RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MINOR: tcp_act: remove limitation on protocol for attach-srv 

This patch allows to specify "tcp-request session attach-srv" without
requiring that each associated bind lines mandates HTTP/2 usage. If a
non supported protocol is targetted by this rule, conn_install_mux_fe()
is responsible to reject it.

This change is mandatory to be able to mix attach-srv and standard
non-reversable connection on the same bind instances. An ACL can be used
to activate attach-srv only on some conditions.
This commit is contained in:
Amaury Denoyelle 2023-09-29 16:33:18 +02:00
parent 337c71423f
commit c58fd4d1cc
1 changed files with 0 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/tcp_act.c
View File

@ -427,7 +427,6 @@ static int tcp_check_attach_srv(struct act_rule *rule, struct proxy *px, char **
{
struct proxy *be = NULL;
struct server *srv = NULL;
struct bind_conf *bind_conf;
char *name = rule->arg.attach_srv.srvname;
struct ist be_name, sv_name;
@ -436,18 +435,6 @@ static int tcp_check_attach_srv(struct act_rule *rule, struct proxy *px, char **
return 0;
}
list_for_each_entry(bind_conf, &px->conf.bind, by_fe) {
if ((bind_conf->mux_proto && !isteqi(bind_conf->mux_proto->token, ist("h2")))
#ifdef USE_OPENSSL
|| (bind_conf->ssl_conf.alpn_str && strcmp(bind_conf->ssl_conf.alpn_str, "\x02h2") != 0)
#endif
) {
memprintf(err, "attach-srv rule: incompatible with listener on %s:%d which uses protocol other than HTTP/2",
bind_conf->file, bind_conf->line);
return 0;
}
}
sv_name = ist(name);
be_name = istsplit(&sv_name, '/');
if (!istlen(sv_name)) {
@ -464,16 +451,6 @@ static int tcp_check_attach_srv(struct act_rule *rule, struct proxy *px, char **
return 0;
}
if ((srv->mux_proto && !isteqi(srv->mux_proto->token, ist("h2")))
#ifdef USE_OPENSSL
|| (srv->ssl_ctx.alpn_str && strcmp(srv->ssl_ctx.alpn_str, "\x02h2") != 0)
#endif
) {
memprintf(err, "attach-srv rule: incompatible with server '%s:%s' which uses protocol other than HTTP/2",
ist0(be_name), ist0(sv_name));
return 0;
}
if ((rule->arg.attach_srv.name && (!srv->use_ssl || !srv->sni_expr)) ||
(!rule->arg.attach_srv.name && srv->use_ssl && srv->sni_expr)) {
memprintf(err, "attach-srv rule: connection will never be used; either specify name argument in conjonction with defined SSL SNI on targetted server or none of these");