mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 14:21:25 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: checks: Add the via-socks4 option for tcp-check connect rules

Browse Source 
With this option, it is possible to establish the connection opened by a
tcp-check connect rule using upstream socks4 proxy. Info from the socks4
parameter on the server are used.
This commit is contained in:
Christopher Faulet 2020-03-30 13:07:02 +02:00
parent 79b31d4ee5
commit 085426aea9
3 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/configuration.txt
View File

@ -9824,6 +9824,8 @@ tcp-check connect [params*]
send-proxy send a PROXY protocol string send-proxy send a PROXY protocol string
via-socks4 enables outgoing health checks using upstream socks4 proxy.
ssl opens a ciphered connection ssl opens a ciphered connection
sni <sni> specifies the SNI to use to do health checks over SSL. sni <sni> specifies the SNI to use to do health checks over SSL.

1
include/types/checks.h
View File

@ -217,6 +217,7 @@ struct analyze_status {
#define TCPCHK_OPT_SSL 0x0002 /* SSL connection */ #define TCPCHK_OPT_SSL 0x0002 /* SSL connection */
#define TCPCHK_OPT_LINGER 0x0004 /* Do not RST connection, let it linger */ #define TCPCHK_OPT_LINGER 0x0004 /* Do not RST connection, let it linger */
#define TCPCHK_OPT_DEFAULT_CONNECT 0x0008 /* Do a connect using server params */ #define TCPCHK_OPT_DEFAULT_CONNECT 0x0008 /* Do a connect using server params */
#define TCPCHK_OPT_SOCKS4 0x0010 /* check the connection via socks4 proxy */
struct tcpcheck_connect { struct tcpcheck_connect {
uint16_t port; /* port to connect to */ uint16_t port; /* port to connect to */

9
src/checks.c
View File

@ -2922,7 +2922,10 @@ static enum tcpcheck_eval_ret tcpcheck_eval_connect(struct check *check, struct
ssl_sock_set_servername(conn, connect->sni); ssl_sock_set_servername(conn, connect->sni);
} }
#endif #endif
/* TODO: add support for sock4 option */ if ((connect->options & TCPCHK_OPT_SOCKS4) && (s->flags & SRV_F_SOCKS4_PROXY)) {
conn->send_proxy_ofs = 1;
conn->flags |= CO_FL_SOCKS4;
}
if (connect->options & TCPCHK_OPT_SEND_PROXY) { if (connect->options & TCPCHK_OPT_SEND_PROXY) {
conn->send_proxy_ofs = 1; conn->send_proxy_ofs = 1;
conn->flags |= CO_FL_SEND_PROXY; conn->flags |= CO_FL_SEND_PROXY;
@ -4118,6 +4121,8 @@ static struct tcpcheck_rule *parse_tcpcheck_connect(char **args, int cur_arg, st
} }
else if (strcmp(args[cur_arg], "send-proxy") == 0) else if (strcmp(args[cur_arg], "send-proxy") == 0)
conn_opts |= TCPCHK_OPT_SEND_PROXY; conn_opts |= TCPCHK_OPT_SEND_PROXY;
else if (strcmp(args[cur_arg], "via-socks4") == 0)
conn_opts |= TCPCHK_OPT_SOCKS4;
else if (strcmp(args[cur_arg], "linger") == 0) else if (strcmp(args[cur_arg], "linger") == 0)
conn_opts |= TCPCHK_OPT_LINGER; conn_opts |= TCPCHK_OPT_LINGER;
#ifdef USE_OPENSSL #ifdef USE_OPENSSL
@ -4145,7 +4150,7 @@ static struct tcpcheck_rule *parse_tcpcheck_connect(char **args, int cur_arg, st
#ifdef USE_OPENSSL #ifdef USE_OPENSSL
", 'ssl', 'sni'" ", 'ssl', 'sni'"
#endif /* USE_OPENSSL */ #endif /* USE_OPENSSL */
" or 'linger' but got '%s' as argument.", " or 'via-socks4', 'linger' but got '%s' as argument.",
args[cur_arg]); args[cur_arg]);
goto error; goto error;
} }