mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-21 13:51:26 +02:00
Code Issues Projects Releases Wiki Activity

MEDIUM: peers: use server as stream target

Browse Source 
Historically, we used the internal peer proxy as stream target, because
then we only cared about initiating a basic tcp connection with the
endpoint, and relying on parent proxy settings was enough.

But later, we introduced the possibility to connect to an SSL peer by
taking server's SSL parameters into acount. This was done in commit
1055e687 ("MINOR: peers: Make outgoing connection to SSL/TLS peers work.")

However, the above commit introduced an ambiguity:

peer_session_target() function was introduced, and the function will
either return the peers proxy's object or the current server's object
depending if ssl is configured or not.

While this works fine to ensure proper SSL handling while being
conservative with historical behavior, this cause other server transport
related settings to only work when ssl settings are provided, which is
quite debatable.

Indeed, while we're there, why not always using the server's object as
a stream target, to ensure all transport related options are properly
handled? Moreover, the peers documentation tells this:

   ... "support for all "server" parameters found in 5.2 paragraph that
   are related to transport settings" ...

To remove the ambiguity and fully comply with the documentation, we make
peer_session_target() always return the server's object.
This commit is contained in:
Aurelien DARRAGON 2023-11-30 16:48:41 +01:00 committed by Christopher Faulet
parent c5cace3100
commit 7293eb68ff
1 changed files with 1 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
include/haproxy/peers.h
View File

@ -41,14 +41,6 @@ void peers_setup_frontend(struct proxy *fe);
void peers_register_keywords(struct peers_kw_list *pkwl);
#if defined(USE_OPENSSL)
static inline enum obj_type *peer_session_target(struct peer *p, struct stream *s)
{
if (p->srv->use_ssl)
return &p->srv->obj_type;
else
return &s->be->obj_type;
}
static inline struct xprt_ops *peer_xprt(struct peer *p)
{
return p->srv->use_ssl ? xprt_get(XPRT_SSL) : xprt_get(XPRT_RAW);
@ -56,7 +48,7 @@ static inline struct xprt_ops *peer_xprt(struct peer *p)
#else
static inline enum obj_type *peer_session_target(struct peer *p, struct stream *s)
{
return &s->be->obj_type;
return &p->srv->obj_type;
}
static inline struct xprt_ops *peer_xprt(struct peer *p)