diff --git a/include/proto/frontend.h b/include/proto/frontend.h index 3f67d4f36..28bec23b5 100644 --- a/include/proto/frontend.h +++ b/include/proto/frontend.h @@ -26,7 +26,6 @@ #include int frontend_accept(struct session *s); -int frontend_decode_proxy_request(struct session *s, struct channel *req, int an_bit); int make_proxy_line(char *buf, int buf_len, struct sockaddr_storage *src, struct sockaddr_storage *dst); diff --git a/include/types/channel.h b/include/types/channel.h index c68f4f768..a21e13f02 100644 --- a/include/types/channel.h +++ b/include/types/channel.h @@ -140,7 +140,7 @@ * The field is blanked by channel_init() and only by analysers themselves * afterwards. */ -#define AN_REQ_DECODE_PROXY 0x00000001 /* take the proxied address from a 'PROXY' line */ +/* unused: 0x00000001 */ #define AN_REQ_INSPECT_FE 0x00000002 /* inspect request contents in the frontend */ #define AN_REQ_WAIT_HTTP 0x00000004 /* wait for an HTTP request */ #define AN_REQ_HTTP_PROCESS_FE 0x00000008 /* process the frontend's HTTP part */ diff --git a/src/frontend.c b/src/frontend.c index 89c37528c..73802553d 100644 --- a/src/frontend.c +++ b/src/frontend.c @@ -234,191 +234,6 @@ int frontend_accept(struct session *s) return -1; } -/* This analyser tries to fetch a line from the request buffer which looks like : - * - * "PROXY" PROTO SRC3 DST3 SRC4 "\r\n" - * - * There must be exactly one space between each field. Fields are : - * - PROTO : layer 4 protocol, which must be "TCP4" or "TCP6". - * - SRC3 : layer 3 (eg: IP) source address in standard text form - * - DST3 : layer 3 (eg: IP) destination address in standard text form - * - SRC4 : layer 4 (eg: TCP port) source address in standard text form - * - DST4 : layer 4 (eg: TCP port) destination address in standard text form - * - * This line MUST be at the beginning of the buffer and MUST NOT wrap. - * - * Once the data is fetched, the values are set in the session's field and data - * are removed from the buffer. The function returns zero if it needs to wait - * for more data (max: timeout_client), or 1 if it has finished and removed itself. - */ -int frontend_decode_proxy_request(struct session *s, struct channel *req, int an_bit) -{ - char *line = req->buf.data; - char *end = req->buf.data + req->buf.i; - int len; - - DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n", - now_ms, __FUNCTION__, - s, - req, - req->rex, req->wex, - req->flags, - req->i, - req->analysers); - - if (req->flags & (CF_READ_ERROR|CF_READ_TIMEOUT)) - goto fail; - - len = MIN(req->buf.i, 6); - if (!len) - goto missing; - - /* Decode a possible proxy request, fail early if it does not match */ - if (strncmp(line, "PROXY ", len) != 0) - goto fail; - - line += 6; - if (req->buf.i < 18) /* shortest possible line */ - goto missing; - - if (!memcmp(line, "TCP4 ", 5) != 0) { - u32 src3, dst3, sport, dport; - - line += 5; - - src3 = inetaddr_host_lim_ret(line, end, &line); - if (line == end) - goto missing; - if (*line++ != ' ') - goto fail; - - dst3 = inetaddr_host_lim_ret(line, end, &line); - if (line == end) - goto missing; - if (*line++ != ' ') - goto fail; - - sport = read_uint((const char **)&line, end); - if (line == end) - goto missing; - if (*line++ != ' ') - goto fail; - - dport = read_uint((const char **)&line, end); - if (line > end - 2) - goto missing; - if (*line++ != '\r') - goto fail; - if (*line++ != '\n') - goto fail; - - /* update the session's addresses and mark them set */ - ((struct sockaddr_in *)&s->si[0].conn.addr.from)->sin_family = AF_INET; - ((struct sockaddr_in *)&s->si[0].conn.addr.from)->sin_addr.s_addr = htonl(src3); - ((struct sockaddr_in *)&s->si[0].conn.addr.from)->sin_port = htons(sport); - - ((struct sockaddr_in *)&s->si[0].conn.addr.to)->sin_family = AF_INET; - ((struct sockaddr_in *)&s->si[0].conn.addr.to)->sin_addr.s_addr = htonl(dst3); - ((struct sockaddr_in *)&s->si[0].conn.addr.to)->sin_port = htons(dport); - s->si[0].conn.flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET; - } - else if (!memcmp(line, "TCP6 ", 5) != 0) { - u32 sport, dport; - char *src_s; - char *dst_s, *sport_s, *dport_s; - struct in6_addr src3, dst3; - - line+=5; - - src_s = line; - dst_s = sport_s = dport_s = NULL; - while (1) { - if (line > end - 2) { - goto missing; - } - else if (*line == '\r') { - *line = 0; - line++; - if (*line++ != '\n') - goto fail; - break; - } - - if (*line == ' ') { - *line = 0; - if (!dst_s) - dst_s = line+1; - else if (!sport_s) - sport_s = line+1; - else if (!dport_s) - dport_s = line+1; - } - line++; - } - - if (!dst_s || !sport_s || !dport_s) - goto fail; - - sport = read_uint((const char **)&sport_s,dport_s-1); - if ( *sport_s != 0 ) - goto fail; - - dport = read_uint((const char **)&dport_s,line-2); - if ( *dport_s != 0 ) - goto fail; - - if (inet_pton(AF_INET6, src_s, (void *)&src3) != 1) - goto fail; - - if (inet_pton(AF_INET6, dst_s, (void *)&dst3) != 1) - goto fail; - - /* update the session's addresses and mark them set */ - ((struct sockaddr_in6 *)&s->si[0].conn.addr.from)->sin6_family = AF_INET6; - memcpy(&((struct sockaddr_in6 *)&s->si[0].conn.addr.from)->sin6_addr, &src3, sizeof(struct in6_addr)); - ((struct sockaddr_in6 *)&s->si[0].conn.addr.from)->sin6_port = htons(sport); - - ((struct sockaddr_in6 *)&s->si[0].conn.addr.to)->sin6_family = AF_INET6; - memcpy(&((struct sockaddr_in6 *)&s->si[0].conn.addr.to)->sin6_addr, &dst3, sizeof(struct in6_addr)); - ((struct sockaddr_in6 *)&s->si[0].conn.addr.to)->sin6_port = htons(dport); - s->si[0].conn.flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET; - } - else { - goto fail; - } - - /* remove the PROXY line from the request */ - len = line - req->buf.data; - buffer_replace2(&req->buf, req->buf.data, line, NULL, 0); - req->total -= len; /* don't count the header line */ - - req->analysers &= ~an_bit; - return 1; - - missing: - /* missing data and buffer is either full or shutdown => fail */ - if ((req->flags & CF_SHUTR) || buffer_full(&req->buf, global.tune.maxrewrite)) - goto fail; - - channel_dont_connect(s->req); - return 0; - - fail: - channel_abort(req); - channel_abort(s->rep); - req->analysers = 0; - - s->fe->fe_counters.failed_req++; - if (s->listener->counters) - s->listener->counters->failed_req++; - - if (!(s->flags & SN_ERR_MASK)) - s->flags |= SN_ERR_PRXCOND; - if (!(s->flags & SN_FINST_MASK)) - s->flags |= SN_FINST_R; - return 0; -} - /* This handshake handler waits a PROXY protocol header at the beginning of the * raw data stream. The header looks like this : * diff --git a/src/proto_http.c b/src/proto_http.c index a5df1fd9e..4faff5264 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -3865,7 +3865,6 @@ void http_end_txn_clean_session(struct session *s) channel_auto_close(s->rep); s->req->analysers = s->listener->analysers; - s->req->analysers &= ~AN_REQ_DECODE_PROXY; s->rep->analysers = 0; http_silent_debug(__LINE__, s); diff --git a/src/session.c b/src/session.c index 9c5920dd6..7f72156e9 100644 --- a/src/session.c +++ b/src/session.c @@ -1671,12 +1671,6 @@ struct task *process_session(struct task *t) while (ana_list && max_loops--) { /* Warning! ensure that analysers are always placed in ascending order! */ - if (ana_list & AN_REQ_DECODE_PROXY) { - if (!frontend_decode_proxy_request(s, s->req, AN_REQ_DECODE_PROXY)) - break; - UPDATE_ANALYSERS(s->req->analysers, ana_list, ana_back, AN_REQ_DECODE_PROXY); - } - if (ana_list & AN_REQ_INSPECT_FE) { if (!tcp_inspect_request(s, s->req, AN_REQ_INSPECT_FE)) break;