From: Amaury Denoyelle Date: Tue, 25 Jul 2023 13:16:55 +0000 (+0200) Subject: MINOR: server: define reverse-connect server X-Git-Tag: v2.9-dev4~31 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e6223a318833f2f58303f36839e592f5aede5d17;p=thirdparty%2Fhaproxy.git MINOR: server: define reverse-connect server Implement reverse-connect server. This server type cannot instantiate its own connection on transfer. Instead, it can only reuse connection from its idle pool. These connections will be populated using the future 'tcp-request session attach-srv' rule. A reverse-connect has no address. Instead, it uses a new custom server notation with '@' character prefix. For the moment, only '@reverse' is defined. An extra check is implemented to ensure server is used in a HTTP proxy. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index b7f6f65373..5ebd2a5b27 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -11437,6 +11437,13 @@ server
[:[port]] [param*] variables. The "init-addr" setting can be used to modify the way IP addresses should be resolved upon startup. + Additionally, there is a special address notation defined for + servers which does not have any address assigned. Currently, only + '@reverse' is valid. This instantiates a server which can only be + used with reverse connect. This mode requires the proxy to be in + HTTP mode and the server to explicitly use HTTP/2, either through + 'proto' or 'alpn' keywords. + is an optional port specification. If set, all connections will be sent to this port. If unset, the same port the client connected to will be used. The port may also be prefixed by a "+" diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h index f22d1fa49e..0fdfd6abe0 100644 --- a/include/haproxy/server-t.h +++ b/include/haproxy/server-t.h @@ -141,6 +141,7 @@ enum srv_initaddr { #define SRV_F_NON_STICK 0x0004 /* never add connections allocated to this server to a stick table */ #define SRV_F_USE_NS_FROM_PP 0x0008 /* use namespace associated with connection if present */ #define SRV_F_FORCED_ID 0x0010 /* server's ID was forced in the configuration */ +#define SRV_F_REVERSE 0x0020 /* reverse connect server which requires idle connection for transfers */ #define SRV_F_AGENTPORT 0x0040 /* this server has a agent port configured */ #define SRV_F_AGENTADDR 0x0080 /* this server has a agent addr configured */ #define SRV_F_COOKIESET 0x0100 /* this server has a cookie configured, so don't generate dynamic cookies */ diff --git a/src/cfgparse.c b/src/cfgparse.c index e81acda5d4..28e04b50f1 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -4015,6 +4015,14 @@ out_uri_auth_compat: if ((curproxy->mode != PR_MODE_HTTP) && (curproxy->options & PR_O_REUSE_MASK) != PR_O_REUSE_NEVR) curproxy->options &= ~PR_O_REUSE_MASK; + if ((curproxy->mode != PR_MODE_HTTP) && newsrv->flags & SRV_F_REVERSE) { + ha_alert("%s '%s' : server %s uses reverse addressing which can only be used with HTTP mode.\n", + proxy_type_str(curproxy), curproxy->id, newsrv->id); + cfgerr++; + err_code |= ERR_FATAL | ERR_ALERT; + goto out; + } + newsrv = newsrv->next; } diff --git a/src/server.c b/src/server.c index 1118a2d4af..0f5d9d0922 100644 --- a/src/server.c +++ b/src/server.c @@ -2765,6 +2765,22 @@ static int _srv_parse_init(struct server **srv, char **args, int *cur_arg, else newsrv->tmpl_info.prefix = strdup(args[1]); + /* special address specifier */ + if (args[*cur_arg][0] == '@') { + if (strcmp(args[*cur_arg], "@reverse") == 0) { + newsrv->flags |= SRV_F_REVERSE; + } + else { + ha_alert("unknown server address specifier '%s'\n", + args[*cur_arg]); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } + + (*cur_arg)++; + parse_flags &= ~SRV_PARSE_PARSE_ADDR; + } + /* several ways to check the port component : * - IP => port=+0, relative (IPv4 only) * - IP: => port=+0, relative