From: Christopher Faulet <cfaulet@haproxy.com>
Date: Mon, 30 Mar 2020 11:07:02 +0000 (+0200)
Subject: MINOR: checks: Add the via-socks4 option for tcp-check connect rules
X-Git-Tag: v2.2-dev7~153
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=085426aea98c21bab7716883c8832d7d02c3cc6c;p=thirdparty%2Fhaproxy.git

MINOR: checks: Add the via-socks4 option for tcp-check connect rules

With this option, it is possible to establish the connection opened by a
tcp-check connect rule using upstream socks4 proxy. Info from the socks4
parameter on the server are used.
---

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 8aaf912495..649ded2a35 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -9824,6 +9824,8 @@ tcp-check connect [params*]
 
     send-proxy   send a PROXY protocol string
 
+    via-socks4   enables outgoing health checks using upstream socks4 proxy.
+
     ssl          opens a ciphered connection
 
     sni <sni>    specifies the SNI to use to do health checks over SSL.
diff --git a/include/types/checks.h b/include/types/checks.h
index 14513c93e2..0edc726d94 100644
--- a/include/types/checks.h
+++ b/include/types/checks.h
@@ -217,6 +217,7 @@ struct analyze_status {
 #define TCPCHK_OPT_SSL             0x0002  /* SSL connection */
 #define TCPCHK_OPT_LINGER          0x0004  /* Do not RST connection, let it linger */
 #define TCPCHK_OPT_DEFAULT_CONNECT 0x0008  /* Do a connect using server params */
+#define TCPCHK_OPT_SOCKS4          0x0010  /* check the connection via socks4 proxy */
 
 struct tcpcheck_connect {
 	uint16_t port;    /* port to connect to */
diff --git a/src/checks.c b/src/checks.c
index b2322b2e34..97f68f1a89 100644
--- a/src/checks.c
+++ b/src/checks.c
@@ -2922,7 +2922,10 @@ static enum tcpcheck_eval_ret tcpcheck_eval_connect(struct check *check, struct
 				ssl_sock_set_servername(conn, connect->sni);
 		}
 #endif
-		/* TODO: add support for sock4  option */
+		if ((connect->options & TCPCHK_OPT_SOCKS4) && (s->flags & SRV_F_SOCKS4_PROXY)) {
+			conn->send_proxy_ofs = 1;
+			conn->flags |= CO_FL_SOCKS4;
+		}
 		if (connect->options & TCPCHK_OPT_SEND_PROXY) {
 			conn->send_proxy_ofs = 1;
 			conn->flags |= CO_FL_SEND_PROXY;
@@ -4118,6 +4121,8 @@ static struct tcpcheck_rule *parse_tcpcheck_connect(char **args, int cur_arg, st
 		}
 		else if (strcmp(args[cur_arg], "send-proxy") == 0)
 			conn_opts |= TCPCHK_OPT_SEND_PROXY;
+		else if (strcmp(args[cur_arg], "via-socks4") == 0)
+			conn_opts |= TCPCHK_OPT_SOCKS4;
 		else if (strcmp(args[cur_arg], "linger") == 0)
 			conn_opts |= TCPCHK_OPT_LINGER;
 #ifdef USE_OPENSSL
@@ -4145,7 +4150,7 @@ static struct tcpcheck_rule *parse_tcpcheck_connect(char **args, int cur_arg, st
 #ifdef USE_OPENSSL
 				  ", 'ssl', 'sni'"
 #endif /* USE_OPENSSL */
-				  " or 'linger' but got '%s' as argument.",
+				  " or 'via-socks4', 'linger' but got '%s' as argument.",
 				  args[cur_arg]);
 			goto error;
 		}