From: Christopher Faulet Date: Wed, 1 Apr 2020 14:52:17 +0000 (+0200) Subject: MINOR: checks: Relax the default option for tcp-check connect rules X-Git-Tag: v2.2-dev7~133 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bb591a1a1150f94510f6c7d2d12683fbcba1b9d8;p=thirdparty%2Fhaproxy.git MINOR: checks: Relax the default option for tcp-check connect rules Now this option may be mixed with other options. This way, options on the server line are used but may be overridden by tcp-check connect options. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index e6373584dc..c6b6cf4b4c 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -9820,7 +9820,7 @@ tcp-check connect [params*] use the TCP connection. default Use default options of the server line to do the health - checks. This parameter is exclusive with all other options. + checks. The server options are used only if not redifined. port if not set, check port or server port is used. It tells HAProxy where to open the connection to. diff --git a/include/types/checks.h b/include/types/checks.h index 3c44d82aaa..94ce5f2288 100644 --- a/include/types/checks.h +++ b/include/types/checks.h @@ -217,7 +217,8 @@ struct analyze_status { #define TCPCHK_OPT_SSL 0x0002 /* SSL connection */ #define TCPCHK_OPT_LINGER 0x0004 /* Do not RST connection, let it linger */ #define TCPCHK_OPT_DEFAULT_CONNECT 0x0008 /* Do a connect using server params */ -#define TCPCHK_OPT_SOCKS4 0x0010 /* check the connection via socks4 proxy */ +#define TCPCHK_OPT_IMPLICIT 0x0010 /* Implicit connect */ +#define TCPCHK_OPT_SOCKS4 0x0020 /* check the connection via socks4 proxy */ struct tcpcheck_connect { char *sni; /* server name to use for SSL connections */ diff --git a/src/checks.c b/src/checks.c index 55307b5b31..c26f17707f 100644 --- a/src/checks.c +++ b/src/checks.c @@ -2757,7 +2757,7 @@ static int tcpcheck_get_step_id(struct check *check, struct tcpcheck_rule *rule) /* last step is the first implicit connect */ if (rule->index == 0 && rule->action == TCPCHK_ACT_CONNECT && - (rule->connect.options & TCPCHK_OPT_DEFAULT_CONNECT)) + (rule->connect.options & TCPCHK_OPT_IMPLICIT)) return 0; return rule->index + 1; @@ -2863,9 +2863,9 @@ static enum tcpcheck_eval_ret tcpcheck_eval_connect(struct check *check, struct port = s->svc_port; set_host_port(conn->dst, port); - xprt = ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) - ? check->xprt - : ((connect->options & TCPCHK_OPT_SSL) ? xprt_get(XPRT_SSL) : xprt_get(XPRT_RAW))); + xprt = ((connect->options & TCPCHK_OPT_SSL) + ? xprt_get(XPRT_SSL) + : ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) ? check->xprt : xprt_get(XPRT_RAW))); conn_prepare(conn, proto, xprt); if (conn_install_mux(conn, &mux_pt_ops, cs, proxy, check->sess) < 0) { @@ -2885,47 +2885,40 @@ static enum tcpcheck_eval_ret tcpcheck_eval_connect(struct check *check, struct status = proto->connect(conn, flags); } - if (connect->options & TCPCHK_OPT_DEFAULT_CONNECT) { #ifdef USE_OPENSSL - if (status == SF_ERR_NONE) { - if (s->check.sni) - ssl_sock_set_servername(conn, s->check.sni); - if (s->check.alpn_str) - ssl_sock_set_alpn(conn, (unsigned char *)s->check.alpn_str, - s->check.alpn_len); - } -#endif - if (s->check.via_socks4 && (s->flags & SRV_F_SOCKS4_PROXY)) { - conn->send_proxy_ofs = 1; - conn->flags |= CO_FL_SOCKS4; - } - if (s->check.send_proxy && !