client_crt
Returns true if a client certificate is present in an incoming connection over
- SSL/TLS data layer. Useful if 'verify' statement is set to 'optional'.
+ SSL/TLS transport layer. Useful if 'verify' statement is set to 'optional'.
is_ssl
- Returns true when the incoming connection was made via an SSL/TLS data layer
- and is locally deciphered. This means it has matched a socket declared with
- a "bind" line having the "ssl" option.
+ Returns true when the incoming connection was made via an SSL/TLS transport
+ layer and is locally deciphered. This means it has matched a socket declared
+ with a "bind" line having the "ssl" option.
rep_ssl_hello_type <integer>
Returns true when data in the response buffer looks like a complete SSL (v3
switching is needed, it is recommended to first wait for a complete client
hello (type 1), like in the example below. Note that this only applies to raw
contents found in the request buffer and not to contents deciphered via an
- SSL data layer, so this will not work with "bind" lines having the "ssl"
+ SSL transport layer, so this will not work with "bind" lines having the "ssl"
option. See also "ssl_sni" below.
Examples :
that TLSv1 is announced as SSL version 3.1. This test was designed to be used
with TCP request content inspection. Note that this only applies to raw
contents found in the request buffer and not to contents deciphered via an
- SSL data layer, so this will not work with "bind" lines having the "ssl"
+ SSL transport layer, so this will not work with "bind" lines having the "ssl"
option.
ssl_has_sni
This is used to check for presence of a Server Name Indication TLS extension
- in an incoming connection was made over an SSL/TLS data layer. Returns true
- when the incoming connection presents a TLS SNI field. This requires that
- the SSL library is build with support for TLS extensions (check haproxy -vv).
+ in an incoming connection was made over an SSL/TLS transport layer. Returns
+ true when the incoming connection presents a TLS SNI field. This requires
+ that the SSL library is build with support for TLS extensions enabled (check
+ haproxy -vv).
ssl_sni <string>
- Returns true when the incoming connection was made over an SSL/TLS data layer
- which deciphered it and found a Server Name Indication TLS extension sent by
- the client, matching the specified string. In HTTPS, the SNI field (when
- present) is equal to the requested host name. This match is different from
- req_ssl_sni above in that it applies to the connection being deciphered by
- haproxy and not to SSL contents being blindly forwarded. See also ssl_sni_end
- and ssl_sni_req below. This requires that the SSL library is build with
- support for TLS extensions (check haproxy -vv).
+ Returns true when the incoming connection was made over an SSL/TLS transport
+ layer which deciphered it and found a Server Name Indication TLS extension
+ sent by the client, matching the specified string. In HTTPS, the SNI field
+ (when present) is equal to the requested host name. This match is different
+ from req_ssl_sni above in that it applies to the connection being deciphered
+ by haproxy and not to SSL contents being blindly forwarded. See also
+ ssl_sni_end and ssl_sni_req below. This requires that the SSL library is
+ build with support for TLS extensions enabled (check haproxy -vv).
ssl_sni_end <string>
- Returns true when the incoming connection was made over an SSL/TLS data layer
- which deciphered it and found a Server Name Indication TLS extension sent by
- the client, ending like the specified string. In HTTPS, the SNI field (when
- present) is equal to the requested host name. This match is different from
- req_ssl_sni above in that it applies to the connection being deciphered by
- haproxy and not to SSL contents being blindly forwarded. This requires that
- the SSL library is build with support for TLS extensions (check haproxy -vv).
+ Returns true when the incoming connection was made over an SSL/TLS transport
+ layer which deciphered it and found a Server Name Indication TLS extension
+ sent by the client, ending like the specified string. In HTTPS, the SNI field
+ (when present) is equal to the requested host name. This match is different
+ from req_ssl_sni above in that it applies to the connection being deciphered
+ by haproxy and not to SSL contents being blindly forwarded. This requires
+ that the SSL library is build with support for TLS extensions enabled (check
+ haproxy -vv).
ssl_sni_req <regex>
- Returns true when the incoming connection was made over an SSL/TLS data layer
- which deciphered it and found a Server Name Indication TLS extension sent by
- the client, matching the specified regex. In HTTPS, the SNI field (when
- present) is equal to the requested host name. This match is different from
- req_ssl_sni above in that it applies to the connection being deciphered by
- haproxy and not to SSL contents being blindly forwarded. This requires that
- the SSL library is build with support for TLS extensions (check haproxy -vv).
+ Returns true when the incoming connection was made over an SSL/TLS transport
+ layer which deciphered it and found a Server Name Indication TLS extension
+ sent by the client, matching the specified regex. In HTTPS, the SNI field
+ (when present) is equal to the requested host name. This match is different
+ from req_ssl_sni above in that it applies to the connection being deciphered
+ by haproxy and not to SSL contents being blindly forwarded. This requires
+ that the SSL library is build with support for TLS extensions enabled (check
+ haproxy -vv).
ssl_verify_caerr <errorID>
- Returns true when the incoming connection was made over an SSL/TLS data layer
- and the ID of the first error detected during verify at depth > 0 match the
- errorID.
+ Returns true when the incoming connection was made over an SSL/TLS transport
+ layer and the ID of the first error detected during verify at depth > 0 match
+ the errorID.
ssl_verify_caerr_depth <depth>
- Returns true when the incoming connection was made over an SSL/TLS data layer
- and the depth of the first error detected during verify match the depth.
+ Returns true when the incoming connection was made over an SSL/TLS transport
+ layer and the depth of the first error detected during verify match the
+ depth.
ssl_verify_crterr <errorID>
- Returns true when the incoming connection was made over an SSL/TLS data layer
- and the ID of the first error detected during verify at depth == 0 match the
- errorID.
+ Returns true when the incoming connection was made over an SSL/TLS transport
+ layer and the ID of the first error detected during verify at depth == 0
+ match the errorID.
ssl_verify_result <errorID>
- Returns true when the incoming connection was made over an SSL/TLS data layer
- and the verify result match the errorID.
+ Returns true when the incoming connection was made over an SSL/TLS transport
+ layer and the verify result match the errorID.
wait_end
Waits for the end of the analysis period to return true. This may be used in
requested objects by host/path.
client_crt
Returns 1 if a client certificate is present in an incoming
- connection over SSL/TLS data layer, otherwise 0.
+ connection over SSL/TLS transport layer, otherwise 0.
src This is the source IPv4 address of the client of the session.
It is of type IPv4 and works on both IPv4 and IPv6 tables.
last one. A typical use is with the X-Forwarded-For header once
converted to IP, associated with an IP stick-table.
- is_ssl This checks the data layer used by incoming connection, and
- returns 1 if the connection was made via an SSL/TLS data layer,
- otherwise zero.
+ is_ssl This checks the transport layer used by incoming connection, and
+ returns 1 if the connection was made via an SSL/TLS transport
+ layer, otherwise zero.
path This extracts the request's URL path (without the host part). A
typical use is with prefetch-capable caches, and with portals
that this function will be useful but it's available at no cost.
It is of type integer and only works with such tables.
- ssl_has_sni This checks the data layer used by incoming connection, and
- returns 1 if the connection was made via an SSL/TLS data layer
- and the client sent a Server Name Indication TLS extension,
+ ssl_has_sni This checks the transport layer used by incoming connection, and
+ returns 1 if the connection was made via an SSL/TLS transport
+ layer and the client sent a Server Name Indication TLS extension,
otherwise zero. This requires that the SSL library is build with
- support for TLS extensions (check haproxy -vv).
