From: Willy Tarreau <w@1wt.eu>
Date: Fri, 20 May 2022 13:56:32 +0000 (+0200)
Subject: CLEANUP: listener: replace all uses of bind_conf->is_ssl with BC_O_USE_SSL
X-Git-Tag: v2.6-dev11~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=11ba404c6b309a4f044be25e739e1d42c952947d;p=thirdparty%2Fhaproxy.git

CLEANUP: listener: replace all uses of bind_conf->is_ssl with BC_O_USE_SSL

The new flag will now replace this boolean variable that was only set and
tested.
---

diff --git a/include/haproxy/listener-t.h b/include/haproxy/listener-t.h
index f22f3b2fcf..54546d197f 100644
--- a/include/haproxy/listener-t.h
+++ b/include/haproxy/listener-t.h
@@ -113,6 +113,10 @@ enum li_status {
  * maxconn setting to the global.maxsock value so that its resources are reserved.
  */
 
+/* flags used with bind_conf->options */
+#define BC_O_USE_SSL            0x00000001 /* SSL is being used on this bind_conf */
+
+
 /* flags used with bind_conf->ssl_options */
 #ifdef USE_OPENSSL
 #define BC_SSL_O_NONE           0x0000
@@ -177,7 +181,6 @@ struct bind_conf {
 	const struct mux_proto_list *mux_proto; /* the mux to use for all incoming connections (specified by the "proto" keyword) */
 	struct xprt_ops *xprt;     /* transport-layer operations for all listeners */
 	uint options;              /* set of BC_O_* flags */
-	int is_ssl;                /* SSL is required for these listeners */
 	int generate_certs;        /* 1 if generate-certificates option is set, else 0 */
 	int level;                 /* stats access level (ACCESS_LVL_*) */
 	int severity_output;       /* default severity output format in cli feedback messages */
diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index 6530775a99..33d0bdb92b 100644
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -1118,7 +1118,7 @@ static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bin
 	/* Do not change the xprt for QUIC. */
 	if (conf->xprt != xprt_get(XPRT_QUIC))
 		conf->xprt = &ssl_sock;
-	conf->is_ssl = 1;
+	conf->options |= BC_O_USE_SSL;
 
 	if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
 		conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 1e0f5edb1c..9def9b96e0 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -3960,14 +3960,14 @@ out_uri_auth_compat:
 
 			/* smart accept mode is automatic in HTTP mode */
 			if ((curproxy->options2 & PR_O2_SMARTACC) ||
-			    ((curproxy->mode == PR_MODE_HTTP || listener->bind_conf->is_ssl) &&
+			    ((curproxy->mode == PR_MODE_HTTP || (listener->bind_conf->options & BC_O_USE_SSL)) &&
 			     !(curproxy->no_options2 & PR_O2_SMARTACC)))
 				listener->options |= LI_O_NOQUICKACK;
 		}
 
 		/* Release unused SSL configs */
 		list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
-			if (!bind_conf->is_ssl && bind_conf->xprt->destroy_bind_conf)
+			if (!(bind_conf->options & BC_O_USE_SSL) && bind_conf->xprt->destroy_bind_conf)
 				bind_conf->xprt->destroy_bind_conf(bind_conf);
 		}
 
diff --git a/src/connection.c b/src/connection.c
index e92089e09b..2ead714700 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -366,7 +366,7 @@ int conn_update_alpn(struct connection *conn, const struct ist alpn, int force)
 			struct session *sess = conn->owner;
 			struct listener *li = sess->listener;
 
-			if (li->bind_conf && li->bind_conf->is_ssl) {
+			if (li->bind_conf && li->bind_conf->options & BC_O_USE_SSL) {
 				ctx_alpn_str = li->bind_conf->ssl_conf.alpn_str;
 				ctx_alpn_len = li->bind_conf->ssl_conf.alpn_len;
 			}
diff --git a/src/listener.c b/src/listener.c
index 3b7b8cfae3..6c71c1b4b8 100644
--- a/src/listener.c
+++ b/src/listener.c
@@ -152,7 +152,7 @@ struct task *accept_queue_process(struct task *t, void *context, unsigned int st
 		if (!(li->options & LI_O_UNLIMITED)) {
 			HA_ATOMIC_UPDATE_MAX(&global.sps_max,
 			                     update_freq_ctr(&global.sess_per_sec, 1));
-			if (li->bind_conf && li->bind_conf->is_ssl) {
+			if (li->bind_conf && li->bind_conf->options & BC_O_USE_SSL) {
 				HA_ATOMIC_UPDATE_MAX(&global.ssl_max,
 				                     update_freq_ctr(&global.ssl_per_sec, 1));
 			}
@@ -843,7 +843,8 @@ void listener_accept(struct listener *l)
 			max_accept = max;
 	}
 #ifdef USE_OPENSSL
-	if (!(l->options & LI_O_UNLIMITED) && global.ssl_lim && l->bind_conf && l->bind_conf->is_ssl) {
+	if (!(l->options & LI_O_UNLIMITED) && global.ssl_lim &&
+	    l->bind_conf && l->bind_conf->options & BC_O_USE_SSL) {
 		int max = freq_ctr_remain(&global.ssl_per_sec, global.ssl_lim, 0);
 
 		if (unlikely(!max)) {
@@ -1126,7 +1127,8 @@ void listener_accept(struct listener *l)
 			HA_ATOMIC_UPDATE_MAX(&global.sps_max, count);
 		}
 #ifdef USE_OPENSSL
-		if (!(l->options & LI_O_UNLIMITED) && l->bind_conf && l->bind_conf->is_ssl) {
+		if (!(l->options & LI_O_UNLIMITED) &&
+		    l->bind_conf && l->bind_conf->options & BC_O_USE_SSL) {
 			count = update_freq_ctr(&global.ssl_per_sec, 1);
 			HA_ATOMIC_UPDATE_MAX(&global.ssl_max, count);
 		}
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index a27949d5f1..507bc0ce37 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5445,7 +5445,7 @@ int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
 	int alloc_ctx;
 	int err;
 
-	if (!bind_conf->is_ssl) {
+	if (!(bind_conf->options & BC_O_USE_SSL)) {
 		if (bind_conf->default_ctx) {
 			ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
 				   px->id, bind_conf->arg, bind_conf->file, bind_conf->line);