From: Willy Tarreau <w@1wt.eu>
Date: Fri, 21 Oct 2016 14:34:21 +0000 (+0200)
Subject: CLEANUP: tcp rules: mention everywhere that tcp-conn rules are L4
X-Git-Tag: v1.7-dev5~21
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7d9736fb5da4346c119c7e9d80d88934a395ca9d;p=thirdparty%2Fhaproxy.git

CLEANUP: tcp rules: mention everywhere that tcp-conn rules are L4

This is in order to make integration of tcp-request-session cleaner :
- tcp_exec_req_rules() was renamed tcp_exec_l4_rules()
- LI_O_TCP_RULES was renamed LI_O_TCP_L4_RULES
  (LI_O_*'s horrible indent was also fixed and a provision was left
   for L5 rules).
---

diff --git a/include/proto/proto_tcp.h b/include/proto/proto_tcp.h
index 8ca7290e51..05b6e02689 100644
--- a/include/proto/proto_tcp.h
+++ b/include/proto/proto_tcp.h
@@ -38,7 +38,7 @@ int tcp_get_dst(int fd, struct sockaddr *sa, socklen_t salen, int dir);
 int tcp_drain(int fd);
 int tcp_inspect_request(struct stream *s, struct channel *req, int an_bit);
 int tcp_inspect_response(struct stream *s, struct channel *rep, int an_bit);
-int tcp_exec_req_rules(struct session *sess);
+int tcp_exec_l4_rules(struct session *sess);
 
 /* TCP keywords. */
 void tcp_req_conn_keywords_register(struct action_kw_list *kw_list);
diff --git a/include/types/listener.h b/include/types/listener.h
index afe2ad8435..8cfe40b8e2 100644
--- a/include/types/listener.h
+++ b/include/types/listener.h
@@ -80,19 +80,19 @@ enum li_state {
  */
 
 /* listener socket options */
-#define LI_O_NONE	0x0000
-#define LI_O_NOLINGER	0x0001	/* disable linger on this socket */
-#define LI_O_FOREIGN	0x0002	/* permit listening on foreing addresses */
-#define LI_O_NOQUICKACK	0x0004	/* disable quick ack of immediate data (linux) */
-#define LI_O_DEF_ACCEPT	0x0008	/* wait up to 1 second for data before accepting */
-#define LI_O_TCP_RULES  0x0010  /* run TCP rules checks on the incoming connection */
-#define LI_O_CHK_MONNET 0x0020  /* check the source against a monitor-net rule */
-#define LI_O_ACC_PROXY  0x0040  /* find the proxied address in the first request line */
-#define LI_O_UNLIMITED  0x0080  /* listener not subject to global limits (peers & stats socket) */
-#define LI_O_TCP_FO     0x0100  /* enable TCP Fast Open (linux >= 3.7) */
-#define LI_O_V6ONLY     0x0200  /* bind to IPv6 only on Linux >= 2.4.21 */
-#define LI_O_V4V6       0x0400  /* bind to IPv4/IPv6 on Linux >= 2.4.21 */
-#define LI_O_ACC_CIP    0x0800  /* find the proxied address in the NetScaler Client IP header */
+#define LI_O_NONE               0x0000
+#define LI_O_NOLINGER           0x0001  /* disable linger on this socket */
+#define LI_O_FOREIGN            0x0002  /* permit listening on foreing addresses ("transparent") */
+#define LI_O_NOQUICKACK         0x0004  /* disable quick ack of immediate data (linux) */
+#define LI_O_DEF_ACCEPT         0x0008  /* wait up to 1 second for data before accepting */
+#define LI_O_TCP_L4_RULES       0x0010  /* run TCP L4 rules checks on the incoming connection */
+#define LI_O_CHK_MONNET         0x0040  /* check the source against a monitor-net rule */
+#define LI_O_ACC_PROXY          0x0080  /* find the proxied address in the first request line */
+#define LI_O_UNLIMITED          0x0100  /* listener not subject to global limits (peers & stats socket) */
+#define LI_O_TCP_FO             0x0200  /* enable TCP Fast Open (linux >= 3.7) */
+#define LI_O_V6ONLY             0x0400  /* bind to IPv6 only on Linux >= 2.4.21 */
+#define LI_O_V4V6               0x0800  /* bind to IPv4/IPv6 on Linux >= 2.4.21 */
+#define LI_O_ACC_CIP            0x1000  /* find the proxied address in the NetScaler Client IP header */
 
 /* Note: if a listener uses LI_O_UNLIMITED, it is highly recommended that it adds its own
  * maxconn setting to the global.maxsock value so that its resources are reserved.
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 7b58ef6bb7..17f9d19a43 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -8828,7 +8828,7 @@ out_uri_auth_compat:
 			listener->default_target = curproxy->default_target;
 
 			if (!LIST_ISEMPTY(&curproxy->tcp_req.l4_rules))
-				listener->options |= LI_O_TCP_RULES;
+				listener->options |= LI_O_TCP_L4_RULES;
 
 			if (curproxy->mon_mask.s_addr)
 				listener->options |= LI_O_CHK_MONNET;
diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index c3c998e812..0223b8e3da 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -1353,7 +1353,7 @@ resume_execution:
  * matches or if no more rule matches. It can only use rules which don't need
  * any data. This only works on connection-based client-facing stream interfaces.
  */
-int tcp_exec_req_rules(struct session *sess)
+int tcp_exec_l4_rules(struct session *sess)
 {
 	struct act_rule *rule;
 	struct stksess *ts;
@@ -1881,10 +1881,12 @@ static int tcp_parse_request_rule(char **args, int arg, int section_type,
 	else {
 		struct action_kw *kw;
 		if (where & SMP_VAL_FE_CON_ACC) {
+			/* L4 */
 			kw = tcp_req_conn_action(args[arg]);
 			rule->kw = kw;
 			rule->from = ACT_F_TCP_REQ_CON;
 		} else {
+			/* L6 */
 			kw = tcp_req_cont_action(args[arg]);
 			rule->kw = kw;
 			rule->from = ACT_F_TCP_REQ_CNT;
diff --git a/src/session.c b/src/session.c
index 0c2336459c..d160a05749 100644
--- a/src/session.c
+++ b/src/session.c
@@ -166,7 +166,7 @@ int session_accept_fd(struct listener *l, int cfd, struct sockaddr_storage *addr
 	/* now evaluate the tcp-request layer4 rules. We only need a session
 	 * and no stream for these rules.
 	 */
-	if ((l->options & LI_O_TCP_RULES) && !tcp_exec_req_rules(sess)) {
+	if ((l->options & LI_O_TCP_L4_RULES) && !tcp_exec_l4_rules(sess)) {
 		/* let's do a no-linger now to close with a single RST. */
 		setsockopt(cfd, SOL_SOCKET, SO_LINGER, (struct linger *) &nolinger, sizeof(struct linger));
 		ret = 0; /* successful termination */