From: Willy Tarreau Date: Thu, 4 Oct 2012 21:55:57 +0000 (+0200) Subject: MEDIUM: connection: add a new local send-proxy transport callback X-Git-Tag: v1.5-dev13~206 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f1504f5244e8adc0081e7c803f94e6eb3b15b38;p=thirdparty%2Fhaproxy.git MEDIUM: connection: add a new local send-proxy transport callback This callback sends a PROXY protocol line on the outgoing connection, with the local and remote endpoint information. This is used for local connections (eg: health checks) where the other end needs to have a valid address and no connection is relayed. --- diff --git a/include/proto/connection.h b/include/proto/connection.h index 949cf11749..37af379680 100644 --- a/include/proto/connection.h +++ b/include/proto/connection.h @@ -68,6 +68,20 @@ void conn_update_sock_polling(struct connection *c); */ void conn_update_data_polling(struct connection *c); +/* This callback is used to send a valid PROXY protocol line to a socket being + * established from the local machine. It sets the protocol addresses to the + * local and remote address. This is typically used with health checks or when + * it is not possible to determine the other end's address. It returns 0 if it + * fails in a fatal way or needs to poll to go further, otherwise it returns + * non-zero and removes itself from the connection's flags (the bit is provided + * in by the caller). It is designed to be called by the connection + * handler and relies on it to commit polling changes. Note that this function + * expects to be able to send the whole line at once, which should always be + * possible since it is supposed to start at the first byte of the outgoing + * data segment. + */ +int conn_local_send_proxy(struct connection *conn, unsigned int flag); + /* inspects c->flags and returns non-zero if DATA ENA changes from the CURR ENA * or if the WAIT flags set new flags that were not in CURR POL. Additionally, * non-zero is also returned if an error was reported on the connection. This diff --git a/include/types/connection.h b/include/types/connection.h index 3219309dbb..35ce1f5ab1 100644 --- a/include/types/connection.h +++ b/include/types/connection.h @@ -133,10 +133,11 @@ enum { */ CO_FL_SI_SEND_PROXY = 0x01000000, /* send a valid PROXY protocol header */ CO_FL_SSL_WAIT_HS = 0x02000000, /* wait for an SSL handshake to complete */ - CO_FL_ACCEPT_PROXY = 0x04000000, /* send a valid PROXY protocol header */ + CO_FL_ACCEPT_PROXY = 0x04000000, /* receive a valid PROXY protocol header */ + CO_FL_LOCAL_SPROXY = 0x08000000, /* send a valid local PROXY protocol header */ /* below we have all handshake flags grouped into one */ - CO_FL_HANDSHAKE = CO_FL_SI_SEND_PROXY | CO_FL_SSL_WAIT_HS | CO_FL_ACCEPT_PROXY, + CO_FL_HANDSHAKE = CO_FL_SI_SEND_PROXY | CO_FL_SSL_WAIT_HS | CO_FL_ACCEPT_PROXY | CO_FL_LOCAL_SPROXY, /* when any of these flags is set, polling is defined by socket-layer * operations, as opposed to data-layer. Transport is explicitly not diff --git a/src/connection.c b/src/connection.c index 9b2e92a5bd..b7282255bf 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,6 +17,7 @@ #include #include +#include #include #include #include @@ -59,6 +60,10 @@ int conn_fd_handler(int fd) if (conn->flags & CO_FL_SI_SEND_PROXY) if (!conn_si_send_proxy(conn, CO_FL_SI_SEND_PROXY)) goto leave; + + if (conn->flags & CO_FL_LOCAL_SPROXY) + if (!conn_local_send_proxy(conn, CO_FL_LOCAL_SPROXY)) + goto leave; #ifdef USE_OPENSSL if (conn->flags & CO_FL_SSL_WAIT_HS) if (!ssl_sock_handshake(conn, CO_FL_SSL_WAIT_HS)) @@ -508,3 +513,73 @@ int make_proxy_line(char *buf, int buf_len, struct sockaddr_storage *src, struct } return ret; } + +/* This callback is used to send a valid PROXY protocol line to a socket being + * established from the local machine. It sets the protocol addresses to the + * local and remote address. This is typically used with health checks or when + * it is not possible to determine the other end's address. It returns 0 if it + * fails in a fatal way or needs to poll to go further, otherwise it returns + * non-zero and removes itself from the connection's flags (the bit is provided + * in by the caller). It is designed to be called by the connection + * handler and relies on it to commit polling changes. Note that this function + * expects to be able to send the whole line at once, which should always be + * possible since it is supposed to start at the first byte of the outgoing + * data segment. + */ +int conn_local_send_proxy(struct connection *conn, unsigned int flag) +{ + int ret, len; + + /* we might have been called just after an asynchronous shutw */ + if (conn->flags & CO_FL_SOCK_WR_SH) + goto out_error; + + /* The target server expects a PROXY line to be sent first. */ + conn_get_from_addr(conn); + if (!(conn->flags & CO_FL_ADDR_FROM_SET)) + goto out_error; + + conn_get_to_addr(conn); + if (!(conn->flags & CO_FL_ADDR_TO_SET)) + goto out_error; + + len = make_proxy_line(trash, trashlen, &conn->addr.from, &conn->addr.to); + if (!len) + goto out_error; + + /* we have to send trash from len bytes. If the data layer has a + * pending write, we'll also set MSG_MORE. + */ + ret = send(conn->t.sock.fd, trash, len, (conn->flags & CO_FL_DATA_WR_ENA) ? MSG_MORE : 0); + + if (ret == 0) + goto out_wait; + + if (ret < 0) { + if (errno == EAGAIN) + goto out_wait; + goto out_error; + } + + if (ret != len) + goto out_error; + + /* The connection is ready now, simply return and let the connection + * handler notify upper layers if needed. + */ + if (conn->flags & CO_FL_WAIT_L4_CONN) + conn->flags &= ~CO_FL_WAIT_L4_CONN; + conn->flags &= ~flag; + return 1; + + out_error: + /* Write error on the file descriptor */ + conn->flags |= CO_FL_ERROR; + conn->flags &= ~flag; + return 0; + + out_wait: + __conn_sock_stop_recv(conn); + __conn_sock_poll_send(conn); + return 0; +}