither ALPN nor NPN were explicitly set nor disabled, we're
2877
         * in HTTP mode with an SSL or QUIC listener, we can enable ALPN.
2878
         * Note that it's in binary form.
2879
         */
2880
        if (bind_conf->xprt == xprt_get(XPRT_QUIC))
2881
          bind_conf->ssl_conf.alpn_str = strdup("\002h3");
2882
        else
2883
          bind_conf->ssl_conf.alpn_str = strdup("\002h2\010http/1.1");
2884
2885
        if (!bind_conf->ssl_conf.alpn_str) {
2886
          ha_alert("Proxy '%s': out of memory while trying to allocate a default alpn string in 'bind %s' at [%s:%d].\n",
2887
             curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
2888
          cfgerr++;
2889
          err_code |= ERR_FATAL | ERR_ALERT;
2890
          goto out;
2891
        }
2892
        bind_conf->ssl_conf.alpn_len = strlen(bind_conf->ssl_conf.alpn_str);
2893
      }
2894
#endif
2895
2896
      if (curproxy->mode == PR_MODE_HTTP && global.tune.bufsize < 16384) {
2897
#ifdef OPENSSL_NPN_NEGOTIATED
2898
        /* check NPN */
2899
        if (bind_conf->ssl_conf.npn_str && strstr(bind_conf->ssl_conf.npn_str, "\002h2")) {
2900
          ha_alert("HTTP frontend '%s' enables HTTP/2 via NPN at [%s:%d], so global.tune.bufsize must be at least 16384 bytes (%d now).\n",
2901
             curproxy->id, bind_conf->file, bind_conf->line, global.tune.bufsize);
2902
          cfgerr++;
2903
        }
2904
#endif
2905
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
2906
        /* check ALPN */
2907
        if (bind_conf->ssl_conf.alpn_str && strstr(bind_conf->ssl_conf.alpn_str, "\002h2")) {
2908
          ha_alert("HTTP frontend '%s' enables HTTP/2 via ALPN at [%s:%d], so global.tune.bufsize must be at least 16384 bytes (%d now).\n",
2909
             curproxy->id, bind_conf->file, bind_conf->line, global.tune.bufsize);
2910
          cfgerr++;
2911
        }
2912
#endif
2913
      } /* HTTP && bufsize < 16384 */
2914
#endif
2915
2916
      /* finish the bind setup */
2917
0
      ret = bind_complete_thread_setup(bind_conf, &err_code);
2918
0
      if (ret != 0) {
2919
0
        cfgerr += ret;
2920
0
        if (err_code & ERR_FATAL)
2921
0
          goto out;
2922
0
      }
2923
0
    }
2924
2925
0
    switch (curproxy->mode) {
2926
0
    case PR_MODE_TCP:
2927
0
      cfgerr += proxy_cfg_ensure_no_http(curproxy);
2928
0
      cfgerr += proxy_cfg_ensure_no_log(curproxy);
2929
0
      break;
2930
2931
0
    case PR_MODE_HTTP:
2932
0
      cfgerr += proxy_cfg_ensure_no_log(curproxy);
2933
0
      curproxy->http_needed = 1;
2934
0
      break;
2935
2936
0
    case PR_MODE_CLI:
2937
0
      cfgerr += proxy_cfg_ensure_no_http(curproxy);
2938
0
      cfgerr += proxy_cfg_ensure_no_log(curproxy);
2939
0
      break;
2940
2941
0
    case PR_MODE_SYSLOG:
2942
      /* this mode is initialized as the classic tcp proxy */
2943
0
      cfgerr += proxy_cfg_ensure_no_http(curproxy);
2944
0
      break;
2945
2946
0
    case PR_MODE_PEERS:
2947
0
    case PR_MODES:
2948
      /* should not happen, bug gcc warn missing switch statement */
2949
0
      ha_alert("%s '%s' cannot initialize this proxy mode (peers) in this way. NOTE: PLEASE REPORT THIS TO DEVELOPERS AS YOU'RE NOT SUPPOSED TO BE ABLE TO CREATE A CONFIGURATION TRIGGERING THIS!\n",
2950
0
         proxy_type_str(curproxy), curproxy->id);
2951
0
      cfgerr++;
2952
0
      break;
2953
0
    }
2954
2955
0
    if (!(curproxy->cap & PR_CAP_INT) && (curproxy->cap & PR_CAP_FE) && LIST_ISEMPTY(&curproxy->conf.listeners)) {
2956
0
      ha_warning("%s '%s' has no 'bind' directive. Please declare it as a backend if this was intended.\n",
2957
0
           proxy_type_str(curproxy), curproxy->id);
2958
0
      err_code |= ERR_WARN;
2959
0
    }
2960
2961
0
    if (curproxy->cap & PR_CAP_BE) {
2962
0
      if (curproxy->lbprm.algo & BE_LB_KIND) {
2963
0
        if (curproxy->options & PR_O_TRANSP) {
2964
0
          ha_alert("%s '%s' cannot use both transparent and balance mode.\n",
2965
0
             proxy_type_str(curproxy), curproxy->id);
2966
0
          cfgerr++;
2967
0
        }
2968
#ifdef WE_DONT_SUPPORT_SERVERLESS_LISTENERS
2969
        else if (curproxy->srv == NULL) {
2970
          ha_alert("%s '%s' needs at least 1 server in balance mode.\n",
2971
             proxy_type_str(curproxy), curproxy->id);
2972
          cfgerr++;
2973
        }
2974
#endif
2975
0
        else if (curproxy->options & PR_O_DISPATCH) {
2976
0
          ha_warning("dispatch address of %s '%s' will be ignored in balance mode.\n",
2977
0
               proxy_type_str(curproxy), curproxy->id);
2978
0
          err_code |= ERR_WARN;
2979
0
        }
2980
0
      }
2981
0
      else if (!(curproxy->options & (PR_O_TRANSP | PR_O_DISPATCH))) {
2982
        /* If no LB algo is set in a backend, and we're not in
2983
         * transparent mode, dispatch mode nor proxy mode, we
2984
         * want to use balance roundrobin by default.
2985
         */
2986
0
        curproxy->lbprm.algo &= ~BE_LB_ALGO;
2987
0
        curproxy->lbprm.algo |= BE_LB_ALGO_RR;
2988
0
      }
2989
0
    }
2990
2991
0
    if (curproxy->options & PR_O_DISPATCH)
2992
0
      curproxy->options &= ~PR_O_TRANSP;
2993
0
    else if (curproxy->options & PR_O_TRANSP)
2994
0
      curproxy->options &= ~PR_O_DISPATCH;
2995
2996
0
    if ((curproxy->tcpcheck_rules.flags & TCPCHK_RULES_UNUSED_HTTP_RS)) {
2997
0
      ha_warning("%s '%s' uses http-check rules without 'option httpchk', so the rules are ignored.\n",
2998
0
           proxy_type_str(curproxy), curproxy->id);
2999
0
      err_code |= ERR_WARN;
3000
0
    }
3001
3002
0
    if ((curproxy->options2 & PR_O2_CHK_ANY) == PR_O2_TCPCHK_CHK &&
3003
0
        (curproxy->tcpcheck_rules.flags & TCPCHK_RULES_PROTO_CHK) != TCPCHK_RULES_HTTP_CHK) {
3004
0
      if (curproxy->options & PR_O_DISABLE404) {
3005
0
        ha_warning("'%s' will be ignored for %s '%s' (requires 'option httpchk').\n",
3006
0
             "disable-on-404", proxy_type_str(curproxy), curproxy->id);
3007
0
        err_code |= ERR_WARN;
3008
0
        curproxy->options &= ~PR_O_DISABLE404;
3009
0
      }
3010
0
      if (curproxy->options2 & PR_O2_CHK_SNDST) {
3011
0
        ha_warning("'%s' will be ignored for %s '%s' (requires 'option httpchk').\n",
3012
0
             "send-state", proxy_type_str(curproxy), curproxy->id);
3013
0
        err_code |= ERR_WARN;
3014
0
        curproxy->options &= ~PR_O2_CHK_SNDST;
3015
0
      }
3016
0
    }
3017
3018
0
    if ((curproxy->options2 & PR_O2_CHK_ANY) == PR_O2_EXT_CHK) {
3019
0
      if (!global.external_check) {
3020
0
        ha_alert("Proxy '%s' : '%s' unable to find required 'global.external-check'.\n",
3021
0
           curproxy->id, "option external-check");
3022
0
        cfgerr++;
3023
0
      }
3024
0
      if (!curproxy->check_command) {
3025
0
        ha_alert("Proxy '%s' : '%s' unable to find required 'external-check command'.\n",
3026
0
           curproxy->id, "option external-check");
3027
0
        cfgerr++;
3028
0
      }
3029
0
      if (!(global.tune.options & GTUNE_INSECURE_FORK)) {
3030
0
        ha_warning("Proxy '%s' : 'insecure-fork-wanted' not enabled in the global section, '%s' will likely fail.\n",
3031
0
           curproxy->id, "option external-check");
3032
0
        err_code |= ERR_WARN;
3033
0
      }
3034
0
    }
3035
3036
0
    if (curproxy->email_alert.set) {
3037
0
        if (!(curproxy->email_alert.mailers.name && curproxy->email_alert.from && curproxy->email_alert.to)) {
3038
0
          ha_warning("'email-alert' will be ignored for %s '%s' (the presence any of "
3039
0
               "'email-alert from', 'email-alert level' 'email-alert mailers', "
3040
0
               "'email-alert myhostname', or 'email-alert to' "
3041
0
               "requires each of 'email-alert from', 'email-alert mailers' and 'email-alert to' "
3042
0
               "to be present).\n",
3043
0
               proxy_type_str(curproxy), curproxy->id);
3044
0
          err_code |= ERR_WARN;
3045
0
          free_email_alert(curproxy);
3046
0
        }
3047
0
        if (!curproxy->email_alert.myhostname)
3048
0
          curproxy->email_alert.myhostname = strdup(hostname);
3049
0
    }
3050
3051
0
    if (curproxy->check_command) {
3052
0
      int clear = 0;
3053
0
      if ((curproxy->options2 & PR_O2_CHK_ANY) != PR_O2_EXT_CHK) {
3054
0
        ha_warning("'%s' will be ignored for %s '%s' (requires 'option external-check').\n",
3055
0
             "external-check command", proxy_type_str(curproxy), curproxy->id);
3056
0
        err_code |= ERR_WARN;
3057
0
        clear = 1;
3058
0
      }
3059
0
      if (curproxy->check_command[0] != '/' && !curproxy->check_path) {
3060
0
        ha_alert("Proxy '%s': '%s' does not have a leading '/' and 'external-check path' is not set.\n",
3061
0
           curproxy->id, "external-check command");
3062
0
        cfgerr++;
3063
0
      }
3064
0
      if (clear) {
3065
0
        ha_free(&curproxy->check_command);
3066
0
      }
3067
0
    }
3068
3069
0
    if (curproxy->check_path) {
3070
0
      if ((curproxy->options2 & PR_O2_CHK_ANY) != PR_O2_EXT_CHK) {
3071
0
        ha_warning("'%s' will be ignored for %s '%s' (requires 'option external-check').\n",
3072
0
             "external-check path", proxy_type_str(curproxy), curproxy->id);
3073
0
        err_code |= ERR_WARN;
3074
0
        ha_free(&curproxy->check_path);
3075
0
      }
3076
0
    }
3077
3078
    /* if a default backend was specified, let's find it */
3079
0
    if (curproxy->defbe.name) {
3080
0
      struct proxy *target;
3081
3082
0
      target = proxy_be_by_name(curproxy->defbe.name);
3083
0
      if (!target) {
3084
0
        ha_alert("Proxy '%s': unable to find required default_backend: '%s'.\n",
3085
0
           curproxy->id, curproxy->defbe.name);
3086
0
        cfgerr++;
3087
0
      } else if (target == curproxy) {
3088
0
        ha_alert("Proxy '%s': loop detected for default_backend: '%s'.\n",
3089
0
           curproxy->id, curproxy->defbe.name);
3090
0
        cfgerr++;
3091
0
      } else if (target->mode != curproxy->mode &&
3092
0
           !(curproxy->mode == PR_MODE_TCP && target->mode == PR_MODE_HTTP)) {
3093
3094
0
        ha_alert("%s %s '%s' (%s:%d) tries to use incompatible %s %s '%s' (%s:%d) as its default backend (see 'mode').\n",
3095
0
           proxy_mode_str(curproxy->mode), proxy_type_str(curproxy), curproxy->id,
3096
0
           curproxy->conf.file, curproxy->conf.line,
3097
0
           proxy_mode_str(target->mode), proxy_type_str(target), target->id,
3098
0
           target->conf.file, target->conf.line);
3099
0
        cfgerr++;
3100
0
      } else {
3101
0
        free(curproxy->defbe.name);
3102
0
        curproxy->defbe.be = target;
3103
        /* Emit a warning if this proxy also has some servers */
3104
0
        if (curproxy->srv) {
3105
0
          ha_warning("In proxy '%s', the 'default_backend' rule always has precedence over the servers, which will never be used.\n",
3106
0
               curproxy->id);
3107
0
          err_code |= ERR_WARN;
3108
0
        }
3109
0
        if (target->mode == PR_MODE_HTTP) {
3110
          /* at least one of the used backends will provoke an
3111
           * HTTP upgrade
3112
           */
3113
0
          curproxy->options |= PR_O_HTTP_UPG;
3114
0
        }
3115
0
      }
3116
0
    }
3117
3118
    /* find the target proxy for 'use_backend' rules */
3119
0
    list_for_each_entry(rule, &curproxy->switching_rules, list) {
3120
0
      struct proxy *target;
3121
0
      struct logformat_node *node;
3122
0
      char *pxname;
3123
3124
      /* Try to parse the string as a log format expression. If the result
3125
       * of the parsing is only one entry containing a simple string, then
3126
       * it's a standard string corresponding to a static rule, thus the
3127
       * parsing is cancelled and be.name is restored to be resolved.
