mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-01-01 01:32:04 +00:00
CLEANUP: frontend: remove the old proxy protocol decoder
This one used to rely on a stream analyser which was inappropriate. It's not used anymore.
This commit is contained in:
parent
22cda21ad5
commit
74172ff9c3
@ -26,7 +26,6 @@
|
|||||||
#include <types/session.h>
|
#include <types/session.h>
|
||||||
|
|
||||||
int frontend_accept(struct session *s);
|
int frontend_accept(struct session *s);
|
||||||
int frontend_decode_proxy_request(struct session *s, struct channel *req, int an_bit);
|
|
||||||
int make_proxy_line(char *buf, int buf_len, struct sockaddr_storage *src, struct sockaddr_storage *dst);
|
int make_proxy_line(char *buf, int buf_len, struct sockaddr_storage *src, struct sockaddr_storage *dst);
|
||||||
|
|
||||||
|
|
||||||
|
@ -140,7 +140,7 @@
|
|||||||
* The field is blanked by channel_init() and only by analysers themselves
|
* The field is blanked by channel_init() and only by analysers themselves
|
||||||
* afterwards.
|
* afterwards.
|
||||||
*/
|
*/
|
||||||
#define AN_REQ_DECODE_PROXY 0x00000001 /* take the proxied address from a 'PROXY' line */
|
/* unused: 0x00000001 */
|
||||||
#define AN_REQ_INSPECT_FE 0x00000002 /* inspect request contents in the frontend */
|
#define AN_REQ_INSPECT_FE 0x00000002 /* inspect request contents in the frontend */
|
||||||
#define AN_REQ_WAIT_HTTP 0x00000004 /* wait for an HTTP request */
|
#define AN_REQ_WAIT_HTTP 0x00000004 /* wait for an HTTP request */
|
||||||
#define AN_REQ_HTTP_PROCESS_FE 0x00000008 /* process the frontend's HTTP part */
|
#define AN_REQ_HTTP_PROCESS_FE 0x00000008 /* process the frontend's HTTP part */
|
||||||
|
185
src/frontend.c
185
src/frontend.c
@ -234,191 +234,6 @@ int frontend_accept(struct session *s)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* This analyser tries to fetch a line from the request buffer which looks like :
|
|
||||||
*
|
|
||||||
* "PROXY" <SP> PROTO <SP> SRC3 <SP> DST3 <SP> SRC4 <SP> <DST4> "\r\n"
|
|
||||||
*
|
|
||||||
* There must be exactly one space between each field. Fields are :
|
|
||||||
* - PROTO : layer 4 protocol, which must be "TCP4" or "TCP6".
|
|
||||||
* - SRC3 : layer 3 (eg: IP) source address in standard text form
|
|
||||||
* - DST3 : layer 3 (eg: IP) destination address in standard text form
|
|
||||||
* - SRC4 : layer 4 (eg: TCP port) source address in standard text form
|
|
||||||
* - DST4 : layer 4 (eg: TCP port) destination address in standard text form
|
|
||||||
*
|
|
||||||
* This line MUST be at the beginning of the buffer and MUST NOT wrap.
|
|
||||||
*
|
|
||||||
* Once the data is fetched, the values are set in the session's field and data
|
|
||||||
* are removed from the buffer. The function returns zero if it needs to wait
|
|
||||||
* for more data (max: timeout_client), or 1 if it has finished and removed itself.
