From: Simon Horman Date: Fri, 24 Jun 2011 05:50:20 +0000 (+0900) Subject: [MINOR] Add rdp_cookie pattern fetch function X-Git-Tag: v1.5-dev8~203 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ab814e0a6b729ad2d08c329e159f0e743633bb11;p=thirdparty%2Fhaproxy.git [MINOR] Add rdp_cookie pattern fetch function This pattern fetch function extracts the value of the rdp cookie as a string and uses this value to match. This enables implementation of persistence based on the mstshash cookie. This is typically done if there is no msts cookie present. This differs from "balance rdp-cookie" in that any balancing algorithm may be used and thus the distribution of clients to backend servers is not linked to a hash of the RDP cookie. It is envisaged that using a balancing algorithm such as "balance roundrobin" or "balance leastconnect" will lead to a more even distribution of clients to backend servers than the hash used by "balance rdp-cookie". Example : listen tse-farm bind 0.0.0.0:3389 # wait up to 5s for an RDP cookie in the request tcp-request inspect-delay 5s tcp-request content accept if RDP_COOKIE # apply RDP cookie persistence persist rdp-cookie # Persist based on the mstshash cookie # This is only useful makes sense if # balance rdp-cookie is not used stick-table type string size 204800 stick on rdp_cookie(mstshash) server srv1 1.1.1.1:3389 server srv1 1.1.1.2:3389 --- diff --git a/doc/configuration.txt b/doc/configuration.txt index b28e851981..89d6dd7097 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -1352,6 +1352,8 @@ balance url_param [check_post []] changing a server's weight on the fly will have no effect, but this can be changed using "hash-type". + See also the rdp_cookie pattern fetch function. + is an optional list of arguments which may be needed by some algorithms. Right now, only "url_param" and "uri" support an optional argument. @@ -4127,7 +4129,8 @@ persist rdp-cookie(name) server srv1 1.1.1.1:3389 server srv2 1.1.1.2:3389 - See also : "balance rdp-cookie", "tcp-request" and the "req_rdp_cookie" ACL. + See also : "balance rdp-cookie", "tcp-request", the "req_rdp_cookie" ACL and + the rdp_cookie pattern fetch function. rate-limit sessions @@ -7928,6 +7931,40 @@ The list of currently supported pattern fetch functions is the following : http://example.com/foo?JESSIONID=some_id with url_param(JSESSIONID)), for cases where cookies cannot be used. + rdp_cookie(name) + This extracts the value of the rdp cookie as a string + and uses this value to match. This enables implementation of + persistence based on the mstshash cookie. This is typically + done if there is no msts cookie present. + + This differs from "balance rdp-cookie" in that any balancing + algorithm may be used and thus the distribution of clients + to backend servers is not linked to a hash of the RDP + cookie. It is envisaged that using a balancing algorithm + such as "balance roundrobin" or "balance leastconnect" will + lead to a more even distribution of clients to backend + servers than the hash used by "balance rdp-cookie". + + Example : + listen tse-farm + bind 0.0.0.0:3389 + # wait up to 5s for an RDP cookie in the request + tcp-request inspect-delay 5s + tcp-request content accept if RDP_COOKIE + # apply RDP cookie persistence + persist rdp-cookie + # Persist based on the mstshash cookie + # This is only useful makes sense if + # balance rdp-cookie is not used + stick-table type string size 204800 + stick on rdp_cookie(mstshash) + server srv1 1.1.1.1:3389 + server srv1 1.1.1.2:3389 + + See also : "balance rdp-cookie", "persist rdp-cookie", + "tcp-request" and the "req_rdp_cookie" ACL. + + The currently available list of transformations include : lower Convert a string pattern to lower case. This can only be placed diff --git a/src/proto_tcp.c b/src/proto_tcp.c index e6d6c58a0a..f03d3f338d 100644 --- a/src/proto_tcp.c +++ b/src/proto_tcp.c @@ -1578,6 +1578,32 @@ pattern_fetch_payload(struct proxy *px, struct session *l4, void *l7, int dir, return 1; } +static int +pattern_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, int dir, + const struct pattern_arg *arg_p, int arg_i, union pattern_data *data) +{ + int ret; + struct acl_expr expr; + struct acl_test test; + + if (!l4) + return 0; + + memset(&expr, 0, sizeof(expr)); + memset(&test, 0, sizeof(test)); + + expr.arg.str = arg_p[0].data.str.str; + expr.arg_len = arg_p[0].data.str.len; + + ret = acl_fetch_rdp_cookie(px, l4, NULL, ACL_DIR_REQ, &expr, &test); + if (ret == 0 || (test.flags & ACL_TEST_F_MAY_CHANGE) || test.len == 0) + return 0; + + /* init chunk as read only */ + chunk_initlen(&data->str, test.ptr, 0, test.len); + return 1; +} + static struct cfg_kw_list cfg_kws = {{ },{ { CFG_LISTEN, "tcp-request", tcp_parse_tcp_req }, { CFG_LISTEN, "tcp-response", tcp_parse_tcp_rep }, @@ -1602,6 +1628,7 @@ static struct pattern_fetch_kw_list pattern_fetch_keywords = {{ },{ { "dst_port", pattern_fetch_dport, NULL, PATTERN_TYPE_INTEGER, PATTERN_FETCH_REQ }, { "payload", pattern_fetch_payload, pattern_arg_fetch_payload, PATTERN_TYPE_CONSTDATA, PATTERN_FETCH_REQ|PATTERN_FETCH_RTR }, { "payload_lv", pattern_fetch_payloadlv, pattern_arg_fetch_payloadlv, PATTERN_TYPE_CONSTDATA, PATTERN_FETCH_REQ|PATTERN_FETCH_RTR }, + { "rdp_cookie", pattern_fetch_rdp_cookie, pattern_arg_str, PATTERN_TYPE_CONSTSTRING, PATTERN_FETCH_REQ }, { NULL, NULL, NULL, 0, 0 }, }};