3128
       */
3129
0
      pxname = rule->be.name;
3130
0
      LIST_INIT(&rule->be.expr);
3131
0
      curproxy->conf.args.ctx = ARGC_UBK;
3132
0
      curproxy->conf.args.file = rule->file;
3133
0
      curproxy->conf.args.line = rule->line;
3134
0
      err = NULL;
3135
0
      if (!parse_logformat_string(pxname, curproxy, &rule->be.expr, 0, SMP_VAL_FE_HRQ_HDR, &err)) {
3136
0
        ha_alert("Parsing [%s:%d]: failed to parse use_backend rule '%s' : %s.\n",
3137
0
           rule->file, rule->line, pxname, err);
3138
0
        free(err);
3139
0
        cfgerr++;
3140
0
        continue;
3141
0
      }
3142
0
      node = LIST_NEXT(&rule->be.expr, struct logformat_node *, list);
3143
3144
0
      if (!LIST_ISEMPTY(&rule->be.expr)) {
3145
0
        if (node->type != LOG_FMT_TEXT || node->list.n != &rule->be.expr) {
3146
0
          rule->dynamic = 1;
3147
0
          free(pxname);
3148
          /* backend is not yet known so we cannot assume its type,
3149
           * thus we should consider that at least one of the used
3150
           * backends may provoke HTTP upgrade
3151
           */
3152
0
          curproxy->options |= PR_O_HTTP_UPG;
3153
0
          continue;
3154
0
        }
3155
        /* Only one element in the list, a simple string: free the expression and
3156
         * fall back to static rule
3157
         */
3158
0
        LIST_DELETE(&node->list);
3159
0
        free(node->arg);
3160
0
        free(node);
3161
0
      }
3162
3163
0
      rule->dynamic = 0;
3164
0
      rule->be.name = pxname;
3165
3166
0
      target = proxy_be_by_name(rule->be.name);
3167
0
      if (!target) {
3168
0
        ha_alert("Proxy '%s': unable to find required use_backend: '%s'.\n",
3169
0
           curproxy->id, rule->be.name);
3170
0
        cfgerr++;
3171
0
      } else if (target == curproxy) {
3172
0
        ha_alert("Proxy '%s': loop detected for use_backend: '%s'.\n",
3173
0
           curproxy->id, rule->be.name);
3174
0
        cfgerr++;
3175
0
      } else if (target->mode != curproxy->mode &&
3176
0
           !(curproxy->mode == PR_MODE_TCP && target->mode == PR_MODE_HTTP)) {
3177
3178
0
        ha_alert("%s %s '%s' (%s:%d) tries to use incompatible %s %s '%s' (%s:%d) in a 'use_backend' rule (see 'mode').\n",
3179
0
           proxy_mode_str(curproxy->mode), proxy_type_str(curproxy), curproxy->id,
3180
0
           curproxy->conf.file, curproxy->conf.line,
3181
0
           proxy_mode_str(target->mode), proxy_type_str(target), target->id,
3182
0
           target->conf.file, target->conf.line);
3183
0
        cfgerr++;
3184
0
      } else {
3185
0
        ha_free(&rule->be.name);
3186
0
        rule->be.backend = target;
3187
0
        if (target->mode == PR_MODE_HTTP) {
3188
          /* at least one of the used backends will provoke an
3189
           * HTTP upgrade
3190
           */
3191
0
          curproxy->options |= PR_O_HTTP_UPG;
3192
0
        }
3193
0
      }
3194
0
      err_code |= warnif_tcp_http_cond(curproxy, rule->cond);
3195
0
    }
3196
3197
    /* find the target server for 'use_server' rules */
3198
0
    list_for_each_entry(srule, &curproxy->server_rules, list) {
3199
0
      struct server *target;
3200
0
      struct logformat_node *node;
3201
0
      char *server_name;
3202
3203
      /* We try to parse the string as a log format expression. If the result of the parsing
3204
       * is only one entry containing a single string, then it's a standard string corresponding
3205
       * to a static rule, thus the parsing is cancelled and we fall back to setting srv.ptr.
3206
       */
3207
0
      server_name = srule->srv.name;
3208
0
      LIST_INIT(&srule->expr);
3209
0
      curproxy->conf.args.ctx = ARGC_USRV;
3210
0
      err = NULL;
3211
0
      if (!parse_logformat_string(server_name, curproxy, &srule->expr, 0, SMP_VAL_FE_HRQ_HDR, &err)) {
3212
0
        ha_alert("Parsing [%s:%d]; use-server rule failed to parse log-format '%s' : %s.\n",
3213
0
            srule->file, srule->line, server_name, err);
3214
0
        free(err);
3215
0
        cfgerr++;
3216
0
        continue;
3217
0
      }
3218
0
      node = LIST_NEXT(&srule->expr, struct logformat_node *, list);
3219
3220
0
      if (!LIST_ISEMPTY(&srule->expr)) {
3221
0
        if (node->type != LOG_FMT_TEXT || node->list.n != &srule->expr) {
3222
0
          srule->dynamic = 1;
3223
0
          free(server_name);
3224
0
          continue;
3225
0
        }
3226
        /* Only one element in the list, a simple string: free the expression and
3227
         * fall back to static rule
3228
         */
3229
0
        LIST_DELETE(&node->list);
3230
0
        free(node->arg);
3231
0
        free(node);
3232
0
      }
3233
3234
0
      srule->dynamic = 0;
3235
0
      srule->srv.name = server_name;
3236
0
      target = findserver(curproxy, srule->srv.name);
3237
0
      err_code |= warnif_tcp_http_cond(curproxy, srule->cond);
3238
3239
0
      if (!target) {
3240
0
        ha_alert("%s '%s' : unable to find server '%s' referenced in a 'use-server' rule.\n",
3241
0
           proxy_type_str(curproxy), curproxy->id, srule->srv.name);
3242
0
        cfgerr++;
3243
0
        continue;
3244
0
      }
3245
0
      ha_free(&srule->srv.name);
3246
0
      srule->srv.ptr = target;
3247
0
      target->flags |= SRV_F_NON_PURGEABLE;
3248
0
    }
3249
3250
    /* find the target table for 'stick' rules */
3251
0
    list_for_each_entry(mrule, &curproxy->sticking_rules, list) {
3252
0
      curproxy->be_req_ana |= AN_REQ_STICKING_RULES;
3253
0
      if (mrule->flags & STK_IS_STORE)
3254
0
        curproxy->be_rsp_ana |= AN_RES_STORE_RULES;
3255
3256
0
      if (!resolve_stick_rule(curproxy, mrule))
3257
0
        cfgerr++;
3258
3259
0
      err_code |= warnif_tcp_http_cond(curproxy, mrule->cond);
3260
0
    }
3261
3262
    /* find the target table for 'store response' rules */
3263
0
    list_for_each_entry(mrule, &curproxy->storersp_rules, list) {
3264
0
      curproxy->be_rsp_ana |= AN_RES_STORE_RULES;
3265
3266
0
      if (!resolve_stick_rule(curproxy, mrule))
3267
0
        cfgerr++;
3268
0
    }
3269
3270
    /* check validity for 'tcp-request' layer 4/5/6/7 rules */
3271
0
    cfgerr += check_action_rules(&curproxy->tcp_req.l4_rules, curproxy, &err_code);
3272
0
    cfgerr += check_action_rules(&curproxy->tcp_req.l5_rules, curproxy, &err_code);
3273
0
    cfgerr += check_action_rules(&curproxy->tcp_req.inspect_rules, curproxy, &err_code);
3274
0
    cfgerr += check_action_rules(&curproxy->tcp_rep.inspect_rules, curproxy, &err_code);
3275
0
    cfgerr += check_action_rules(&curproxy->http_req_rules, curproxy, &err_code);
3276
0
    cfgerr += check_action_rules(&curproxy->http_res_rules, curproxy, &err_code);
3277
0
    cfgerr += check_action_rules(&curproxy->http_after_res_rules, curproxy, &err_code);
3278
3279
    /* Warn is a switch-mode http is used on a TCP listener with servers but no backend */
3280
0
    if (!curproxy->defbe.name && LIST_ISEMPTY(&curproxy->switching_rules) && curproxy->srv) {
3281
0
      if ((curproxy->options & PR_O_HTTP_UPG) && curproxy->mode == PR_MODE_TCP)
3282
0
        ha_warning("Proxy '%s' : 'switch-mode http' configured for a %s %s with no backend. "
3283
0
             "Incoming connections upgraded to HTTP cannot be routed to TCP servers\n",
3284
0
             curproxy->id, proxy_mode_str(curproxy->mode), proxy_type_str(curproxy));
3285
0
    }
3286
3287
0
    if (curproxy->table && curproxy->table->peers.name) {
3288
0
      struct peers *curpeers;
3289
3290
0
      for (curpeers = cfg_peers; curpeers; curpeers = curpeers->next) {
3291
0
        if (strcmp(curpeers->id, curproxy->table->peers.name) == 0) {
3292
0
          ha_free(&curproxy->table->peers.name);
3293
0
          curproxy->table->peers.p = curpeers;
3294
0
          break;
3295
0
        }
3296
0
      }
3297
3298
0
      if (!curpeers) {
3299
0
        ha_alert("Proxy '%s': unable to find sync peers '%s'.\n",
3300
0
           curproxy->id, curproxy->table->peers.name);
3301
0
        ha_free(&curproxy->table->peers.name);
3302
0
        curproxy->table->peers.p = NULL;
3303
0
        cfgerr++;
3304
0
      }
3305
0
      else if (curpeers->disabled) {
3306
        /* silently disable this peers section */
3307
0
        curproxy->table->peers.p = NULL;
3308
0
      }
3309
0
      else if (!curpeers->peers_fe) {
3310
0
        ha_alert("Proxy '%s': unable to find local peer '%s' in peers section '%s'.\n",
3311
0
           curproxy->id, localpeer, curpeers->id);
3312
0