+ support for TLS extensions enabled (check haproxy -vv).
ssl_sni This extracts the Server Name Indication field from an incoming
- connection made via an SSL/TLS data layer and locally deciphered
- by haproxy. The result typically is a string matching the HTTPS
- host name (253 chars or less). The SSL library must have been
- built with support for TLS extensions (check haproxy -vv).
+ connection made via an SSL/TLS transport layer and locally
+ deciphered by haproxy. The result typically is a string matching
+ the HTTPS host name (253 chars or less). The SSL library must
+ have been built with support for TLS extensions enabled (check
+ haproxy -vv).
ssl_verify_caerr
Returns the ID of the first error detected during verify at
ssl_verify_result
Returns the verify result errorID when the incoming connection
- was made over an SSL/TLS data layer.
+ was made over an SSL/TLS transport layer.
url This extracts the request's URL as presented in the request. A
typical use is with prefetch-capable caches, and with portals
/* receive a PROXY protocol header over a connection */
int conn_recv_proxy(struct connection *conn, int flag);
-/* calls the init() function of the data layer if any. Returns <0 in case of
- * error.
+/* calls the init() function of the transport layer if any.
+ * Returns <0 in case of error.
*/
-static inline int conn_data_init(struct connection *conn)
+static inline int conn_xprt_init(struct connection *conn)
{
- if (conn->data && conn->data->init)
- return conn->data->init(conn);
+ if (conn->xprt && conn->xprt->init)
+ return conn->xprt->init(conn);
return 0;
}
-/* Calls the close() function of the data layer if any */
-static inline void conn_data_close(struct connection *conn)
+/* Calls the close() function of the transport layer if any */
+static inline void conn_xprt_close(struct connection *conn)
{
- if (conn->data && conn->data->close)
- conn->data->close(conn);
+ if (conn->xprt && conn->xprt->close)
+ conn->xprt->close(conn);
}
/* Update polling on connection <c>'s file descriptor depending on its current
conn->flags |= CO_FL_ADDR_TO_SET;
}
-/* prepares a connection with the appropriate app_cb, ctrl and data layers. The
- * data state and context are set to 0, and the connection's owner is set.
+/* prepares a connection with the appropriate app_cb, ctrl and transport layers.
+ * The data state and context are set to 0, and the connection's owner is set.
*/
static inline void conn_prepare(struct connection *conn, const struct app_cb *app,
- const struct protocol *ctrl, const struct data_ops *data,
+ const struct protocol *ctrl, const struct xprt_ops *xprt,
void *owner)
{
conn->app_cb = app;
conn->ctrl = ctrl;
- conn->data = data;
+ conn->xprt = xprt;
conn->owner = owner;
- conn->data_st = 0;
- conn->data_ctx = NULL;
+ conn->xprt_st = 0;
+ conn->xprt_ctx = NULL;
}
#endif /* _PROTO_CONNECTION_H */
#include <types/stream_interface.h>
-extern struct data_ops raw_sock;
+extern struct xprt_ops raw_sock;
#endif /* _PROTO_RAW_SOCK_H */
#include <types/proxy.h>
#include <types/stream_interface.h>
-extern struct data_ops ssl_sock;
+extern struct xprt_ops ssl_sock;
int ssl_sock_handshake(struct connection *conn, unsigned int flag);
int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy *proxy);
void ssl_sock_free_certs(struct bind_conf *bind_conf);
return si->conn.t.sock.fd;
}
-static inline void si_prepare_conn(struct stream_interface *si, const struct protocol *ctrl, const struct data_ops *ops)
+static inline void si_prepare_conn(struct stream_interface *si, const struct protocol *ctrl, const struct xprt_ops *xprt)
{
si->ops = &si_conn_ops;
- conn_prepare(&si->conn, &si_conn_cb, ctrl, ops, si);
+ conn_prepare(&si->conn, &si_conn_cb, ctrl, xprt, si);
}
static inline void si_prepare_embedded(struct stream_interface *si)
CO_FL_INIT_SESS = 0x00000800, /* initialize a session before using data */
/* when any of these flags is set, polling is defined by socket-layer
- * operations, as opposed to data-layer.
+ * operations, as opposed to data-layer. Transport is explicitly not
+ * mentionned here to avoid any confusion, since it can be the same
+ * as DATA or SOCK on some implementations.
*/
CO_FL_POLL_SOCK = CO_FL_HANDSHAKE | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN,
};
-/* data_ops describes data-layer operations for a connection. They generally
- * run over a socket-based control layer, but not always.
+/* xprt_ops describes transport-layer operations for a connection. They
+ * generally run over a socket-based control layer, but not always. Some
+ * of them are used for data transfer with the upper layer (rcv_*, snd_*)
+ * and the other ones are used to setup and release the transport layer.
*/
-struct data_ops {
+struct xprt_ops {
int (*rcv_buf)(struct connection *conn, struct buffer *buf, int count); /* recv callback */
int (*snd_buf)(struct connection *conn, struct buffer *buf, int flags); /* send callback */
int (*rcv_pipe)(struct connection *conn, struct pipe *pipe, unsigned int count); /* recv-to-pipe callback */
int (*snd_pipe)(struct connection *conn, struct pipe *pipe); /* send-to-pipe callback */
void (*shutr)(struct connection *, int); /* shutr function */
void (*shutw)(struct connection *, int); /* shutw function */
- void (*close)(struct connection *); /* close the data channel on the connection */
- int (*init)(struct connection *conn); /* initialize the data layer */
+ void (*close)(struct connection *); /* close the transport layer */
+ int (*init)(struct connection *conn); /* initialize the transport layer */
};
-/* app_cb describes read and write callbacks which are called upon detected I/O
- * activity at the data layer. These callbacks are supposed to make use of the
- * data_ops above to exchange data from/to buffers and pipes.
+/* app_cb describes the data layer's recv and send callbacks which are called
+ * when I/O activity was detected after the transport layer is ready. These
+ * callbacks are supposed to make use of the xprt_ops above to exchange data
+ * from/to buffers and pipes.
*/
struct app_cb {
void (*recv)(struct connection *conn); /* application-layer recv callback */
/* This structure describes a connection with its methods and data.
* A connection may be performed to proxy or server via a local or remote
* socket, and can also be made to an internal applet. It can support
- * several data schemes (applet, raw, ssl, ...). It can support several
+ * several transport schemes (applet, raw, ssl, ...). It can support several
* connection control schemes, generally a protocol for socket-oriented
* connections, but other methods for applets.
