RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-23 14:16:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: introduce proxy-v2-options for send-proxy-v2

Browse Source 
Proxy protocol v2 can transport many optional informations. To avoid
send-proxy-v2-* explosion, this patch introduce proxy-v2-options parameter
and will allow to write: "send-proxy-v2 proxy-v2-options ssl,cert-cn".
This commit is contained in:
Emmanuel Hocdet 2018-02-01 15:20:32 +01:00 committed by Willy Tarreau
parent 6fd698f4e6
commit f643b80429
2 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/configuration.txt
View File

@ -11718,6 +11718,11 @@ send-proxy-v2
of this version of the protocol. See also the "no-send-proxy-v2" option of
this section and send-proxy" option of the "bind" keyword.
proxy-v2-options <option>[,<option>]*
The "proxy-v2-options" parameter add option to send in PROXY protocol version
2 when "send-proxy-v2" is used. Options available are "ssl" (see also
send-proxy-v2-ssl), "cert-cn" (see also "send-proxy-v2-ssl-cn").
send-proxy-v2-ssl
The "send-proxy-v2-ssl" parameter enforces use of the PROXY protocol version
2 over any connection established to this server. The PROXY protocol informs

25
src/server.c
View File

@ -503,6 +503,30 @@ static int inline srv_enable_pp_flags(struct server *srv, unsigned int flags)
return 0;
}
/* parse the "proxy-v2-options" */
static int srv_parse_proxy_v2_options(char **args, int *cur_arg,
struct proxy *px, struct server *newsrv, char **err)
{
char *p, *n;
for (p = args[*cur_arg+1]; p; p = n) {
n = strchr(p, ',');
if (n)
*n++ = '\0';
if (!strcmp(p, "ssl")) {
newsrv->pp_opts |= SRV_PP_V2_SSL;
} else if (!strcmp(p, "cert-cn")) {
newsrv->pp_opts |= SRV_PP_V2_SSL;
newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
} else
goto fail;
}
return 0;
fail:
if (err)
memprintf(err, "'%s' : proxy v2 option not implemented", p);
return ERR_ALERT | ERR_FATAL;
}
/* Parse the "observe" server keyword */
static int srv_parse_observe(char **args, int *cur_arg,
struct proxy *curproxy, struct server *newsrv, char **err)
@ -1124,6 +1148,7 @@ static struct srv_kw_list srv_kws = { "ALL", { }, {
{ "no-send-proxy-v2", srv_parse_no_send_proxy_v2, 0, 1 }, /* Disable use of PROXY V2 protocol */
{ "non-stick", srv_parse_non_stick, 0, 1 }, /* Disable stick-table persistence */
{ "observe", srv_parse_observe, 1, 1 }, /* Enables health adjusting based on observing communication with the server */
{ "proxy-v2-options", srv_parse_proxy_v2_options, 1, 1 }, /* options for send-proxy-v2 */
{ "redir", srv_parse_redir, 1, 1 }, /* Enable redirection mode */
{ "send-proxy", srv_parse_send_proxy, 0, 1 }, /* Enforce use of PROXY V1 protocol */
{ "send-proxy-v2", srv_parse_send_proxy_v2, 0, 1 }, /* Enforce use of PROXY V2 protocol */