diff --git a/doc/configuration.txt b/doc/configuration.txt
index b28e85198..89d6dd709 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -1352,6 +1352,8 @@ balance url_param [check_post []]
changing a server's weight on the fly will have no effect,
but this can be changed using "hash-type".
+ See also the rdp_cookie pattern fetch function.
+
is an optional list of arguments which may be needed by some
algorithms. Right now, only "url_param" and "uri" support an
optional argument.
@@ -4127,7 +4129,8 @@ persist rdp-cookie(name)
server srv1 1.1.1.1:3389
server srv2 1.1.1.2:3389
- See also : "balance rdp-cookie", "tcp-request" and the "req_rdp_cookie" ACL.
+ See also : "balance rdp-cookie", "tcp-request", the "req_rdp_cookie" ACL and
+ the rdp_cookie pattern fetch function.
rate-limit sessions
@@ -7928,6 +7931,40 @@ The list of currently supported pattern fetch functions is the following :
http://example.com/foo?JESSIONID=some_id with
url_param(JSESSIONID)), for cases where cookies cannot be used.
+ rdp_cookie(name)
+ This extracts the value of the rdp cookie as a string
+ and uses this value to match. This enables implementation of
+ persistence based on the mstshash cookie. This is typically
+ done if there is no msts cookie present.
+
+ This differs from "balance rdp-cookie" in that any balancing
+ algorithm may be used and thus the distribution of clients
+ to backend servers is not linked to a hash of the RDP
+ cookie. It is envisaged that using a balancing algorithm
+ such as "balance roundrobin" or "balance leastconnect" will
+ lead to a more even distribution of clients to backend
+ servers than the hash used by "balance rdp-cookie".
+
+ Example :
+ listen tse-farm
+ bind 0.0.0.0:3389
+ # wait up to 5s for an RDP cookie in the request
+ tcp-request inspect-delay 5s
+ tcp-request content accept if RDP_COOKIE
+ # apply RDP cookie persistence
+ persist rdp-cookie
+ # Persist based on the mstshash cookie
+ # This is only useful makes sense if
+ # balance rdp-cookie is not used
+ stick-table type string size 204800
+ stick on rdp_cookie(mstshash)
+ server srv1 1.1.1.1:3389
+ server srv1 1.1.1.2:3389
+
+ See also : "balance rdp-cookie", "persist rdp-cookie",
+ "tcp-request" and the "req_rdp_cookie" ACL.
+
+
The currently available list of transformations include :
lower Convert a string pattern to lower case. This can only be placed
diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index e6d6c58a0..f03d3f338 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -1578,6 +1578,32 @@ pattern_fetch_payload(struct proxy *px, struct session *l4, void *l7, int dir,
return 1;
}
+static int
+pattern_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, int dir,
+ const struct pattern_arg *arg_p, int arg_i, union pattern_data *data)
+{
+ int ret;
+ struct acl_expr expr;
+ struct acl_test test;
+
+ if (!l4)
+ return 0;
+
+ memset(&expr, 0, sizeof(expr));
+ memset(&test, 0, sizeof(test));
+
+ expr.arg.str = arg_p[0].data.str.str;
+ expr.arg_len = arg_p[0].data.str.len;
+
+ ret = acl_fetch_rdp_cookie(px, l4, NULL, ACL_DIR_REQ, &expr, &test);
+ if (ret == 0 || (test.flags & ACL_TEST_F_MAY_CHANGE) || test.len == 0)
+ return 0;
+
+ /* init chunk as read only */
+ chunk_initlen(&data->str, test.ptr, 0, test.len);
+ return 1;
+}
+
static struct cfg_kw_list cfg_kws = {{ },{
{ CFG_LISTEN, "tcp-request", tcp_parse_tcp_req },
{ CFG_LISTEN, "tcp-response", tcp_parse_tcp_rep },
@@ -1602,6 +1628,7 @@ static struct pattern_fetch_kw_list pattern_fetch_keywords = {{ },{
{ "dst_port", pattern_fetch_dport, NULL, PATTERN_TYPE_INTEGER, PATTERN_FETCH_REQ },
{ "payload", pattern_fetch_payload, pattern_arg_fetch_payload, PATTERN_TYPE_CONSTDATA, PATTERN_FETCH_REQ|PATTERN_FETCH_RTR },
{ "payload_lv", pattern_fetch_payloadlv, pattern_arg_fetch_payloadlv, PATTERN_TYPE_CONSTDATA, PATTERN_FETCH_REQ|PATTERN_FETCH_RTR },
+ { "rdp_cookie", pattern_fetch_rdp_cookie, pattern_arg_str, PATTERN_TYPE_CONSTSTRING, PATTERN_FETCH_REQ },
{ NULL, NULL, NULL, 0, 0 },
}};