        curproxy->table->peers.p = NULL;
3313
0
        cfgerr++;
3314
0
      }
3315
0
    }
3316
3317
3318
0
    if (curproxy->email_alert.mailers.name) {
3319
0
      struct mailers *curmailers = mailers;
3320
3321
0
      for (curmailers = mailers; curmailers; curmailers = curmailers->next) {
3322
0
        if (strcmp(curmailers->id, curproxy->email_alert.mailers.name) == 0)
3323
0
          break;
3324
0
      }
3325
0
      if (!curmailers) {
3326
0
        ha_alert("Proxy '%s': unable to find mailers '%s'.\n",
3327
0
           curproxy->id, curproxy->email_alert.mailers.name);
3328
0
        free_email_alert(curproxy);
3329
0
        cfgerr++;
3330
0
      }
3331
0
      else {
3332
0
        err = NULL;
3333
0
        if (init_email_alert(curmailers, curproxy, &err)) {
3334
0
          ha_alert("Proxy '%s': %s.\n", curproxy->id, err);
3335
0
          free(err);
3336
0
          cfgerr++;
3337
0
        }
3338
0
      }
3339
0
    }
3340
3341
0
    if (curproxy->uri_auth && !(curproxy->uri_auth->flags & STAT_CONVDONE) &&
3342
0
        !LIST_ISEMPTY(&curproxy->uri_auth->http_req_rules) &&
3343
0
        (curproxy->uri_auth->userlist || curproxy->uri_auth->auth_realm )) {
3344
0
      ha_alert("%s '%s': stats 'auth'/'realm' and 'http-request' can't be used at the same time.\n",
3345
0
         "proxy", curproxy->id);
3346
0
      cfgerr++;
3347
0
      goto out_uri_auth_compat;
3348
0
    }
3349
3350
0
    if (curproxy->uri_auth && curproxy->uri_auth->userlist &&
3351
0
        (!(curproxy->uri_auth->flags & STAT_CONVDONE) ||
3352
0
         LIST_ISEMPTY(&curproxy->uri_auth->http_req_rules))) {
3353
0
      const char *uri_auth_compat_req[10];
3354
0
      struct act_rule *rule;
3355
0
      i = 0;
3356
3357
      /* build the ACL condition from scratch. We're relying on anonymous ACLs for that */
3358
0
      uri_auth_compat_req[i++] = "auth";
3359
3360
0
      if (curproxy->uri_auth->auth_realm) {
3361
0
        uri_auth_compat_req[i++] = "realm";
3362
0
        uri_auth_compat_req[i++] = curproxy->uri_auth->auth_realm;
3363
0
      }
3364
3365
0
      uri_auth_compat_req[i++] = "unless";
3366
0
      uri_auth_compat_req[i++] = "{";
3367
0
      uri_auth_compat_req[i++] = "http_auth(.internal-stats-userlist)";
3368
0
      uri_auth_compat_req[i++] = "}";
3369
0
      uri_auth_compat_req[i++] = "";
3370
3371
0
      rule = parse_http_req_cond(uri_auth_compat_req, "internal-stats-auth-compat", 0, curproxy);
3372
0
      if (!rule) {
3373
0
        cfgerr++;
3374
0
        break;
3375
0
      }
3376
3377
0
      LIST_APPEND(&curproxy->uri_auth->http_req_rules, &rule->list);
3378
3379
0
      if (curproxy->uri_auth->auth_realm) {
3380
0
        ha_free(&curproxy->uri_auth->auth_realm);
3381
0
      }
3382
0
      curproxy->uri_auth->flags |= STAT_CONVDONE;
3383
0
    }
3384
0
out_uri_auth_compat:
3385
3386
    /* check whether we have a logger that uses RFC5424 log format */
3387
0
    list_for_each_entry(tmplogger, &curproxy->loggers, list) {
3388
0
      if (tmplogger->format == LOG_FORMAT_RFC5424) {
3389
0
        if (!curproxy->conf.logformat_sd_string) {
3390
          /* set the default logformat_sd_string */
3391
0
          curproxy->conf.logformat_sd_string = default_rfc5424_sd_log_format;
3392
0
        }
3393
0
        break;
3394
0
      }
3395
0
    }
3396
3397
    /* compile the log format */
3398
0
    if (!(curproxy->cap & PR_CAP_FE)) {
3399
0
      if (curproxy->conf.logformat_string != default_http_log_format &&
3400
0
          curproxy->conf.logformat_string != default_tcp_log_format &&
3401
0
          curproxy->conf.logformat_string != clf_http_log_format)
3402
0
        free(curproxy->conf.logformat_string);
3403
0
      curproxy->conf.logformat_string = NULL;
3404
0
      ha_free(&curproxy->conf.lfs_file);
3405
0
      curproxy->conf.lfs_line = 0;
3406
3407
0
      if (curproxy->conf.logformat_sd_string != default_rfc5424_sd_log_format)
3408
0
        free(curproxy->conf.logformat_sd_string);
3409
0
      curproxy->conf.logformat_sd_string = NULL;
3410
0
      ha_free(&curproxy->conf.lfsd_file);
3411
0
      curproxy->conf.lfsd_line = 0;
3412
0
    }
3413
3414
0
    if (curproxy->conf.logformat_string) {
3415
0
      curproxy->conf.args.ctx = ARGC_LOG;
3416
0
      curproxy->conf.args.file = curproxy->conf.lfs_file;
3417
0
      curproxy->conf.args.line = curproxy->conf.lfs_line;
3418
0
      err = NULL;
3419
0
      if (!parse_logformat_string(curproxy->conf.logformat_string, curproxy, &curproxy->logformat,
3420
0
                                  LOG_OPT_MANDATORY|LOG_OPT_MERGE_SPACES,
3421
0
                                  SMP_VAL_FE_LOG_END, &err)) {
3422
0
        ha_alert("Parsing [%s:%d]: failed to parse log-format : %s.\n",
3423
0
           curproxy->conf.lfs_file, curproxy->conf.lfs_line, err);
3424
0
        free(err);
3425
0
        cfgerr++;
3426
0
      }
3427
0
      curproxy->conf.args.file = NULL;
3428
0
      curproxy->conf.args.line = 0;
3429
0
    }
3430
3431
0
    if (curproxy->conf.logformat_sd_string) {
3432
0
      curproxy->conf.args.ctx = ARGC_LOGSD;
3433
0
      curproxy->conf.args.file = curproxy->conf.lfsd_file;
3434
0
      curproxy->conf.args.line = curproxy->conf.lfsd_line;
3435
0
      err = NULL;
3436
0
      if (!parse_logformat_string(curproxy->conf.logformat_sd_string, curproxy, &curproxy->logformat_sd,
3437
0
                                  LOG_OPT_MANDATORY|LOG_OPT_MERGE_SPACES,
3438
0
                                  SMP_VAL_FE_LOG_END, &err)) {
3439
0
        ha_alert("Parsing [%s:%d]: failed to parse log-format-sd : %s.\n",
3440
0
           curproxy->conf.lfs_file, curproxy->conf.lfs_line, err);
3441
0
        free(err);
3442
0
        cfgerr++;
3443
0
      } else if (!add_to_logformat_list(NULL, NULL, LF_SEPARATOR, &curproxy->logformat_sd, &err)) {
3444
0
        ha_alert("Parsing [%s:%d]: failed to parse log-format-sd : %s.\n",
3445
0
           curproxy->conf.lfs_file, curproxy->conf.lfs_line, err);
3446
0
        free(err);
3447
0
        cfgerr++;
3448
0
      }
3449
0
      curproxy->conf.args.file = NULL;
3450
0
      curproxy->conf.args.line = 0;
3451
0
    }
3452
3453
0
    if (curproxy->conf.uniqueid_format_string) {
3454
0
      int where = 0;
3455
3456
0
      curproxy->conf.args.ctx = ARGC_UIF;
3457
0
      curproxy->conf.args.file = curproxy->conf.uif_file;
3458
0
      curproxy->conf.args.line = curproxy->conf.uif_line;
3459
0
      err = NULL;
3460
0
      if (curproxy->cap & PR_CAP_FE)
3461
0
        where |= SMP_VAL_FE_HRQ_HDR;
3462
0
      if (curproxy->cap & PR_CAP_BE)
3463
0
        where |= SMP_VAL_BE_HRQ_HDR;
3464
0
      if (!parse_logformat_string(curproxy->conf.uniqueid_format_string, curproxy, &curproxy->format_unique_id,
3465
0
                                  LOG_OPT_HTTP|LOG_OPT_MERGE_SPACES, where, &err)) {
3466
0
        ha_alert("Parsing [%s:%d]: failed to parse unique-id : %s.\n",
3467
0
           curproxy->conf.uif_file, curproxy->conf.uif_line, err);
3468
0
        free(err);
3469
0
        cfgerr++;
3470
0
      }
3471
0
      curproxy->conf.args.file = NULL;
3472
0
      curproxy->conf.args.line = 0;
3473
0
    }
3474
3475
0
    if (curproxy->conf.error_logformat_string) {
3476
0
      curproxy->conf.args.ctx = ARGC_LOG;
3477
0
      curproxy->conf.args.file = curproxy->conf.elfs_file;
3478
0
      curproxy->conf.args.line = curproxy->conf.elfs_line;
3479
0
      err = NULL;
3480
0
      if (!parse_logformat_string(curproxy->conf.error_logformat_string, curproxy, &curproxy->logformat_error,
3481
0
                                  LOG_OPT_MANDATORY|LOG_OPT_MERGE_SPACES,
3482
0
                                  SMP_VAL_FE_LOG_END, &err)) {
3483
0
        ha_alert("Parsing [%s:%d]: failed to parse error-log-format : %s.\n",
3484
0
           curproxy->conf.elfs_file, curproxy->conf.elfs_line, err);
3485
0
        free(err);
3486
0
        cfgerr++;
3487
0
      }
3488
0
      curproxy->conf.args.file = NULL;
3489
0
      curproxy->conf.args.line = 0;
3490
0
    }
3491
3492
    /* "balance hash" needs to compile its expression
3493
     * (log backends will handle this in proxy log postcheck)
3494
     */
3495
0
    if (curproxy->mode != PR_MODE_SYSLOG &&
3496
0
        (curproxy->lbprm.algo & BE_LB_ALGO) == BE_LB_ALGO_SMP) {
3497
0
      int idx = 0;
3498
0
      const char *args[] = {
3499
0
        curproxy->lbprm.arg_str,
3500
0
        NULL,
3501
0
      };
3502
3503
0
      err = NULL;
3504
0
      curproxy->conf.args.ctx = ARGC_USRV; // same context as use_server.
