[MINOR] listener: add the "accept-proxy" option to the "bind" keyword

This option will enable the AN_REQ_DECODE_PROXY analyser on the requests that come from those listeners.
2024-12-16 00:14:31 +00:00 · 2010-10-15 14:27:08 +02:00 · 2010-10-15 14:27:08 +02:00 · 8a95691ae8
commit 8a95691ae8
parent 6e595772ad
2 changed files with 20 additions and 1 deletions
--- a/include/types/protocols.h
+++ b/include/types/protocols.h
@ -74,6 +74,7 @@
 #define LI_O_DEF_ACCEPT	0x0008	/* wait up to 1 second for data before accepting */
 #define LI_O_TCP_RULES  0x0010  /* run TCP rules checks on the incoming connection */
 #define LI_O_CHK_MONNET 0x0020  /* check the source against a monitor-net rule */
+#define LI_O_ACC_PROXY  0x0040  /* find the proxied address in the first request line */

 /* The listener will be directly referenced by the fdtab[] which holds its
 * socket. The listener provides the protocol-specific accept() function to
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@ -1310,6 +1310,11 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
 		}

 		last_listen = curproxy->listen;
+
+		/* NOTE: the following line might create several listeners if there
+		 * are comma-separated IPs or port ranges. So all further processing
+		 * will have to be applied to all listeners created after last_listen.
+		 */
 		if (!str2listener(args[1], curproxy)) {
 			err_code |= ERR_ALERT | ERR_FATAL;
 			goto out;
@ -1416,6 +1421,16 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
 #endif
 			}

+			if (!strcmp(args[cur_arg], "accept-proxy")) { /* expect a 'PROXY' line first */
+				struct listener *l;
+
+				for (l = curproxy->listen; l != last_listen; l = l->next)
+					l->options |= LI_O_ACC_PROXY;
+
+				cur_arg ++;
+				continue;
+			}
+
 			if (!strcmp(args[cur_arg], "name")) {
 				struct listener *l;

@ -1468,7 +1483,7 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
 				continue;
 			}

-			Alert("parsing [%s:%d] : '%s' only supports the 'transparent', 'defer-accept', 'name', 'id', 'mss' and 'interface' options.\n",
+			Alert("parsing [%s:%d] : '%s' only supports the 'transparent', 'accept-proxy', 'defer-accept', 'name', 'id', 'mss' and 'interface' options.\n",
 			      file, linenum, args[0]);
 			err_code |= ERR_ALERT | ERR_FATAL;
 			goto out;
@ -5773,6 +5788,9 @@ out_uri_auth_compat:
 			listener->handler = process_session;
 			listener->analysers |= curproxy->fe_req_ana;

+			if (listener->options & LI_O_ACC_PROXY)
+				listener->analysers |= AN_REQ_DECODE_PROXY;
+
 			if (!LIST_ISEMPTY(&curproxy->tcp_req.l4_rules))
 				listener->options |= LI_O_TCP_RULES;