Re: stick-table question

From: Shannon Lee <slee#bittorrent.com>
Date: Wed, 12 May 2010 15:52:34 -0700


Willy,

Thanks, you rock!

This patch works like a charm, it's passing through staging now and we'll have it in production shortly.

Thanks again,

--S

On Tue, May 11, 2010 at 11:18 PM, Willy Tarreau <w#1wt.eu> wrote:

> On Tue, May 11, 2010 at 05:34:08PM -0700, Shannon Lee wrote:
> > The xforwardedfor stuff is in our stunnel, I just need to figure out how
> to
> > use the X-Forwarded-For header as the key in the stick table. For
> > example...
> >
> > stick-table type ip size 200k expire 30m
> > stick on src
> >
> > ..sends every incoming connection to the same backend host while we're
> using
> > stunnel. The docs make it seem like the 'stick on' and 'stick match'
> > pattern extraction is pretty limited...?
>
> yes, as I indicated in previous mail, *right now* the pattern extraction is
> limited. The reason is that it does not share much code with the ACL
> patterns
> and we thought it was wasted to duplicate everything, we'd better adapt the
> pattern extraction to serve both stick-tables and ACLs. But the way it is
> done makes it very easy to add new rules anyway if needed.
>
> Hey, finally I took a few minutes to implement it while typing this mail.
> Please find the patch at the end of this mail. You can apply it on top of
> 1.4.4. You'll then have to use :
>
> stick on hdr(x-forwarded-for)
>
> and it will use the last occurrence of the header as an IP address to stick
> on.
>
> regards,
> Willy
>
> ----
>
> From 9e327a7c9e9add69c3dc2f70a1b41b776a2143b1 Mon Sep 17 00:00:00 2001
> From: Willy Tarreau <w#1wt.eu>
> Date: Wed, 12 May 2010 08:08:50 +0200
> Subject: [MINOR] stick-tables: add support for "stick on hdr"
>
> It is now possible to stick on an IP address found in a HTTP header. Right
> now only the last occurrence of the header can be used, which is generally
> enough for most uses. Also, the header extraction rule only knows how to
> convert the header to IP. Later it will be usable as a plain string with
> an implicit conversion, and the syntax will not change.
> ---
> doc/configuration.txt | 5 +++++
> src/proto_http.c | 30 ++++++++++++++++++++++++++++++
> 2 files changed, 35 insertions(+), 0 deletions(-)
>
> diff --git a/doc/configuration.txt b/doc/configuration.txt
> index 1ca54fe..0df8ac9 100644
> --- a/doc/configuration.txt
> +++ b/doc/configuration.txt
> @@ -6548,6 +6548,11 @@ The list of currently supported pattern fetch
> functions is the following :
> ports to some clients for a whole application session. It is
> of
> type integer and only works with such tables.
>
> + hdr(name) This extracts the last occurrence of header <name> in an
> HTTP
> + request and converts it to an IP address. This IP address
> is
> + then used to match the table. A typical use is with the
> + x-forwarded-for header.
> +
>
> The currently available list of transformations include :
>
> diff --git a/src/proto_http.c b/src/proto_http.c
> index c8835a5..9c43cf2 100644
> --- a/src/proto_http.c
> +++ b/src/proto_http.c
> @@ -49,6 +49,7 @@
> #include <proto/fd.h>
> #include <proto/log.h>
> #include <proto/hdr_idx.h>
> +#include <proto/pattern.h>
> #include <proto/proto_tcp.h>
> #include <proto/proto_http.h>
> #include <proto/proxy.h>
> @@ -7429,11 +7430,40 @@ static struct acl_kw_list acl_kws = {{ },{
> { NULL, NULL, NULL, NULL },
> }};
>
> +/************************************************************************/
> +/* The code below is dedicated to pattern fetching and matching */
> +/************************************************************************/
> +
> +/* extract the IP address from the last occurrence of specified header.
> Note
> + * that we should normally first extract the string then convert it to IP,
> + * but right now we have all the functions to do this seemlessly, and we
> will
> + * be able to change that later without touching the configuration.
> + */
> +static int
> +pattern_fetch_hdr_ip(struct proxy *px, struct session *l4, void *l7, int
> dir,
> + const char *arg, int arg_len, union pattern_data *data)
> +{
> + struct http_txn *txn = l7;
> +
> + data->ip.s_addr = htonl(get_ip_from_hdr2(&txn->req, arg, arg_len,
> &txn->hdr_idx, -1));
> + return data->ip.s_addr != 0;
> +}
> +
> +/************************************************************************/
> +/* All supported keywords must be declared here. */
> +/************************************************************************/
> +/* Note: must not be declared <const> as its list will be overwritten */
> +static struct pattern_fetch_kw_list pattern_fetch_keywords = {{ },{
> + { "hdr", pattern_fetch_hdr_ip, PATTERN_TYPE_IP,
> PATTERN_FETCH_REQ },
> + { NULL, NULL, 0, 0 },
> +}};
> +
>
> __attribute__((constructor))
> static void __http_protocol_init(void)
> {
> acl_register_keywords(&acl_kws);
> + pattern_register_fetches(&pattern_fetch_keywords);
> }
>
>
> --
> 1.6.4.4
>
>
Received on 2010/05/13 00:52

This archive was generated by hypermail 2.2.0 : 2010/05/13 01:00 CEST