mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-29 14:50:59 +01:00
Code Issues Projects Releases Wiki Activity

CLEANUP: tcp rules: mention everywhere that tcp-conn rules are L4

Browse Source 
This is in order to make integration of tcp-request-session cleaner :
- tcp_exec_req_rules() was renamed tcp_exec_l4_rules()
- LI_O_TCP_RULES was renamed LI_O_TCP_L4_RULES
  (LI_O_*'s horrible indent was also fixed and a provision was left
   for L5 rules).
This commit is contained in:
Willy Tarreau 2016-10-21 16:34:21 +02:00
parent 8a90b8ea19
commit 7d9736fb5d
5 changed files with 19 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/proto/proto_tcp.h
View File

@ -38,7 +38,7 @@ int tcp_get_dst(int fd, struct sockaddr *sa, socklen_t salen, int dir);
int tcp_drain(int fd); int tcp_drain(int fd);
int tcp_inspect_request(struct stream *s, struct channel *req, int an_bit); int tcp_inspect_request(struct stream *s, struct channel *req, int an_bit);
int tcp_inspect_response(struct stream *s, struct channel *rep, int an_bit); int tcp_inspect_response(struct stream *s, struct channel *rep, int an_bit);
int tcp_exec_req_rules(struct session *sess); int tcp_exec_l4_rules(struct session *sess);
/* TCP keywords. */ /* TCP keywords. */
void tcp_req_conn_keywords_register(struct action_kw_list *kw_list); void tcp_req_conn_keywords_register(struct action_kw_list *kw_list);

18
include/types/listener.h
View File

@ -82,17 +82,17 @@ enum li_state {
/* listener socket options */ /* listener socket options */
#define LI_O_NONE 0x0000 #define LI_O_NONE 0x0000
#define LI_O_NOLINGER 0x0001 /* disable linger on this socket */ #define LI_O_NOLINGER 0x0001 /* disable linger on this socket */
#define LI_O_FOREIGN 0x0002 /* permit listening on foreing addresses */ #define LI_O_FOREIGN 0x0002 /* permit listening on foreing addresses ("transparent") */
#define LI_O_NOQUICKACK 0x0004 /* disable quick ack of immediate data (linux) */ #define LI_O_NOQUICKACK 0x0004 /* disable quick ack of immediate data (linux) */
#define LI_O_DEF_ACCEPT 0x0008 /* wait up to 1 second for data before accepting */ #define LI_O_DEF_ACCEPT 0x0008 /* wait up to 1 second for data before accepting */
#define LI_O_TCP_RULES 0x0010 /* run TCP rules checks on the incoming connection */ #define LI_O_TCP_L4_RULES 0x0010 /* run TCP L4 rules checks on the incoming connection */
#define LI_O_CHK_MONNET 0x0020 /* check the source against a monitor-net rule */ #define LI_O_CHK_MONNET 0x0040 /* check the source against a monitor-net rule */
#define LI_O_ACC_PROXY 0x0040 /* find the proxied address in the first request line */ #define LI_O_ACC_PROXY 0x0080 /* find the proxied address in the first request line */
#define LI_O_UNLIMITED 0x0080 /* listener not subject to global limits (peers & stats socket) */ #define LI_O_UNLIMITED 0x0100 /* listener not subject to global limits (peers & stats socket) */
#define LI_O_TCP_FO 0x0100 /* enable TCP Fast Open (linux >= 3.7) */ #define LI_O_TCP_FO 0x0200 /* enable TCP Fast Open (linux >= 3.7) */
#define LI_O_V6ONLY 0x0200 /* bind to IPv6 only on Linux >= 2.4.21 */ #define LI_O_V6ONLY 0x0400 /* bind to IPv6 only on Linux >= 2.4.21 */
#define LI_O_V4V6 0x0400 /* bind to IPv4/IPv6 on Linux >= 2.4.21 */ #define LI_O_V4V6 0x0800 /* bind to IPv4/IPv6 on Linux >= 2.4.21 */
#define LI_O_ACC_CIP 0x0800 /* find the proxied address in the NetScaler Client IP header */ #define LI_O_ACC_CIP 0x1000 /* find the proxied address in the NetScaler Client IP header */
/* Note: if a listener uses LI_O_UNLIMITED, it is highly recommended that it adds its own /* Note: if a listener uses LI_O_UNLIMITED, it is highly recommended that it adds its own
* maxconn setting to the global.maxsock value so that its resources are reserved. * maxconn setting to the global.maxsock value so that its resources are reserved.

2
src/cfgparse.c
View File

@ -8828,7 +8828,7 @@ out_uri_auth_compat:
listener->default_target = curproxy->default_target; listener->default_target = curproxy->default_target;
if (!LIST_ISEMPTY(&curproxy->tcp_req.l4_rules)) if (!LIST_ISEMPTY(&curproxy->tcp_req.l4_rules))
listener->options |= LI_O_TCP_RULES; listener->options |= LI_O_TCP_L4_RULES;
if (curproxy->mon_mask.s_addr) if (curproxy->mon_mask.s_addr)
listener->options |= LI_O_CHK_MONNET; listener->options |= LI_O_CHK_MONNET;

4
src/proto_tcp.c
View File

@ -1353,7 +1353,7 @@ resume_execution:
* matches or if no more rule matches. It can only use rules which don't need * matches or if no more rule matches. It can only use rules which don't need
* any data. This only works on connection-based client-facing stream interfaces. * any data. This only works on connection-based client-facing stream interfaces.
*/ */
int tcp_exec_req_rules(struct session *sess) int tcp_exec_l4_rules(struct session *sess)
{ {
struct act_rule *rule; struct act_rule *rule;
struct stksess *ts; struct stksess *ts;
@ -1881,10 +1881,12 @@ static int tcp_parse_request_rule(char **args, int arg, int section_type,
else { else {
struct action_kw *kw; struct action_kw *kw;
if (where & SMP_VAL_FE_CON_ACC) { if (where & SMP_VAL_FE_CON_ACC) {
/* L4 */
kw = tcp_req_conn_action(args[arg]); kw = tcp_req_conn_action(args[arg]);
rule->kw = kw; rule->kw = kw;
rule->from = ACT_F_TCP_REQ_CON; rule->from = ACT_F_TCP_REQ_CON;
} else { } else {
/* L6 */
kw = tcp_req_cont_action(args[arg]); kw = tcp_req_cont_action(args[arg]);
rule->kw = kw; rule->kw = kw;
rule->from = ACT_F_TCP_REQ_CNT; rule->from = ACT_F_TCP_REQ_CNT;

2
src/session.c
View File

@ -166,7 +166,7 @@ int session_accept_fd(struct listener *l, int cfd, struct sockaddr_storage *addr
/* now evaluate the tcp-request layer4 rules. We only need a session /* now evaluate the tcp-request layer4 rules. We only need a session
* and no stream for these rules. * and no stream for these rules.
*/ */
if ((l->options & LI_O_TCP_RULES) && !tcp_exec_req_rules(sess)) { if ((l->options & LI_O_TCP_L4_RULES) && !tcp_exec_l4_rules(sess)) {
/* let's do a no-linger now to close with a single RST. */ /* let's do a no-linger now to close with a single RST. */
setsockopt(cfd, SOL_SOCKET, SO_LINGER, (struct linger *) &nolinger, sizeof(struct linger)); setsockopt(cfd, SOL_SOCKET, SO_LINGER, (struct linger *) &nolinger, sizeof(struct linger));
ret = 0; /* successful termination */ ret = 0; /* successful termination */