pub enum ConfigError {
Show 32 variants
Env(String),
FileOpen {
path_to_open: String,
io_error: Error,
},
FileRead {
path_to_read: String,
io_error: Error,
},
Incompatible {
kind: IncompatibilityKind,
object: ObjectKind,
id: String,
},
InvalidFrontendConfig(String),
InvalidPath(PathBuf),
ListenerAddressAlreadyInUse(SocketAddr),
Missing(MissingKind),
NoFileParent(String),
SaveStatePath(String),
SocketPathError(String),
DeserializeToml(String),
WrongFrontendProtocol(ListenerProtocol),
WrongListenerProtocol {
expected: ListenerProtocol,
found: Option<ListenerProtocol>,
},
InvalidAlpnProtocol(String),
DisableHttp11WithHttp11Alpn {
address: String,
},
BufferSizeTooSmallForH2 {
buffer_size: u64,
minimum: u64,
listeners: usize,
},
InvalidRedirectPolicy(String),
InvalidRedirectScheme(String),
InvalidHeaderPosition {
index: usize,
position: String,
},
InvalidHeaderBytes {
index: usize,
field: &'static str,
},
HstsEnabledRequired(String),
HstsOnPlainHttp(String),
InvalidSniPattern {
sni: String,
},
NonAsciiSniPattern {
sni: String,
},
AlpnWithoutSni {
address: SocketAddr,
},
TcpFrontendAlpnOverlap {
address: SocketAddr,
sni: Option<String>,
protocol: String,
},
TcpFrontendMultipleAlpnCatchAll {
address: SocketAddr,
sni: Option<String>,
},
TcpListenerMixesSniAndNoSni {
address: SocketAddr,
},
SniPrereadTimeoutExceedsFrontTimeout {
address: SocketAddr,
sni_preread_timeout: u32,
front_timeout: u32,
},
SniPrereadMaxBytesExceedsBufferSize {
address: SocketAddr,
sni_preread_max_bytes: u32,
buffer_size: u64,
},
SniPrereadMaxBytesTooSmall {
address: SocketAddr,
sni_preread_max_bytes: u32,
minimum: u32,
},
}Variants§
Env(String)
FileOpen
FileRead
Incompatible
InvalidFrontendConfig(String)
InvalidPath(PathBuf)
ListenerAddressAlreadyInUse(SocketAddr)
Missing(MissingKind)
NoFileParent(String)
SaveStatePath(String)
SocketPathError(String)
DeserializeToml(String)
WrongFrontendProtocol(ListenerProtocol)
WrongListenerProtocol
InvalidAlpnProtocol(String)
DisableHttp11WithHttp11Alpn
disable_http11 = true and alpn_protocols containing "http/1.1"
are mutually exclusive: the proxy advertises http/1.1 to peers,
then refuses every connection that negotiates
it. The combination is a self-DoS at handshake time. Either drop
http/1.1 from alpn_protocols or unset disable_http11.
BufferSizeTooSmallForH2
buffer_size is below the H2 minimum (16 393 bytes) but at least one
HTTPS listener advertises h2 in its ALPN list. The H2 mux requires
16 384-byte frame payload + 9-byte header to fit in a single kawa
buffer; smaller values deadlock streams that carry full-size frames.
Either raise buffer_size to ≥ 16 393 or remove h2 from the
affected listeners’ alpn_protocols.
InvalidRedirectPolicy(String)
redirect = "<value>" on a frontend used a value the parser doesn’t
recognise. Accepted values are forward, permanent, unauthorized
(case-insensitive).
InvalidRedirectScheme(String)
redirect_scheme = "<value>" on a frontend used a value the parser
doesn’t recognise. Accepted values are use-same, use-http,
use-https (case-insensitive).
InvalidHeaderPosition
A [[clusters.<id>.frontends.headers]] entry carried an unknown
position value. Accepted values are request, response, both
(case-insensitive).
InvalidHeaderBytes
A [[clusters.<id>.frontends.headers]] entry contains a forbidden
byte (NUL, CR, LF, or another C0 control) in its key or value.
Accepting these would produce HTTP request/response splitting on
the wire (CWE-113) — the worker’s H2 emission path filters them
at runtime, but the H1 path serialises raw, so we reject at
config-load time as a defense in depth.
