Skip to content

Latest commit

 

History

History
230 lines (190 loc) · 9.56 KB

check_http_raw.md

File metadata and controls

230 lines (190 loc) · 9.56 KB

Check HTTP RAW (BETA)

It performs an HTTP Request of PATH for HOST using a RAW socket sending the packets from the SOURCE_INTERFACE to the MAC address of the REAL_SERVER with a TCP/IP destination set to VIRTUAL_IP and PORT. The HTTP Request Method and Headers can be customized through the options (-M, -H). For the check to be successful at least one option to validate the HTTP Response (-S, -R, -B, -A) must be specified. The check allow to validate the Response Status Code, the Response Headers as long as the Response Body as string or hashed with MD5.

This is suitable to be used as a check for load balancers in direct routing mode (LVS-DR) to ensure that the real server is indeed answering to packets with the VIRTUAL_IP destination IP.

N.B.: This check accepts only single TCP packets replies, see the TODO section in the project README for future developments.

Dependencies

  • GNU C compiler (i.e. gcc package).
  • GNU C Library: Development Libraries and Header Files (i.e. install libc6-dev package (or equivalent) on Debian based distros, glibc-devel on RedHat based ones).
  • OpenSSL development files (i.e. install libssl-dev package on Debian based distros, openssl-devel on RedHat based ones).

Compilation

make http

The binary check_http_raw is created in the bin/ directory.

Usage

Because of the usage of RAW sockets, the check need to be run as root.

check_http_get_raw [OPTION...]
    SOURCE_IFACE
    REAL_SERVER
    VIRTUAL_IP
    PORT
    HOST
    PATH

Exit status

EXIT_SUCCESS on success, EXIT_FAILURE on failure, as defined in stdlib.h.

Parameters

  • SOURCE_IFACE: the name of the network interface to use to send the packets from (i.e. eth0).
  • REAL_SERVER: IPv4 or hostname of the real server to check. Only used to get it's MAC address (i.e. 10.0.0.42).
  • VIRTUAL_IP: IPv4 or hostname of the virtual IP for which the check should be performed, used as destination IP in the TCP packets (i.e. 10.0.0.100).
  • PORT: TCP port number to use for the check (i.e. 80).
  • HOST: HTTP Host header to be used (i.e. www.example.com).
  • PATH: HTTP Resource to request, with leading slash (i.e. /healthcheck)

Options

  • -M, --method=METHOD: The HTTP Method to use for the HTTP Request. Accepted values are: GET, HEAD. [Default: GET]
  • -H, --header=HEADER: Additional HTTP Header to send in the request in the format "Name: Value". Can be specified multiple times to add more headers.
  • -S, --status-code=STATUS_CODE: The expected HTTP Status Code for the check to be successful.
  • -R, --response-header=HEADER: HTTP Header in the response that has to match for the check to be successful, in the format "Name: Value". Can be specified multiple times to add more headers.
  • -A, --hash=MD5SUM: The MD5 hash of the expected HTTP Response Body for the check to be successful.
  • -B, --body=BODY: The expected HTTP Body as string for the check to be successful.
  • -r, --role-file=FILE: Path of the file that contains the current role of the load balancer. Only the first character is read, accepted values are: 1 => MASTER, anything else => BACKUP. When this parameter is set the checks on a BACKUP server are done using the real server IP instead of the VIRTUAL_IP with a standard TCP socket.
  • -t, --timeout=MILLISECONDS: Timeout for each REAL_SERVER reply in ms. To disable set to 0. [Default: 1000]
  • -v, --verbose: Produce increasing verbose output to standard error based on the number of occurrences. -v: CLI parameters and HTTP response summary. -vv: Print also the full HTTP response body. -vvv: Print also all TCP packets. -vvvv: Print also all ARP packets.
  • -?, --help: Give this help list
  • --usage: Give a short usage message

Sample usage

To calculate the MD5 of the expected HTTP response body for the -A option:

curl -s -H "Host: www.example.com" http://10.0.0.42/healthcheck | md5sum
check_http_raw -vv -t 500 -r /var/run/lvs.role -S 200 -A d36f8f9425c4a8000ad9c4a97185aca5 -R "Server: nginx/1.8.0" eth0 10.0.0.42 10.0.0.100 80 www.example.com /healthcheck

The sample usage and sample output uses a verbosity level of 2 to show only HTTP related logging, see the sample output of the TCP check for an example of TCP and ARP logging.

