Hello,
Here a set of patches implementing http/tcp set-{dst,src}[-port].
The feature can be useful to connect to a IP/port which is defined in a map.
Regards,
--
William Lallemand
>From 4f44c85bd02830d690539b269a4669b6bd251e44 Mon Sep 17 00:00:00 2001
From: William Lallemand <[email protected]>
Date: Wed, 25 May 2016 01:48:42 +0200
Subject: [PATCH 1/4] MEDIUM: tcp: add 'set-src' to 'tcp-request connection'
The 'set-src' action was not available for tcp actions The action code
has been converted into a function in proto_tcp.c to be used for both
'http-request' and 'tcp-request connection' actions.
Both http and tcp keywords are registered in proto_tcp.c
---
doc/configuration.txt | 15 +++++++++++
include/types/action.h | 1 -
src/proto_http.c | 61 +++--------------------------------------
src/proto_tcp.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++--
4 files changed, 90 insertions(+), 60 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index c4df56e..f94885f 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -8674,6 +8674,21 @@ tcp-request connection <action> [{if | unless} <condition>]
an error occurs, this action silently fails and the actions evaluation
continues.
+ - set-src <expr> :
+ Is used to set the source IP address to the value of specified
+ expression. Useful if you want to mask source IP for privacy.
+ If you want to provide an IP from a HTTP header use "http-request
+ set-src"
+
+ <expr> Is a standard HAProxy expression formed by a sample-fetch
+ followed by some converters.
+
+ Example:
+
+ tcp-request connection set-src src,ipmask(24)
+
+ When set-src is successful, the source port is set to 0.
+
- "silent-drop" :
This stops the evaluation of the rules and makes the client-facing
connection suddenly disappear using a system-dependant way that tries
diff --git a/include/types/action.h b/include/types/action.h
index b97f9bf..742252e 100644
--- a/include/types/action.h
+++ b/include/types/action.h
@@ -80,7 +80,6 @@ enum act_name {
/* http request actions. */
ACT_HTTP_REQ_TARPIT,
ACT_HTTP_REQ_AUTH,
- ACT_HTTP_REQ_SET_SRC,
/* tcp actions */
ACT_TCP_EXPECT_PX,
diff --git a/src/proto_http.c b/src/proto_http.c
index d79a782..6686631 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -3554,26 +3554,6 @@ resume_execution:
}
break;
- case ACT_HTTP_REQ_SET_SRC:
- if ((cli_conn = objt_conn(sess->origin)) && conn_ctrl_ready(cli_conn)) {
- struct sample *smp;
-
- smp = sample_fetch_as_type(px, sess, s, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->arg.expr, SMP_T_ADDR);
-
- if (smp) {
- if (smp->data.type == SMP_T_IPV4) {
- ((struct sockaddr_in *)&cli_conn->addr.from)->sin_family = AF_INET;
- ((struct sockaddr_in *)&cli_conn->addr.from)->sin_addr.s_addr = smp->data.u.ipv4.s_addr;
- ((struct sockaddr_in *)&cli_conn->addr.from)->sin_port = 0;
- } else if (smp->data.type == SMP_T_IPV6) {
- ((struct sockaddr_in6 *)&cli_conn->addr.from)->sin6_family = AF_INET6;
- memcpy(&((struct sockaddr_in6 *)&cli_conn->addr.from)->sin6_addr, &smp->data.u.ipv6, sizeof(struct in6_addr));
- ((struct sockaddr_in6 *)&cli_conn->addr.from)->sin6_port = 0;
- }
- }
- }
- break;
-
/* other flags exists, but normaly, they never be matched. */
default:
break;
@@ -9204,39 +9184,6 @@ struct act_rule *parse_http_req_cond(const char **args, const char *file, int li
proxy->conf.lfs_line = proxy->conf.args.line;
cur_arg += 2;
- } else if (strncmp(args[0], "set-src", 7) == 0) {
- struct sample_expr *expr;
- unsigned int where;
- char *err = NULL;
-
- cur_arg = 1;
- proxy->conf.args.ctx = ARGC_HRQ;
-
- expr = sample_parse_expr((char **)args, &cur_arg, file, linenum, &err, &proxy->conf.args);
- if (!expr) {
