From: Christopher Faulet <cfaulet@haproxy.com>
Date: Wed, 23 Jun 2021 10:07:21 +0000 (+0200)
Subject: MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules
X-Git-Tag: v2.5-dev12~42
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1e83b70409cbdc0423afc46d7313d2ab4be90730;p=thirdparty%2Fhaproxy.git

MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules

This patch was reverted because it was inconsitent to change connection
addresses at stream level. Especially in HTTP because all requests was
affected by this change and not only the current one. In HTTP/2, it was
worse. Several streams was able to change the connection addresses at the
same time.

It is no longer an issue, thanks to recent changes. With multi-level client
source and destination addresses, it is possible to limit the change to the
current request. Thus this patch can be reintroduced.

If it possible to set source IP/Port from "tcp-request connection",
"tcp-request session" and "http-request" rules but not from "tcp-request
content" rules. There is no reason for this limitation and it may be a
problem for anyone wanting to call a lua fetch to dynamically set source
IP/Port from a TCP proxy. Indeed, to call a lua fetch, we must have a
stream. And there is no stream when "tcp-request connection/session" rules
are evaluated.

Thanks to this patch, "set-src" and "set-src-port" action are now supported
by "tcp_request content" rules.

This patch is related to the issue #1303.
---

diff --git a/doc/configuration.txt b/doc/configuration.txt
index d53ffae171..cbf3c4ff9c 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -12179,6 +12179,8 @@ tcp-request content <action> [{if | unless} <condition>]
     - set-nice <nice>
     - set-priority-class <expr>
     - set-priority-offset <expr>
+    - set-src <expr>
+    - set-src-port <expr>
     - set-tos <tos>
     - set-var(<var-name>) <expr>
     - set-var-fmt(<var-name>) <fmt>
@@ -12397,6 +12399,13 @@ tcp-request content set-priority-offset <expr> [ { if | unless } <condition> ]
   request. Please refer to "http-request set-priority-offset" for a complete
   description.
 
+tcp-request content set-src <expr> [ { if | unless } <condition> ]
+tcp-request content set-src-port <expr> [ { if | unless } <condition> ]
+
+  These actions are used to set the source IP/Port address to the value of
+  specified expression. Please refer to "http-request set-src" and
+  "http-request set-src-port" for a complete description.
+
 tcp-request content set-tos <tos> [ { if | unless } <condition> ]
 
   This is used to set the TOS or DSCP field value of packets sent to the client
diff --git a/src/tcp_act.c b/src/tcp_act.c
index 25ff446772..b85cf28da6 100644
--- a/src/tcp_act.c
+++ b/src/tcp_act.c
@@ -509,6 +509,8 @@ static struct action_kw_list tcp_req_sess_actions = {ILH, {
 INITCALL1(STG_REGISTER, tcp_req_sess_keywords_register, &tcp_req_sess_actions);
 
 static struct action_kw_list tcp_req_cont_actions = {ILH, {
+	{ "set-src",      tcp_parse_set_src_dst },
+	{ "set-src-port", tcp_parse_set_src_dst },
 	{ "set-dst"     , tcp_parse_set_src_dst },
 	{ "set-dst-port", tcp_parse_set_src_dst },
 	{ "set-mark",     tcp_parse_set_mark    },