From: Aurelien DARRAGON Date: Thu, 30 Nov 2023 15:48:41 +0000 (+0100) Subject: MEDIUM: peers: use server as stream target X-Git-Tag: v3.0-dev1~51 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7293eb68;p=thirdparty%2Fhaproxy.git MEDIUM: peers: use server as stream target Historically, we used the internal peer proxy as stream target, because then we only cared about initiating a basic tcp connection with the endpoint, and relying on parent proxy settings was enough. But later, we introduced the possibility to connect to an SSL peer by taking server's SSL parameters into acount. This was done in commit 1055e687 ("MINOR: peers: Make outgoing connection to SSL/TLS peers work.") However, the above commit introduced an ambiguity: peer_session_target() function was introduced, and the function will either return the peers proxy's object or the current server's object depending if ssl is configured or not. While this works fine to ensure proper SSL handling while being conservative with historical behavior, this cause other server transport related settings to only work when ssl settings are provided, which is quite debatable. Indeed, while we're there, why not always using the server's object as a stream target, to ensure all transport related options are properly handled? Moreover, the peers documentation tells this: ... "support for all "server" parameters found in 5.2 paragraph that are related to transport settings" ... To remove the ambiguity and fully comply with the documentation, we make peer_session_target() always return the server's object. --- diff --git a/include/haproxy/peers.h b/include/haproxy/peers.h index e3c5fd34a0..c12c54154b 100644 --- a/include/haproxy/peers.h +++ b/include/haproxy/peers.h @@ -41,14 +41,6 @@ void peers_setup_frontend(struct proxy *fe); void peers_register_keywords(struct peers_kw_list *pkwl); #if defined(USE_OPENSSL) -static inline enum obj_type *peer_session_target(struct peer *p, struct stream *s) -{ - if (p->srv->use_ssl) - return &p->srv->obj_type; - else - return &s->be->obj_type; -} - static inline struct xprt_ops *peer_xprt(struct peer *p) { return p->srv->use_ssl ? xprt_get(XPRT_SSL) : xprt_get(XPRT_RAW); @@ -56,7 +48,7 @@ static inline struct xprt_ops *peer_xprt(struct peer *p) #else static inline enum obj_type *peer_session_target(struct peer *p, struct stream *s) { - return &s->be->obj_type; + return &p->srv->obj_type; } static inline struct xprt_ops *peer_xprt(struct peer *p)