*/
struct connection {
- const struct data_ops *data; /* operations at the data layer */
+ const struct xprt_ops *xprt; /* operations at the transport layer */
const struct protocol *ctrl; /* operations at the socket layer */
const struct app_cb *app_cb; /* application layer callbacks */
void *owner; /* pointer to upper layer's entity (eg: stream interface) */
} sock;
} t;
unsigned int flags; /* CO_F_* */
- int data_st; /* data layer state, initialized to zero */
- void *data_ctx; /* general purpose pointer, initialized to NULL */
+ int xprt_st; /* transport layer state, initialized to zero */
+ void *xprt_ctx; /* general purpose pointer, initialized to NULL */
struct target target; /* the target to connect to (server, proxy, applet, ...) */
struct {
struct sockaddr_storage from; /* client address, or address to spoof when connecting to the server */
/* Some pointer types reference below */
struct task;
struct protocol;
-struct data_ops;
+struct xprt_ops;
struct proxy;
struct licounters;
int options; /* socket options : LI_O_* */
struct licounters *counters; /* statistics counters */
struct protocol *proto; /* protocol this listener belongs to */
- struct data_ops *data; /* data-layer operations operations for this socket */
+ struct xprt_ops *xprt; /* transport-layer operations for this socket */
int nbconn; /* current number of connections on this listener */
int maxconn; /* maximum connections allowed on this listener */
unsigned int backlog; /* if set, listen backlog */
time_t last_change;
struct sockaddr_storage addr; /* peer address */
struct protocol *proto; /* peer address protocol */
- struct data_ops *data; /* peer socket operations at data layer */
+ struct xprt_ops *xprt; /* peer socket operations at transport layer */
void *sock_init_arg; /* socket operations's opaque init argument if needed */
struct peer *next; /* next peer in the list */
};
int bind_hdr_occ; /* occurrence number of header above: >0 = from first, <0 = from end, 0=disabled */
#endif
struct protocol *proto; /* server address protocol */
- struct data_ops *data; /* data-layer operations */
+ struct xprt_ops *xprt; /* transport-layer operations */
unsigned down_time; /* total time the server was down */
time_t last_change; /* last time, when the state was changed */
struct timeval check_start; /* last health check start time */
/* set the correct protocol on the output stream interface */
if (s->target.type == TARG_TYPE_SERVER) {
- si_prepare_conn(s->req->cons, target_srv(&s->target)->proto, target_srv(&s->target)->data);
+ si_prepare_conn(s->req->cons, target_srv(&s->target)->proto, target_srv(&s->target)->xprt);
}
else if (s->target.type == TARG_TYPE_PROXY) {
/* proxies exclusively run on raw_sock right now */
l->fd = -1;
l->addr = ss;
- l->data = &raw_sock;
+ l->xprt = &raw_sock;
l->state = LI_INIT;
if (ss.ss_family == AF_INET) {
}
newpeer->addr = *sk;
newpeer->proto = protocol_by_family(newpeer->addr.ss_family);
- newpeer->data = &raw_sock;
+ newpeer->xprt = &raw_sock;
newpeer->sock_init_arg = NULL;
if (!newpeer->proto) {
}
newsrv->addr = *sk;
newsrv->proto = protocol_by_family(newsrv->addr.ss_family);
- newsrv->data = &raw_sock;
+ newsrv->xprt = &raw_sock;
if (!newsrv->proto) {
Alert("parsing [%s:%d] : Unknown protocol family %d '%s'\n",
/* Initiate SSL context for current server */
newsrv->ssl_ctx.reused_sess = NULL;
- newsrv->data = &ssl_sock;
+ newsrv->xprt = &ssl_sock;
newsrv->ssl_ctx.ctx = SSL_CTX_new(SSLv23_client_method());
if(!newsrv->ssl_ctx.ctx) {
/* we have a dedicated I/O handler for the stats */
stream_int_register_handler(&s->si[1], &cli_applet);
copy_target(&s->target, &s->si[1].conn.target); // for logging only
- s->si[1].conn.data_ctx = s;
+ s->si[1].conn.xprt_ctx = s;
s->si[1].applet.st1 = 0;
s->si[1].applet.st0 = STAT_CLI_INIT;
static int stats_dump_table_head_to_buffer(struct chunk *msg, struct stream_interface *si,
struct proxy *proxy, struct proxy *target)
{
- struct session *s = si->conn.data_ctx;
+ struct session *s = si->conn.xprt_ctx;
chunk_printf(msg, "# table: %s, type: %s, size:%d, used:%d\n",
proxy->id, stktable_types[proxy->table.type].kw, proxy->table.size, proxy->table.current);
static void stats_sock_table_key_request(struct stream_interface *si, char **args, int action)
{
- struct session *s = si->conn.data_ctx;
+ struct session *s = si->conn.xprt_ctx;
struct proxy *px = si->applet.ctx.table.target;
struct stksess *ts;
uint32_t uint32_key;
static void stats_sock_table_request(struct stream_interface *si, char **args, int action)
{
si->applet.ctx.table.data_type = -1;
- si->conn.data_st = STAT_ST_INIT;
+ si->conn.xprt_st = STAT_ST_INIT;
si->applet.ctx.table.target = NULL;
si->applet.ctx.table.proxy = NULL;
si->applet.ctx.table.entry = NULL;
*/
static int stats_sock_parse_request(struct stream_interface *si, char *line)
{
- struct session *s = si->conn.data_ctx;
+ struct session *s = si->conn.xprt_ctx;
char *args[MAX_STATS_ARGS + 1];
int arg;
si->applet.ctx.stats.flags |= STAT_SHOW_STAT;
si->applet.ctx.stats.flags |= STAT_FMT_CSV;
- si->conn.data_st = STAT_ST_INIT;
+ si->conn.xprt_st = STAT_ST_INIT;
si->applet.st0 = STAT_CLI_O_INFO; // stats_dump_raw_to_buffer
}
else if (strcmp(args[1], "info") == 0) {
si->applet.ctx.stats.flags |= STAT_SHOW_INFO;
si->applet.ctx.stats.flags |= STAT_FMT_CSV;
- si->conn.data_st = STAT_ST_INIT;
+ si->conn.xprt_st = STAT_ST_INIT;
si->applet.st0 = STAT_CLI_O_INFO; // stats_dump_raw_to_buffer
}
else if (strcmp(args[1], "sess") == 0) {
- si->conn.data_st = STAT_ST_INIT;
+ si->conn.xprt_st = STAT_ST_INIT;
if (s->listener->bind_conf->level < ACCESS_LVL_OPER) {
si->applet.ctx.cli.msg = stats_permission_denied_msg;
si->applet.st0 = STAT_CLI_PRINT;
else
si->applet.ctx.errors.iid = -1;
si->applet.ctx.errors.px = NULL;
- si->conn.data_st = STAT_ST_INIT;
+ si->conn.xprt_st = STAT_ST_INIT;
si->applet.st0 = STAT_CLI_O_ERR; // stats_dump_errors_to_buffer
}
else if (strcmp(args[1], "table") == 0) {
}
/* This function dumps statistics onto the stream interface's read buffer.
- * The data_ctx must have been zeroed first, and the flags properly set.
+ * The xprt_ctx must have been zeroed first, and the flags properly set.
* It returns 0 as long as it does not complete, non-zero upon completion.
* Some states are not used but it makes the code more similar to other
* functions which handle stats too.