3505
0
      curproxy->lbprm.expr =
3506
0
        sample_parse_expr((char **)args, &idx,
3507
0
              curproxy->conf.file, curproxy->conf.line,
3508
0
              &err, &curproxy->conf.args, NULL);
3509
3510
0
      if (!curproxy->lbprm.expr) {
3511
0
        ha_alert("%s '%s' [%s:%d]: failed to parse 'balance hash' expression '%s' in : %s.\n",
3512
0
           proxy_type_str(curproxy), curproxy->id,
3513
0
           curproxy->conf.file, curproxy->conf.line,
3514
0
           curproxy->lbprm.arg_str, err);
3515
0
        ha_free(&err);
3516
0
        cfgerr++;
3517
0
      }
3518
0
      else if (!(curproxy->lbprm.expr->fetch->val & SMP_VAL_BE_SET_SRV)) {
3519
0
        ha_alert("%s '%s' [%s:%d]: error detected while parsing 'balance hash' expression '%s' "
3520
0
           "which requires information from %s, which is not available here.\n",
3521
0
           proxy_type_str(curproxy), curproxy->id,
3522
0
           curproxy->conf.file, curproxy->conf.line,
3523
0
           curproxy->lbprm.arg_str, sample_src_names(curproxy->lbprm.expr->fetch->use));
3524
0
        cfgerr++;
3525
0
      }
3526
0
      else if (curproxy->mode == PR_MODE_HTTP && (curproxy->lbprm.expr->fetch->use & SMP_USE_L6REQ)) {
3527
0
        ha_warning("%s '%s' [%s:%d]: L6 sample fetch <%s> will be ignored in 'balance hash' expression in HTTP mode.\n",
3528
0
             proxy_type_str(curproxy), curproxy->id,
3529
0
             curproxy->conf.file, curproxy->conf.line,
3530
0
             curproxy->lbprm.arg_str);
3531
0
      }
3532
0
      else
3533
0
        curproxy->http_needed |= !!(curproxy->lbprm.expr->fetch->use & SMP_USE_HTTP_ANY);
3534
0
    }
3535
3536
    /* only now we can check if some args remain unresolved.
3537
     * This must be done after the users and groups resolution.
3538
     */
3539
0
    err = NULL;
3540
0
    i = smp_resolve_args(curproxy, &err);
3541
0
    cfgerr += i;
3542
0
    if (i) {
3543
0
      indent_msg(&err, 8);
3544
0
      ha_alert("%s%s\n", i > 1 ? "multiple argument resolution errors:" : "", err);
3545
0
      ha_free(&err);
3546
0
    } else
3547
0
      cfgerr += acl_find_targets(curproxy);
3548
3549
0
    if (!(curproxy->cap & PR_CAP_INT) && (curproxy->mode == PR_MODE_TCP || curproxy->mode == PR_MODE_HTTP) &&
3550
0
        (((curproxy->cap & PR_CAP_FE) && !curproxy->timeout.client) ||
3551
0
         ((curproxy->cap & PR_CAP_BE) && (curproxy->srv) &&
3552
0
          (!curproxy->timeout.connect ||
3553
0
           (!curproxy->timeout.server && (curproxy->mode == PR_MODE_HTTP || !curproxy->timeout.tunnel)))))) {
3554
0
      ha_warning("missing timeouts for %s '%s'.\n"
3555
0
           "   | While not properly invalid, you will certainly encounter various problems\n"
3556
0
           "   | with such a configuration. To fix this, please ensure that all following\n"
3557
0
           "   | timeouts are set to a non-zero value: 'client', 'connect', 'server'.\n",
3558
0
           proxy_type_str(curproxy), curproxy->id);
3559
0
      err_code |= ERR_WARN;
3560
0
    }
3561
3562
    /* Historically, the tarpit and queue timeouts were inherited from contimeout.
3563
     * We must still support older configurations, so let's find out whether those
3564
     * parameters have been set or must be copied from contimeouts.
3565
     */
3566
0
    if (!curproxy->timeout.tarpit)
3567
0
      curproxy->timeout.tarpit = curproxy->timeout.connect;
3568
0
    if ((curproxy->cap & PR_CAP_BE) && !curproxy->timeout.queue)
3569
0
      curproxy->timeout.queue = curproxy->timeout.connect;
3570
3571
0
    if ((curproxy->tcpcheck_rules.flags & TCPCHK_RULES_UNUSED_TCP_RS)) {
3572
0
      ha_warning("%s '%s' uses tcp-check rules without 'option tcp-check', so the rules are ignored.\n",
3573
0
           proxy_type_str(curproxy), curproxy->id);
3574
0
      err_code |= ERR_WARN;
3575
0
    }
3576
3577
    /* ensure that cookie capture length is not too large */
3578
0
    if (curproxy->capture_len >= global.tune.cookie_len) {
3579
0
      ha_warning("truncating capture length to %d bytes for %s '%s'.\n",
3580
0
           global.tune.cookie_len - 1, proxy_type_str(curproxy), curproxy->id);
3581
0
      err_code |= ERR_WARN;
3582
0
      curproxy->capture_len = global.tune.cookie_len - 1;
3583
0
    }
3584
3585
    /* The small pools required for the capture lists */
3586
0
    if (curproxy->nb_req_cap) {
3587
0
      curproxy->req_cap_pool = create_pool("ptrcap",
3588
0
                                           curproxy->nb_req_cap * sizeof(char *),
3589
0
                                           MEM_F_SHARED);
3590
0
    }
3591
3592
0
    if (curproxy->nb_rsp_cap) {
3593
0
      curproxy->rsp_cap_pool = create_pool("ptrcap",
3594
0
                                           curproxy->nb_rsp_cap * sizeof(char *),
3595
0
                                           MEM_F_SHARED);
3596
0
    }
3597
3598
0
    switch (curproxy->load_server_state_from_file) {
3599
0
      case PR_SRV_STATE_FILE_UNSPEC:
3600
0
        curproxy->load_server_state_from_file = PR_SRV_STATE_FILE_NONE;
3601
0
        break;
3602
0
      case PR_SRV_STATE_FILE_GLOBAL:
3603
0
        if (!global.server_state_file) {
3604
0
          ha_warning("backend '%s' configured to load server state file from global section 'server-state-file' directive. Unfortunately, 'server-state-file' is not set!\n",
3605
0
               curproxy->id);
3606
0
          err_code |= ERR_WARN;
3607
0
        }
3608
0
        break;
3609
0
    }
3610
3611
    /* first, we will invert the servers list order */
3612
0
    newsrv = NULL;
3613
0
    while (curproxy->srv) {
3614
0
      struct server *next;
3615
3616
0
      next = curproxy->srv->next;
3617
0
      curproxy->srv->next = newsrv;
3618
0
      newsrv = curproxy->srv;
3619
0
      if (!next)
3620
0
        break;
3621
0
      curproxy->srv = next;
3622
0
    }
3623
3624
    /* Check that no server name conflicts. This causes trouble in the stats.
3625
     * We only emit a warning for the first conflict affecting each server,
3626
     * in order to avoid combinatory explosion if all servers have the same
3627
     * name. We do that only for servers which do not have an explicit ID,
3628
     * because these IDs were made also for distinguishing them and we don't
3629
     * want to annoy people who correctly manage them.
3630
     */
3631
0
    for (newsrv = curproxy->srv; newsrv; newsrv = newsrv->next) {
3632
0
      struct server *other_srv;
3633
3634
0
      if (newsrv->puid)
3635
0
        continue;
3636
3637
0
      for (other_srv = curproxy->srv; other_srv && other_srv != newsrv; other_srv = other_srv->next) {
3638
0
        if (!other_srv->puid && strcmp(other_srv->id, newsrv->id) == 0) {
3639
0
          ha_alert("parsing [%s:%d] : %s '%s', another server named '%s' was already defined at line %d, please use distinct names.\n",
3640
0
               newsrv->conf.file, newsrv->conf.line,
3641
0
               proxy_type_str(curproxy), curproxy->id,
3642
0
               newsrv->id, other_srv->conf.line);
3643
0
          cfgerr++;
3644
0
          break;
3645
0
        }
3646
0
      }
3647
0
    }
3648
3649
    /* assign automatic UIDs to servers which don't have one yet */
3650
0
    next_id = 1;
3651
0
    newsrv = curproxy->srv;
3652
0
    while (newsrv != NULL) {
3653
0
      if (!newsrv->puid) {
3654
        /* server ID not set, use automatic numbering with first
3655
         * spare entry starting with next_svid.
3656
         */
3657
0
        next_id = get_next_id(&curproxy->conf.used_server_id, next_id);
3658
0
        newsrv->conf.id.key = newsrv->puid = next_id;
3659
0
        eb32_insert(&curproxy->conf.used_server_id, &newsrv->conf.id);
3660
0
      }
3661
3662
0
      next_id++;
3663
0
      newsrv = newsrv->next;
3664
0
    }
3665
3666
0
    curproxy->lbprm.wmult = 1; /* default weight multiplier */
3667
0
    curproxy->lbprm.wdiv  = 1; /* default weight divider */
3668
3669
    /*
3670
     * If this server supports a maxconn parameter, it needs a dedicated
3671
     * tasks to fill the emptied slots when a connection leaves.
3672
     * Also, resolve deferred tracking dependency if needed.
