RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
haproxy/include/proto/proto_tcp.h

71 lines
2.5 KiB
C
Raw Normal View History

[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 00:09:36 +00:00
/*
[MEDIUM] backend: move the transparent proxy address selection to backend The transparent proxy address selection was set in the TCP connect function which is not the most appropriate place since this function has limited access to the amount of parameters which could produce a source address. Instead, now we determine the source address in backend.c:connect_server(), right after calling assign_server_address() and we assign this address in the session and pass it to the TCP connect function. This cannot be performed in assign_server_address() itself because in some cases (transparent mode, dispatch mode or http_proxy mode), we assign the address somewhere else. This change will open the ability to bind to addresses extracted from many other criteria (eg: from a header).
2010-03-29 17:36:59 +00:00
* include/proto/proto_tcp.h
* This file contains TCP socket protocol definitions.
*
* Copyright (C) 2000-2010 Willy Tarreau - w@1wt.eu
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation, version 2.1
* exclusively.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 00:09:36 +00:00
#ifndef _PROTO_PROTO_TCP_H
#define _PROTO_PROTO_TCP_H
#include <common/config.h>
[MAJOR] implement tcp request content inspection Some people need to inspect contents of TCP requests before deciding to forward a connection or not. A future extension of this demand might consist in selecting a server farm depending on the protocol detected in the request. For this reason, a new state CL_STINSPECT has been added on the client side. It is immediately entered upon accept() if the statement "tcp-request inspect-delay <xxx>" is found in the frontend configuration. Haproxy will then wait up to this amount of time trying to find a matching ACL, and will either accept or reject the connection depending on the "tcp-request content <action> {if|unless}" rules, where <action> is either "accept" or "reject". Note that it only waits that long if no definitive verdict can be found earlier. That generally implies calling a fetch() function which does not have enough information to decode some contents, or a match() function which only finds the beginning of what it's looking for. It is only at the ACL level that partial data may be processed as such, because we need to distinguish between MISS and FAIL *before* applying the term negation. Thus it is enough to add "| ACL_PARTIAL" to the last argument when calling acl_exec_cond() to indicate that we expect ACL_PAT_MISS to be returned if some data is missing (for fetch() or match()). This is the only case we may return this value. For this reason, the ACL check in process_cli() has become a lot simpler. A new ACL "req_len" of type "int" has been added. Right now it is already possible to drop requests which talk too early (eg: for SMTP) or which don't talk at all (eg: HTTP/SSL). Also, the acl fetch() functions have been extended in order to permit reporting of missing data in case of fetch failure, using the ACL_TEST_F_MAY_CHANGE flag. The default behaviour is unchanged, and if no rule matches, the request is accepted. As a side effect, all layer 7 fetching functions have been cleaned up so that they now check for the validity of the layer 7 pointer before dereferencing it.
2008-07-14 21:54:42 +00:00
#include <types/proto_tcp.h>
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 00:09:36 +00:00
#include <types/task.h>
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 19:04:55 +00:00
#include <proto/stick_table.h>
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 00:09:36 +00:00
[MEDIUM] add internal support for IPv6 server addresses This patch turns internal server addresses to sockaddr_storage to store IPv6 addresses, and makes the connect() function use it. This code already works but some caveats with getaddrinfo/gethostbyname still need to be sorted out while the changes had to be merged at this stage of internal architecture changes. So for now the config parser will not emit an IPv6 address yet so that user experience remains unchanged. This change should have absolutely zero user-visible effect, otherwise it's a bug introduced during the merge, that should be reported ASAP.
2011-03-10 21:26:24 +00:00
int tcp_bind_socket(int fd, int flags, struct sockaddr_storage *local, struct sockaddr_storage *remote);
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 00:09:36 +00:00
void tcpv4_add_listener(struct listener *listener);
void tcpv6_add_listener(struct listener *listener);
[MEDIUM] add internal support for IPv6 server addresses This patch turns internal server addresses to sockaddr_storage to store IPv6 addresses, and makes the connect() function use it. This code already works but some caveats with getaddrinfo/gethostbyname still need to be sorted out while the changes had to be merged at this stage of internal architecture changes. So for now the config parser will not emit an IPv6 address yet so that user experience remains unchanged. This change should have absolutely zero user-visible effect, otherwise it's a bug introduced during the merge, that should be reported ASAP.
2011-03-10 21:26:24 +00:00
int tcp_connect_server(struct stream_interface *si);
MEDIUM: stream_interface: pass connection instead of fd in sock_ops The sock_ops I/O callbacks made use of an FD till now. This has become inappropriate and the struct connection is much more useful. It also fixes the race condition introduced by previous change.
2012-07-23 16:53:03 +00:00
int tcp_connect_probe(struct connection *conn);
BUG/MEDIUM: stream_interface: restore get_src/get_dst Commit e164e7a removed get_src/get_dst setting in the stream interfaces but forgot to set it in proto_tcp. Get the feature back because we need it for logging, transparent mode, ACLs etc... We now rely on the stream interface direction to know what syscall to use. One benefit of doing it this way is that we don't use getsockopt() anymore on outgoing stream interfaces nor on UNIX sockets.
2012-05-11 14:16:40 +00:00
int tcp_get_src(int fd, struct sockaddr *sa, socklen_t salen, int dir);
int tcp_get_dst(int fd, struct sockaddr *sa, socklen_t salen, int dir);
[MEDIUM] session: tell analysers what bit they were called for Some stream analysers might become generic enough to be called for several bits. So we cannot have the analyser bit hard coded into the analyser itself. Let's make the caller inform the callee.
