BUILD/MEDIUM: tcp: set-mark setting support for FreeBSD.

This platform has a similar socket option from Linux's SO_MARK,
marking a socket with an id for packet filter purpose, DTrace
monitoring and so on.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 9ffcc7581c562a9b6fc4c5608c699daea0348256..060d78426e6b9b37395afbc425b88633731edae2 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -6503,13 +6503,14 @@ http-request set-map(<file-name>) <key fmt> <value fmt>
 
 http-request set-mark <mark> [ { if | unless } <condition> ]
 
-  This is used to set the Netfilter MARK on all packets sent to the client to
-  the value passed in <mark> on platforms which support it. This value is an
-  unsigned 32 bit value which can be matched by netfilter and by the routing
-  table. It can be expressed both in decimal or hexadecimal format (prefixed by
-  "0x"). This can be useful to force certain packets to take a different route
-  (for example a cheaper network path for bulk downloads). This works on Linux
-  kernels 2.6.32 and above and requires admin privileges.
+  This is used to set the Netfilter/IPFW MARK on all packets sent to the client
+  to the value passed in <mark> on platforms which support it. This value is an
+  unsigned 32 bit value which can be matched by netfilter/ipfw and by the
+  routing table or monitoring the packets through DTrace. It can be expressed
+  both in decimal or hexadecimal format (prefixed by "0x").
+  This can be useful to force certain packets to take a different route (for
+  example a cheaper network path for bulk downloads). This works on Linux
+  kernels 2.6.32 and above and requires admin privileges, as well on FreeBSD.
 
 http-request set-method <fmt> [ { if | unless } <condition> ]
 
@@ -7163,13 +7164,14 @@ http-response set-map(<file-name>) <key fmt> <value fmt>
 
 http-response set-mark <mark> [ { if | unless } <condition> ]
 
-  This is used to set the Netfilter MARK on all packets sent to the client to
-  the value passed in <mark> on platforms which support it. This value is an
-  unsigned 32 bit value which can be matched by netfilter and by the routing
-  table. It can be expressed both in decimal or hexadecimal format (prefixed
-  by "0x"). This can be useful to force certain packets to take a different
-  route (for example a cheaper network path for bulk downloads). This works on
-  Linux kernels 2.6.32 and above and requires admin privileges.
+  This is used to set the Netfilter/IPFW MARK on all packets sent to the client
+  to the value passed in <mark> on platforms which support it. This value is an
+  unsigned 32 bit value which can be matched by netfilter/ipfw and by the
+  routing table or monitoring the packets through DTrace.
+  It can be expressed both in decimal or hexadecimal format (prefixed by "0x").
+  This can be useful to force certain packets to take a different route (for
+  example a cheaper network path for bulk downloads). This works on Linux
+  kernels 2.6.32 and above and requires admin privileges, as well on FreeBSD.
 
 http-response set-nice <nice> [ { if | unless } <condition> ]
 
@@ -11898,14 +11900,15 @@ tcp-request connection <action> [{if | unless} <condition>]
         fails and the actions evaluation continues.
 
     - set-mark <mark>:
-      Is used to set the Netfilter MARK in all packets sent to the client to
-      the value passed in <mark> on platforms which support it. This value is
-      an unsigned 32 bit value which can be matched by netfilter and by the
-      routing table. It can be expressed both in decimal or hexadecimal format
-      (prefixed by "0x"). This can be useful to force certain packets to take a
-      different route (for example a cheaper network path for bulk
-      downloads). This works on Linux kernels 2.6.32 and above and requires
-      admin privileges.
+      Is used to set the Netfilter/IPFW MARK in all packets sent to the client
+      to the value passed in <mark> on platforms which support it. This value
+      is an unsigned 32 bit value which can be matched by netfilter/ipfw and by
+      the routing table or monitoring the packets through DTrace.
+      It can be expressed both in decimal or hexadecimal format (prefixed by
+      "0x"). This can be useful to force certain packets to take a different
+      route (for example a cheaper network path for bulk downloads). This works
+      on Linux kernels 2.6.32 and above and requires admin privileges, as well
+      on FreeBSD.
 
     - set-src <expr> :
       Is used to set the source IP address to the value of specified

diff --git a/include/haproxy/connection.h b/include/haproxy/connection.h
index d4843462f80e0a4d1f019a7eae06c43b1ad73f20..02096b036680c43252068ed6340346f2abad0dea 100644 (file)
--- a/include/haproxy/connection.h
+++ b/include/haproxy/connection.h
@@ -694,8 +694,11 @@ static inline void conn_set_mark(const struct connection *conn, int mark)
        if (!conn || !conn_ctrl_ready(conn))
                return;
 
-#ifdef SO_MARK
+#if defined(SO_MARK)
        setsockopt(conn->handle.fd, SOL_SOCKET, SO_MARK, &mark, sizeof(mark));
+#elif defined(SO_USER_COOKIE)
+       uint32_t mval = (uint32_t)mark;
+       setsockopt(conn->handle.fd, SOL_SOCKET, SO_USER_COOKIE, &mval, sizeof(mval));
 #endif
 }
 

diff --git a/src/tcp_act.c b/src/tcp_act.c
index ff521d2c2ecd5f2e93caa19a29607b1ff85f8a73..a6c58fb8873cb56b71870029f3073d63d0b664b9 100644 (file)
--- a/src/tcp_act.c
+++ b/src/tcp_act.c
@@ -305,7 +305,7 @@ static enum act_parse_ret tcp_parse_set_src_dst(const char **args, int *orig_arg
 static enum act_parse_ret tcp_parse_set_mark(const char **args, int *cur_arg, struct proxy *px,
                                             struct act_rule *rule, char **err)
 {
-#ifdef SO_MARK
+#if defined(SO_MARK) || defined(SO_USER_COOKIE)
        char *endp;
        unsigned int mark;
 
@@ -328,7 +328,7 @@ static enum act_parse_ret tcp_parse_set_mark(const char **args, int *cur_arg, st
        global.last_checks |= LSTCHK_NETADM;
        return ACT_RET_PRS_OK;
 #else
-       memprintf(err, "not supported on this platform (SO_MARK undefined)");
+       memprintf(err, "not supported on this platform (SO_MARK|SO_USER_COOKIE undefined)");
        return ACT_RET_PRS_ERR;
 #endif
 }