3673
     */
3674
0
    newsrv = curproxy->srv;
3675
0
    while (newsrv != NULL) {
3676
0
      set_usermsgs_ctx(newsrv->conf.file, newsrv->conf.line, &newsrv->obj_type);
3677
3678
0
      srv_minmax_conn_apply(newsrv);
3679
3680
      /* this will also properly set the transport layer for
3681
       * prod and checks
3682
       * if default-server have use_ssl, prerare ssl init
3683
       * without activating it */
3684
0
      if (newsrv->use_ssl == 1 || newsrv->check.use_ssl == 1 ||
3685
0
          (newsrv->proxy->options & PR_O_TCPCHK_SSL) ||
3686
0
          ((newsrv->flags & SRV_F_DEFSRV_USE_SSL) && newsrv->use_ssl != 1)) {
3687
0
        if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv)
3688
0
          cfgerr += xprt_get(XPRT_SSL)->prepare_srv(newsrv);
3689
0
      }
3690
3691
0
      if ((newsrv->flags & SRV_F_FASTOPEN) &&
3692
0
          ((curproxy->retry_type & (PR_RE_DISCONNECTED | PR_RE_TIMEOUT)) !=
3693
0
           (PR_RE_DISCONNECTED | PR_RE_TIMEOUT)))
3694
0
        ha_warning("server has tfo activated, the backend should be configured with at least 'conn-failure', 'empty-response' and 'response-timeout' or we wouldn't be able to retry the connection on failure.\n");
3695
3696
0
      if (newsrv->trackit) {
3697
0
        if (srv_apply_track(newsrv, curproxy)) {
3698
0
          ++cfgerr;
3699
0
          goto next_srv;
3700
0
        }
3701
0
      }
3702
3703
0
    next_srv:
3704
0
      reset_usermsgs_ctx();
3705
0
      newsrv = newsrv->next;
3706
0
    }
3707
3708
    /*
3709
     * Try to generate dynamic cookies for servers now.
3710
     * It couldn't be done earlier, since at the time we parsed
3711
     * the server line, we may not have known yet that we
3712
     * should use dynamic cookies, or the secret key may not
3713
     * have been provided yet.
3714
     */
3715
0
    if (curproxy->ck_opts & PR_CK_DYNAMIC) {
3716
0
      newsrv = curproxy->srv;
3717
0
      while (newsrv != NULL) {
3718
0
        srv_set_dyncookie(newsrv);
3719
0
        newsrv = newsrv->next;
3720
0
      }
3721
3722
0
    }
3723
    /* We have to initialize the server lookup mechanism depending
3724
     * on what LB algorithm was chosen.
3725
     */
3726
3727
0
    if (curproxy->mode == PR_MODE_SYSLOG) {
3728
      /* log load-balancing requires special init that is performed
3729
       * during log-postparsing step
3730
       */
3731
0
      goto skip_server_lb_init;
3732
0
    }
3733
0
    curproxy->lbprm.algo &= ~(BE_LB_LKUP | BE_LB_PROP_DYN);
3734
0
    switch (curproxy->lbprm.algo & BE_LB_KIND) {
3735
0
    case BE_LB_KIND_RR:
3736
0
      if ((curproxy->lbprm.algo & BE_LB_PARM) == BE_LB_RR_STATIC) {
3737
0
        curproxy->lbprm.algo |= BE_LB_LKUP_MAP;
3738
0
        init_server_map(curproxy);
3739
0
      } else if ((curproxy->lbprm.algo & BE_LB_PARM) == BE_LB_RR_RANDOM) {
3740
0
        curproxy->lbprm.algo |= BE_LB_LKUP_CHTREE | BE_LB_PROP_DYN;
3741
0
        if (chash_init_server_tree(curproxy) < 0) {
3742
0
          cfgerr++;
3743
0
        }
3744
0
      } else {
3745
0
        curproxy->lbprm.algo |= BE_LB_LKUP_RRTREE | BE_LB_PROP_DYN;
3746
0
        fwrr_init_server_groups(curproxy);
3747
0
      }
3748
0
      break;
3749
3750
0
    case BE_LB_KIND_CB:
3751
0
      if ((curproxy->lbprm.algo & BE_LB_PARM) == BE_LB_CB_LC) {
3752
0
        curproxy->lbprm.algo |= BE_LB_LKUP_LCTREE | BE_LB_PROP_DYN;
3753
0
        fwlc_init_server_tree(curproxy);
3754
0
      } else {
3755
0
        curproxy->lbprm.algo |= BE_LB_LKUP_FSTREE | BE_LB_PROP_DYN;
3756
0
        fas_init_server_tree(curproxy);
3757
0
      }
3758
0
      break;
3759
3760
0
    case BE_LB_KIND_HI:
3761
0
      if ((curproxy->lbprm.algo & BE_LB_HASH_TYPE) == BE_LB_HASH_CONS) {
3762
0
        curproxy->lbprm.algo |= BE_LB_LKUP_CHTREE | BE_LB_PROP_DYN;
3763
0
        if (chash_init_server_tree(curproxy) < 0) {
3764
0
          cfgerr++;
3765
0
        }
3766
0
      } else {
3767
0
        curproxy->lbprm.algo |= BE_LB_LKUP_MAP;
3768
0
        init_server_map(curproxy);
3769
0
      }
3770
0
      break;
3771
0
    }
3772
0
 skip_server_lb_init:
3773
0
    HA_RWLOCK_INIT(&curproxy->lbprm.lock);
3774
3775
0
    if (curproxy->options & PR_O_LOGASAP)
3776
0
      curproxy->to_log &= ~LW_BYTES;
3777
3778
0
    if (!(curproxy->cap & PR_CAP_INT) && (curproxy->mode == PR_MODE_TCP || curproxy->mode == PR_MODE_HTTP) &&
3779
0
        (curproxy->cap & PR_CAP_FE) && LIST_ISEMPTY(&curproxy->loggers) &&
3780
0
        (!LIST_ISEMPTY(&curproxy->logformat) || !LIST_ISEMPTY(&curproxy->logformat_sd))) {
3781
0
      ha_warning("log format ignored for %s '%s' since it has no log address.\n",
3782
0
           proxy_type_str(curproxy), curproxy->id);
3783
0
      err_code |= ERR_WARN;
3784
0
    }
3785
3786
0
    if (curproxy->mode != PR_MODE_HTTP && !(curproxy->options & PR_O_HTTP_UPG)) {
3787
0
      int optnum;
3788
3789
0
      if (curproxy->uri_auth) {
3790
0
        ha_warning("'stats' statement ignored for %s '%s' as it requires HTTP mode.\n",
3791
0
             proxy_type_str(curproxy), curproxy->id);
3792
0
        err_code |= ERR_WARN;
3793
0
        curproxy->uri_auth = NULL;
3794
0
      }
3795
3796
0
      if (curproxy->capture_name) {
3797
0
        ha_warning("'capture' statement ignored for %s '%s' as it requires HTTP mode.\n",
3798
0
             proxy_type_str(curproxy), curproxy->id);
3799
0
        err_code |= ERR_WARN;
3800
0
      }
3801
3802
0
      if (isttest(curproxy->monitor_uri)) {
3803
0
        ha_warning("'monitor-uri' statement ignored for %s '%s' as it requires HTTP mode.\n",
3804
0
             proxy_type_str(curproxy), curproxy->id);
3805
0
        err_code |= ERR_WARN;
3806
0
      }
3807
3808
0
      if (!LIST_ISEMPTY(&curproxy->http_req_rules)) {
3809
0
        ha_warning("'http-request' rules ignored for %s '%s' as they require HTTP mode.\n",
3810
0
             proxy_type_str(curproxy), curproxy->id);
3811
0
        err_code |= ERR_WARN;
3812
0
      }
3813
3814
0
      if (!LIST_ISEMPTY(&curproxy->http_res_rules)) {
3815
0
        ha_warning("'http-response' rules ignored for %s '%s' as they require HTTP mode.\n",
3816
0
             proxy_type_str(curproxy), curproxy->id);
3817
0
        err_code |= ERR_WARN;
3818
0
      }
3819
3820
0
      if (!LIST_ISEMPTY(&curproxy->http_after_res_rules)) {
3821
0
        ha_warning("'http-after-response' rules ignored for %s '%s' as they require HTTP mode.\n",
3822
0
             proxy_type_str(curproxy), curproxy->id);
3823
0
        err_code |= ERR_WARN;
3824
0
      }
3825
3826
0
      if (!LIST_ISEMPTY(&curproxy->redirect_rules)) {
3827
0
        ha_warning("'redirect' rules ignored for %s '%s' as they require HTTP mode.\n",
3828
0
             proxy_type_str(curproxy), curproxy->id);
3829
0
        err_code |= ERR_WARN;
3830
0
      }
3831
3832
0
      for (optnum = 0; cfg_opts[optnum].name; optnum++) {
3833
0
        if (cfg_opts[optnum].mode == PR_MODE_HTTP &&
3834
0
            (curproxy->cap & cfg_opts[optnum].cap) &&
3835
0
            (curproxy->options & cfg_opts[optnum].val)) {
3836
0
          ha_warning("'option %s' ignored for %s '%s' as it requires HTTP mode.\n",
3837
0
               cfg_opts[optnum].name, proxy_type_str(curproxy), curproxy->id);
3838
0
          err_code |= ERR_WARN;
3839
0
          curproxy->options &= ~cfg_opts[optnum].val;
3840
0
        }
3841
0
      }
3842
3843
0
      for (optnum = 0; cfg_opts2[optnum].name; optnum++) {
3844
0
        if (cfg_opts2[optnum].mode == PR_MODE_HTTP &&
3845
0
            (curproxy->cap & cfg_opts2[optnum].cap) &&
3846
0
            (curproxy->options2 & cfg_opts2[optnum].val)) {
3847
0
          ha_warning("'option %s' ignored for %s '%s' as it requires HTTP mode.\n",
3848
0
               cfg_opts2[optnum].name, proxy_type_str(curproxy), curproxy->id);
3849
0
          err_code |= ERR_WARN;
3850
0
          curproxy->options2 &= ~cfg_opts2[optnum].val;
3851
0
        }
3852
0
      }
3853
3854
0
#if defined(CONFIG_HAP_TRANSPARENT)
3855
0
      if (curproxy->conn_src.bind_hdr_occ) {
3856
0
        curproxy->conn_src.bind_hdr_occ = 0;
3857
0
        ha_warning("%s '%s' : ignoring use of header %s as source IP in non-HTTP mode.\n",
3858
0
             proxy_type_str(curproxy), curproxy->id, curproxy->conn_src.bind_hdr_name);
3859
0
        err_code |= ERR_WARN;
3860
0
      }
3861
0
#endif
3862
0
    }
3863
3864
    /*
3865
     * ensure that we're not cross-dressing a TCP server into HTTP.
