mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-21 05:41:26 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: connection: Always get the stream when available to send PP2 line

Browse Source 
When a PROXY protocol line must be sent, it is important to always get the
stream if it exists. It is mandatory to send an unique ID when the unique-id
option is enabled. In conn_si_send_proxy(), to get the stream, we first retrieve
the conn-stream attached to the backend connection. Then if the conn-stream data
callback is si_conn_cb, it is possible to get the stream. But for now, it only
works for connections with a multiplexer. Thus, for mux-less connections, the
unique ID is never sent. This happens for all SSL connections relying on the
alpn to choose the good multiplexer. But it is possible to use the context of
such connections to get the conn-stream.

The bug was introduced by the commit cf6e0c8a8 ("MEDIUM: proxy_protocol: Support
sending unique IDs using PPv2"). Thus, this patch must be backported to the same
versions as the commit above.
This commit is contained in:
Christopher Faulet 2020-05-26 16:08:49 +02:00
parent 3ab504f5ff
commit d82056c319
1 changed files with 5 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/stream_interface.c
View File

@ -340,7 +340,11 @@ int conn_si_send_proxy(struct connection *conn, unsigned int flag)
const struct conn_stream *cs; const struct conn_stream *cs;
int ret; int ret;
cs = cs_get_first(conn); /* If there is no mux attached to the connection, it means the
* connection context is a conn-stream.
*/
cs = (conn->mux ? cs_get_first(conn) : conn->ctx);
/* The target server expects a PROXY line to be sent first. /* The target server expects a PROXY line to be sent first.
* If the send_proxy_ofs is negative, it corresponds to the * If the send_proxy_ofs is negative, it corresponds to the
* offset to start sending from then end of the proxy string * offset to start sending from then end of the proxy string
@ -360,22 +364,6 @@ int conn_si_send_proxy(struct connection *conn, unsigned int flag)
objt_server(conn->target), objt_server(conn->target),
remote_cs ? remote_cs->conn : NULL, remote_cs ? remote_cs->conn : NULL,
strm); strm);
/* We may not have a conn_stream yet, if we don't
* know which mux to use, because it will be decided
* during the SSL handshake. In this case, there should
* be a session associated to the connection in
* conn->owner, and we know it is the session that
* initiated that connection, so we can just use
* its origin, which should contain the client
* connection.
*/
} else if (!cs && conn->owner) {
struct session *sess = conn->owner;
ret = make_proxy_line(trash.area, trash.size,
objt_server(conn->target),
objt_conn(sess->origin),
NULL);
} }
else { else {
/* The target server expects a LOCAL line to be sent first. Retrieving /* The target server expects a LOCAL line to be sent first. Retrieving