chunk_init(&msg, trash, trashlen);
- switch (si->conn.data_st) {
+ switch (si->conn.xprt_st) {
case STAT_ST_INIT:
/* the function had not been called yet */
- si->conn.data_st = STAT_ST_HEAD;
+ si->conn.xprt_st = STAT_ST_HEAD;
/* fall through */
case STAT_ST_HEAD:
return 0;
}
- si->conn.data_st = STAT_ST_INFO;
+ si->conn.xprt_st = STAT_ST_INFO;
/* fall through */
case STAT_ST_INFO:
si->applet.ctx.stats.px = proxy;
si->applet.ctx.stats.px_st = STAT_PX_ST_INIT;
si->applet.ctx.stats.sv = NULL;
- si->conn.data_st = STAT_ST_LIST;
+ si->conn.xprt_st = STAT_ST_LIST;
/* fall through */
case STAT_ST_LIST:
/* here, we just have reached the last proxy */
}
- si->conn.data_st = STAT_ST_END;
+ si->conn.xprt_st = STAT_ST_END;
/* fall through */
case STAT_ST_END:
- si->conn.data_st = STAT_ST_FIN;
+ si->conn.xprt_st = STAT_ST_FIN;
/* fall through */
case STAT_ST_FIN:
default:
/* unknown state ! */
- si->conn.data_st = STAT_ST_FIN;
+ si->conn.xprt_st = STAT_ST_FIN;
return 1;
}
}
*/
static int stats_http_redir(struct stream_interface *si, struct uri_auth *uri)
{
- struct session *s = si->conn.data_ctx;
+ struct session *s = si->conn.xprt_ctx;
struct chunk msg;
chunk_init(&msg, trash, trashlen);
- switch (si->conn.data_st) {
+ switch (si->conn.xprt_st) {
case STAT_ST_INIT:
chunk_printf(&msg,
"HTTP/1.0 303 See Other\r\n"
if (!(s->flags & SN_FINST_MASK))
s->flags |= SN_FINST_R;
- si->conn.data_st = STAT_ST_FIN;
+ si->conn.xprt_st = STAT_ST_FIN;
return 1;
}
return 1;
*/
static void http_stats_io_handler(struct stream_interface *si)
{
- struct session *s = si->conn.data_ctx;
+ struct session *s = si->conn.xprt_ctx;
struct channel *req = si->ob;
struct channel *res = si->ib;
/* This function dumps statistics in HTTP format onto the stream interface's
- * read buffer. The data_ctx must have been zeroed first, and the flags
+ * read buffer. The xprt_ctx must have been zeroed first, and the flags
* properly set. It returns 0 if it had to stop writing data and an I/O is
* needed, 1 if the dump is finished and the session must be closed, or -1
* in case of any error.
*/
static int stats_dump_http(struct stream_interface *si, struct uri_auth *uri)
{
- struct session *s = si->conn.data_ctx;
+ struct session *s = si->conn.xprt_ctx;
struct channel *rep = si->ib;
struct proxy *px;
struct chunk msg;
chunk_init(&msg, trash, trashlen);
- switch (si->conn.data_st) {
+ switch (si->conn.xprt_st) {
case STAT_ST_INIT:
chunk_printf(&msg,
"HTTP/1.0 200 OK\r\n"
if (s->txn.meth == HTTP_METH_HEAD) {
/* that's all we return in case of HEAD request */
- si->conn.data_st = STAT_ST_FIN;
+ si->conn.xprt_st = STAT_ST_FIN;
return 1;
}
- si->conn.data_st = STAT_ST_HEAD; /* let's start producing data */
+ si->conn.xprt_st = STAT_ST_HEAD; /* let's start producing data */
/* fall through */
case STAT_ST_HEAD:
if (bi_putchk(rep, &msg) == -1)
return 0;
- si->conn.data_st = STAT_ST_INFO;
+ si->conn.xprt_st = STAT_ST_INFO;
/* fall through */
case STAT_ST_INFO:
si->applet.ctx.stats.px = proxy;
si->applet.ctx.stats.px_st = STAT_PX_ST_INIT;
- si->conn.data_st = STAT_ST_LIST;
+ si->conn.xprt_st = STAT_ST_LIST;
/* fall through */
case STAT_ST_LIST:
}
/* here, we just have reached the last proxy */
- si->conn.data_st = STAT_ST_END;
+ si->conn.xprt_st = STAT_ST_END;
/* fall through */
case STAT_ST_END:
return 0;
}
- si->conn.data_st = STAT_ST_FIN;
+ si->conn.xprt_st = STAT_ST_FIN;
/* fall through */
case STAT_ST_FIN:
default:
/* unknown state ! */
- si->conn.data_st = STAT_ST_FIN;
+ si->conn.xprt_st = STAT_ST_FIN;
return -1;
}
}
*/
static int stats_dump_proxy(struct stream_interface *si, struct proxy *px, struct uri_auth *uri)
{
- struct session *s = si->conn.data_ctx;
+ struct session *s = si->conn.xprt_ctx;
struct channel *rep = si->ib;
struct server *sv, *svs; /* server and server-state, server-state=server or server->track */
struct listener *l;
}
}
-/* This function dumps a complete session state onto the stream intreface's
- * read buffer. The data_ctx must have been zeroed first, and the flags
- * properly set. The session has to be set in data_ctx.sess.target. It returns
+/* This function dumps a complete session state onto the stream interface's
+ * read buffer. The xprt_ctx must have been zeroed first, and the flags
+ * properly set. The session has to be set in xprt_ctx.sess.target. It returns
* 0 if the output buffer is full and it needs to be called again, otherwise
* non-zero. It is designed to be called from stats_dump_sess_to_buffer() below.
*/
return 1;
}
-/* This function dumps all sessions' states onto the stream intreface's
- * read buffer. The data_ctx must have been zeroed first, and the flags
+/* This function dumps all sessions' states onto the stream interface's
+ * read buffer. The xprt_ctx must have been zeroed first, and the flags
* properly set. It returns 0 if the output buffer is full and it needs
* to be called again, otherwise non-zero. It is designed to be called
* from stats_dump_sess_to_buffer() below.
/* If we're forced to shut down, we might have to remove our
* reference to the last session being dumped.
*/
- if (si->conn.data_st == STAT_ST_LIST) {
+ if (si->conn.xprt_st == STAT_ST_LIST) {
if (!LIST_ISEMPTY(&si->applet.ctx.sess.bref.users)) {
LIST_DEL(&si->applet.ctx.sess.bref.users);
LIST_INIT(&si->applet.ctx.sess.bref.users);
chunk_init(&msg, trash, trashlen);
- switch (si->conn.data_st) {
+ switch (si->conn.xprt_st) {
case STAT_ST_INIT:
/* the function had not been called yet, let's prepare the
* buffer for a response. We initialize the current session
*/
LIST_INIT(&si->applet.ctx.sess.bref.users);
si->applet.ctx.sess.bref.ref = sessions.n;
- si->conn.data_st = STAT_ST_LIST;
+ si->conn.xprt_st = STAT_ST_LIST;
/* fall through */
case STAT_ST_LIST:
return 1;
}
- si->conn.data_st = STAT_ST_FIN;
+ si->conn.xprt_st = STAT_ST_FIN;
/* fall through */
default:
- si->conn.data_st = STAT_ST_FIN;
+ si->conn.xprt_st = STAT_ST_FIN;
return 1;
}
}
-/* This function dumps all tables' states onto the stream intreface's
- * read buffer. The data_ctx must have been zeroed first, and the flags
+/* This function dumps all tables' states onto the stream interface's
+ * read buffer. The xprt_ctx must have been zeroed first, and the flags
* properly set. It returns 0 if the output buffer is full and it needs
* to be called again, otherwise non-zero.
