]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e42d87f)
MINOR: listener: create a new struct "settings" in bind_conf
authorWilly Tarreau <w@1wt.eu>
Thu, 3 Sep 2020 05:09:09 +0000 (07:09 +0200)
committerWilly Tarreau <w@1wt.eu>
Wed, 16 Sep 2020 18:13:13 +0000 (20:13 +0200)
There currently is a large inconsistency in how binding parameters are
split between bind_conf and listeners. It happens that for historical
reasons some parameters are available at the listener level but cannot
be configured per-listener but only for a bind_conf, and thus, need to
be replicated. In addition, some of the bind_conf parameters are in fact
for the listening socket itself while others are for the instanciated
sockets.

A previous attempt at splitting listeners into receivers failed because
the boundary between all these settings is not well defined.

This patch introduces a level of listening socket settings in the
bind_conf, that will be detachable later. Such settings that are solely
for the listening socket are:
  - unix socket permissions (used only during binding)
  - interface (used for binding)
  - network namespace (used for binding)
  - process mask and thread mask (used during startup)

The rest seems to be used only to initialize the resulting sockets, or
to control the accept rate. For now, only the unix params (bind_conf->ux)
were moved there.

include/haproxy/listener-t.h patch | blob | blame | history
include/haproxy/listener.h patch | blob | blame | history
src/cfgparse-listen.c patch | blob | blame | history
src/cfgparse-unix.c patch | blob | blame | history
src/proto_uxst.c patch | blob | blame | history

diff --git a/include/haproxy/listener-t.h b/include/haproxy/listener-t.h
index cb30af1c8622875f14e936ba64d1150731bb7198..97ef5dde4c66d2377cfedbcd8b9ee7825a13f31c 100644 (file)
--- a/include/haproxy/listener-t.h
+++ b/include/haproxy/listener-t.h
@@ -180,11 +180,13 @@ struct bind_conf {
        char *arg;                 /* argument passed to "bind" for better error reporting */
        char *file;                /* file where the section appears */
        int line;                  /* line where the section appears */
-       struct {                   /* UNIX socket permissions */
-               uid_t uid;         /* -1 to leave unchanged */
-               gid_t gid;         /* -1 to leave unchanged */
-               mode_t mode;       /* 0 to leave unchanged */
-       } ux;
+       struct {
+               struct {                   /* UNIX socket permissions */
+                       uid_t uid;         /* -1 to leave unchanged */
+                       gid_t gid;         /* -1 to leave unchanged */
+                       mode_t mode;       /* 0 to leave unchanged */
+               } ux;
+       } settings;                /* all the settings needed for the listening socket */
 };
 
 /* The listener will be directly referenced by the fdtab[] which holds its
diff --git a/include/haproxy/listener.h b/include/haproxy/listener.h
index 9715f89aea0244582c5ecf5f92ec07fee8f273bb..2f7231e6334d75eeba3d84cdacd790029ee5bf56 100644 (file)
--- a/include/haproxy/listener.h
+++ b/include/haproxy/listener.h
@@ -150,9 +150,9 @@ static inline struct bind_conf *bind_conf_alloc(struct proxy *fe, const char *fi
        if (arg)
                bind_conf->arg = strdup(arg);
 
-       bind_conf->ux.uid = -1;
-       bind_conf->ux.gid = -1;
-       bind_conf->ux.mode = 0;
+       bind_conf->settings.ux.uid = -1;
+       bind_conf->settings.ux.gid = -1;
+       bind_conf->settings.ux.mode = 0;
        bind_conf->xprt = xprt;
        bind_conf->frontend = fe;
        bind_conf->severity_output = CLI_SEVERITY_NONE;
diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c
index ac23bf65dd5afccb5e382082a14906e77d8be492..82e8cf98900ec6a39385b30d2433cf71f317d21c 100644 (file)
--- a/src/cfgparse-listen.c
+++ b/src/cfgparse-listen.c
@@ -565,9 +565,9 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
                bind_conf = bind_conf_alloc(curproxy, file, linenum, args[1], xprt_get(XPRT_RAW));
 