- Alert("parsing [%s:%d] : error detected in %s '%s' while parsing 'http-request %s' rule : %s.\n",
- file, linenum, proxy_type_str(proxy), proxy->id, args[0], err);
- free(err);
- goto out_err;
- }
-
- where = 0;
- if (proxy->cap & PR_CAP_FE)
- where |= SMP_VAL_FE_HRQ_HDR;
- if (proxy->cap & PR_CAP_BE)
- where |= SMP_VAL_BE_HRQ_HDR;
-
- if (!(expr->fetch->val & where)) {
- Alert("parsing [%s:%d] : error detected in %s '%s' while parsing 'http-request %s' rule :"
- " fetch method '%s' extracts information from '%s', none of which is available here.\n",
- file, linenum, proxy_type_str(proxy), proxy->id, args[0],
- args[cur_arg-1], sample_src_names(expr->fetch->use));
- free(expr);
- goto out_err;
- }
-
- rule->arg.expr = expr;
- rule->action = ACT_HTTP_REQ_SET_SRC;
} else if (((custom = action_http_req_custom(args[0])) != NULL)) {
char *errmsg = NULL;
cur_arg = 1;
@@ -9253,8 +9200,8 @@ struct act_rule *parse_http_req_cond(const char **args, const char *file, int li
action_build_list(&http_req_keywords.list, &trash);
Alert("parsing [%s:%d]: 'http-request' expects 'allow', 'deny', 'auth', 'redirect', "
"'tarpit', 'add-header', 'set-header', 'replace-header', 'replace-value', 'set-nice', "
- "'set-tos', 'set-mark', 'set-log-level', 'add-acl', 'del-acl', 'del-map', 'set-map', "
- "'set-src'%s%s, but got '%s'%s.\n",
+ "'set-tos', 'set-mark', 'set-log-level', 'add-acl', 'del-acl', 'del-map', 'set-map'"
+ "%s%s, but got '%s'%s.\n",
file, linenum, *trash.str ? ", " : "", trash.str, args[0], *args[0] ? "" : " (missing argument)");
goto out_err;
}
@@ -9614,8 +9561,8 @@ struct act_rule *parse_http_res_cond(const char **args, const char *file, int li
action_build_list(&http_res_keywords.list, &trash);
Alert("parsing [%s:%d]: 'http-response' expects 'allow', 'deny', 'redirect', "
"'add-header', 'del-header', 'set-header', 'replace-header', 'replace-value', 'set-nice', "
- "'set-tos', 'set-mark', 'set-log-level', 'add-acl', 'del-acl', 'del-map', 'set-map', "
- "'set-src'%s%s, but got '%s'%s.\n",
+ "'set-tos', 'set-mark', 'set-log-level', 'add-acl', 'del-acl', 'del-map', 'set-map'"
+ "%s%s, but got '%s'%s.\n",
file, linenum, *trash.str ? ", " : "", trash.str, args[0], *args[0] ? "" : " (missing argument)");
goto out_err;
}
diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index bbe12e2..b283db4 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -1425,6 +1425,33 @@ int tcp_exec_req_rules(struct session *sess)
return result;
}
+/*
+ * Execute the "set-src" action. May be called from {tcp,http}request
+ */
+enum act_return tcp_action_req_set_src(struct act_rule *rule, struct proxy *px,
+ struct session *sess, struct stream *s, int flags)
+{
+ struct connection *cli_conn;
+
+ if ((cli_conn = objt_conn(sess->origin)) && conn_ctrl_ready(cli_conn)) {
+ struct sample *smp;
+
+ smp = sample_fetch_as_type(px, sess, s, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->arg.expr, SMP_T_ADDR);
+ if (smp) {
+ if (smp->data.type == SMP_T_IPV4) {
+ ((struct sockaddr_in *)&cli_conn->addr.from)->sin_family = AF_INET;
+ ((struct sockaddr_in *)&cli_conn->addr.from)->sin_addr.s_addr = smp->data.u.ipv4.s_addr;
+ ((struct sockaddr_in *)&cli_conn->addr.from)->sin_port = 0;
+ } else if (smp->data.type == SMP_T_IPV6) {
+ ((struct sockaddr_in6 *)&cli_conn->addr.from)->sin6_family = AF_INET6;
+ memcpy(&((struct sockaddr_in6 *)&cli_conn->addr.from)->sin6_addr, &smp->data.u.ipv6, sizeof(struct in6_addr));
+ ((struct sockaddr_in6 *)&cli_conn->addr.from)->sin6_port = 0;
+ }
+ }
+ }
+ return ACT_RET_CONT;
+}
+
/* Executes the "silent-drop" action. May be called from {tcp,http}{request,response} */