*/
static int stats_table_request(struct stream_interface *si, bool show)
{
- struct session *s = si->conn.data_ctx;
+ struct session *s = si->conn.xprt_ctx;
struct chunk msg;
struct ebmb_node *eb;
int dt;
bool skip_entry;
/*
- * We have 3 possible states in si->conn.data_st :
+ * We have 3 possible states in si->conn.xprt_st :
* - STAT_ST_INIT : the first call
* - STAT_ST_INFO : the proxy pointer points to the next table to
* dump, the entry pointer is NULL ;
if (unlikely(si->ib->flags & (CF_WRITE_ERROR|CF_SHUTW))) {
/* in case of abort, remove any refcount we might have set on an entry */
- if (si->conn.data_st == STAT_ST_LIST) {
+ if (si->conn.xprt_st == STAT_ST_LIST) {
si->applet.ctx.table.entry->ref_cnt--;
stksess_kill_if_expired(&si->applet.ctx.table.proxy->table, si->applet.ctx.table.entry);
}
chunk_init(&msg, trash, trashlen);
- while (si->conn.data_st != STAT_ST_FIN) {
- switch (si->conn.data_st) {
+ while (si->conn.xprt_st != STAT_ST_FIN) {
+ switch (si->conn.xprt_st) {
case STAT_ST_INIT:
si->applet.ctx.table.proxy = si->applet.ctx.table.target;
if (!si->applet.ctx.table.proxy)
si->applet.ctx.table.proxy = proxy;
si->applet.ctx.table.entry = NULL;
- si->conn.data_st = STAT_ST_INFO;
+ si->conn.xprt_st = STAT_ST_INFO;
break;
case STAT_ST_INFO:
if (!si->applet.ctx.table.proxy ||
(si->applet.ctx.table.target &&
si->applet.ctx.table.proxy != si->applet.ctx.table.target)) {
- si->conn.data_st = STAT_ST_END;
+ si->conn.xprt_st = STAT_ST_END;
break;
}
if (eb) {
si->applet.ctx.table.entry = ebmb_entry(eb, struct stksess, key);
si->applet.ctx.table.entry->ref_cnt++;
- si->conn.data_st = STAT_ST_LIST;
+ si->conn.xprt_st = STAT_ST_LIST;
break;
}
}
stksess_kill(&si->applet.ctx.table.proxy->table, si->applet.ctx.table.entry);
si->applet.ctx.table.proxy = si->applet.ctx.table.proxy->next;
- si->conn.data_st = STAT_ST_INFO;
+ si->conn.xprt_st = STAT_ST_INFO;
break;
case STAT_ST_END:
- si->conn.data_st = STAT_ST_FIN;
+ si->conn.xprt_st = STAT_ST_FIN;
break;
}
}
return ptr;
}
-/* This function dumps all captured errors onto the stream intreface's
- * read buffer. The data_ctx must have been zeroed first, and the flags
+/* This function dumps all captured errors onto the stream interface's
+ * read buffer. The xprt_ctx must have been zeroed first, and the flags
* properly set. It returns 0 if the output buffer is full and it needs
* to be called again, otherwise non-zero.
*/
{
struct task *t = (struct task *)si->owner;
struct session *s = (struct session *)t->context;
- struct peer_session *ps = (struct peer_session *)si->conn.data_ctx;
+ struct peer_session *ps = (struct peer_session *)si->conn.xprt_ctx;
- /* si->conn.data_ctx is not a peer session */
+ /* si->conn.xprt_ctx is not a peer session */
if (si->applet.st0 < PEER_SESSION_SENDSUCCESS)
return;
switchstate:
switch(si->applet.st0) {
case PEER_SESSION_ACCEPT:
- si->conn.data_ctx = NULL;
+ si->conn.xprt_ctx = NULL;
si->applet.st0 = PEER_SESSION_GETVERSION;
/* fall through */
case PEER_SESSION_GETVERSION:
goto switchstate;
}
- si->conn.data_ctx = curpeer;
+ si->conn.xprt_ctx = curpeer;
si->applet.st0 = PEER_SESSION_GETTABLE;
/* fall through */
}
case PEER_SESSION_GETTABLE: {
- struct peer *curpeer = (struct peer *)si->conn.data_ctx;
+ struct peer *curpeer = (struct peer *)si->conn.xprt_ctx;
struct shared_table *st;
struct peer_session *ps = NULL;
unsigned long key_type;
if (reql <= 0) { /* closed or EOL not found */
if (reql == 0)
goto out;
- si->conn.data_ctx = NULL;
+ si->conn.xprt_ctx = NULL;
si->applet.st0 = PEER_SESSION_END;
goto switchstate;
}
- /* Re init si->conn.data_ctx to null, to handle correctly a release case */
- si->conn.data_ctx = NULL;
+ /* Re init si->conn.xprt_ctx to null, to handle correctly a release case */
+ si->conn.xprt_ctx = NULL;
if (trash[reql-1] != '\n') {
/* Incomplete line, we quit */
p = strchr(p+1, ' ');
if (!p) {
- si->conn.data_ctx = NULL;
+ si->conn.xprt_ctx = NULL;
si->applet.st0 = PEER_SESSION_EXIT;
si->applet.st1 = PEER_SESSION_ERRPROTO;
goto switchstate;
goto switchstate;
}
- si->conn.data_ctx = ps;
+ si->conn.xprt_ctx = ps;
si->applet.st0 = PEER_SESSION_SENDSUCCESS;
/* fall through */
}
case PEER_SESSION_SENDSUCCESS:{
- struct peer_session *ps = (struct peer_session *)si->conn.data_ctx;
+ struct peer_session *ps = (struct peer_session *)si->conn.xprt_ctx;
repl = snprintf(trash, trashlen, "%d\n", PEER_SESSION_SUCCESSCODE);
repl = bi_putblk(si->ib, trash, repl);
goto switchstate;
}
case PEER_SESSION_CONNECT: {
- struct peer_session *ps = (struct peer_session *)si->conn.data_ctx;
+ struct peer_session *ps = (struct peer_session *)si->conn.xprt_ctx;
/* Send headers */
repl = snprintf(trash, trashlen,
/* fall through */
}
case PEER_SESSION_GETSTATUS: {
- struct peer_session *ps = (struct peer_session *)si->conn.data_ctx;
+ struct peer_session *ps = (struct peer_session *)si->conn.xprt_ctx;
if (si->ib->flags & CF_WRITE_PARTIAL)
ps->statuscode = PEER_SESSION_CONNECTEDCODE;
/* fall through */
}
case PEER_SESSION_WAITMSG: {
- struct peer_session *ps = (struct peer_session *)si->conn.data_ctx;
+ struct peer_session *ps = (struct peer_session *)si->conn.xprt_ctx;
char c;
int totl = 0;
/* call release to reinit resync states if needed */
peer_session_release(oldsi);
oldsi->applet.st0 = PEER_SESSION_END;
- oldsi->conn.data_ctx = NULL;
+ oldsi->conn.xprt_ctx = NULL;
task_wakeup(session->task, TASK_WOKEN_MSG);
}
/* we have a dedicated I/O handler for the stats */
stream_int_register_handler(&s->si[1], &peer_applet);
copy_target(&s->target, &s->si[1].conn.target); // for logging only
- s->si[1].conn.data_ctx = s;
+ s->si[1].conn.xprt_ctx = s;
s->si[1].applet.st0 = PEER_SESSION_ACCEPT;
tv_zero(&s->logs.tv_request);
stream_int_register_handler(&s->si[0], &peer_applet);
s->si[0].applet.st0 = PEER_SESSION_CONNECT;
- s->si[0].conn.data_ctx = (void *)ps;
+ s->si[0].conn.xprt_ctx = (void *)ps;
s->si[1].conn.t.sock.fd = -1; /* just to help with debugging */
s->si[1].conn.flags = CO_FL_NONE;
s->si[1].release = NULL;
s->si[1].send_proxy_ofs = 0;
set_target_proxy(&s->si[1].conn.target, s->be);
- si_prepare_conn(&s->si[1], peer->proto, peer->data);
+ si_prepare_conn(&s->si[1], peer->proto, peer->xprt);
s->si[1].exp = TICK_ETERNITY;
s->si[1].flags = SI_FL_NONE;
if (s->be->options2 & PR_O2_INDEPSTR)
s->task->nice = -32; /* small boost for HTTP statistics */
stream_int_register_handler(s->rep->prod, &http_stats_applet);
copy_target(&s->target, &s->rep->prod->conn.target); // for logging only
- s->rep->prod->conn.data_ctx = s;
+ s->rep->prod->conn.xprt_ctx = s;
s->rep->prod->applet.st0 = s->rep->prod->applet.st1 = 0;
req->analysers = 0;
if (s->fe == s->be) /* report it if the request was intercepted by the frontend */
fd_insert(fd);
conn_sock_want_send(conn); /* for connect status */
- if (conn_data_init(conn) < 0) {
+ if (conn_xprt_init(conn) < 0) {
fd_delete(fd);
return SN_ERR_RESOURCE;
}
}
/* The FD is ready now, we'll mark the connection as complete and
- * forward the event to the data layer which will update the stream
- * interface flags.
