CLEANUP: tcp rules: mention everywhere that tcp-conn rules are L4

This is in order to make integration of tcp-request-session cleaner : - tcp_exec_req_rules() was renamed tcp_exec_l4_rules() - LI_O_TCP_RULES was renamed LI_O_TCP_L4_RULES (LI_O_*'s horrible indent was also fixed and a provision was left for L5 rules).
2025-04-01 22:48:25 +00:00 · 2016-10-21 16:34:21 +02:00 · 2016-10-21 16:34:21 +02:00 · 7d9736fb5d
commit 7d9736fb5d
parent 8a90b8ea19
5 changed files with 19 additions and 17 deletions
--- a/include/proto/proto_tcp.h
+++ b/include/proto/proto_tcp.h
@ -38,7 +38,7 @@ int tcp_get_dst(int fd, struct sockaddr *sa, socklen_t salen, int dir);
 int tcp_drain(int fd);
 int tcp_inspect_request(struct stream *s, struct channel *req, int an_bit);
 int tcp_inspect_response(struct stream *s, struct channel *rep, int an_bit);
-int tcp_exec_req_rules(struct session *sess);
+int tcp_exec_l4_rules(struct session *sess);

 /* TCP keywords. */
 void tcp_req_conn_keywords_register(struct action_kw_list *kw_list);
--- a/include/types/listener.h
+++ b/include/types/listener.h
@ -80,19 +80,19 @@ enum li_state {
 */

 /* listener socket options */
-#define LI_O_NONE	0x0000
-#define LI_O_NOLINGER	0x0001	/* disable linger on this socket */
-#define LI_O_FOREIGN	0x0002	/* permit listening on foreing addresses */
-#define LI_O_NOQUICKACK	0x0004	/* disable quick ack of immediate data (linux) */
-#define LI_O_DEF_ACCEPT	0x0008	/* wait up to 1 second for data before accepting */
-#define LI_O_TCP_RULES  0x0010  /* run TCP rules checks on the incoming connection */
-#define LI_O_CHK_MONNET 0x0020  /* check the source against a monitor-net rule */
-#define LI_O_ACC_PROXY  0x0040  /* find the proxied address in the first request line */
-#define LI_O_UNLIMITED  0x0080  /* listener not subject to global limits (peers & stats socket) */
-#define LI_O_TCP_FO     0x0100  /* enable TCP Fast Open (linux >= 3.7) */
-#define LI_O_V6ONLY     0x0200  /* bind to IPv6 only on Linux >= 2.4.21 */
-#define LI_O_V4V6       0x0400  /* bind to IPv4/IPv6 on Linux >= 2.4.21 */
-#define LI_O_ACC_CIP    0x0800  /* find the proxied address in the NetScaler Client IP header */
+#define LI_O_NONE               0x0000
+#define LI_O_NOLINGER           0x0001  /* disable linger on this socket */
+#define LI_O_FOREIGN            0x0002  /* permit listening on foreing addresses ("transparent") */
+#define LI_O_NOQUICKACK         0x0004  /* disable quick ack of immediate data (linux) */
+#define LI_O_DEF_ACCEPT         0x0008  /* wait up to 1 second for data before accepting */
+#define LI_O_TCP_L4_RULES       0x0010  /* run TCP L4 rules checks on the incoming connection */
+#define LI_O_CHK_MONNET         0x0040  /* check the source against a monitor-net rule */
+#define LI_O_ACC_PROXY          0x0080  /* find the proxied address in the first request line */
+#define LI_O_UNLIMITED          0x0100  /* listener not subject to global limits (peers & stats socket) */
+#define LI_O_TCP_FO             0x0200  /* enable TCP Fast Open (linux >= 3.7) */
+#define LI_O_V6ONLY             0x0400  /* bind to IPv6 only on Linux >= 2.4.21 */
+#define LI_O_V4V6               0x0800  /* bind to IPv4/IPv6 on Linux >= 2.4.21 */
+#define LI_O_ACC_CIP            0x1000  /* find the proxied address in the NetScaler Client IP header */

 /* Note: if a listener uses LI_O_UNLIMITED, it is highly recommended that it adds its own
 * maxconn setting to the global.maxsock value so that its resources are reserved.
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@ -8828,7 +8828,7 @@ out_uri_auth_compat:
 			listener->default_target = curproxy->default_target;

 			if (!LIST_ISEMPTY(&curproxy->tcp_req.l4_rules))
-				listener->options |= LI_O_TCP_RULES;
+				listener->options |= LI_O_TCP_L4_RULES;

 			if (curproxy->mon_mask.s_addr)
 				listener->options |= LI_O_CHK_MONNET;
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@ -1353,7 +1353,7 @@ resume_execution:
 * matches or if no more rule matches. It can only use rules which don't need
 * any data. This only works on connection-based client-facing stream interfaces.
 */
-int tcp_exec_req_rules(struct session *sess)
+int tcp_exec_l4_rules(struct session *sess)
 {
 	struct act_rule *rule;
 	struct stksess *ts;
@ -1881,10 +1881,12 @@ static int tcp_parse_request_rule(char **args, int arg, int section_type,
 	else {
 		struct action_kw *kw;
 		if (where & SMP_VAL_FE_CON_ACC) {
+			/* L4 */
 			kw = tcp_req_conn_action(args[arg]);
 			rule->kw = kw;
 			rule->from = ACT_F_TCP_REQ_CON;
 		} else {
+			/* L6 */
 			kw = tcp_req_cont_action(args[arg]);
 			rule->kw = kw;
 			rule->from = ACT_F_TCP_REQ_CNT;
--- a/src/session.c
+++ b/src/session.c
@ -166,7 +166,7 @@ int session_accept_fd(struct listener *l, int cfd, struct sockaddr_storage *addr
 	/* now evaluate the tcp-request layer4 rules. We only need a session
 	 * and no stream for these rules.
 	 */
-	if ((l->options & LI_O_TCP_RULES) && !tcp_exec_req_rules(sess)) {
+	if ((l->options & LI_O_TCP_L4_RULES) && !tcp_exec_l4_rules(sess)) {
 		/* let's do a no-linger now to close with a single RST. */
 		setsockopt(cfd, SOL_SOCKET, SO_LINGER, (struct linger *) &nolinger, sizeof(struct linger));
 		ret = 0; /* successful termination */