                /* use default settings for unix sockets */
-               bind_conf->ux.uid  = global.unix_bind.ux.uid;
-               bind_conf->ux.gid  = global.unix_bind.ux.gid;
-               bind_conf->ux.mode = global.unix_bind.ux.mode;
+               bind_conf->settings.ux.uid  = global.unix_bind.ux.uid;
+               bind_conf->settings.ux.gid  = global.unix_bind.ux.gid;
+               bind_conf->settings.ux.mode = global.unix_bind.ux.mode;
 
                /* NOTE: the following line might create several listeners if there
                 * are comma-separated IPs or port ranges. So all further processing
diff --git a/src/cfgparse-unix.c b/src/cfgparse-unix.c
index b1631c90135ae1734b7bf8f0f347fb051e241505..2e7e8232ebf2ec4818d2a6303a1cfa9f0b6f3d86 100644 (file)
--- a/src/cfgparse-unix.c
+++ b/src/cfgparse-unix.c
@@ -43,7 +43,7 @@ static int bind_parse_mode(char **args, int cur_arg, struct proxy *px, struct bi
 {
        char *endptr;
 
-       conf->ux.mode = strtol(args[cur_arg + 1], &endptr, 8);
+       conf->settings.ux.mode = strtol(args[cur_arg + 1], &endptr, 8);
 
        if (!*args[cur_arg + 1] || *endptr) {
                memprintf(err, "'%s' : missing or invalid mode '%s' (octal integer expected)", args[cur_arg], args[cur_arg + 1]);
@@ -61,7 +61,7 @@ static int bind_parse_gid(char **args, int cur_arg, struct proxy *px, struct bin
                return ERR_ALERT | ERR_FATAL;
        }
 
-       conf->ux.gid = atol(args[cur_arg + 1]);
+       conf->settings.ux.gid = atol(args[cur_arg + 1]);
        return 0;
 }
 
@@ -81,7 +81,7 @@ static int bind_parse_group(char **args, int cur_arg, struct proxy *px, struct b
                return ERR_ALERT | ERR_FATAL;
        }
 
-       conf->ux.gid = group->gr_gid;
+       conf->settings.ux.gid = group->gr_gid;
        return 0;
 }
 
@@ -93,7 +93,7 @@ static int bind_parse_uid(char **args, int cur_arg, struct proxy *px, struct bin
                return ERR_ALERT | ERR_FATAL;
        }
 
-       conf->ux.uid = atol(args[cur_arg + 1]);
+       conf->settings.ux.uid = atol(args[cur_arg + 1]);
        return 0;
 }
 
@@ -113,7 +113,7 @@ static int bind_parse_user(char **args, int cur_arg, struct proxy *px, struct bi
                return ERR_ALERT | ERR_FATAL;
        }
 
-       conf->ux.uid = user->pw_uid;
+       conf->settings.ux.uid = user->pw_uid;
        return 0;
 }
 
diff --git a/src/proto_uxst.c b/src/proto_uxst.c
index 07e83e29c5995c5db059480be985d0ae2dfe2e73..8be2219f2ff6ea71e5d89af8bce45eae3feee4e6 100644 (file)
--- a/src/proto_uxst.c
+++ b/src/proto_uxst.c
@@ -224,9 +224,9 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle
         * where it works. We also don't change permissions on abstract sockets.
         */
        if (!ext && path[0] &&
-           (((listener->bind_conf->ux.uid != -1 || listener->bind_conf->ux.gid != -1) &&
-             (chown(tempname, listener->bind_conf->ux.uid, listener->bind_conf->ux.gid) == -1)) ||
-            (listener->bind_conf->ux.mode != 0 && chmod(tempname, listener->bind_conf->ux.mode) == -1))) {
+           (((listener->bind_conf->settings.ux.uid != -1 || listener->bind_conf->settings.ux.gid != -1) &&
+             (chown(tempname, listener->bind_conf->settings.ux.uid, listener->bind_conf->settings.ux.gid) == -1)) ||
+            (listener->bind_conf->settings.ux.mode != 0 && chmod(tempname, listener->bind_conf->settings.ux.mode) == -1))) {
                err |= ERR_FATAL | ERR_ALERT;
                msg = "cannot change UNIX socket ownership";
                goto err_unlink_temp;
Mirror of https://github.com/haproxy/haproxy.git