+ * forward the event to the transport layer which will notify the
+ * data layer.
*/
conn->flags &= ~CO_FL_WAIT_L4_CONN;
return 1;
/*
- * Functions used to send/receive data using SOCK_STREAM sockets.
+ * RAW transport layer over SOCK_STREAM sockets.
*
* Copyright 2000-2012 Willy Tarreau <w@1wt.eu>
*
}
-/* data-layer operations for RAW sockets */
-struct data_ops raw_sock = {
+/* transport-layer operations for RAW sockets */
+struct xprt_ops raw_sock = {
.snd_buf = raw_sock_from_buf,
.rcv_buf = raw_sock_to_buf,
#if defined(CONFIG_HAP_LINUX_SPLICE)
t->nice = l->nice;
s->task = t;
- /* add the various callbacks. Right now the data layer is present but
- * not initialized. Also note we need to be careful as the stream int
- * is not initialized yet.
+ /* Add the various callbacks. Right now the transport layer is present
+ * but not initialized. Also note we need to be careful as the stream
+ * int is not initialized yet.
*/
- si_prepare_conn(&s->si[0], l->proto, l->data);
+ si_prepare_conn(&s->si[0], l->proto, l->xprt);
/* finish initialization of the accepted file descriptor */
fd_insert(cfd);
fdtab[cfd].owner = &s->si[0].conn;
fdtab[cfd].iocb = conn_fd_handler;
conn_data_want_recv(&s->si[0].conn);
- if (conn_data_init(&s->si[0].conn) < 0)
+ if (conn_xprt_init(&s->si[0].conn) < 0)
goto out_free_task;
/* OK, now either we have a pending handshake to execute with and
session_store_counters(s);
pool_free2(pool2_session, s);
out_close:
- if (ret < 0 && l->data == &raw_sock && p->mode == PR_MODE_HTTP) {
+ if (ret < 0 && l->xprt == &raw_sock && p->mode == PR_MODE_HTTP) {
/* critical error, no more memory, try to emit a 500 response */
struct chunk *err_msg = http_error_message(s, HTTP_ERR_500);
send(cfd, err_msg->str, err_msg->len, MSG_DONTWAIT|MSG_NOSIGNAL);
}
/* This function kills an existing embryonic session. It stops the connection's
- * data layer, releases assigned resources, resumes the listener if it was
+ * transport layer, releases assigned resources, resumes the listener if it was
* disabled and finally kills the file descriptor.
*/
static void kill_mini_session(struct session *s)
{
/* kill the connection now */
- conn_data_close(&s->si[0].conn);
+ conn_xprt_close(&s->si[0].conn);
s->fe->feconn--;
if (s->stkctr1_entry || s->stkctr2_entry)
si->state = SI_ST_CER;
fd_delete(si_fd(si));
- conn_data_close(&si->conn);
+ conn_xprt_close(&si->conn);
if (si->release)
si->release(si);
if (!(s->req->flags & (CF_KERN_SPLICING|CF_SHUTR)) &&
s->req->to_forward &&
(global.tune.options & GTUNE_USE_SPLICE) &&
- (s->si[0].conn.data && s->si[0].conn.data->rcv_pipe && s->si[0].conn.data->snd_pipe) &&
- (s->si[1].conn.data && s->si[1].conn.data->rcv_pipe && s->si[1].conn.data->snd_pipe) &&
+ (s->si[0].conn.xprt && s->si[0].conn.xprt->rcv_pipe && s->si[0].conn.xprt->snd_pipe) &&
+ (s->si[1].conn.xprt && s->si[1].conn.xprt->rcv_pipe && s->si[1].conn.xprt->snd_pipe) &&
(pipes_used < global.maxpipes) &&
(((s->fe->options2|s->be->options2) & PR_O2_SPLIC_REQ) ||
(((s->fe->options2|s->be->options2) & PR_O2_SPLIC_AUT) &&
if (!(s->rep->flags & (CF_KERN_SPLICING|CF_SHUTR)) &&
s->rep->to_forward &&
(global.tune.options & GTUNE_USE_SPLICE) &&
- (s->si[0].conn.data && s->si[0].conn.data->rcv_pipe && s->si[0].conn.data->snd_pipe) &&
- (s->si[1].conn.data && s->si[1].conn.data->rcv_pipe && s->si[1].conn.data->snd_pipe) &&
+ (s->si[0].conn.xprt && s->si[0].conn.xprt->rcv_pipe && s->si[0].conn.xprt->snd_pipe) &&
+ (s->si[1].conn.xprt && s->si[1].conn.xprt->rcv_pipe && s->si[1].conn.xprt->snd_pipe) &&
(pipes_used < global.maxpipes) &&
(((s->fe->options2|s->be->options2) & PR_O2_SPLIC_RTR) ||
(((s->fe->options2|s->be->options2) & PR_O2_SPLIC_AUT) &&
/*
- * SSL data transfer functions between buffers and SOCK_STREAM sockets
+ * SSL/TLS transport layer over SOCK_STREAM sockets
*
* Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
*
ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
conn = (struct connection *)SSL_get_app_data(ssl);
- conn->data_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
+ conn->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
if (ok) /* no errors */
return ok;
/* check if CA error needs to be ignored */
if (depth > 0) {
- if (!SSL_SOCK_ST_TO_CA_ERROR(conn->data_st)) {
- conn->data_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
- conn->data_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
+ if (!SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st)) {
+ conn->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
+ conn->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
}
if (target_client(&conn->target)->bind_conf->ca_ignerr & (1ULL << err))
return 0;
}
- if (!SSL_SOCK_ST_TO_CRTERROR(conn->data_st))
- conn->data_st |= SSL_SOCK_CRTERROR_TO_ST(err);
+ if (!SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st))
+ conn->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
/* check if certificate error needs to be ignored */
if (target_client(&conn->target)->bind_conf->crt_ignerr & (1ULL << err))
static int ssl_sock_init(struct connection *conn)
{
/* already initialized */
- if (conn->data_ctx)
+ if (conn->xprt_ctx)
return 0;
if (global.maxsslconn && sslconns >= global.maxsslconn)
in connect state otherwise accept state */
if (target_srv(&conn->target)) {
/* Alloc a new SSL session ctx */
- conn->data_ctx = SSL_new(target_srv(&conn->target)->ssl_ctx.ctx);
- if (!conn->data_ctx)
+ conn->xprt_ctx = SSL_new(target_srv(&conn->target)->ssl_ctx.ctx);
+ if (!conn->xprt_ctx)
return -1;
- SSL_set_connect_state(conn->data_ctx);
+ SSL_set_connect_state(conn->xprt_ctx);
if (target_srv(&conn->target)->ssl_ctx.reused_sess)