HstsEnabledRequired(String)
An [hsts] block populated max_age, include_subdomains, or
preload but did not set enabled. The TOML representation requires
enabled to be present whenever the block is — that single field
disambiguates “preserve current” / “explicit disable” / “enable” on
hot-reconfig partial updates.
HstsOnPlainHttp(String)
An [hsts] block on an HTTP-only listener or frontend. RFC 6797
§7.2 forbids emitting Strict-Transport-Security over plaintext
HTTP; sozu rejects the configuration at load time so the
non-conformant policy never ships to a worker.
InvalidSniPattern
A TCP frontend’s hostname (mapped to the wire sni field) is
neither an exact hostname nor a single leading *. wildcard label
(sozu-proxy/sozu#1279). Rejects *.*.example.com, an embedded *
anywhere but the leading label, an empty label, and any / — never
valid in a hostname, and a leftmost /.../ label would otherwise be
inserted into the pattern_trie route table as a REGEX segment.
NonAsciiSniPattern
A TCP frontend’s SNI pattern contains non-ASCII characters. On-wire SNI is always an ASCII A-label (RFC 6066 §3 / IDNA), so a Unicode U-label in the config would load fine but never match any ClientHello — a silent routing failure. Rejected loudly until IDNA normalization is supported at config-load; the operator must write the punycode A-label form instead.
AlpnWithoutSni
A TCP frontend set alpn but left hostname (mapped to the wire
sni field) unset. An ALPN matcher only ever gets consulted from
within the SNI-scoped preread route table; a frontend with no sni
installs the worker’s raw no-SNI catch-all path instead
(TcpListener::cluster_id), which never looks at alpn at all –
the configured protocol list would silently never be enforced.
Reject at config-load rather than mis-routing every connection
through unconditionally.
Fields
address: SocketAddrTcpFrontendAlpnOverlap
Two TCP frontends on the same (address, sni) advertise an
overlapping ALPN protocol. Routing on a listener must be
deterministic: if both frontends could match the same ClientHello,
which cluster receives the connection would depend on iteration
order rather than configuration.
TcpFrontendMultipleAlpnCatchAll
More than one TCP frontend on the same (address, sni) left alpn
empty. An empty alpn is the catch-all match for that sni; two
catch-alls on the same (address, sni) are as ambiguous as two
frontends sharing an explicit protocol.
TcpListenerMixesSniAndNoSni
A TCP listener address is targeted by both a no-SNI frontend and at least one SNI-scoped frontend. An SNI-enabled listener prereads the ClientHello before choosing a backend; a raw-TCP fallback frontend with no SNI to match against would be unreachable for any client that doesn’t send SNI, and ambiguous for any that does, so the two shapes cannot share a listener.
Fields
address: SocketAddrSniPrereadTimeoutExceedsFrontTimeout
sni_preread_timeout on a TCP listener exceeds that listener’s
front_timeout. The preread phase is bounded by the frontend’s own
inactivity timeout, so a preread budget longer than the timeout that
would kill the connection anyway can never fully elapse — it is
either a config mistake or silently dead configuration.
SniPrereadMaxBytesExceedsBufferSize
sni_preread_max_bytes on a TCP listener targeted by at least one
SNI frontend exceeds the global buffer_size. The preread buffer is
carved out of the same per-session buffer the proxy uses for
relaying, so a preread ceiling above buffer_size can never be
reached in practice and signals a misconfiguration.
SniPrereadMaxBytesTooSmall
sni_preread_max_bytes on a TCP listener targeted by at least one
SNI frontend is below MIN_SNI_PREREAD_MAX_BYTES. 0 in
particular makes the preread shell issue zero-length reads that can
never make progress – the session spins until the event-loop
iteration guard (MAX_LOOP_ITERATIONS) trips instead of ever
completing a preread decision. The floor is a full TLS record
header (1-byte ContentType + 2-byte ProtocolVersion + 2-byte
length, RFC 8446 §5.1): below that, the shell cannot even learn how
many more bytes to wait for.
Trait Implementations§
Source§impl Debug for ConfigError
impl Debug for ConfigError
Source§impl Display for ConfigError
impl Display for ConfigError
Source§impl Error for ConfigError
impl Error for ConfigError
1.30.0 · Source§fn source(&self) -> Option<&(dyn Error + 'static)>
fn source(&self) -> Option<&(dyn Error + 'static)>
1.0.0 · Source§fn description(&self) -> &str
fn description(&self) -> &str
use the Display impl or to_string()