MINOR: listener: forbid most keywords for reverse HTTP bind

Reverse HTTP bind is very specific in that in rely on a server to
initiate connection. All connection settings are defined on the server
line and ignored from the bind line.

Before this patch, most of keywords were silently ignored. This could
result in a configuration from doing unexpected things from the user
point of view. To improve this situation, add a new 'rhttp_ok' field in
bind_kw structure. If not set, the keyword is forbidden on a reverse
bind line and will cause a fatal config error.

For the moment, only the following keywords are usable with reverse bind
'id', 'name' and 'nbconn'.

This change is safe as it's already forbidden to mix reverse and
standard addresses on the same bind line.

diff --git a/include/haproxy/listener-t.h b/include/haproxy/listener-t.h
index 6b2fc66a7765e1c41463016041fff2d8fec1729f..cdf64cbd6cf114128ab129ee2feb212c552ac229 100644 (file)
--- a/include/haproxy/listener-t.h
+++ b/include/haproxy/listener-t.h
@@ -272,6 +272,7 @@ struct bind_kw {
        const char *kw;
        int (*parse)(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err);
        int skip; /* nb of args to skip */
+       int rhttp_ok; /* non-zero if kw is support for reverse HTTP bind */
 };
 
 /* same as bind_kw but for crtlist keywords */

diff --git a/src/listener.c b/src/listener.c
index f812d9fad736188fa9776deb942b8e0e0dac5ca2..8a951f391602d5085d60d951f527d9e7f0bba7dc 100644 (file)
--- a/src/listener.c
+++ b/src/listener.c
@@ -2132,6 +2132,13 @@ int bind_parse_args_list(struct bind_conf *bind_conf, char **args, int cur_arg,
                                goto out;
                        }
 
+                       if ((bind_conf->options & BC_O_REVERSE_HTTP) && !kw->rhttp_ok) {
+                               ha_alert("'%s' option is not accepted for reverse HTTP\n",
+                                        args[cur_arg]);
+                               err_code |= ERR_ALERT | ERR_FATAL;
+                               goto out;
+                       }
+
                        code = kw->parse(args, cur_arg, bind_conf->frontend, bind_conf, &err);
                        err_code |= code;
 
@@ -2423,18 +2430,18 @@ INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
  * not enabled.
  */
 static struct bind_kw_list bind_kws = { "ALL", { }, {
-       { "accept-netscaler-cip", bind_parse_accept_netscaler_cip, 1 }, /* enable NetScaler Client IP insertion protocol */
-       { "accept-proxy", bind_parse_accept_proxy, 0 }, /* enable PROXY protocol */
-       { "backlog",      bind_parse_backlog,      1 }, /* set backlog of listening socket */
-       { "id",           bind_parse_id,           1 }, /* set id of listening socket */
-       { "maxconn",      bind_parse_maxconn,      1 }, /* set maxconn of listening socket */
-       { "name",         bind_parse_name,         1 }, /* set name of listening socket */
-       { "nbconn",       bind_parse_nbconn,       1 }, /* set number of connection on active preconnect */
-       { "nice",         bind_parse_nice,         1 }, /* set nice of listening socket */
-       { "process",      bind_parse_process,      1 }, /* set list of allowed process for this socket */
-       { "proto",        bind_parse_proto,        1 }, /* set the proto to use for all incoming connections */
-       { "shards",       bind_parse_shards,       1 }, /* set number of shards */
-       { "thread",       bind_parse_thread,       1 }, /* set list of allowed threads for this socket */
+       { "accept-netscaler-cip", bind_parse_accept_netscaler_cip, 1, 0 }, /* enable NetScaler Client IP insertion protocol */
+       { "accept-proxy", bind_parse_accept_proxy, 0, 0 }, /* enable PROXY protocol */
+       { "backlog",      bind_parse_backlog,      1, 0 }, /* set backlog of listening socket */
+       { "id",           bind_parse_id,           1, 1 }, /* set id of listening socket */
+       { "maxconn",      bind_parse_maxconn,      1, 0 }, /* set maxconn of listening socket */
+       { "name",         bind_parse_name,         1, 1 }, /* set name of listening socket */
+       { "nbconn",       bind_parse_nbconn,       1, 1 }, /* set number of connection on active preconnect */
+       { "nice",         bind_parse_nice,         1, 0 }, /* set nice of listening socket */
+       { "process",      bind_parse_process,      1, 0 }, /* set list of allowed process for this socket */
+       { "proto",        bind_parse_proto,        1, 0 }, /* set the proto to use for all incoming connections */
+       { "shards",       bind_parse_shards,       1, 0 }, /* set number of shards */
+       { "thread",       bind_parse_thread,       1, 0 }, /* set list of allowed threads for this socket */
        { /* END */ },
 }};