- SSL_set_session(conn->data_ctx, target_srv(&conn->target)->ssl_ctx.reused_sess);
+ SSL_set_session(conn->xprt_ctx, target_srv(&conn->target)->ssl_ctx.reused_sess);
/* set fd on SSL session context */
- SSL_set_fd(conn->data_ctx, conn->t.sock.fd);
+ SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd);
/* leave init state and start handshake */
conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
}
else if (target_client(&conn->target)) {
/* Alloc a new SSL session ctx */
- conn->data_ctx = SSL_new(target_client(&conn->target)->bind_conf->default_ctx);
- if (!conn->data_ctx)
+ conn->xprt_ctx = SSL_new(target_client(&conn->target)->bind_conf->default_ctx);
+ if (!conn->xprt_ctx)
return -1;
- SSL_set_accept_state(conn->data_ctx);
+ SSL_set_accept_state(conn->xprt_ctx);
/* set fd on SSL session context */
- SSL_set_fd(conn->data_ctx, conn->t.sock.fd);
+ SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd);
/* set connection pointer */
- SSL_set_app_data(conn->data_ctx, conn);
+ SSL_set_app_data(conn->xprt_ctx, conn);
/* leave init state and start handshake */
conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
{
int ret;
- if (!conn->data_ctx)
+ if (!conn->xprt_ctx)
goto out_error;
- ret = SSL_do_handshake(conn->data_ctx);
+ ret = SSL_do_handshake(conn->xprt_ctx);
if (ret != 1) {
/* handshake did not complete, let's find why */
- ret = SSL_get_error(conn->data_ctx, ret);
+ ret = SSL_get_error(conn->xprt_ctx, ret);
if (ret == SSL_ERROR_WANT_WRITE) {
/* SSL handshake needs to write, L4 connection may not be ready */
/* Handshake succeeded */
if (target_srv(&conn->target)) {
- if (!SSL_session_reused(conn->data_ctx)) {
+ if (!SSL_session_reused(conn->xprt_ctx)) {
/* check if session was reused, if not store current session on server for reuse */
if (target_srv(&conn->target)->ssl_ctx.reused_sess)
SSL_SESSION_free(target_srv(&conn->target)->ssl_ctx.reused_sess);
- target_srv(&conn->target)->ssl_ctx.reused_sess = SSL_get1_session(conn->data_ctx);
+ target_srv(&conn->target)->ssl_ctx.reused_sess = SSL_get1_session(conn->xprt_ctx);
}
}
int ret, done = 0;
int try = count;
- if (!conn->data_ctx)
+ if (!conn->xprt_ctx)
goto out_error;
if (conn->flags & CO_FL_HANDSHAKE)
* EINTR too.
*/
while (try) {
- ret = SSL_read(conn->data_ctx, bi_end(buf), try);
+ ret = SSL_read(conn->xprt_ctx, bi_end(buf), try);
if (conn->flags & CO_FL_ERROR) {
/* CO_FL_ERROR may be set by ssl_sock_infocbk */
break;
goto read0;
}
else {
- ret = SSL_get_error(conn->data_ctx, ret);
+ ret = SSL_get_error(conn->xprt_ctx, ret);
if (ret == SSL_ERROR_WANT_WRITE) {
/* handshake is running, and it needs to poll for a write event */
conn->flags |= CO_FL_SSL_WAIT_HS;
done = 0;
- if (!conn->data_ctx)
+ if (!conn->xprt_ctx)
goto out_error;
if (conn->flags & CO_FL_HANDSHAKE)
if (buf->data + try > buf->p)
try = buf->data + try - buf->p;
- ret = SSL_write(conn->data_ctx, bo_ptr(buf), try);
+ ret = SSL_write(conn->xprt_ctx, bo_ptr(buf), try);
if (conn->flags & CO_FL_ERROR) {
/* CO_FL_ERROR may be set by ssl_sock_infocbk */
break;
break;
}
else {
- ret = SSL_get_error(conn->data_ctx, ret);
+ ret = SSL_get_error(conn->xprt_ctx, ret);
if (ret == SSL_ERROR_WANT_WRITE) {
/* we need to poll to retry a write later */
__conn_data_poll_send(conn);
static void ssl_sock_close(struct connection *conn) {
- if (conn->data_ctx) {
- SSL_free(conn->data_ctx);
- conn->data_ctx = NULL;
+ if (conn->xprt_ctx) {
+ SSL_free(conn->xprt_ctx);
+ conn->xprt_ctx = NULL;
sslconns--;
}
}
return;
/* no handshake was in progress, try a clean ssl shutdown */
if (clean)
- SSL_shutdown(conn->data_ctx);
+ SSL_shutdown(conn->xprt_ctx);
/* force flag on ssl to keep session in cache regardless shutdown result */
- SSL_set_shutdown(conn->data_ctx, SSL_SENT_SHUTDOWN);
+ SSL_set_shutdown(conn->xprt_ctx, SSL_SENT_SHUTDOWN);
}
/***** Below are some sample fetching functions for ACL/patterns *****/
smp_fetch_client_crt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
- if (!l4 || l4->si[0].conn.data != &ssl_sock)
+ if (!l4 || l4->si[0].conn.xprt != &ssl_sock)
return 0;
if (!(l4->si[0].conn.flags & CO_FL_CONNECTED)) {
smp->flags = 0;
smp->type = SMP_T_BOOL;
- smp->data.uint = SSL_SOCK_ST_FL_VERIFY_DONE & l4->si[0].conn.data_st ? 1 : 0;
+ smp->data.uint = SSL_SOCK_ST_FL_VERIFY_DONE & l4->si[0].conn.xprt_st ? 1 : 0;
return 1;
}
-/* boolean, returns true if data layer is SSL */
+/* boolean, returns true if transport layer is SSL */
static int
smp_fetch_is_ssl(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
smp->type = SMP_T_BOOL;
- smp->data.uint = (l4->si[0].conn.data == &ssl_sock);
+ smp->data.uint = (l4->si[0].conn.xprt == &ssl_sock);
return 1;
}
-/* boolean, returns true if data layer is SSL */
+/* boolean, returns true if transport layer is SSL */
static int
smp_fetch_has_sni(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
smp->type = SMP_T_BOOL;
- smp->data.uint = (l4->si[0].conn.data == &ssl_sock) &&
- l4->si[0].conn.data_ctx &&
- SSL_get_servername(l4->si[0].conn.data_ctx, TLSEXT_NAMETYPE_host_name) != NULL;
+ smp->data.uint = (l4->si[0].conn.xprt == &ssl_sock) &&
+ l4->si[0].conn.xprt_ctx &&
+ SSL_get_servername(l4->si[0].conn.xprt_ctx, TLSEXT_NAMETYPE_host_name) != NULL;
return 1;
#else
return 0;
smp->flags = 0;
smp->type = SMP_T_CSTR;
- if (!l4 || !l4->si[0].conn.data_ctx || l4->si[0].conn.data != &ssl_sock)
+ if (!l4 || !l4->si[0].conn.xprt_ctx || l4->si[0].conn.xprt != &ssl_sock)
return 0;
- smp->data.str.str = (char *)SSL_get_servername(l4->si[0].conn.data_ctx, TLSEXT_NAMETYPE_host_name);
+ smp->data.str.str = (char *)SSL_get_servername(l4->si[0].conn.xprt_ctx, TLSEXT_NAMETYPE_host_name);
if (!smp->data.str.str)
return 0;
smp_fetch_verify_caerr(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
