mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 06:11:32 +02:00
Code Issues Projects Releases Wiki Activity

MEDIUM: listener: parse the new "process" bind keyword

Browse Source 
This sets the bind_proc entry in the bind_conf config block. For now it's
still unused, but the doc was updated.
This commit is contained in:
Willy Tarreau 2014-05-07 19:01:58 +02:00
parent 102df613a9
commit 6ae1ba6f29
3 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
doc/configuration.txt
View File

@ -1865,6 +1865,9 @@ bind-process [ all | odd | even | <number 1-64>[-<number 1-64>] ] ...
Please note that 'all' really means all processes regardless of the machine's Please note that 'all' really means all processes regardless of the machine's
word size, and is not limited to the first 32 or 64. word size, and is not limited to the first 32 or 64.
Each "bind" line may further be limited to a subset of the proxy's processes,
please consult the "process" bind keyword in section 5.1.
If some backends are referenced by frontends bound to other processes, the If some backends are referenced by frontends bound to other processes, the
backend automatically inherits the frontend's processes. backend automatically inherits the frontend's processes.
@ -1885,7 +1888,7 @@ bind-process [ all | odd | even | <number 1-64>[-<number 1-64>] ] ...
bind 10.0.0.4:80 bind 10.0.0.4:80
bind-process 1-4 bind-process 1-4
See also : "nbproc" in global section. See also : "nbproc" in global section, and "process" in section 5.1.
block { if | unless } <condition> block { if | unless } <condition>
@ -8273,6 +8276,17 @@ npn <protocols>
enabled (check with haproxy -vv). Note that the NPN extension has been enabled (check with haproxy -vv). Note that the NPN extension has been
replaced with the ALPN extension (see the "alpn" keyword). replaced with the ALPN extension (see the "alpn" keyword).
process [ all | odd | even | <number 1-64>[-<number 1-64>] ]
This restricts the list of processes on which this listener is allowed to
run. It does not enforce any process but eliminates those which do not match.
If the frontend uses a "bind-process" setting, the intersection between the
two is applied. If in the end the listener is not allowed to run on any
remaining process, a warning is emitted, and the listener will either run on
the first process of the listener if a single process was specified, or on
all of its processes if multiple processes were specified. For the unlikely
case where several ranges are needed, this directive may be repeated. See
also "bind-process" and "nbproc".
ssl ssl
This setting is only available when support for OpenSSL was built in. It This setting is only available when support for OpenSSL was built in. It
enables SSL deciphering on connections instantiated from this listener. A enables SSL deciphering on connections instantiated from this listener. A

1
include/types/listener.h
View File

@ -134,6 +134,7 @@ struct bind_conf {
struct eb_root sni_w_ctx; /* sni_ctx tree of all known certs wildcards sorted by name */ struct eb_root sni_w_ctx; /* sni_ctx tree of all known certs wildcards sorted by name */
#endif #endif
int is_ssl; /* SSL is required for these listeners */ int is_ssl; /* SSL is required for these listeners */
unsigned long bind_proc; /* bitmask of processes allowed to use these listeners */
struct { /* UNIX socket permissions */ struct { /* UNIX socket permissions */
uid_t uid; /* -1 to leave unchanged */ uid_t uid; /* -1 to leave unchanged */
gid_t gid; /* -1 to leave unchanged */ gid_t gid; /* -1 to leave unchanged */

45
src/listener.c
View File

@ -11,6 +11,7 @@
*/ */
#define _GNU_SOURCE #define _GNU_SOURCE
#include <ctype.h>
#include <errno.h> #include <errno.h>
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
@ -703,6 +704,49 @@ static int bind_parse_nice(char **args, int cur_arg, struct proxy *px, struct bi
return 0; return 0;
} }
/* parse the "process" bind keyword */
static int bind_parse_process(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
{
unsigned long set = 0;
unsigned int low, high;
if (strcmp(args[cur_arg + 1], "all") == 0) {
set = 0;
}
else if (strcmp(args[cur_arg + 1], "odd") == 0) {
set |= ~0UL/3UL; /* 0x555....555 */
}
else if (strcmp(args[cur_arg + 1], "even") == 0) {
set |= (~0UL/3UL) << 1; /* 0xAAA...AAA */
}
else if (isdigit((int)*args[cur_arg + 1])) {
char *dash = strchr(args[cur_arg + 1], '-');
low = high = str2uic(args[cur_arg + 1]);
if (dash)
high = str2uic(dash + 1);
if (high < low) {
unsigned int swap = low;
low = high;
high = swap;
}
if (low < 1 || high > LONGBITS) {
memprintf(err, "'%s' : invalid range %d-%d, allowed range is 1..%d", args[cur_arg], low, high, LONGBITS);
return ERR_ALERT | ERR_FATAL;
}
while (low <= high)
set |= 1UL << (low++ - 1);
}
else {
memprintf(err, "'%s' expects 'all', 'odd', 'even', or a process range with numbers from 1 to %d.", args[cur_arg], LONGBITS);
return ERR_ALERT | ERR_FATAL;
}
conf->bind_proc = set;
return 0;
}
/* Note: must not be declared <const> as its list will be overwritten. /* Note: must not be declared <const> as its list will be overwritten.
* Please take care of keeping this list alphabetically sorted. * Please take care of keeping this list alphabetically sorted.
@ -734,6 +778,7 @@ static struct bind_kw_list bind_kws = { "ALL", { }, {
{ "maxconn", bind_parse_maxconn, 1 }, /* set maxconn of listening socket */ { "maxconn", bind_parse_maxconn, 1 }, /* set maxconn of listening socket */
{ "name", bind_parse_name, 1 }, /* set name of listening socket */ { "name", bind_parse_name, 1 }, /* set name of listening socket */
{ "nice", bind_parse_nice, 1 }, /* set nice of listening socket */ { "nice", bind_parse_nice, 1 }, /* set nice of listening socket */
{ "process", bind_parse_process, 1 }, /* set list of allowed process for this socket */
{ /* END */ }, { /* END */ },
}}; }};