isc_result_t
isc_nm_listentls(isc_nm_t *mgr, uint32_t workers, isc_sockaddr_t *iface,
isc_nm_accept_cb_t accept_cb, void *accept_cbarg, int backlog,
- isc_quota_t *quota, isc_tlsctx_t *sslctx,
+ isc_quota_t *quota, isc_tlsctx_t *sslctx, bool proxy,
isc_nmsocket_t **sockp);
void
isc_nm_cb_t connect_cb, void *connect_cbarg,
isc_tlsctx_t *ctx,
isc_tlsctx_client_session_cache_t *client_sess_cache,
- unsigned int timeout);
+ unsigned int timeout, bool proxy,
+ isc_nm_proxyheader_info_t *proxy_info);
#if HAVE_LIBNGHTTP2
if (tlsctx != NULL) {
isc_nm_tlsconnect(mgr, local, peer, transport_connect_cb, sock,
- tlsctx, client_sess_cache, timeout);
+ tlsctx, client_sess_cache, timeout, false,
+ NULL);
} else {
isc_nm_tcpconnect(mgr, local, peer, transport_connect_cb, sock,
timeout);
if (ctx != NULL) {
result = isc_nm_listentls(mgr, workers, iface,
httplisten_acceptcb, sock, backlog,
- quota, ctx, &sock->outer);
+ quota, ctx, false, &sock->outer);
} else {
result = isc_nm_listentcp(mgr, workers, iface,
httplisten_acceptcb, sock, backlog,
} else {
isc_nm_tlsconnect(mgr, local, peer,
streamdns_transport_connected, nsock, ctx,
- client_sess_cache, nsock->connect_timeout);
+ client_sess_cache, nsock->connect_timeout,
+ false, NULL);
}
}
} else {
result = isc_nm_listentls(
mgr, workers, iface, streamdns_accept_cb, listener,
- backlog, quota, tlsctx, &listener->outer);
+ backlog, quota, tlsctx, false, &listener->outer);
}
if (result != ISC_R_SUCCESS) {
listener->closed = true;
isc_result_t
isc_nm_listentls(isc_nm_t *mgr, uint32_t workers, isc_sockaddr_t *iface,
isc_nm_accept_cb_t accept_cb, void *accept_cbarg, int backlog,
- isc_quota_t *quota, SSL_CTX *sslctx, isc_nmsocket_t **sockp) {
+ isc_quota_t *quota, SSL_CTX *sslctx, bool proxy,
+ isc_nmsocket_t **sockp) {
isc_result_t result;
isc_nmsocket_t *tlssock = NULL;
isc_nmsocket_t *tsock = NULL;
* tlssock will be a TLS 'wrapper' around an unencrypted stream.
* We set tlssock->outer to a socket listening for a TCP connection.
*/
- result = isc_nm_listentcp(mgr, workers, iface, tlslisten_acceptcb,
- tlssock, backlog, quota, &tlssock->outer);
+ if (proxy) {
+ result = isc_nm_listenproxystream(
+ mgr, workers, iface, tlslisten_acceptcb, tlssock,
+ backlog, quota, &tlssock->outer);
+ } else {
+ result = isc_nm_listentcp(mgr, workers, iface,
+ tlslisten_acceptcb, tlssock, backlog,
+ quota, &tlssock->outer);
+ }
if (result != ISC_R_SUCCESS) {
tlssock->closed = true;
isc__nmsocket_detach(&tlssock);
isc_nm_cb_t connect_cb, void *connect_cbarg,
isc_tlsctx_t *ctx,
isc_tlsctx_client_session_cache_t *client_sess_cache,
- unsigned int timeout) {
+ unsigned int timeout, bool proxy,
+ isc_nm_proxyheader_info_t *proxy_info) {
isc_nmsocket_t *sock = NULL;
isc__networker_t *worker = NULL;
client_sess_cache, &sock->tlsstream.client_sess_cache);
}
- isc_nm_tcpconnect(mgr, local, peer, tcp_connected, sock,
- sock->connect_timeout);
+ if (proxy) {
+ isc_nm_proxystreamconnect(mgr, local, peer, tcp_connected, sock,
+ sock->connect_timeout, proxy_info);
+ } else {
+ isc_nm_tcpconnect(mgr, local, peer, tcp_connected, sock,
+ sock->connect_timeout);
+ }
}
static void
void
isc__nm_tls_cleanup_data(isc_nmsocket_t *sock) {
- if (sock->type == isc_nm_tcplistener &&
+ if ((sock->type == isc_nm_tcplistener ||
+ sock->type == isc_nm_proxystreamlistener) &&
sock->tlsstream.tlslistener != NULL)
{
isc__nmsocket_detach(&sock->tlsstream.tlslistener);
sock->tlsstream.send_req,
sizeof(*sock->tlsstream.send_req));
}
- } else if (sock->type == isc_nm_tcpsocket &&
+ } else if ((sock->type == isc_nm_tcpsocket ||
+ sock->type == isc_nm_proxystreamsocket) &&
sock->tlsstream.tlssocket != NULL)
{
/*
tls_connect(isc_nm_t *nm) {
isc_nm_tlsconnect(nm, &tcp_connect_addr, &tcp_listen_addr,
connect_connect_cb, NULL, tcp_connect_tlsctx,
- tcp_tlsctx_client_sess_cache, T_CONNECT);
+ tcp_tlsctx_client_sess_cache, T_CONNECT,
+ stream_use_PROXY, NULL);
}
isc_nm_proxyheader_info_t *
isc_result_t result = ISC_R_SUCCESS;
if (stream_use_TLS) {
- result = isc_nm_listentls(listen_nm, ISC_NM_LISTEN_ALL,
- &tcp_listen_addr, accept_cb,
- accept_cbarg, backlog, quota,
- tcp_listen_tlsctx, sockp);
+ result = isc_nm_listentls(
+ listen_nm, ISC_NM_LISTEN_ALL, &tcp_listen_addr,
+ accept_cb, accept_cbarg, backlog, quota,
+ tcp_listen_tlsctx, stream_use_PROXY, sockp);
return (result);
} else if (stream_use_PROXY) {
result = isc_nm_listenproxystream(
isc_refcount_increment0(&active_cconnects);
if (stream_use_TLS) {
- isc_nm_tlsconnect(connect_nm, &tcp_connect_addr,
- &tcp_listen_addr, cb, cbarg,
- tcp_connect_tlsctx,
- tcp_tlsctx_client_sess_cache, timeout);
+ isc_nm_tlsconnect(
+ connect_nm, &tcp_connect_addr, &tcp_listen_addr, cb,
+ cbarg, tcp_connect_tlsctx, tcp_tlsctx_client_sess_cache,
+ timeout, stream_use_PROXY, NULL);
return;
} else if (stream_use_PROXY) {
isc_nm_proxystreamconnect(connect_nm, &tcp_connect_addr,
projects / thirdparty / bind9.git / commitdiff