static enum act_return tcp_exec_action_silent_drop(struct act_rule *rule, struct proxy *px, struct session *sess, struct stream *strm, int flags)
{
@@ -2033,6 +2060,46 @@ static int tcp_parse_tcp_req(char **args, int section_type, struct proxy *curpx,
return -1;
}
+/* parse "set-src" action */
+enum act_parse_ret tcp_parse_set_src(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
+{
+ int cur_arg;
+ struct sample_expr *expr;
+ unsigned int where;
+
+ cur_arg = *orig_arg;
+ expr = sample_parse_expr((char **)args, &cur_arg, px->conf.args.file, px->conf.args.line, err, &px->conf.args);
+ if (!expr)
+ return ACT_RET_PRS_ERR;
+
+ where = 0;
+ if (proxy->cap & PR_CAP_FE)
+ where |= SMP_VAL_FE_HRQ_HDR;
+ if (proxy->cap & PR_CAP_BE)
+ where |= SMP_VAL_BE_HRQ_HDR;
+
+ if (!(expr->fetch->val & where)) {
+ memprintf(err,
+ "fetch method '%s' extracts information from '%s', none of which is available here",
+ args[cur_arg-1], sample_src_names(expr->fetch->use));
+ free(expr);
+ return ACT_RET_PRS_ERR;
+ }
+ rule->arg.expr = expr;
+ rule->action = ACT_CUSTOM;
+
+ if (!strcmp(args[*orig_arg-1], "set-src")) {
+ rule->action_ptr = tcp_action_req_set_src;
+ } else {
+ return ACT_RET_PRS_ERR;
+ }
+
+ (*orig_arg)++;
+
+ return ACT_RET_PRS_OK;
+}
+
+
/* Parse a "silent-drop" action. It takes no argument. It returns ACT_RET_PRS_OK on
* success, ACT_RET_PRS_ERR on error.
*/
@@ -2423,7 +2490,8 @@ static struct srv_kw_list srv_kws = { "TCP", { }, {
}};
static struct action_kw_list tcp_req_conn_actions = {ILH, {
- { "silent-drop", tcp_parse_silent_drop },
+ { "silent-drop", tcp_parse_silent_drop },
+ { "set-src", tcp_parse_set_src },
{ /* END */ }
}};
@@ -2438,7 +2506,8 @@ static struct action_kw_list tcp_res_cont_actions = {ILH, {
}};
static struct action_kw_list http_req_actions = {ILH, {
- { "silent-drop", tcp_parse_silent_drop },
+ { "silent-drop", tcp_parse_silent_drop },
+ { "set-src", tcp_parse_set_src },
{ /* END */ }
}};
--
2.7.3
>From fb81bec67994740bdfe26137e9d7f08e6ba14e38 Mon Sep 17 00:00:00 2001
From: William Lallemand <[email protected]>
Date: Wed, 25 May 2016 02:33:16 +0200
Subject: [PATCH 2/4] MINOR: set the CO_FL_ADDR_FROM_SET flags with 'set-src'
When the 'set-src' action is used, the CO_FL_ADDR_FROM_SET wasn't set,
it can lead to address being rewritten.
---
src/proto_tcp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index b283db4..806eb3e 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -1448,6 +1448,7 @@ enum act_return tcp_action_req_set_src(struct act_rule *rule, struct proxy *px,
((struct sockaddr_in6 *)&cli_conn->addr.from)->sin6_port = 0;
}
}
+ cli_conn->flags |= CO_FL_ADDR_FROM_SET;
}
return ACT_RET_CONT;
}
--
2.7.3
>From 69c1a599574312de719333d94a0c0291c322cafe Mon Sep 17 00:00:00 2001
From: William Lallemand <[email protected]>
Date: Wed, 25 May 2016 01:51:35 +0200
Subject: [PATCH 3/4] MEDIUM: tcp/http: add 'set-src-port' action
set-src-port works the same way as 'set-src' but for the source port.
It's available in 'tcp-request connection' and 'http-request' actions.
---
doc/configuration.txt | 29 +++++++++++++++++++++++++++++
src/proto_tcp.c | 32 +++++++++++++++++++++++++++++++-
2 files changed, 60 insertions(+), 1 deletion(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index f94885f..d3ff223 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -3845,6 +3845,21 @@ http-request { allow | deny | tarpit | auth [realm <realm>] | redirect <rule> |
When set-src is successful, the source port is set to 0.
+ - set-src-port <expr> :
+ Is used to set the source port address to the value of specified
+ expression.
+
+ <expr> Is a standard HAProxy expression formed by a sample-fetch
+ followed by some converters.
