From d3db96f11a55b91cda1190b6d41deb6e737802ff Mon Sep 17 00:00:00 2001
From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Thu, 21 Sep 2023 16:54:41 +0200
Subject: [PATCH] MINOR: proto_reverse_connect: prevent transparent server for
 pre-connect

Prevent using transparent servers for pre-connect on startup by emitting
a fatal error. This is used to ensure we never try to connect to a
target with an unspecified destination address or port.
---
 src/proto_reverse_connect.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/proto_reverse_connect.c b/src/proto_reverse_connect.c
index efaf81507d..f370ce2273 100644
--- a/src/proto_reverse_connect.c
+++ b/src/proto_reverse_connect.c
@@ -186,12 +186,16 @@ int rev_bind_listener(struct listener *listener, char *errmsg, int errlen)
 		goto err;
 	}
 
-	/* TODO check que on utilise pas un serveur @reverse */
 	if (srv->flags & SRV_F_REVERSE) {
 		snprintf(errmsg, errlen, "Cannot use reverse server '%s/%s' as target to a reverse bind.", ist0(be_name), ist0(sv_name));
 		goto err;
 	}
 
+	if (srv_is_transparent(srv)) {
+		snprintf(errmsg, errlen, "Cannot use transparent server '%s/%s' as target to a reverse bind.", ist0(be_name), ist0(sv_name));
+		goto err;
+	}
+
 	/* Check that server uses HTTP/2 either with proto or ALPN. */
 	if ((!srv->mux_proto || !isteqi(srv->mux_proto->token, ist("h2"))) &&
 	    (!srv->use_ssl || !isteqi(ist(srv->ssl_ctx.alpn_str), ist("\x02h2")))) {
-- 
2.47.2