pub enum ConfigError {
Show 23 variants
Env(String),
FileOpen {
path_to_open: String,
io_error: Error,
},
FileRead {
path_to_read: String,
io_error: Error,
},
Incompatible {
kind: IncompatibilityKind,
object: ObjectKind,
id: String,
},
InvalidFrontendConfig(String),
InvalidPath(PathBuf),
ListenerAddressAlreadyInUse(SocketAddr),
Missing(MissingKind),
NoFileParent(String),
SaveStatePath(String),
SocketPathError(String),
DeserializeToml(String),
WrongFrontendProtocol(ListenerProtocol),
WrongListenerProtocol {
expected: ListenerProtocol,
found: Option<ListenerProtocol>,
},
InvalidAlpnProtocol(String),
DisableHttp11WithHttp11Alpn {
address: String,
},
BufferSizeTooSmallForH2 {
buffer_size: u64,
minimum: u64,
listeners: usize,
},
InvalidRedirectPolicy(String),
InvalidRedirectScheme(String),
InvalidHeaderPosition {
index: usize,
position: String,
},
InvalidHeaderBytes {
index: usize,
field: &'static str,
},
HstsEnabledRequired(String),
HstsOnPlainHttp(String),
}Variants§
Env(String)
FileOpen
FileRead
Incompatible
InvalidFrontendConfig(String)
InvalidPath(PathBuf)
ListenerAddressAlreadyInUse(SocketAddr)
Missing(MissingKind)
NoFileParent(String)
SaveStatePath(String)
SocketPathError(String)
DeserializeToml(String)
WrongFrontendProtocol(ListenerProtocol)
WrongListenerProtocol
InvalidAlpnProtocol(String)
DisableHttp11WithHttp11Alpn
disable_http11 = true and alpn_protocols containing "http/1.1"
are mutually exclusive: the proxy advertises http/1.1 to peers,
then refuses every connection that negotiates
it. The combination is a self-DoS at handshake time. Either drop
http/1.1 from alpn_protocols or unset disable_http11.
BufferSizeTooSmallForH2
buffer_size is below the H2 minimum (16 393 bytes) but at least one
HTTPS listener advertises h2 in its ALPN list. The H2 mux requires
16 384-byte frame payload + 9-byte header to fit in a single kawa
buffer; smaller values deadlock streams that carry full-size frames.
Either raise buffer_size to ≥ 16 393 or remove h2 from the
affected listeners’ alpn_protocols.
InvalidRedirectPolicy(String)
redirect = "<value>" on a frontend used a value the parser doesn’t
recognise. Accepted values are forward, permanent, unauthorized
(case-insensitive).
InvalidRedirectScheme(String)
redirect_scheme = "<value>" on a frontend used a value the parser
doesn’t recognise. Accepted values are use-same, use-http,
use-https (case-insensitive).
InvalidHeaderPosition
A [[clusters.<id>.frontends.headers]] entry carried an unknown
position value. Accepted values are request, response, both
(case-insensitive).
InvalidHeaderBytes
A [[clusters.<id>.frontends.headers]] entry contains a forbidden
byte (NUL, CR, LF, or another C0 control) in its key or value.
Accepting these would produce HTTP request/response splitting on
the wire (CWE-113) — the worker’s H2 emission path filters them
at runtime, but the H1 path serialises raw, so we reject at
config-load time as a defense in depth.
HstsEnabledRequired(String)
An [hsts] block populated max_age, include_subdomains, or
preload but did not set enabled. The TOML representation requires
enabled to be present whenever the block is — that single field
disambiguates “preserve current” / “explicit disable” / “enable” on
hot-reconfig partial updates.
HstsOnPlainHttp(String)
An [hsts] block on an HTTP-only listener or frontend. RFC 6797
§7.2 forbids emitting Strict-Transport-Security over plaintext
HTTP; sozu rejects the configuration at load time so the
non-conformant policy never ships to a worker.
Trait Implementations§
Source§impl Debug for ConfigError
impl Debug for ConfigError
Source§impl Display for ConfigError
impl Display for ConfigError
Source§impl Error for ConfigError
impl Error for ConfigError
1.30.0 · Source§fn source(&self) -> Option<&(dyn Error + 'static)>
fn source(&self) -> Option<&(dyn Error + 'static)>
1.0.0 · Source§fn description(&self) -> &str
fn description(&self) -> &str
use the Display impl or to_string()