+
+ Example:
+
+ http-request set-src-port hdr(x-port)
+ http-request set-src-port int(4000)
+
+ Be careful to use "set-src-port" after "set-src", because "set-src" sets
+ the source port to 0.
+
- "silent-drop" : this stops the evaluation of the rules and makes the
client-facing connection suddenly disappear using a system-dependant way
that tries to prevent the client from being notified. The effect it then
@@ -8689,6 +8704,20 @@ tcp-request connection <action> [{if | unless} <condition>]
When set-src is successful, the source port is set to 0.
+ - set-src-port <expr> :
+ Is used to set the source port address to the value of specified
+ expression.
+
+ <expr> Is a standard HAProxy expression formed by a sample-fetch
+ followed by some converters.
+
+ Example:
+
+ tcp-request connection set-src-port int(4000)
+
+ Be careful to use "set-src-port" after "set-src", because "set-src" sets
+ the source port to 0.
+
- "silent-drop" :
This stops the evaluation of the rules and makes the client-facing
connection suddenly disappear using a system-dependant way that tries
diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index 806eb3e..99438d8 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -1453,6 +1453,32 @@ enum act_return tcp_action_req_set_src(struct act_rule *rule, struct proxy *px,
return ACT_RET_CONT;
}
+/*
+ * Execute the "set-src-port" action. May be called from {tcp,http}request
+ * We must test the sin_family before setting the port
+ */
+enum act_return tcp_action_req_set_src_port(struct act_rule *rule, struct proxy *px,
+ struct session *sess, struct stream *s, int flags)
+{
+ struct connection *cli_conn;
+
+ if ((cli_conn = objt_conn(sess->origin)) && conn_ctrl_ready(cli_conn)) {
+ struct sample *smp;
+
+ conn_get_from_addr(cli_conn);
+
+ smp = sample_fetch_as_type(px, sess, s, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->arg.expr, SMP_T_SINT);
+ if (smp) {
+ if (((struct sockaddr_storage *)&cli_conn->addr.from)->ss_family == AF_INET) {
+ ((struct sockaddr_in *)&cli_conn->addr.from)->sin_port = htons(smp->data.u.sint);
+ } else if (((struct sockaddr_storage *)&cli_conn->addr.from)->ss_family == AF_INET6) {
+ ((struct sockaddr_in6 *)&cli_conn->addr.from)->sin6_port = htons(smp->data.u.sint);
+ }
+ }
+ }
+ return ACT_RET_CONT;
+}
+
/* Executes the "silent-drop" action. May be called from {tcp,http}{request,response} */
static enum act_return tcp_exec_action_silent_drop(struct act_rule *rule, struct proxy *px, struct session *sess, struct stream *strm, int flags)
{
@@ -2061,7 +2087,7 @@ static int tcp_parse_tcp_req(char **args, int section_type, struct proxy *curpx,
return -1;
}
-/* parse "set-src" action */
+/* parse "set-src" and "set-src-port" actions */
enum act_parse_ret tcp_parse_set_src(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
{
int cur_arg;
@@ -2091,6 +2117,8 @@ enum act_parse_ret tcp_parse_set_src(const char **args, int *orig_arg, struct pr
if (!strcmp(args[*orig_arg-1], "set-src")) {
rule->action_ptr = tcp_action_req_set_src;
+ } else if (!strcmp(args[*orig_arg-1], "set-src-port")) {
+ rule->action_ptr = tcp_action_req_set_src_port;
} else {
return ACT_RET_PRS_ERR;
}
@@ -2493,6 +2521,7 @@ static struct srv_kw_list srv_kws = { "TCP", { }, {
static struct action_kw_list tcp_req_conn_actions = {ILH, {
{ "silent-drop", tcp_parse_silent_drop },
{ "set-src", tcp_parse_set_src },
+ { "set-src-port", tcp_parse_set_src },
{ /* END */ }
}};
@@ -2509,6 +2538,7 @@ static struct action_kw_list tcp_res_cont_actions = {ILH, {
static struct action_kw_list http_req_actions = {ILH, {
{ "silent-drop", tcp_parse_silent_drop },
{ "set-src", tcp_parse_set_src },
+ { "set-src-port", tcp_parse_set_src },
{ /* END */ }
}};
--
2.7.3
>From 3daea1db5a18aeda04f7c8205a32a44d5a0d83a3 Mon Sep 17 00:00:00 2001
From: William Lallemand <[email protected]>
Date: Wed, 25 May 2016 02:34:07 +0200
Subject: [PATCH 4/4] MEDIUM: tcp/http: new set-dst/set-dst-port actions
Like 'set-src' and 'set-src-port' but for destination address and port.