3866
     */
3867
0
    newsrv = curproxy->srv;
3868
0
    while (newsrv != NULL) {
3869
0
      if ((curproxy->mode != PR_MODE_HTTP) && newsrv->rdr_len) {
3870
0
        ha_alert("%s '%s' : server cannot have cookie or redirect prefix in non-HTTP mode.\n",
3871
0
           proxy_type_str(curproxy), curproxy->id);
3872
0
        cfgerr++;
3873
0
      }
3874
3875
0
      if ((curproxy->mode != PR_MODE_HTTP) && newsrv->cklen) {
3876
0
        ha_warning("%s '%s' : ignoring cookie for server '%s' as HTTP mode is disabled.\n",
3877
0
             proxy_type_str(curproxy), curproxy->id, newsrv->id);
3878
0
        err_code |= ERR_WARN;
3879
0
      }
3880
3881
0
      if ((newsrv->flags & SRV_F_MAPPORTS) && (curproxy->options2 & PR_O2_RDPC_PRST)) {
3882
0
        ha_warning("%s '%s' : RDP cookie persistence will not work for server '%s' because it lacks an explicit port number.\n",
3883
0
             proxy_type_str(curproxy), curproxy->id, newsrv->id);
3884
0
        err_code |= ERR_WARN;
3885
0
      }
3886
3887
0
#if defined(CONFIG_HAP_TRANSPARENT)
3888
0
      if (curproxy->mode != PR_MODE_HTTP && newsrv->conn_src.bind_hdr_occ) {
3889
0
        newsrv->conn_src.bind_hdr_occ = 0;
3890
0
        ha_warning("%s '%s' : server %s cannot use header %s as source IP in non-HTTP mode.\n",
3891
0
             proxy_type_str(curproxy), curproxy->id, newsrv->id, newsrv->conn_src.bind_hdr_name);
3892
0
        err_code |= ERR_WARN;
3893
0
      }
3894
0
#endif
3895
3896
0
      if ((curproxy->mode != PR_MODE_HTTP) && (curproxy->options & PR_O_REUSE_MASK) != PR_O_REUSE_NEVR)
3897
0
        curproxy->options &= ~PR_O_REUSE_MASK;
3898
3899
0
      if ((curproxy->mode != PR_MODE_HTTP) && newsrv->flags & SRV_F_RHTTP) {
3900
0
        ha_alert("%s '%s' : server %s uses reverse HTTP addressing which can only be used with HTTP mode.\n",
3901
0
             proxy_type_str(curproxy), curproxy->id, newsrv->id);
3902
0
        cfgerr++;
3903
0
        err_code |= ERR_FATAL | ERR_ALERT;
3904
0
        goto out;
3905
0
      }
3906
3907
0
      newsrv = newsrv->next;
3908
0
    }
3909
3910
    /* Check filter configuration, if any */
3911
0
    cfgerr += flt_check(curproxy);
3912
3913
0
    if (curproxy->cap & PR_CAP_FE) {
3914
0
      if (!curproxy->accept)
3915
0
        curproxy->accept = frontend_accept;
3916
3917
0
      if (!LIST_ISEMPTY(&curproxy->tcp_req.inspect_rules) ||
3918
0
          (curproxy->defpx && !LIST_ISEMPTY(&curproxy->defpx->tcp_req.inspect_rules)))
3919
0
        curproxy->fe_req_ana |= AN_REQ_INSPECT_FE;
3920
3921
0
      if (curproxy->mode == PR_MODE_HTTP) {
3922
0
        curproxy->fe_req_ana |= AN_REQ_WAIT_HTTP | AN_REQ_HTTP_PROCESS_FE;
3923
0
        curproxy->fe_rsp_ana |= AN_RES_WAIT_HTTP | AN_RES_HTTP_PROCESS_FE;
3924
0
      }
3925
3926
0
      if (curproxy->mode == PR_MODE_CLI) {
3927
0
        curproxy->fe_req_ana |= AN_REQ_WAIT_CLI;
3928
0
        curproxy->fe_rsp_ana |= AN_RES_WAIT_CLI;
3929
0
      }
3930
3931
      /* both TCP and HTTP must check switching rules */
3932
0
      curproxy->fe_req_ana |= AN_REQ_SWITCHING_RULES;
3933
3934
      /* Add filters analyzers if needed */
3935
0
      if (!LIST_ISEMPTY(&curproxy->filter_configs)) {
3936
0
        curproxy->fe_req_ana |= AN_REQ_FLT_START_FE | AN_REQ_FLT_XFER_DATA | AN_REQ_FLT_END;
3937
0
        curproxy->fe_rsp_ana |= AN_RES_FLT_START_FE | AN_RES_FLT_XFER_DATA | AN_RES_FLT_END;
3938
0
      }
3939
0
    }
3940
3941
0
    if (curproxy->cap & PR_CAP_BE) {
3942
0
      if (!LIST_ISEMPTY(&curproxy->tcp_req.inspect_rules) ||
3943
0
          (curproxy->defpx && !LIST_ISEMPTY(&curproxy->defpx->tcp_req.inspect_rules)))
3944
0
        curproxy->be_req_ana |= AN_REQ_INSPECT_BE;
3945
3946
0
      if (!LIST_ISEMPTY(&curproxy->tcp_rep.inspect_rules) ||
3947
0
          (curproxy->defpx && !LIST_ISEMPTY(&curproxy->defpx->tcp_rep.inspect_rules)))
3948
0
                                curproxy->be_rsp_ana |= AN_RES_INSPECT;
3949
3950
0
      if (curproxy->mode == PR_MODE_HTTP) {
3951
0
        curproxy->be_req_ana |= AN_REQ_WAIT_HTTP | AN_REQ_HTTP_INNER | AN_REQ_HTTP_PROCESS_BE;
3952
0
        curproxy->be_rsp_ana |= AN_RES_WAIT_HTTP | AN_RES_HTTP_PROCESS_BE;
3953
0
      }
3954
3955
      /* If the backend does requires RDP cookie persistence, we have to
3956
       * enable the corresponding analyser.
3957
       */
3958
0
      if (curproxy->options2 & PR_O2_RDPC_PRST)
3959
0
        curproxy->be_req_ana |= AN_REQ_PRST_RDP_COOKIE;
3960
3961
      /* Add filters analyzers if needed */
3962
0
      if (!LIST_ISEMPTY(&curproxy->filter_configs)) {
3963
0
        curproxy->be_req_ana |= AN_REQ_FLT_START_BE | AN_REQ_FLT_XFER_DATA | AN_REQ_FLT_END;
3964
0
        curproxy->be_rsp_ana |= AN_RES_FLT_START_BE | AN_RES_FLT_XFER_DATA | AN_RES_FLT_END;
3965
0
      }
3966
0
    }
3967
3968
    /* Check the mux protocols, if any, for each listener and server
3969
     * attached to the current proxy */
3970
0
    list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
3971
0
      int mode = conn_pr_mode_to_proto_mode(curproxy->mode);
3972
0
      const struct mux_proto_list *mux_ent;
3973
3974
0
      if (!bind_conf->mux_proto) {
3975
        /* No protocol was specified. If we're using QUIC at the transport
3976
         * layer, we'll instantiate it as a mux as well. If QUIC is not
3977
         * compiled in, this will remain NULL.
3978
         */
3979
0
        if (bind_conf->xprt && bind_conf->xprt == xprt_get(XPRT_QUIC))
3980
0
          bind_conf->mux_proto = get_mux_proto(ist("quic"));
3981
0
      }
3982
3983
0
      if (!bind_conf->mux_proto)
3984
0
        continue;
3985
3986
      /* it is possible that an incorrect mux was referenced
3987
       * due to the proxy's mode not being taken into account
3988
       * on first pass. Let's adjust it now.
3989
       */
3990
0
      mux_ent = conn_get_best_mux_entry(bind_conf->mux_proto->token, PROTO_SIDE_FE, mode);
3991
3992
0
      if (!mux_ent || !isteq(mux_ent->token, bind_conf->mux_proto->token)) {
3993
0
        ha_alert("%s '%s' : MUX protocol '%.*s' is not usable for 'bind %s' at [%s:%d].\n",
3994
0
           proxy_type_str(curproxy), curproxy->id,
3995
0
           (int)bind_conf->mux_proto->token.len,
3996
0
           bind_conf->mux_proto->token.ptr,
3997
0
           bind_conf->arg, bind_conf->file, bind_conf->line);
3998
0
        cfgerr++;
3999
0
      } else {
4000
0
        if ((mux_ent->mux->flags & MX_FL_FRAMED) && !(bind_conf->options & BC_O_USE_SOCK_DGRAM)) {
4001
0
          ha_alert("%s '%s' : frame-based MUX protocol '%.*s' is incompatible with stream transport of 'bind %s' at [%s:%d].\n",
4002
0
             proxy_type_str(curproxy), curproxy->id,
4003
0
             (int)bind_conf->mux_proto->token.len,
4004
0
             bind_conf->mux_proto->token.ptr,
4005
0
             bind_conf->arg, bind_conf->file, bind_conf->line);
4006
0
          cfgerr++;
4007
0
        }
4008
0
        else if (!(mux_ent->mux->flags & MX_FL_FRAMED) && !(bind_conf->options & BC_O_USE_SOCK_STREAM)) {
4009
0
          ha_alert("%s '%s' : stream-based MUX protocol '%.*s' is incompatible with framed transport of 'bind %s' at [%s:%d].\n",
4010
0
             proxy_type_str(curproxy), curproxy->id,
4011
0
             (int)bind_conf->mux_proto->token.len,
4012
0
             bind_conf->mux_proto->token.ptr,
4013
0
             bind_conf->arg, bind_conf->file, bind_conf->line);
4014
0
          cfgerr++;
4015
0
        }
4016
0
      }
4017
4018
      /* update the mux */
4019
0
      bind_conf->mux_proto = mux_ent;
4020
0
    }
4021
0
    for (newsrv = curproxy->srv; newsrv; newsrv = newsrv->next) {
4022
0
      int mode = conn_pr_mode_to_proto_mode(curproxy->mode);
4023
0
      const struct mux_proto_list *mux_ent;
4024
4025
0
      if (!newsrv->mux_proto)
4026
0
        continue;
4027
4028
      /* it is possible that an incorrect mux was referenced
4029
       * due to the proxy's mode not being taken into account
4030
       * on first pass. Let's adjust it now.
4031
       */
4032
0
      mux_ent = conn_get_best_mux_entry(newsrv->mux_proto->token, PROTO_SIDE_BE, mode);
4033
4034
0
      if (!mux_ent || !isteq(mux_ent->token, newsrv->mux_proto->token)) {
4035
0
        ha_alert("%s '%s' : MUX protocol '%.*s' is not usable for server '%s' at [%s:%d].\n",
4036
0
           proxy_type_str(curproxy), curproxy->id,
4037
0
           (int)newsrv->mux_proto->token.len,
4038
0
           newsrv->mux_proto->token.ptr,
4039
0
           newsrv->id, newsrv->conf.file, newsrv->conf.line);
4040
0
        cfgerr++;
4041
0
      }
4042
4043
      /* update the mux */
4044
0
      newsrv->mux_proto = mux_ent;
4045
0
    }
4046
4047
    /* Allocate default tcp-check rules for proxies without
4048
     * explicit rules.