- if (!l4 || l4->si[0].conn.data != &ssl_sock)
+ if (!l4 || l4->si[0].conn.xprt != &ssl_sock)
return 0;
if (!(l4->si[0].conn.flags & CO_FL_CONNECTED)) {
}
smp->type = SMP_T_UINT;
- smp->data.uint = (unsigned int)SSL_SOCK_ST_TO_CA_ERROR(l4->si[0].conn.data_st);
+ smp->data.uint = (unsigned int)SSL_SOCK_ST_TO_CA_ERROR(l4->si[0].conn.xprt_st);
smp->flags = 0;
return 1;
smp_fetch_verify_caerr_depth(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
- if (!l4 || l4->si[0].conn.data != &ssl_sock)
+ if (!l4 || l4->si[0].conn.xprt != &ssl_sock)
return 0;
if (!(l4->si[0].conn.flags & CO_FL_CONNECTED)) {
}
smp->type = SMP_T_UINT;
- smp->data.uint = (unsigned int)SSL_SOCK_ST_TO_CAEDEPTH(l4->si[0].conn.data_st);
+ smp->data.uint = (unsigned int)SSL_SOCK_ST_TO_CAEDEPTH(l4->si[0].conn.xprt_st);
smp->flags = 0;
return 1;
smp_fetch_verify_crterr(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
- if (!l4 || l4->si[0].conn.data != &ssl_sock)
+ if (!l4 || l4->si[0].conn.xprt != &ssl_sock)
return 0;
if (!(l4->si[0].conn.flags & CO_FL_CONNECTED)) {
}
smp->type = SMP_T_UINT;
- smp->data.uint = (unsigned int)SSL_SOCK_ST_TO_CRTERROR(l4->si[0].conn.data_st);
+ smp->data.uint = (unsigned int)SSL_SOCK_ST_TO_CRTERROR(l4->si[0].conn.xprt_st);
smp->flags = 0;
return 1;
smp_fetch_verify_result(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
- if (!l4 || l4->si[0].conn.data != &ssl_sock)
+ if (!l4 || l4->si[0].conn.xprt != &ssl_sock)
return 0;
if (!(l4->si[0].conn.flags & CO_FL_CONNECTED)) {
return 0;
}
- if (!l4->si[0].conn.data_ctx)
+ if (!l4->si[0].conn.xprt_ctx)
return 0;
smp->type = SMP_T_UINT;
- smp->data.uint = (unsigned int)SSL_get_verify_result(l4->si[0].conn.data_ctx);
+ smp->data.uint = (unsigned int)SSL_get_verify_result(l4->si[0].conn.xprt_ctx);
smp->flags = 0;
return 1;
conf->is_ssl = 1;
list_for_each_entry(l, &conf->listeners, by_bind)
- l->data = &ssl_sock;
+ l->xprt = &ssl_sock;
return 0;
}
{ NULL, NULL, 0 },
}};
-/* data-layer operations for SSL sockets */
-struct data_ops ssl_sock = {
+/* transport-layer operations for SSL sockets */
+struct xprt_ops ssl_sock = {
.snd_buf = ssl_sock_from_buf,
.rcv_buf = ssl_sock_to_buf,
.rcv_pipe = NULL,
return 0;
if (si->ob->flags & CF_SHUTW) {
- conn_data_close(&si->conn);
+ conn_xprt_close(&si->conn);
if (conn->ctrl)
fd_delete(si_fd(si));
si->state = SI_ST_DIS;
(struct linger *) &nolinger, sizeof(struct linger));
}
/* unclean data-layer shutdown */
- if (conn->data && conn->data->shutw)
- conn->data->shutw(conn, 0);
+ if (conn->xprt && conn->xprt->shutw)
+ conn->xprt->shutw(conn, 0);
} else {
/* clean data-layer shutdown */
- if (conn->data && conn->data->shutw)
- conn->data->shutw(conn, 1);
+ if (conn->xprt && conn->xprt->shutw)
+ conn->xprt->shutw(conn, 1);
if (!(si->flags & SI_FL_NOHALF)) {
/* We shutdown transport layer */
/* we may have to close a pending connection, and mark the
* response buffer as shutr
*/
- conn_data_close(&si->conn);
+ conn_xprt_close(&si->conn);
if (conn->ctrl)
fd_delete(si_fd(si));
/* fall through */
/*
* This function is called to send buffer data to a stream socket.
* It returns -1 in case of unrecoverable error, otherwise zero.
- * It iterates the data layer's snd_buf function. It relies on the
+ * It iterates the transport layer's snd_buf function. It relies on the
* caller to commit polling changes.
*/
static int si_conn_send_loop(struct connection *conn)
int write_poll = MAX_WRITE_POLL_LOOPS;
int ret;
- if (b->pipe && conn->data->snd_pipe) {
- ret = conn->data->snd_pipe(conn, b->pipe);
+ if (b->pipe && conn->xprt->snd_pipe) {
+ ret = conn->xprt->snd_pipe(conn, b->pipe);
if (ret > 0)
b->flags |= CF_WRITE_PARTIAL;
((b->flags & (CF_SHUTW|CF_SHUTW_NOW|CF_HIJACK)) == CF_SHUTW_NOW))
send_flag |= MSG_MORE;
- ret = conn->data->snd_buf(conn, &b->buf, send_flag);
+ ret = conn->xprt->snd_buf(conn, &b->buf, send_flag);
if (ret <= 0)
break;
/*
* This is the callback which is called by the connection layer to receive data
- * into the buffer from the connection. It iterates over the data layer's rcv_buf
- * function.
+ * into the buffer from the connection. It iterates over the transport layer's
+ * rcv_buf function.
*/
void si_conn_recv_cb(struct connection *conn)
{
/* First, let's see if we may splice data across the channel without
* using a buffer.
*/
- if (conn->data->rcv_pipe &&
+ if (conn->xprt->rcv_pipe &&
b->to_forward >= MIN_SPLICE_FORWARD && b->flags & CF_KERN_SPLICING) {
if (buffer_not_empty(&b->buf)) {
/* We're embarrassed, there are already data pending in
}
}
- ret = conn->data->rcv_pipe(conn, b->pipe, b->to_forward);
+ ret = conn->xprt->rcv_pipe(conn, b->pipe, b->to_forward);
if (ret < 0) {
/* splice not supported on this end, let's disable it */
b->flags &= ~CF_KERN_SPLICING;
break;
}
- ret = conn->data->rcv_buf(conn, &b->buf, max);
+ ret = conn->xprt->rcv_buf(conn, &b->buf, max);
if (ret <= 0)
break;
/*
* This is the callback which is called by the connection layer to send data
- * from the buffer to the connection. It iterates over the data layer's snd_buf
- * function.
+ * from the buffer to the connection. It iterates over the transport layer's
+ * snd_buf function.
*/
void si_conn_send_cb(struct connection *conn)
{
(struct linger *) &nolinger, sizeof(struct linger));
}
/* force flag on ssl to keep session in cache */
- if (si->conn.data->shutw)
- si->conn.data->shutw(&si->conn, 0);
+ if (si->conn.xprt->shutw)
+ si->conn.xprt->shutw(&si->conn, 0);
goto do_close;
}
return;
do_close:
- conn_data_close(&si->conn);
+ conn_xprt_close(&si->conn);
fd_delete(si_fd(si));
si->state = SI_ST_DIS;
si->exp = TICK_ETERNITY;
projects / thirdparty / haproxy.git / commitdiff