(check->state & CHK_ST_AGENT)) { - conn->send_proxy_ofs = 1; - conn->flags |= CO_FL_SEND_PROXY; - } + if (status == SF_ERR_NONE) { + if (connect->sni) + ssl_sock_set_servername(conn, connect->sni); + else if ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) && s->check.sni) + ssl_sock_set_servername(conn, s->check.sni); + + if (connect->alpn) + ssl_sock_set_alpn(conn, (unsigned char *)connect->alpn, connect->alpn_len); + else if ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) && s->check.alpn_str) + ssl_sock_set_alpn(conn, (unsigned char *)s->check.alpn_str, s->check.alpn_len); } - else { -#ifdef USE_OPENSSL - if (status == SF_ERR_NONE) { - if (connect->sni) - ssl_sock_set_servername(conn, connect->sni); - if (connect->alpn) - ssl_sock_set_alpn(conn, (unsigned char *)connect->alpn, - connect->alpn_len); - } #endif - if ((connect->options & TCPCHK_OPT_SOCKS4) && (s->flags & SRV_F_SOCKS4_PROXY)) { - conn->send_proxy_ofs = 1; - conn->flags |= CO_FL_SOCKS4; - } - if (connect->options & TCPCHK_OPT_SEND_PROXY) { - conn->send_proxy_ofs = 1; - conn->flags |= CO_FL_SEND_PROXY; - } - if (conn_ctrl_ready(conn) && (connect->options & TCPCHK_OPT_LINGER)) { - /* Some servers don't like reset on close */ - fdtab[cs->conn->handle.fd].linger_risk = 0; - } + if ((connect->options & TCPCHK_OPT_SOCKS4) && (s->flags & SRV_F_SOCKS4_PROXY)) { + conn->send_proxy_ofs = 1; + conn->flags |= CO_FL_SOCKS4; + } + else if ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) && s->check.via_socks4 && (s->flags & SRV_F_SOCKS4_PROXY)) { + conn->send_proxy_ofs = 1; + conn->flags |= CO_FL_SOCKS4; + } + + if (connect->options & TCPCHK_OPT_SEND_PROXY) { + conn->send_proxy_ofs = 1; + conn->flags |= CO_FL_SEND_PROXY; + } + else if ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) && s->check.send_proxy && !(check->state & CHK_ST_AGENT)) { + conn->send_proxy_ofs = 1; + conn->flags |= CO_FL_SEND_PROXY; + } + + if (conn_ctrl_ready(conn) && (connect->options & TCPCHK_OPT_LINGER)) { + /* Some servers don't like reset on close */ + fdtab[cs->conn->handle.fd].linger_risk = 0; } if (conn_ctrl_ready(conn) && (conn->flags & (CO_FL_SEND_PROXY | CO_FL_SOCKS4))) { @@ -3973,7 +3966,7 @@ static int check_proxy_tcpcheck(struct proxy *px) goto out; } chk->action = TCPCHK_ACT_CONNECT; - chk->connect.options = TCPCHK_OPT_DEFAULT_CONNECT; + chk->connect.options = (TCPCHK_OPT_DEFAULT_CONNECT|TCPCHK_OPT_IMPLICIT); LIST_ADD(px->tcpcheck_rules.list, &chk->list); } @@ -4289,13 +4282,8 @@ static struct tcpcheck_rule *parse_tcpcheck_connect(char **args, int cur_arg, st cur_arg++; while (*(args[cur_arg])) { - if (strcmp(args[cur_arg], "default") == 0) { - if (cur_arg != 2 || *(args[cur_arg+1])) { - memprintf(errmsg, "'%s' is exclusive with all other options", args[cur_arg]); - goto error; - } - conn_opts = TCPCHK_OPT_DEFAULT_CONNECT; - } + if (strcmp(args[cur_arg], "default") == 0) + conn_opts |= TCPCHK_OPT_DEFAULT_CONNECT; else if (strcmp(args[cur_arg], "addr") == 0) { int port1, port2; struct protocol *proto;