4049
     */
4050
0
    if (curproxy->cap & PR_CAP_BE) {
4051
0
      if (!(curproxy->options2 & PR_O2_CHK_ANY)) {
4052
0
        struct tcpcheck_ruleset *rs = NULL;
4053
0
        struct tcpcheck_rules *rules = &curproxy->tcpcheck_rules;
4054
4055
0
        curproxy->options2 |= PR_O2_TCPCHK_CHK;
4056
4057
0
        rs = find_tcpcheck_ruleset("*tcp-check");
4058
0
        if (!rs) {
4059
0
          rs = create_tcpcheck_ruleset("*tcp-check");
4060
0
          if (rs == NULL) {
4061
0
            ha_alert("config: %s '%s': out of memory.\n",
4062
0
               proxy_type_str(curproxy), curproxy->id);
4063
0
            cfgerr++;
4064
0
          }
4065
0
        }
4066
4067
0
        free_tcpcheck_vars(&rules->preset_vars);
4068
0
        rules->list = &rs->rules;
4069
0
        rules->flags = 0;
4070
0
      }
4071
0
    }
4072
0
  }
4073
4074
  /*
4075
   * We have just initialized the main proxies list
4076
   * we must also configure the log-forward proxies list
4077
   */
4078
0
  if (init_proxies_list == proxies_list) {
4079
0
    init_proxies_list = cfg_log_forward;
4080
    /* check if list is not null to avoid infinite loop */
4081
0
    if (init_proxies_list)
4082
0
      goto init_proxies_list_stage1;
4083
0
  }
4084
4085
0
  if (init_proxies_list == cfg_log_forward) {
4086
0
    init_proxies_list = sink_proxies_list;
4087
    /* check if list is not null to avoid infinite loop */
4088
0
    if (init_proxies_list)
4089
0
      goto init_proxies_list_stage1;
4090
0
  }
4091
4092
  /***********************************************************/
4093
  /* At this point, target names have already been resolved. */
4094
  /***********************************************************/
4095
4096
  /* we must finish to initialize certain things on the servers */
4097
4098
0
  list_for_each_entry(newsrv, &servers_list, global_list) {
4099
    /* initialize idle conns lists */
4100
0
    if (srv_init_per_thr(newsrv) == -1) {
4101
0
      ha_alert("parsing [%s:%d] : failed to allocate per-thread lists for server '%s'.\n",
4102
0
               newsrv->conf.file, newsrv->conf.line, newsrv->id);
4103
0
      cfgerr++;
4104
0
      continue;
4105
0
    }
4106
4107
0
    if (newsrv->max_idle_conns != 0) {
4108
0
      newsrv->curr_idle_thr = calloc(global.nbthread, sizeof(*newsrv->curr_idle_thr));
4109
0
      if (!newsrv->curr_idle_thr) {
4110
0
        ha_alert("parsing [%s:%d] : failed to allocate idle connection tasks for server '%s'.\n",
4111
0
                 newsrv->conf.file, newsrv->conf.line, newsrv->id);
4112
0
        cfgerr++;
4113
0
        continue;
4114
0
      }
4115
4116
0
    }
4117
0
  }
4118
4119
0
  idle_conn_task = task_new_anywhere();
4120
0
  if (!idle_conn_task) {
4121
0
    ha_alert("parsing : failed to allocate global idle connection task.\n");
4122
0
    cfgerr++;
4123
0
  }
4124
0
  else {
4125
0
    idle_conn_task->process = srv_cleanup_idle_conns;
4126
0
    idle_conn_task->context = NULL;
4127
4128
0
    for (i = 0; i < global.nbthread; i++) {
4129
0
      idle_conns[i].cleanup_task = task_new_on(i);
4130
0
      if (!idle_conns[i].cleanup_task) {
4131
0
        ha_alert("parsing : failed to allocate idle connection tasks for thread '%d'.\n", i);
4132
0
        cfgerr++;
4133
0
        break;
4134
0
      }
4135
4136
0
      idle_conns[i].cleanup_task->process = srv_cleanup_toremove_conns;
4137
0
      idle_conns[i].cleanup_task->context = NULL;
4138
0
      HA_SPIN_INIT(&idle_conns[i].idle_conns_lock);
4139
0
      MT_LIST_INIT(&idle_conns[i].toremove_conns);
4140
0
    }
4141
0
  }
4142
4143
  /* perform the final checks before creating tasks */
4144
4145
  /* starting to initialize the main proxies list */
4146
0
  init_proxies_list = proxies_list;
4147
4148
0
init_proxies_list_stage2:
4149
0
  for (curproxy = init_proxies_list; curproxy; curproxy = curproxy->next) {
4150
0
    struct listener *listener;
4151
0
    unsigned int next_id;
4152
4153
    /* Configure SSL for each bind line.
4154
     * Note: if configuration fails at some point, the ->ctx member
4155
     * remains NULL so that listeners can later detach.
4156
     */
4157
0
    list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
4158
0
      if (bind_conf->xprt->prepare_bind_conf &&
4159
0
          bind_conf->xprt->prepare_bind_conf(bind_conf) < 0)
4160
0
        cfgerr++;
4161
0
      bind_conf->analysers |= curproxy->fe_req_ana;
4162
0
      if (!bind_conf->maxaccept)
4163
0
        bind_conf->maxaccept = global.tune.maxaccept ? global.tune.maxaccept : MAX_ACCEPT;
4164
0
      bind_conf->accept = session_accept_fd;
4165
0
      if (curproxy->options & PR_O_TCP_NOLING)
4166
0
        bind_conf->options |= BC_O_NOLINGER;
4167
4168
      /* smart accept mode is automatic in HTTP mode */
4169
0
      if ((curproxy->options2 & PR_O2_SMARTACC) ||
4170
0
          ((curproxy->mode == PR_MODE_HTTP || (bind_conf->options & BC_O_USE_SSL)) &&
4171
0
           !(curproxy->no_options2 & PR_O2_SMARTACC)))
4172
0
        bind_conf->options |= BC_O_NOQUICKACK;
4173
0
    }
4174
4175
    /* adjust this proxy's listeners */
4176
0
    bind_conf = NULL;
4177
0
    next_id = 1;
4178
0
    list_for_each_entry(listener, &curproxy->conf.listeners, by_fe) {
4179
0
      if (!listener->luid) {
4180
        /* listener ID not set, use automatic numbering with first
4181
         * spare entry starting with next_luid.
4182
         */
4183
0
        next_id = get_next_id(&curproxy->conf.used_listener_id, next_id);
4184
0
        listener->conf.id.key = listener->luid = next_id;
4185
0
        eb32_insert(&curproxy->conf.used_listener_id, &listener->conf.id);
4186
0
      }
4187
0
      next_id++;
4188
4189
      /* enable separate counters */
4190
0
      if (curproxy->options2 & PR_O2_SOCKSTAT) {
4191
0
        listener->counters = calloc(1, sizeof(*listener->counters));
4192
0
        if (!listener->name)
4193
0
          memprintf(&listener->name, "sock-%d", listener->luid);
4194
0
      }
4195
4196
#ifdef USE_QUIC
4197
      if (listener->bind_conf->xprt == xprt_get(XPRT_QUIC)) {
4198
        /* quic_conn are counted against maxconn. */
4199
        listener->bind_conf->options |= BC_O_XPRT_MAXCONN;
4200
        listener->rx.quic_curr_handshake = 0;
4201
        listener->rx.quic_curr_accept = 0;
4202
4203
# ifdef USE_QUIC_OPENSSL_COMPAT
4204
        /* store the last checked bind_conf in bind_conf */
4205
        if (!(global.tune.options & GTUNE_NO_QUIC) &&
4206
            !(global.tune.options & GTUNE_LIMITED_QUIC) &&
4207
            listener->bind_conf != bind_conf) {
4208
          bind_conf = listener->bind_conf;
4209
          ha_alert("Binding [%s:%d] for %s %s: this SSL library does not support the "
4210
             "QUIC protocol. A limited compatibility layer may be enabled using "
4211
             "the \"limited-quic\" global option if desired.\n",
4212
             listener->bind_conf->file, listener->bind_conf->line,
4213
             proxy_type_str(curproxy), curproxy->id);
4214
          cfgerr++;
4215
        }
4216
# endif
4217
4218
        li_init_per_thr(listener);
4219
      }
4220
#endif
4221
0
    }
4222
4223
    /* Release unused SSL configs */
4224
0
    list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
4225
0
      if (!(bind_conf->options & BC_O_USE_SSL) && bind_conf->xprt->destroy_bind_conf)
4226
0
        bind_conf->xprt->destroy_bind_conf(bind_conf);
4227
0
    }
4228
4229
    /* create the task associated with the proxy */
4230
0
    curproxy->task = task_new_anywhere();
4231
0
    if (curproxy->task) {
4232
0
      curproxy->task->context = curproxy;
4233
0
      curproxy->task->process = manage_proxy;
4234
0
      curproxy->flags |= PR_FL_READY;
4235
0
    } else {
4236
0
      ha_alert("Proxy '%s': no more memory when trying to allocate the management task\n",
4237
0
         curproxy->id);
4238
0
      cfgerr++;
4239
0
    }
4240
0
  }
4241
4242
  /*
4243
   * We have just initialized the main proxies list
4244
   * we must also configure the log-forward proxies list
4245
   */
4246
0
  if (init_proxies_list == proxies_list) {
4247
0
    init_proxies_list = cfg_log_forward;
4248
    /* check if list is not null to avoid infinite loop */
4249
0
    if (init_proxies_list)
4250
0
      goto init_proxies_list_stage2;
4251
0
  }
4252
4253
  /*
4254
   * Recount currently required checks.
4255
   */
4256
4257
0
  for (curproxy=proxies_list; curproxy; curproxy=curproxy->next) {
4258
0
    int optnum;
4259
4260
0
    for (optnum = 0; cfg_opts[optnum].name; optnum++)
4261
0
      if (curproxy->options & cfg_opts[optnum].val)
4262
0
        global.last_checks |= cfg_opts[optnum].checks;
4263
4264
0
    for (optnum = 0; cfg_opts2[optnum].name; optnum++)
4265
0
      if (curproxy->options2 & cfg_opts2[optnum].val)
4266
0
        global.last_checks |= cfg_opts2[optnum].checks;
4267
0
  }
4268
4269
0
  if (cfg_peers) {
4270
0
    struct peers *curpeers = cfg_peers, **last;
4271
0
    struct peer *p, *pb;
4272
4273
    /* Remove all peers sections which don't have a valid listener,
4274
     * which are not used by any table, or which are bound to more
4275
     * than one process.
4276
     */
4277
0
    last = &cfg_peers;
4278
0
    while (*last) {
4279
0
      struct peer *peer;
4280
0
      struct stktable *t;
4281
0
      curpeers = *last;
4282
4283
0
      if (curpeers->disabled) {
4284
        /* the "disabled" keyword was present */
4285
0
        if (curpeers->peers_fe)
4286
0
          stop_proxy(curpeers->peers_fe);
4287
0
        curpeers->peers_fe = NULL;
4288
0
      }
4289
0
      else if (!curpeers->peers_fe || !curpeers->peers_fe->id) {
4290
0
        ha_warning("Removing incomplete section 'peers %s' (no peer named '%s').\n",
4291
0
             curpeers->id, localpeer);
4292
0
        if (curpeers->peers_fe)
4293
0
          stop_proxy(curpeers->peers_fe);
4294
0
        curpeers->peers_fe = NULL;
4295
0
      }
4296
0
      else {
4297
        /* Initializes the transport layer of the server part of all the peers belonging to
4298
         * <curpeers> section if required.
