From: Willy Tarreau Date: Tue, 13 Jul 2010 12:49:50 +0000 (+0200) Subject: [MEDIUM] backend: support servers on 0.0.0.0 X-Git-Tag: v1.5-dev8~547 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d669a4f72bff0d094d4824d4c46370e9736ec7a3;p=thirdparty%2Fhaproxy.git [MEDIUM] backend: support servers on 0.0.0.0 Till now when a server was configured with address 0.0.0.0, the connection was forwarded to this address which generally is intercepted by the system as a local address, so this was completely useless. One sometimes useful feature for outgoing transparent proxies is to be able to forward the connection to the same address the client requested. This patch fixes the meaning of 0.0.0.0 precisely to ensure that the connection will be forwarded to the initial client's destination address. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 11c7a1ae2a..d1fa1fa1fc 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -4296,7 +4296,14 @@ server
[:port] [param*]
is the IPv4 address of the server. Alternatively, a resolvable hostname is supported, but this name will be resolved during - start-up. + start-up. Address "0.0.0.0" or "*" has a special meaning. It + indicates that the connection will be forwarded to the same IP + address as the one from the client connection. This is useful in + transparent proxy architectures where the client's connection is + intercepted and haproxy must forward to the original destination + address. This is more or less what the "transparent" keyword does + except that with a server it's possible to limit concurrency and + to report statistics. is an optional port specification. If set, all connections will be sent to this port. If unset, the same port the client diff --git a/src/backend.c b/src/backend.c index 1fc6b2aaad..33a81ab91e 100644 --- a/src/backend.c +++ b/src/backend.c @@ -661,6 +661,17 @@ int assign_server_address(struct session *s) s->srv_addr = s->srv->addr; + if (!s->srv_addr.sin_addr.s_addr) { + /* if the server has no address, we use the same address + * the client asked, which is handy for remapping ports + * locally on multiple addresses at once. + */ + if (!(s->be->options & PR_O_TRANSP) && !(s->flags & SN_FRT_ADDR_SET)) + get_frt_addr(s); + + s->srv_addr.sin_addr = ((struct sockaddr_in *)&s->frt_addr)->sin_addr; + } + /* if this server remaps proxied ports, we'll use * the port the client connected to with an offset. */ if (s->srv->state & SRV_MAPPORTS) {