|
|
||||||
*/
|
|
||||||
int frontend_decode_proxy_request(struct session *s, struct channel *req, int an_bit)
|
|
||||||
{
|
|
||||||
char *line = req->buf.data;
|
|
||||||
char *end = req->buf.data + req->buf.i;
|
|
||||||
int len;
|
|
||||||
|
|
||||||
DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d analysers=%02x\n",
|
|
||||||
now_ms, __FUNCTION__,
|
|
||||||
s,
|
|
||||||
req,
|
|
||||||
req->rex, req->wex,
|
|
||||||
req->flags,
|
|
||||||
req->i,
|
|
||||||
req->analysers);
|
|
||||||
|
|
||||||
if (req->flags & (CF_READ_ERROR|CF_READ_TIMEOUT))
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
len = MIN(req->buf.i, 6);
|
|
||||||
if (!len)
|
|
||||||
goto missing;
|
|
||||||
|
|
||||||
/* Decode a possible proxy request, fail early if it does not match */
|
|
||||||
if (strncmp(line, "PROXY ", len) != 0)
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
line += 6;
|
|
||||||
if (req->buf.i < 18) /* shortest possible line */
|
|
||||||
goto missing;
|
|
||||||
|
|
||||||
if (!memcmp(line, "TCP4 ", 5) != 0) {
|
|
||||||
u32 src3, dst3, sport, dport;
|
|
||||||
|
|
||||||
line += 5;
|
|
||||||
|
|
||||||
src3 = inetaddr_host_lim_ret(line, end, &line);
|
|
||||||
if (line == end)
|
|
||||||
goto missing;
|
|
||||||
if (*line++ != ' ')
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
dst3 = inetaddr_host_lim_ret(line, end, &line);
|
|
||||||
if (line == end)
|
|
||||||
goto missing;
|
|
||||||
if (*line++ != ' ')
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
sport = read_uint((const char **)&line, end);
|
|
||||||
if (line == end)
|
|
||||||
goto missing;
|
|
||||||
if (*line++ != ' ')
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
dport = read_uint((const char **)&line, end);
|
|
||||||
if (line > end - 2)
|
|
||||||
goto missing;
|
|
||||||
if (*line++ != '\r')
|
|
||||||
goto fail;
|
|
||||||
if (*line++ != '\n')
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
/* update the session's addresses and mark them set */
|
|
||||||
((struct sockaddr_in *)&s->si[0].conn.addr.from)->sin_family = AF_INET;
|
|
||||||
((struct sockaddr_in *)&s->si[0].conn.addr.from)->sin_addr.s_addr = htonl(src3);
|
|
||||||
((struct sockaddr_in *)&s->si[0].conn.addr.from)->sin_port = htons(sport);
|
|
||||||
|
|
||||||
((struct sockaddr_in *)&s->si[0].conn.addr.to)->sin_family = AF_INET;
|
|
||||||
((struct sockaddr_in *)&s->si[0].conn.addr.to)->sin_addr.s_addr = htonl(dst3);
|
|
||||||
((struct sockaddr_in *)&s->si[0].conn.addr.to)->sin_port = htons(dport);
|
|
||||||
s->si[0].conn.flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET;
|
|
||||||
}
|
|
||||||
else if (!memcmp(line, "TCP6 ", 5) != 0) {
|
|
||||||
u32 sport, dport;
|
|
||||||
char *src_s;
|
|
||||||
char *dst_s, *sport_s, *dport_s;
|
|
||||||
struct in6_addr src3, dst3;
|
|
||||||
|
|
||||||
line+=5;
|
|
||||||
|
|
||||||
src_s = line;
|
|
||||||
dst_s = sport_s = dport_s = NULL;
|
|
||||||
while (1) {
|
|
||||||
if (line > end - 2) {
|
|
||||||
goto missing;
|
|
||||||
}
|
|
||||||
else if (*line == '\r') {
|
|
||||||
*line = 0;
|
|
||||||
line++;
|
|
||||||
if (*line++ != '\n')
|
|
||||||
goto fail;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (*line == ' ') {
|
|
||||||
*line = 0;
|
|
||||||
if (!dst_s)
|
|
||||||
dst_s = line+1;
|
|
||||||
else if (!sport_s)
|
|
||||||
sport_s = line+1;
|
|
||||||
else if (!dport_s)
|
|
||||||
dport_s = line+1;
|
|
||||||
}
|
|
||||||
line++;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!dst_s || !sport_s || !dport_s)
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
sport = read_uint((const char **)&sport_s,dport_s-1);
|
|
||||||
if ( *sport_s != 0 )
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
dport = read_uint((const char **)&dport_s,line-2);