4299
         * Note that ->srv is used by the local peer of a new process to connect to the local peer
4300
         * of an old process.
4301
         */
4302
0
        curpeers->peers_fe->flags |= PR_FL_READY;
4303
0
        p = curpeers->remote;
4304
0
        while (p) {
4305
0
          struct peer *other_peer;
4306
4307
0
          for (other_peer = curpeers->remote; other_peer && other_peer != p; other_peer = other_peer->next) {
4308
0
            if (strcmp(other_peer->id, p->id) == 0) {
4309
0
              ha_alert("Peer section '%s' [%s:%d]: another peer named '%s' was already defined at line %s:%d, please use distinct names.\n",
4310
0
                 curpeers->peers_fe->id,
4311
0
                 p->conf.file, p->conf.line,
4312
0
                 other_peer->id, other_peer->conf.file, other_peer->conf.line);
4313
0
              cfgerr++;
4314
0
              break;
4315
0
            }
4316
0
          }
4317
4318
0
          if (p->srv) {
4319
0
            if (p->srv->use_ssl == 1 && xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv)
4320
0
              cfgerr += xprt_get(XPRT_SSL)->prepare_srv(p->srv);
4321
0
          }
4322
0
          p = p->next;
4323
0
        }
4324
        /* Configure the SSL bindings of the local peer if required. */
4325
0
        if (!LIST_ISEMPTY(&curpeers->peers_fe->conf.bind)) {
4326
0
          struct list *l;
4327
0
          struct bind_conf *bind_conf;
4328
0
          int ret;
4329
4330
0
          l = &curpeers->peers_fe->conf.bind;
4331
0
          bind_conf = LIST_ELEM(l->n, typeof(bind_conf), by_fe);
4332
4333
0
          if (curpeers->local->srv) {
4334
0
            if (curpeers->local->srv->use_ssl == 1 && !(bind_conf->options & BC_O_USE_SSL)) {
4335
0
              ha_warning("Peers section '%s': local peer have a non-SSL listener and a SSL server configured at line %s:%d.\n",
4336
0
                   curpeers->peers_fe->id, curpeers->local->conf.file, curpeers->local->conf.line);
4337
0
            }
4338
0
            else if (curpeers->local->srv->use_ssl != 1 && (bind_conf->options & BC_O_USE_SSL)) {
4339
0
              ha_warning("Peers section '%s': local peer have a SSL listener and a non-SSL server configured at line %s:%d.\n",
4340
0
                   curpeers->peers_fe->id, curpeers->local->conf.file, curpeers->local->conf.line);
4341
0
            }
4342
0
          }
4343
4344
          /* finish the bind setup */
4345
0
          ret = bind_complete_thread_setup(bind_conf, &err_code);
4346
0
          if (ret != 0) {
4347
0
            cfgerr += ret;
4348
0
            if (err_code & ERR_FATAL)
4349
0
              goto out;
4350
0
          }
4351
4352
0
          if (bind_conf->xprt->prepare_bind_conf &&
4353
0
            bind_conf->xprt->prepare_bind_conf(bind_conf) < 0)
4354
0
            cfgerr++;
4355
0
        }
4356
0
        if (!peers_init_sync(curpeers) || !peers_alloc_dcache(curpeers)) {
4357
0
          ha_alert("Peers section '%s': out of memory, giving up on peers.\n",
4358
0
             curpeers->id);
4359
0
          cfgerr++;
4360
0
          break;
4361
0
        }
4362
0
        last = &curpeers->next;
4363
4364
        /* Ignore the peer shard greater than the number of peer shard for this section.
4365
         * Also ignore the peer shard of the local peer.
4366
         */
4367
0
        for (peer = curpeers->remote; peer; peer = peer->next) {
4368
0
          if (peer == curpeers->local) {
4369
0
            if (peer->srv->shard) {
4370
0
              ha_warning("Peers section '%s': shard ignored for '%s' local peer\n",
4371
0
                     curpeers->id, peer->id);
4372
0
              peer->srv->shard = 0;
4373
0
            }
4374
0
          }
4375
0
          else if (peer->srv->shard > curpeers->nb_shards) {
4376
0
            ha_warning("Peers section '%s': shard ignored for '%s' local peer because "
4377
0
                   "%d shard value is greater than the section number of shards (%d)\n",
4378
0
                   curpeers->id, peer->id, peer->srv->shard, curpeers->nb_shards);
4379
0
            peer->srv->shard = 0;
4380
0
          }
4381
0
        }
4382
4383
0
        continue;
4384
0
      }
4385
4386
      /* clean what has been detected above */
4387
0
      p = curpeers->remote;
4388
0
      while (p) {
4389
0
        pb = p->next;
4390
0
        free(p->id);
4391
0
        free(p);
4392
0
        p = pb;
4393
0
      }
4394
4395
      /* Destroy and unlink this curpeers section.
4396
       * Note: curpeers is backed up into *last.
4397
       */
4398
0
      free(curpeers->id);
4399
0
      curpeers = curpeers->next;
4400
      /* Reset any refereance to this peers section in the list of stick-tables */
4401
0
      for (t = stktables_list; t; t = t->next) {
4402
0
        if (t->peers.p && t->peers.p == *last)
4403
0
          t->peers.p = NULL;
4404
0
      }
4405
0
      free(*last);
4406
0
      *last = curpeers;
4407
0
    }
4408
0
  }
4409
4410
0
  for (t = stktables_list; t; t = t->next) {
4411
0
    if (t->proxy)
4412
0
      continue;
4413
0
    err = NULL;
4414
0
    if (!stktable_init(t, &err)) {
4415
0
      ha_alert("Parsing [%s:%d]: failed to initialize '%s' stick-table: %s.\n", t->conf.file, t->conf.line, t->id, err);
4416
0
      ha_free(&err);
4417
0
      cfgerr++;
4418
0
    }
4419
0
  }
4420
4421
  /* initialize stick-tables on backend capable proxies. This must not
4422
   * be done earlier because the data size may be discovered while parsing
4423
   * other proxies.
4424
   */
4425
0
  for (curproxy = proxies_list; curproxy; curproxy = curproxy->next) {
4426
0
    if ((curproxy->flags & PR_FL_DISABLED) || !curproxy->table)
4427
0
      continue;
4428
4429
0
    err = NULL;
4430
0
    if (!stktable_init(curproxy->table, &err)) {
4431
0
      ha_alert("Proxy '%s': failed to initialize stick-table: %s.\n", curproxy->id, err);
4432
0
      ha_free(&err);
4433
0
      cfgerr++;
4434
0
    }
4435
0
  }
4436
4437
0
  if (mailers) {
4438
0
    struct mailers *curmailers = mailers, **last;
4439
0
    struct mailer *m, *mb;
4440
4441
    /* Remove all mailers sections which don't have a valid listener.
4442
     * This can happen when a mailers section is never referenced.
4443
     */
4444
0
    last = &mailers;
4445
0
    while (*last) {
4446
0
      curmailers = *last;
4447
0
      if (curmailers->users) {
4448
0
        last = &curmailers->next;
4449
0
        continue;
4450
0
      }
4451
4452
0
      ha_warning("Removing incomplete section 'mailers %s'.\n",
4453
0
           curmailers->id);
4454
4455
0
      m = curmailers->mailer_list;
4456
0
      while (m) {
4457
0
        mb = m->next;
4458
0
        free(m->id);
4459
0
        free(m);
4460
0
        m = mb;
4461
0
      }
4462
4463
      /* Destroy and unlink this curmailers section.
4464
       * Note: curmailers is backed up into *last.
4465
       */
4466
0
      free(curmailers->id);
4467
0
      curmailers = curmailers->next;
4468
0
      free(*last);
4469
0
      *last = curmailers;
4470
0
    }
4471
0
  }
4472
4473
  /* Update server_state_file_name to backend name if backend is supposed to use
4474
   * a server-state file locally defined and none has been provided */
4475
0
  for (curproxy = proxies_list; curproxy; curproxy = curproxy->next) {
4476
0
    if (curproxy->load_server_state_from_file == PR_SRV_STATE_FILE_LOCAL &&
4477
0
        curproxy->server_state_file_name == NULL)
4478
0
      curproxy->server_state_file_name = strdup(curproxy->id);
4479
0
  }
4480
4481
0
  list_for_each_entry(curr_resolvers, &sec_resolvers, list) {
4482
0
    if (LIST_ISEMPTY(&curr_resolvers->nameservers)) {
4483
0
      ha_warning("resolvers '%s' [%s:%d] has no nameservers configured!\n",
4484
0
           curr_resolvers->id, curr_resolvers->conf.file,
4485
0
           curr_resolvers->conf.line);
4486
0
      err_code |= ERR_WARN;
4487
0
    }
4488
0
  }
4489
4490
0
  list_for_each_entry(postparser, &postparsers, list) {
4491
0
    if (postparser->func)
4492
0
      cfgerr += postparser->func();
4493
0
  }
4494
4495
0
  if (cfgerr > 0)
4496
0
    err_code |= ERR_ALERT | ERR_FATAL;
4497
0
 out:
4498
0
  return err_code;
4499
0
}
4500
4501
/*
4502
 * Registers the CFG keyword list <kwl> as a list of valid keywords for next
4503
 * parsing sessions.
4504
 */
4505
void cfg_register_keywords(struct cfg_kw_list *kwl)
4506
0
{
4507
0
  LIST_APPEND(&cfg_keywords.list, &kwl->list);
4508
0
}
4509
4510
/*
4511
 * Unregisters the CFG keyword list <kwl> from the list of valid keywords.
4512
 */
4513
void cfg_unregister_keywords(struct cfg_kw_list *kwl)
4514
0
{
4515
0
  LIST_DELETE(&kwl->list);
4516
0
  LIST_INIT(&kwl->list);
4517
0
}
4518
4519
/* this function register new section in the haproxy configuration file.
4520
 * <section_name> is the name of this new section and <section_parser>
4521
 * is the called parser. If two section declaration have the same name,
4522
 * only the first declared is used.
4523
 */
4524
int cfg_register_section(char *section_name,
4525
                         int (*section_parser)(const char *, int, char **, int),
4526
                         int (*post_section_parser)())
4527
0
{
4528
0
  struct cfg_section *cs;
4529
4530
0
  list_for_each_entry(cs, &sections, list) {
4531
0
    if (strcmp(cs->section_name, section_name) == 0) {
4532
0
      ha_alert("register section '%s': already registered.\n", section_name);
4533
0
      return 0;
4534
0
    }
4535
0
  }
4536
4537
0
  cs = calloc(1, sizeof(*cs));
4538
0
  if (!cs) {
4539
0
    ha_alert("register section '%s': out of memory.\n", section_name);
4540
0
    return 0;
4541
0
  }
4542
4543
0
  cs->section_name = section_name;
4544
0
  cs->section_parser = section_parser;
4545
0
  cs->post_section_parser = post_section_parser;
4546
4547
0
  LIST_APPEND(&sections, &cs->list);
4548
4549
0
  return 1;
4550
0