konevsa/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MINOR: add ALPN information to send-proxy-v2

Browse Source 
Send ALPN information in proxy-protocol-v2 if an alpn have been
negotiated.
This commit is contained in:
Emmanuel Hocdet 2017-10-24 10:55:14 +02:00 committed by Willy Tarreau
parent 01da571e21
commit 404d978d40
2 changed files with 15 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/configuration.txt
View File

@ -11458,10 +11458,10 @@ send-proxy-v2
over any connection established to this server. The PROXY protocol informs over any connection established to this server. The PROXY protocol informs
the other end about the layer 3/4 addresses of the incoming connection, so the other end about the layer 3/4 addresses of the incoming connection, so
that it can know the client's address or the public address it accessed to, that it can know the client's address or the public address it accessed to,
whatever the upper layer protocol. This setting must not be used if the whatever the upper layer protocol. It also send ALPN information if an alpn
server isn't aware of this version of the protocol. See also the have been negotiated. This setting must not be used if the server isn't aware
"no-send-proxy-v2" option of this section and send-proxy" option of the of this version of the protocol. See also the "no-send-proxy-v2" option of
"bind" keyword. this section and send-proxy" option of the "bind" keyword.
send-proxy-v2-ssl send-proxy-v2-ssl
The "send-proxy-v2-ssl" parameter enforces use of the PROXY protocol version The "send-proxy-v2-ssl" parameter enforces use of the PROXY protocol version

21
src/connection.c
View File

@ -952,7 +952,6 @@ int make_proxy_line_v1(char *buf, int buf_len, struct sockaddr_storage *src, str
return ret; return ret;
} }
#if defined(USE_OPENSSL) || defined(CONFIG_HAP_NS)
static int make_tlv(char *dest, int dest_len, char type, uint16_t length, const char *value) static int make_tlv(char *dest, int dest_len, char type, uint16_t length, const char *value)
{ {
struct tlv *tlv; struct tlv *tlv;
@ -968,7 +967,6 @@ static int make_tlv(char *dest, int dest_len, char type, uint16_t length, const
memcpy(tlv->value, value, length); memcpy(tlv->value, value, length);
return length + sizeof(*tlv); return length + sizeof(*tlv);
} }
#endif
int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connection *remote) int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connection *remote)
{ {
@ -978,13 +976,8 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
struct sockaddr_storage null_addr = { .ss_family = 0 }; struct sockaddr_storage null_addr = { .ss_family = 0 };
struct sockaddr_storage *src = &null_addr; struct sockaddr_storage *src = &null_addr;
struct sockaddr_storage *dst = &null_addr; struct sockaddr_storage *dst = &null_addr;
const char *value;
#ifdef USE_OPENSSL int value_len;
const char *value = NULL;
struct tlv_ssl *tlv;
int ssl_tlv_len = 0;
struct chunk *cn_trash;
#endif
if (buf_len < PP2_HEADER_LEN) if (buf_len < PP2_HEADER_LEN)
return 0; return 0;
@ -1025,8 +1018,16 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
ret = PP2_HDR_LEN_UNSPEC; ret = PP2_HDR_LEN_UNSPEC;
} }
if (conn_get_alpn(remote, &value, &value_len)) {
if ((buf_len - ret) < sizeof(struct tlv))
return 0;
ret += make_tlv(&buf[ret], buf_len, PP2_TYPE_ALPN, value_len, value);
}
#ifdef USE_OPENSSL #ifdef USE_OPENSSL
if (srv->pp_opts & SRV_PP_V2_SSL) { if (srv->pp_opts & SRV_PP_V2_SSL) {
struct tlv_ssl *tlv;
int ssl_tlv_len = 0;
if ((buf_len - ret) < sizeof(struct tlv_ssl)) if ((buf_len - ret) < sizeof(struct tlv_ssl))
return 0; return 0;
tlv = (struct tlv_ssl *)&buf[ret]; tlv = (struct tlv_ssl *)&buf[ret];
@ -1046,7 +1047,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
tlv->client |= PP2_CLIENT_CERT_CONN; tlv->client |= PP2_CLIENT_CERT_CONN;
} }
if (srv->pp_opts & SRV_PP_V2_SSL_CN) { if (srv->pp_opts & SRV_PP_V2_SSL_CN) {
cn_trash = get_trash_chunk(); struct chunk *cn_trash = get_trash_chunk();
if (ssl_sock_get_remote_common_name(remote, cn_trash) > 0) { if (ssl_sock_get_remote_common_name(remote, cn_trash) > 0) {
ssl_tlv_len += make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_SUBTYPE_SSL_CN, cn_trash->len, cn_trash->str); ssl_tlv_len += make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_SUBTYPE_SSL_CN, cn_trash->len, cn_trash->str);
} }