MINOR: cfgparse: forbid mixing reverse and standard listeners

Reverse HTTP listeners are very specific and share only a very limited subset of keywords with other listeners. As such, it is probable meaningless to mix standard and reverse addresses on the same bind line. This patch emits a fatal error during configuration parsing if this is the case.
2025-08-06 23:27:04 +02:00 · 2023-10-19 12:05:31 +02:00 · 2023-10-19 12:05:31 +02:00 · 37d7e52cc6
commit 37d7e52cc6
parent 60e7116be0
2 changed files with 27 additions and 4 deletions
--- a/include/haproxy/listener-t.h
+++ b/include/haproxy/listener-t.h
@ -111,6 +111,7 @@ enum li_status {
 #define BC_O_ACC_CIP            0x00001000 /* find the proxied address in the NetScaler Client IP header */
 #define BC_O_UNLIMITED          0x00002000 /* listeners not subject to global limits (peers & stats socket) */
 #define BC_O_NOSTOP             0x00004000 /* keep the listeners active even after a soft stop */
+#define BC_O_REVERSE_HTTP       0x00008000 /* a reverse HTTP bind is used */


 /* flags used with bind_conf->ssl_options */
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@ -162,6 +162,32 @@ int str2listener(char *str, struct proxy *curproxy, struct bind_conf *bind_conf,
 		if (!ss2)
 			goto fail;

+		if (ss2->ss_family == AF_CUST_REV_SRV) {
+			/* Check if a previous non reverse HTTP present is
+			 * already defined. If DGRAM or STREAM is set, this
+			 * indicates that we are currently parsing the second
+			 * or more address.
+			 */
+			if (bind_conf->options & (BC_O_USE_SOCK_DGRAM|BC_O_USE_SOCK_STREAM) &&
+			    !(bind_conf->options & BC_O_REVERSE_HTTP)) {
+				memprintf(err, "Cannot mix reverse HTTP bind with others.\n");
+				goto fail;
+			}
+
+			bind_conf->reverse_srvname = strdup(str + strlen("rev@"));
+			if (!bind_conf->reverse_srvname) {
+				memprintf(err, "Cannot allocate reverse HTTP bind.\n");
+				goto fail;
+			}
+
+			bind_conf->options |= BC_O_REVERSE_HTTP;
+		}
+		else if (bind_conf->options & BC_O_REVERSE_HTTP) {
+			/* Standard address mixed with a previous reverse HTTP one. */
+			memprintf(err, "Cannot mix reverse HTTP bind with others.\n");
+			goto fail;
+		}
+
 		/* OK the address looks correct */
 		if (proto->proto_type == PROTO_TYPE_DGRAM)
 			bind_conf->options |= BC_O_USE_SOCK_DGRAM;
@ -173,10 +199,6 @@ int str2listener(char *str, struct proxy *curproxy, struct bind_conf *bind_conf,
 		else
 			bind_conf->options |= BC_O_USE_XPRT_STREAM;

-		if (ss2->ss_family == AF_CUST_REV_SRV) {
-			bind_conf->reverse_srvname = strdup(str + strlen("rev@"));
-		}
-
 		if (!create_listeners(bind_conf, ss2, port, end, fd, proto, err)) {
 			memprintf(err, "%s for address '%s'.\n", *err, str);
 			goto fail;