MINOR: server: define reverse-connect server

Implement reverse-connect server. This server type cannot instantiate its own connection on transfer. Instead, it can only reuse connection from its idle pool. These connections will be populated using the future 'tcp-request session attach-srv' rule. A reverse-connect has no address. Instead, it uses a new custom server notation with '@' character prefix. For the moment, only '@reverse' is defined. An extra check is implemented to ensure server is used in a HTTP proxy.
2026-05-04 12:41:00 +02:00 · 2023-07-25 15:16:55 +02:00 · 2023-07-25 15:16:55 +02:00 · e6223a3188
commit e6223a3188
parent 4fb538d4b6
4 changed files with 32 additions and 0 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -11437,6 +11437,13 @@ server <name> <address>[:[port]] [param*]
              variables. The "init-addr" setting can be used to modify the way
              IP addresses should be resolved upon startup.

+              Additionally, there is a special address notation defined for
+              servers which does not have any address assigned. Currently, only
+              '@reverse' is valid. This instantiates a server which can only be
+              used with reverse connect. This mode requires the proxy to be in
+              HTTP mode and the server to explicitly use HTTP/2, either through
+              'proto' or 'alpn' keywords.
+
    <port>    is an optional port specification. If set, all connections will
              be sent to this port. If unset, the same port the client
              connected to will be used. The port may also be prefixed by a "+"
--- a/include/haproxy/server-t.h
+++ b/include/haproxy/server-t.h
@ -141,6 +141,7 @@ enum srv_initaddr {
 #define SRV_F_NON_STICK    0x0004        /* never add connections allocated to this server to a stick table */
 #define SRV_F_USE_NS_FROM_PP 0x0008      /* use namespace associated with connection if present */
 #define SRV_F_FORCED_ID    0x0010        /* server's ID was forced in the configuration */
+#define SRV_F_REVERSE      0x0020        /* reverse connect server which requires idle connection for transfers */
 #define SRV_F_AGENTPORT    0x0040        /* this server has a agent port configured */
 #define SRV_F_AGENTADDR    0x0080        /* this server has a agent addr configured */
 #define SRV_F_COOKIESET    0x0100        /* this server has a cookie configured, so don't generate dynamic cookies */
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@ -4015,6 +4015,14 @@ out_uri_auth_compat:
 			if ((curproxy->mode != PR_MODE_HTTP) && (curproxy->options & PR_O_REUSE_MASK) != PR_O_REUSE_NEVR)
 				curproxy->options &= ~PR_O_REUSE_MASK;

+			if ((curproxy->mode != PR_MODE_HTTP) && newsrv->flags & SRV_F_REVERSE) {
+				ha_alert("%s '%s' : server %s uses reverse addressing which can only be used with HTTP mode.\n",
+					   proxy_type_str(curproxy), curproxy->id, newsrv->id);
+				cfgerr++;
+				err_code |= ERR_FATAL | ERR_ALERT;
+				goto out;
+			}
+
 			newsrv = newsrv->next;
 		}

--- a/src/server.c
+++ b/src/server.c
@ -2765,6 +2765,22 @@ static int _srv_parse_init(struct server **srv, char **args, int *cur_arg,
 		else
 			newsrv->tmpl_info.prefix = strdup(args[1]);

+		/* special address specifier */
+		if (args[*cur_arg][0] == '@') {
+			if (strcmp(args[*cur_arg], "@reverse") == 0) {
+				newsrv->flags |= SRV_F_REVERSE;
+			}
+			else {
+				ha_alert("unknown server address specifier '%s'\n",
+				         args[*cur_arg]);
+				err_code |= ERR_ALERT | ERR_FATAL;
+				goto out;
+			}
+
+			(*cur_arg)++;
+			parse_flags &= ~SRV_PARSE_PARSE_ADDR;
+		}
+
 		/* several ways to check the port component :
 		 *  - IP    => port=+0, relative (IPv4 only)
 		 *  - IP:   => port=+0, relative