From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Thu, 21 Sep 2023 14:54:41 +0000 (+0200)
Subject: MINOR: proto_reverse_connect: prevent transparent server for pre-connect
X-Git-Tag: v2.9-dev6~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d3db96f11a55b91cda1190b6d41deb6e737802ff;p=thirdparty%2Fhaproxy.git

MINOR: proto_reverse_connect: prevent transparent server for pre-connect

Prevent using transparent servers for pre-connect on startup by emitting
a fatal error. This is used to ensure we never try to connect to a
target with an unspecified destination address or port.
---

diff --git a/src/proto_reverse_connect.c b/src/proto_reverse_connect.c
index efaf81507d..f370ce2273 100644
--- a/src/proto_reverse_connect.c
+++ b/src/proto_reverse_connect.c
@@ -186,12 +186,16 @@ int rev_bind_listener(struct listener *listener, char *errmsg, int errlen)
 		goto err;
 	}
 
-	/* TODO check que on utilise pas un serveur @reverse */
 	if (srv->flags & SRV_F_REVERSE) {
 		snprintf(errmsg, errlen, "Cannot use reverse server '%s/%s' as target to a reverse bind.", ist0(be_name), ist0(sv_name));
 		goto err;
 	}
 
+	if (srv_is_transparent(srv)) {
+		snprintf(errmsg, errlen, "Cannot use transparent server '%s/%s' as target to a reverse bind.", ist0(be_name), ist0(sv_name));
+		goto err;
+	}
+
 	/* Check that server uses HTTP/2 either with proto or ALPN. */
 	if ((!srv->mux_proto || !isteqi(srv->mux_proto->token, ist("h2"))) &&
 	    (!srv->use_ssl || !isteqi(ist(srv->ssl_ctx.alpn_str), ist("\x02h2")))) {