int tcp_drain(int fd);
int tcp_inspect_request(struct stream *s, struct channel *req, int an_bit);
int tcp_inspect_response(struct stream *s, struct channel *rep, int an_bit);
-int tcp_exec_req_rules(struct session *sess);
+int tcp_exec_l4_rules(struct session *sess);
/* TCP keywords. */
void tcp_req_conn_keywords_register(struct action_kw_list *kw_list);
*/
/* listener socket options */
-#define LI_O_NONE 0x0000
-#define LI_O_NOLINGER 0x0001 /* disable linger on this socket */
-#define LI_O_FOREIGN 0x0002 /* permit listening on foreing addresses */
-#define LI_O_NOQUICKACK 0x0004 /* disable quick ack of immediate data (linux) */
-#define LI_O_DEF_ACCEPT 0x0008 /* wait up to 1 second for data before accepting */
-#define LI_O_TCP_RULES 0x0010 /* run TCP rules checks on the incoming connection */
-#define LI_O_CHK_MONNET 0x0020 /* check the source against a monitor-net rule */
-#define LI_O_ACC_PROXY 0x0040 /* find the proxied address in the first request line */
-#define LI_O_UNLIMITED 0x0080 /* listener not subject to global limits (peers & stats socket) */
-#define LI_O_TCP_FO 0x0100 /* enable TCP Fast Open (linux >= 3.7) */
-#define LI_O_V6ONLY 0x0200 /* bind to IPv6 only on Linux >= 2.4.21 */
-#define LI_O_V4V6 0x0400 /* bind to IPv4/IPv6 on Linux >= 2.4.21 */
-#define LI_O_ACC_CIP 0x0800 /* find the proxied address in the NetScaler Client IP header */
+#define LI_O_NONE 0x0000
+#define LI_O_NOLINGER 0x0001 /* disable linger on this socket */
+#define LI_O_FOREIGN 0x0002 /* permit listening on foreing addresses ("transparent") */
+#define LI_O_NOQUICKACK 0x0004 /* disable quick ack of immediate data (linux) */
+#define LI_O_DEF_ACCEPT 0x0008 /* wait up to 1 second for data before accepting */
+#define LI_O_TCP_L4_RULES 0x0010 /* run TCP L4 rules checks on the incoming connection */
+#define LI_O_CHK_MONNET 0x0040 /* check the source against a monitor-net rule */
+#define LI_O_ACC_PROXY 0x0080 /* find the proxied address in the first request line */
+#define LI_O_UNLIMITED 0x0100 /* listener not subject to global limits (peers & stats socket) */
+#define LI_O_TCP_FO 0x0200 /* enable TCP Fast Open (linux >= 3.7) */
+#define LI_O_V6ONLY 0x0400 /* bind to IPv6 only on Linux >= 2.4.21 */
+#define LI_O_V4V6 0x0800 /* bind to IPv4/IPv6 on Linux >= 2.4.21 */
+#define LI_O_ACC_CIP 0x1000 /* find the proxied address in the NetScaler Client IP header */
/* Note: if a listener uses LI_O_UNLIMITED, it is highly recommended that it adds its own
* maxconn setting to the global.maxsock value so that its resources are reserved.
listener->default_target = curproxy->default_target;
if (!LIST_ISEMPTY(&curproxy->tcp_req.l4_rules))
- listener->options |= LI_O_TCP_RULES;
+ listener->options |= LI_O_TCP_L4_RULES;
if (curproxy->mon_mask.s_addr)
listener->options |= LI_O_CHK_MONNET;
* matches or if no more rule matches. It can only use rules which don't need
* any data. This only works on connection-based client-facing stream interfaces.
*/
-int tcp_exec_req_rules(struct session *sess)
+int tcp_exec_l4_rules(struct session *sess)
{
struct act_rule *rule;
struct stksess *ts;
else {
struct action_kw *kw;
if (where & SMP_VAL_FE_CON_ACC) {
+ /* L4 */
kw = tcp_req_conn_action(args[arg]);
rule->kw = kw;
rule->from = ACT_F_TCP_REQ_CON;
} else {
+ /* L6 */
kw = tcp_req_cont_action(args[arg]);
rule->kw = kw;
rule->from = ACT_F_TCP_REQ_CNT;
/* now evaluate the tcp-request layer4 rules. We only need a session
* and no stream for these rules.
*/
- if ((l->options & LI_O_TCP_RULES) && !tcp_exec_req_rules(sess)) {
+ if ((l->options & LI_O_TCP_L4_RULES) && !tcp_exec_l4_rules(sess)) {
/* let's do a no-linger now to close with a single RST. */
setsockopt(cfd, SOL_SOCKET, SO_LINGER, (struct linger *) &nolinger, sizeof(struct linger));
ret = 0; /* successful termination */
projects / thirdparty / haproxy.git / commitdiff
