Skip to content

Commit

Permalink
MINOR: tcp_act: remove limitation on protocol for attach-srv
Browse files Browse the repository at this point in the history 
This patch allows to specify "tcp-request session attach-srv" without
requiring that each associated bind lines mandates HTTP/2 usage. If a
non supported protocol is targetted by this rule, conn_install_mux_fe()
is responsible to reject it.

This change is mandatory to be able to mix attach-srv and standard
non-reversable connection on the same bind instances. An ACL can be used
to activate attach-srv only on some conditions.
  • Loading branch information
@a-denoyelle
a-denoyelle committed Sep 29, 2023
1 parent 337c714 commit c58fd4d
Showing 1 changed file with 0 additions and 23 deletions.
23 changes: 0 additions & 23 deletions src/tcp_act.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -427,7 +427,6 @@ static int tcp_check_attach_srv(struct act_rule *rule, struct proxy *px, char **
{
struct proxy *be = NULL;
struct server *srv = NULL;
struct bind_conf *bind_conf;
char *name = rule->arg.attach_srv.srvname;
struct ist be_name, sv_name;

Expand All @@ -436,18 +435,6 @@ static int tcp_check_attach_srv(struct act_rule *rule, struct proxy *px, char **
return 0;
}

list_for_each_entry(bind_conf, &px->conf.bind, by_fe) {
if ((bind_conf->mux_proto && !isteqi(bind_conf->mux_proto->token, ist("h2")))
#ifdef USE_OPENSSL
|| (bind_conf->ssl_conf.alpn_str && strcmp(bind_conf->ssl_conf.alpn_str, "\x02h2") != 0)
#endif
) {
memprintf(err, "attach-srv rule: incompatible with listener on %s:%d which uses protocol other than HTTP/2",
bind_conf->file, bind_conf->line);
return 0;
}
}

sv_name = ist(name);
be_name = istsplit(&sv_name, '/');
if (!istlen(sv_name)) {
Expand All @@ -464,16 +451,6 @@ static int tcp_check_attach_srv(struct act_rule *rule, struct proxy *px, char **
return 0;
}

if ((srv->mux_proto && !isteqi(srv->mux_proto->token, ist("h2")))
#ifdef USE_OPENSSL
|| (srv->ssl_ctx.alpn_str && strcmp(srv->ssl_ctx.alpn_str, "\x02h2") != 0)
#endif
) {
memprintf(err, "attach-srv rule: incompatible with server '%s:%s' which uses protocol other than HTTP/2",
ist0(be_name), ist0(sv_name));
return 0;
}

if ((rule->arg.attach_srv.name && (!srv->use_ssl || !srv->sni_expr)) ||
(!rule->arg.attach_srv.name && srv->use_ssl && srv->sni_expr)) {
memprintf(err, "attach-srv rule: connection will never be used; either specify name argument in conjonction with defined SSL SNI on targetted server or none of these");
Expand Down

0 comments on commit c58fd4d

Please sign in to comment.