From c58fd4d1cce343ccc9e5de213689dd68026f7ed5 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Fri, 29 Sep 2023 16:33:18 +0200 Subject: [PATCH] MINOR: tcp_act: remove limitation on protocol for attach-srv This patch allows to specify "tcp-request session attach-srv" without requiring that each associated bind lines mandates HTTP/2 usage. If a non supported protocol is targetted by this rule, conn_install_mux_fe() is responsible to reject it. This change is mandatory to be able to mix attach-srv and standard non-reversable connection on the same bind instances. An ACL can be used to activate attach-srv only on some conditions. --- src/tcp_act.c | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/src/tcp_act.c b/src/tcp_act.c index ff3886abb3..f4c1493035 100644 --- a/src/tcp_act.c +++ b/src/tcp_act.c @@ -427,7 +427,6 @@ static int tcp_check_attach_srv(struct act_rule *rule, struct proxy *px, char ** { struct proxy *be = NULL; struct server *srv = NULL; - struct bind_conf *bind_conf; char *name = rule->arg.attach_srv.srvname; struct ist be_name, sv_name; @@ -436,18 +435,6 @@ static int tcp_check_attach_srv(struct act_rule *rule, struct proxy *px, char ** return 0; } - list_for_each_entry(bind_conf, &px->conf.bind, by_fe) { - if ((bind_conf->mux_proto && !isteqi(bind_conf->mux_proto->token, ist("h2"))) -#ifdef USE_OPENSSL - || (bind_conf->ssl_conf.alpn_str && strcmp(bind_conf->ssl_conf.alpn_str, "\x02h2") != 0) -#endif - ) { - memprintf(err, "attach-srv rule: incompatible with listener on %s:%d which uses protocol other than HTTP/2", - bind_conf->file, bind_conf->line); - return 0; - } - } - sv_name = ist(name); be_name = istsplit(&sv_name, '/'); if (!istlen(sv_name)) { @@ -464,16 +451,6 @@ static int tcp_check_attach_srv(struct act_rule *rule, struct proxy *px, char ** return 0; } - if ((srv->mux_proto && !isteqi(srv->mux_proto->token, ist("h2"))) -#ifdef USE_OPENSSL - || (srv->ssl_ctx.alpn_str && strcmp(srv->ssl_ctx.alpn_str, "\x02h2") != 0) -#endif - ) { - memprintf(err, "attach-srv rule: incompatible with server '%s:%s' which uses protocol other than HTTP/2", - ist0(be_name), ist0(sv_name)); - return 0; - } - if ((rule->arg.attach_srv.name && (!srv->use_ssl || !srv->sni_expr)) || (!rule->arg.attach_srv.name && srv->use_ssl && srv->sni_expr)) { memprintf(err, "attach-srv rule: connection will never be used; either specify name argument in conjonction with defined SSL SNI on targetted server or none of these");