Sample output

[PARAMS] iface: eth0, real_server: 10.0.0.42, virtual_ip: 10.0.0.100, port: 80, host: www.example.com, path: /healthcheck
[OPTIONS] method: GET, status-code: 200, body: (null), hash: d36f8f9425c4a8000ad9c4a97185aca5, role_file: /var/run/lvs.role, timeout: 500ms, verbosity: 2
* Connected to (22:22:22:22:22:22) 10.0.0.100:80
> GET /healthcheck HTTP/1.1
> User-Agent: raw-socket-checkers/1.0
> Host: www.example.com
>
< HTTP/1.1 200 OK
< Server: nginx/1.8.0
< Date: Sun, 17 Jan 2016 19:54:42 GMT
< Content-Type: text/plain
< Content-Length: 3
< Last-Modified: Fri, 08 Jan 2016 11:10:42 GMT
< Connection: keep-alive
< ETag: "568f9932-3"
< Accept-Ranges: bytes
<
OK
* HTTP Body MD5 is d36f8f9425c4a8000ad9c4a97185aca5
* Closed connection to 10.0.0.100

Full help message

Usage: check_http_raw [OPTION...]
            SOURCE_IFACE REAL_SERVER VIRTUAL_IP PORT HOST PATH

check_http_raw -- an HTTP checker with RAW sockets

It performs an HTTP Request of PATH for HOST using a RAW socket sending the
packets from the SOURCE_INTERFACE to the MAC address of the REAL_SERVER with a
TCP/IP destination set to VIRTUAL_IP and PORT. The HTTP Method and Request
Headers can be customized. The Response status, Response Headers, Response Body
and Response Body MD5 can be verified for the check to be successful.

This is suitable to be used as a check for load balancers in direct routing
mode (LVS-DR) to ensure that the real server is indeed answering to packets
with the VIRTUAL_IP destination IP.

Example:
check_http_raw -vv -t 500 -r /var/run/lvs.role -S 200 -A
d36f8f9425c4a8000ad9c4a97185aca5 -R "Server: nginx/1.8.0" eth0 10.0.0.42
10.0.0.100 80 www.example.com /healthcheck

Example to calculate the MD5 of the HTTP Response:
curl -s -H "Host: www.example.com" http://10.0.0.42/healthcheck | md5sum

============================
EXIT STATUS
----------------------------

EXIT_SUCCESS on success, EXIT_FAILURE on failure.

============================
PARAMETERS
----------------------------

  SOURCE_IFACE    the name of the network interface to use to send the packets
                  from (i.e. eth0).

  REAL_SERVER     IPv4 or hostname of the real server to check. Only used to
                  get it's MAC address (i.e. 10.0.0.42).

  VIRTUAL_IP      IPv4 or hostname of the virtual IP for which the check
                  should be performed, used as destination IP in the TCP
                  packets (i.e. 10.0.0.100)

  PORT            TCP port number to use for the check (i.e. 80)

  HOST            Virtual host to made the request to, becomes the HTTP Host
                  header in the request (i.e. www.example.com)
  PATH            HTTP Resource to request, with leading slash
                  (i.e. /healthcheck)
============================
OPTIONS
----------------------------
At least one of [-S, -R, -B, -A] must be set to validate the HTTP Response.

  -A, --hash=MD5SUM          The MD5 hash of the expected HTTP Response Body
                             for the check to be successful.
  -B, --body=BODY            The expected HTTP Body as string for the check to
                             be successful.
  -H, --header=HEADER        Additional HTTP Header to send in the request in
                             the format "Name: Value". Can be specified
                             multiple times to add more headers.
  -M, --method=METHOD        The HTTP Method to use for the HTTP Request.
                             Accepted values are: GET, HEAD. [Default: GET]
  -r, --role-file=FILE       Path of the file that contains the current role of
                             the load balancer. Only the first character is
                             read, accepted values are: 1 => MASTER, anything
                             else => BACKUP. When this parameter is set the
                             checks on a BACKUP server are done using the real
                             server IP instead of the VIRTUAL_IP with a
                             standard TCP socket.
  -R, --response-header=HEADER   HTTP Header in the response that has to match
                             for the check to be successful, in the format
                             "Name: Value". Can be specified multiple times to
                             add more headers.
  -S, --status-code=STATUS_CODE   The expected HTTP Status Code for the check
                             to be successful.
  -t, --timeout=MILLISECONDS Timeout for each REAL_SERVER reply in ms.
                             To disable set to 0. [Default: 1000]
  -v, --verbose              Produce increasing verbose output to standard
                             error based on the number of occurrences:
                             -v)    CLI parameters and HTTP response summary
                             -vv)   Print also the full HTTP response body
                             -vvv)  Print also all TCP packets
                             -vvvv) Print also all ARP packets
  -?, --help                 Give this help list
      --usage                Give a short usage message

Mandatory or optional arguments to long options are also mandatory or optional
for any corresponding short options.