|
|
||||||
if ( *dport_s != 0 )
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
if (inet_pton(AF_INET6, src_s, (void *)&src3) != 1)
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
if (inet_pton(AF_INET6, dst_s, (void *)&dst3) != 1)
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
/* update the session's addresses and mark them set */
|
|
||||||
((struct sockaddr_in6 *)&s->si[0].conn.addr.from)->sin6_family = AF_INET6;
|
|
||||||
memcpy(&((struct sockaddr_in6 *)&s->si[0].conn.addr.from)->sin6_addr, &src3, sizeof(struct in6_addr));
|
|
||||||
((struct sockaddr_in6 *)&s->si[0].conn.addr.from)->sin6_port = htons(sport);
|
|
||||||
|
|
||||||
((struct sockaddr_in6 *)&s->si[0].conn.addr.to)->sin6_family = AF_INET6;
|
|
||||||
memcpy(&((struct sockaddr_in6 *)&s->si[0].conn.addr.to)->sin6_addr, &dst3, sizeof(struct in6_addr));
|
|
||||||
((struct sockaddr_in6 *)&s->si[0].conn.addr.to)->sin6_port = htons(dport);
|
|
||||||
s->si[0].conn.flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* remove the PROXY line from the request */
|
|
||||||
len = line - req->buf.data;
|
|
||||||
buffer_replace2(&req->buf, req->buf.data, line, NULL, 0);
|
|
||||||
req->total -= len; /* don't count the header line */
|
|
||||||
|
|
||||||
req->analysers &= ~an_bit;
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
missing:
|
|
||||||
/* missing data and buffer is either full or shutdown => fail */
|
|
||||||
if ((req->flags & CF_SHUTR) || buffer_full(&req->buf, global.tune.maxrewrite))
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
channel_dont_connect(s->req);
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
fail:
|
|
||||||
channel_abort(req);
|
|
||||||
channel_abort(s->rep);
|
|
||||||
req->analysers = 0;
|
|
||||||
|
|
||||||
s->fe->fe_counters.failed_req++;
|
|
||||||
if (s->listener->counters)
|
|
||||||
s->listener->counters->failed_req++;
|
|
||||||
|
|
||||||
if (!(s->flags & SN_ERR_MASK))
|
|
||||||
s->flags |= SN_ERR_PRXCOND;
|
|
||||||
if (!(s->flags & SN_FINST_MASK))
|
|
||||||
s->flags |= SN_FINST_R;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* This handshake handler waits a PROXY protocol header at the beginning of the
|
/* This handshake handler waits a PROXY protocol header at the beginning of the
|
||||||
* raw data stream. The header looks like this :
|
* raw data stream. The header looks like this :
|
||||||
*
|
*
|
||||||
|
@ -3865,7 +3865,6 @@ void http_end_txn_clean_session(struct session *s)
|
|||||||
channel_auto_close(s->rep);
|
channel_auto_close(s->rep);
|
||||||
|
|
||||||
s->req->analysers = s->listener->analysers;
|
s->req->analysers = s->listener->analysers;
|
||||||
s->req->analysers &= ~AN_REQ_DECODE_PROXY;
|
|
||||||
s->rep->analysers = 0;
|
s->rep->analysers = 0;
|
||||||
|
|
||||||
http_silent_debug(__LINE__, s);
|
http_silent_debug(__LINE__, s);
|
||||||
|
@ -1671,12 +1671,6 @@ struct task *process_session(struct task *t)
|
|||||||
while (ana_list && max_loops--) {
|
while (ana_list && max_loops--) {
|
||||||
/* Warning! ensure that analysers are always placed in ascending order! */
|
/* Warning! ensure that analysers are always placed in ascending order! */
|
||||||
|
|
||||||
if (ana_list & AN_REQ_DECODE_PROXY) {
|
|
||||||
if (!frontend_decode_proxy_request(s, s->req, AN_REQ_DECODE_PROXY))
|
|
||||||
break;
|
|
||||||
UPDATE_ANALYSERS(s->req->analysers, ana_list, ana_back, AN_REQ_DECODE_PROXY);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ana_list & AN_REQ_INSPECT_FE) {
|
if (ana_list & AN_REQ_INSPECT_FE) {
|
||||||
if (!tcp_inspect_request(s, s->req, AN_REQ_INSPECT_FE))
|
if (!tcp_inspect_request(s, s->req, AN_REQ_INSPECT_FE))
|
||||||
break;
|
break;
|
||||||
|
Loading…
Reference in New Issue
Block a user