From: Willy Tarreau Date: Sun, 20 Mar 2011 09:32:26 +0000 (+0100) Subject: [MEDIUM] server: add support for the "send-proxy" option X-Git-Tag: v1.5-dev8~272 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5ab04ec47c9946a2bbc535687c023215ca813da0;p=thirdparty%2Fhaproxy.git [MEDIUM] server: add support for the "send-proxy" option This option enables use of the PROXY protocol with the server, which allows haproxy to transport original client's address across multiple architecture layers. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 1bba57fa59..fa5038ffc5 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -6647,6 +6647,21 @@ rise Supported in default-server: Yes +send-proxy + The "send-proxy" parameter enforces use of the PROXY protocol over any + connection established to this server. The PROXY protocol informs the other + end about the layer 3/4 addresses of the incoming connection, so that it can + know the client's address or the public address it accessed to, whatever the + upper layer protocol. For connections accepted by an "accept-proxy" listener, + the advertised address will be used. Only TCPv4 and TCPv6 address families + are supported. Other families such as Unix sockets, will report an UNKNOWN + family. Servers using this option can fully be chained to another instance of + haproxy listening with an "accept-proxy" setting. This setting must not be + used if the server isn't aware of the protocol. See also the "accept-proxy" + option of the "bind" keyword. + + Supported in default-server: No + slowstart The "slowstart" parameter for a server accepts a value in milliseconds which indicates after how long a server which has just come back up will run at diff --git a/include/types/server.h b/include/types/server.h index c697457ea0..fb312157ed 100644 --- a/include/types/server.h +++ b/include/types/server.h @@ -1,23 +1,23 @@ /* - include/types/server.h - This file defines everything related to servers. - - Copyright (C) 2000-2009 Willy Tarreau - w@1wt.eu - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation, version 2.1 - exclusively. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ + * include/types/server.h + * This file defines everything related to servers. + * + * Copyright (C) 2000-2011 Willy Tarreau - w@1wt.eu + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation, version 2.1 + * exclusively. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ #ifndef _TYPES_SERVER_H #define _TYPES_SERVER_H @@ -53,6 +53,7 @@ #define SRV_TPROXY_CLI 0x0300 /* bind to the client's IP+port to reach this server */ #define SRV_TPROXY_DYN 0x0400 /* bind to a dynamically computed non-local address */ #define SRV_TPROXY_MASK 0x0700 /* bind to a non-local address to reach this server */ +#define SRV_SEND_PROXY 0x0800 /* this server talks the PROXY protocol */ /* function which act on servers need to return various errors */ #define SRV_STATUS_OK 0 /* everything is OK. */ diff --git a/src/backend.c b/src/backend.c index 93a8fc8317..397216d5a4 100644 --- a/src/backend.c +++ b/src/backend.c @@ -971,6 +971,14 @@ int connect_server(struct session *s) s->req->cons->connect = tcp_connect_server; copy_target(&s->req->cons->target, &s->target); + /* process the case where the server requires the PROXY protocol to be sent */ + s->req->cons->send_proxy_ofs = 0; + if (s->target.type == TARG_TYPE_SERVER && (s->target.ptr.s->state & SRV_SEND_PROXY)) { + s->req->cons->send_proxy_ofs = 1; /* must compute size */ + if (!(s->flags & SN_FRT_ADDR_SET)) + get_frt_addr(s); + } + assign_tproxy_address(s); err = s->req->cons->connect(s->req->cons); diff --git a/src/cfgparse.c b/src/cfgparse.c index b5e077af7f..9cc23d138f 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -4167,6 +4167,10 @@ stats_error_parsing: newsrv->state |= SRV_BACKUP; cur_arg ++; } + else if (!defsrv && !strcmp(args[cur_arg], "send-proxy")) { + newsrv->state |= SRV_SEND_PROXY; + cur_arg ++; + } else if (!strcmp(args[cur_arg], "weight")) { int w; w = atol(args[cur_arg + 1]); @@ -4454,7 +4458,7 @@ stats_error_parsing: } else { if (!defsrv) - Alert("parsing [%s:%d] : server %s only supports options 'backup', 'cookie', 'redir', 'observer', 'on-error', 'error-limit', 'check', 'disabled', 'track', 'id', 'inter', 'fastinter', 'downinter', 'rise', 'fall', 'addr', 'port', 'source', 'minconn', 'maxconn', 'maxqueue', 'slowstart' and 'weight'.\n", + Alert("parsing [%s:%d] : server %s only supports options 'backup', 'cookie', 'redir', 'observer', 'on-error', 'error-limit', 'check', 'disabled', 'track', 'id', 'inter', 'fastinter', 'downinter', 'rise', 'fall', 'addr', 'port', 'source', 'send-proxy', 'minconn', 'maxconn', 'maxqueue', 'slowstart' and 'weight'.\n", file, linenum, newsrv->id); else Alert("parsing [%s:%d]: default-server only supports options 'on-error', 'error-limit', 'inter', 'fastinter', 'downinter', 'rise', 'fall', 'port', 'minconn', 'maxconn', 'maxqueue', 'slowstart' and 'weight'.\n",