# set some defines when needed.
# Known ones are -DENABLE_POLL, -DENABLE_EPOLL, and -DUSE_MY_EPOLL
# - use -DTPROXY to compile with transparent proxy support.
-# - use -DCONFIG_HAP_CTTPROXY to enable full transparent proxy support
DEFINE = -DTPROXY
# Now let's determine the version, sub-version and release date.
# do not change this one, enable USE_* variables instead.
OPTIONS =
+OPT_OBJS =
ifneq ($(USE_TCPSPLICE),)
OPTIONS += -DCONFIG_HAP_TCPSPLICE
endif
+# - set USE_CTTPROXY to enable full transparent proxy support
ifneq ($(USE_CTTPROXY),)
OPTIONS += -DCONFIG_HAP_CTTPROXY
+OPT_OBJS += src/cttproxy.o
endif
ifneq ($(USE_TPROXY),)
src/proto_http.o src/stream_sock.o src/appsession.o src/backend.o \
src/session.o src/hdr_idx.o src/rbtree.o
-haproxy: $(OBJS)
+haproxy: $(OBJS) $(OPT_OBJS)
$(LD) $(LDFLAGS) -o $@ $^ $(LIBS)
objsize: haproxy
--- /dev/null
+/*
+ include/proto/cttproxy.h
+ This file contains prototypes for Linux's cttproxy interface.
+ This file should be included only if CTTPROXY is enabled.
+
+ Copyright (C) 2000-2007 Willy Tarreau - w@1wt.eu
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation, version 2.1
+ exclusively.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+#ifndef _PROTO_CTTPROXY_H
+#define _PROTO_CTTPROXY_H
+
+#include <stdlib.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+
+#include <common/config.h>
+#include <import/ip_tproxy.h>
+
+/*
+ * Checks that CTTPROXY is available and in the right version.
+ * Returns 0 if OK, -1 if wrong version, -2 if not available or other error.
+ */
+int check_cttproxy_version();
+
+
+#endif /* _PROTO_CTTPROXY_H */
+
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
--- /dev/null
+/*
+ * Functions for managing transparent proxying with CTTPROXY.
+ * This file should be compiled only if CTTPROXY is enabled.
+ *
+ * Copyright 2000-2007 Willy Tarreau <w@1wt.eu>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+
+#include <common/compat.h>
+#include <common/config.h>
+#include <common/time.h>
+
+#include <types/global.h>
+
+#include <import/ip_tproxy.h>
+
+/*
+ * Checks that CTTPROXY is available and in the right version.
+ * Returns 0 if OK, -1 if wrong version, -2 if not available or other error.
+ */
+int check_cttproxy_version() {
+ struct in_tproxy itp1;
+ int fd;
+
+ memset(&itp1, 0, sizeof(itp1));
+
+ fd = socket(AF_INET, SOCK_STREAM, 0);
+ if (fd == -1)
+ return -2;
+
+ itp1.op = TPROXY_VERSION;
+ itp1.v.version = 0x02000000; /* CTTPROXY version 2.0 expected */
+
+ if (setsockopt(fd, SOL_IP, IP_TPROXY, &itp1, sizeof(itp1)) == -1) {
+ if (errno == -EINVAL)
+ return -1; /* wrong version */
+ else
+ return -2; /* not supported or other error */
+ }
+ return 0;
+}
+
+
+/*
+ * Local variables:
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * End:
+ */
#include <libtcpsplice.h>
#endif
+#ifdef CONFIG_HAP_CTTPROXY
+#include <proto/cttproxy.h>
+#endif
+
/*********************************************************************/
/*********************************************************************/
}
#endif
+#ifdef CONFIG_HAP_CTTPROXY
+ if (global.last_checks & LSTCHK_CTTPROXY) {
+ int ret;
+
+ ret = check_cttproxy_version();
+ if (ret < 0) {
+ Alert("[%s.main()] Cannot enable cttproxy.\n%s",
+ argv[0],
+ (ret == -1) ? " Incorrect module version.\n"
+ : " Make sure you have enough permissions and that the module is loaded.\n");
+ exit(1);
+ }
+ }
+#endif
+
+ if ((global.last_checks & LSTCHK_NETADM) && global.uid) {
+ Alert("[%s.main()] Some configuration options require full privileges, so global.uid cannot be changed.\n"
+ "", argv[0], global.gid);
+ exit(1);
+ }
+
if (nb_oldpids)
tell_old_pids(oldpids_sig);
projects / thirdparty / haproxy.git / commitdiff