2009-07-07 08:55:49 +00:00
int tcp_inspect_request(struct session *s, struct buffer *req, int an_bit);
[MEDIUM] Implement tcp inspect response rules
2010-09-23 15:56:44 +00:00
int tcp_inspect_response(struct session *s, struct buffer *rep, int an_bit);
[MEDIUM] frontend: check for LI_O_TCP_RULES in the listener The new LI_O_TCP_RULES listener option indicates that some TCP rules must be checked upon accept on this listener. It is now checked by the frontend and the L4 rules are evaluated only in this case. The flag is only set when at least one tcp-req rule is present in the frontend. The L4 rules check function has now been moved to proto_tcp.c where it ought to be.
2010-05-31 08:30:33 +00:00
int tcp_exec_req_rules(struct session *s);
MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The <dir> field of all fetch functions was changed to <opt> which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened.
2012-04-25 08:13:36 +00:00
int smp_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp);
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 00:09:36 +00:00
[MEDIUM] IPv6 support for stick-tables Since IPv6 is a different type than IPv4, the pattern fetch functions src6 and dst6 were added. IPv6 stick-tables can also fetch IPv4 addresses with src and dst. In this case, the IPv4 addresses are mapped to their IPv6 counterpart, according to RFC 4291.
2011-03-24 10:09:31 +00:00
/* Converts the TCP source address to a stick_table key usable for table
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 19:04:55 +00:00
* lookups. Returns either NULL if the source cannot be converted (eg: not
* IPv4) or a pointer to the converted result in static_table_key in the
* appropriate format (IP).
*/
[MEDIUM] IPv6 support for stick-tables Since IPv6 is a different type than IPv4, the pattern fetch functions src6 and dst6 were added. IPv6 stick-tables can also fetch IPv4 addresses with src and dst. In this case, the IPv4 addresses are mapped to their IPv6 counterpart, according to RFC 4291.
2011-03-24 10:09:31 +00:00
static inline struct stktable_key *tcp_src_to_stktable_key(struct session *s)
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 19:04:55 +00:00
{
MINOR: remove the client/server side distinction in SI addresses Stream interfaces used to distinguish between client and server addresses because they were previously of different types (sockaddr_storage for the client, sockaddr_in for the server). This is not the case anymore, and this distinction is confusing at best and has caused a number of regressions to be introduced in the process of converting everything to full-ipv6. We can now remove this and have a much cleaner code.
2011-09-23 08:54:59 +00:00
switch (s->si[0].addr.from.ss_family) {
[MEDIUM] IPv6 support for stick-tables Since IPv6 is a different type than IPv4, the pattern fetch functions src6 and dst6 were added. IPv6 stick-tables can also fetch IPv4 addresses with src and dst. In this case, the IPv4 addresses are mapped to their IPv6 counterpart, according to RFC 4291.
2011-03-24 10:09:31 +00:00
case AF_INET:
MINOR: remove the client/server side distinction in SI addresses Stream interfaces used to distinguish between client and server addresses because they were previously of different types (sockaddr_storage for the client, sockaddr_in for the server). This is not the case anymore, and this distinction is confusing at best and has caused a number of regressions to be introduced in the process of converting everything to full-ipv6. We can now remove this and have a much cleaner code.
2011-09-23 08:54:59 +00:00
static_table_key.key = (void *)&((struct sockaddr_in *)&s->si[0].addr.from)->sin_addr;
[BUG] TCP source tracking was broken with IPv6 changes John Helliwell reported a bug when using TCP source address tracking on Solaris. The bug was introduced in haproxy 1.5-dev5.
2011-04-07 08:44:39 +00:00
break;
[MEDIUM] IPv6 support for stick-tables Since IPv6 is a different type than IPv4, the pattern fetch functions src6 and dst6 were added. IPv6 stick-tables can also fetch IPv4 addresses with src and dst. In this case, the IPv4 addresses are mapped to their IPv6 counterpart, according to RFC 4291.
2011-03-24 10:09:31 +00:00
case AF_INET6:
MINOR: remove the client/server side distinction in SI addresses Stream interfaces used to distinguish between client and server addresses because they were previously of different types (sockaddr_storage for the client, sockaddr_in for the server). This is not the case anymore, and this distinction is confusing at best and has caused a number of regressions to be introduced in the process of converting everything to full-ipv6. We can now remove this and have a much cleaner code.
2011-09-23 08:54:59 +00:00
static_table_key.key = (void *)&((struct sockaddr_in6 *)&s->si[0].addr.from)->sin6_addr;
[BUG] TCP source tracking was broken with IPv6 changes John Helliwell reported a bug when using TCP source address tracking on Solaris. The bug was introduced in haproxy 1.5-dev5.
2011-04-07 08:44:39 +00:00
break;
BUG: stktable: tcp_src_to_stktable_key() must return NULL on invalid families Source addresses of non-TCP families were not correctly handled by tcp_src_to_stktable_key() as it forgot to return NULL and instead left the previous value in the stick-table buffer. This bug is 1.5-specific and was introduced by commit 4f92d320 in 1.5-dev6 so it does not need any backport.
2012-08-30 20:52:28 +00:00
default:
return NULL;
[MEDIUM] IPv6 support for stick-tables Since IPv6 is a different type than IPv4, the pattern fetch functions src6 and dst6 were added. IPv6 stick-tables can also fetch IPv4 addresses with src and dst. In this case, the IPv4 addresses are mapped to their IPv6 counterpart, according to RFC 4291.
2011-03-24 10:09:31 +00:00
}
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 19:04:55 +00:00
return &static_table_key;
}
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 00:09:36 +00:00
#endif /* _PROTO_PROTO_TCP_H */
/*
* Local variables:
* c-indent-level: 8
* c-basic-offset: 8
* End:
*/