It's available in 'tcp-request connection' and 'http-request' actions.
---
doc/configuration.txt | 56 +++++++++++++++++++++++++++++++++++++++
src/proto_tcp.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++-----
2 files changed, 123 insertions(+), 6 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index d3ff223..678be44 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -3860,6 +3860,34 @@ http-request { allow | deny | tarpit | auth [realm <realm>] | redirect <rule> |
Be careful to use "set-src-port" after "set-src", because "set-src" sets
the source port to 0.
+ - set-dst <expr> :
+ Is used to set the destination IP address to the value of specified
+ expression. Useful when a proxy in front of HAProxy rewrites destination
+ IP, but provides the correct IP in a HTTP header; or you want to mask
+ the IP for privacy. If you want to connect to the new address/port, use
+ '0.0.0.0:0' as a server address in the backend.
+
+ <expr> Is a standard HAProxy expression formed by a sample-fetch
+ followed by some converters.
+
+ Example:
+
+ http-request set-dst hdr(x-dst)
+ http-request set-dst dst,ipmask(24)
+
+ - set-dst-port <expr> :
+ Is used to set the destination port address to the value of specified
+ expression. If you want to connect to the new address/port, use
+ '0.0.0.0:0' as a server address in the backend.
+
+ <expr> Is a standard HAProxy expression formed by a sample-fetch
+ followed by some converters.
+
+ Example:
+
+ http-request set-dst-port hdr(x-port)
+ http-request set-dst-port int(4000)
+
- "silent-drop" : this stops the evaluation of the rules and makes the
client-facing connection suddenly disappear using a system-dependant way
that tries to prevent the client from being notified. The effect it then
@@ -8718,6 +8746,34 @@ tcp-request connection <action> [{if | unless} <condition>]
Be careful to use "set-src-port" after "set-src", because "set-src" sets
the source port to 0.
+ - set-dst <expr> :
+ Is used to set the destination IP address to the value of specified
+ expression. Useful if you want to mask IP for privacy in log.
+ If you want to provide an IP from a HTTP header use "http-request
+ set-dst". If you want to connect to the new address/port, use
+ '0.0.0.0:0' as a server address in the backend.
+
+ <expr> Is a standard HAProxy expression formed by a sample-fetch
+ followed by some converters.
+
+ Example:
+
+ tcp-request connection set-dst dst,ipmask(24)
+ tcp-request connection set-dst ipv4(10.0.0.1)
+
+ - set-dst-port <expr> :
+ Is used to set the destination port address to the value of specified
+ expression. If you want to connect to the new address/port, use
+ '0.0.0.0:0' as a server address in the backend.
+
+
+ <expr> Is a standard HAProxy expression formed by a sample-fetch
+ followed by some converters.
+
+ Example:
+
+ tcp-request connection set-dst-port int(4000)
+
- "silent-drop" :
This stops the evaluation of the rules and makes the client-facing
connection suddenly disappear using a system-dependant way that tries
diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index 99438d8..5344703 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -1454,6 +1454,33 @@ enum act_return tcp_action_req_set_src(struct act_rule *rule, struct proxy *px,
}
/*
+ * Execute the "set-dst" action. May be called from {tcp,http}request
+ */
+enum act_return tcp_action_req_set_dst(struct act_rule *rule, struct proxy *px,
+ struct session *sess, struct stream *s, int flags)
+{
+ struct connection *cli_conn;
+
+ if ((cli_conn = objt_conn(sess->origin)) && conn_ctrl_ready(cli_conn)) {
+ struct sample *smp;
+
+ smp = sample_fetch_as_type(px, sess, s, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->arg.expr, SMP_T_ADDR);
+ if (smp) {
+ if (smp->data.type == SMP_T_IPV4) {
+ ((struct sockaddr_in *)&cli_conn->addr.to)->sin_family = AF_INET;
+ ((struct sockaddr_in *)&cli_conn->addr.to)->sin_addr.s_addr = smp->data.u.ipv4.s_addr;
+ } else if (smp->data.type == SMP_T_IPV6) {
+ ((struct sockaddr_in6 *)&cli_conn->addr.to)->sin6_family = AF_INET6;
+ memcpy(&((struct sockaddr_in6 *)&cli_conn->addr.to)->sin6_addr, &smp->data.u.ipv6, sizeof(struct in6_addr));
+ ((struct sockaddr_in6 *)&cli_conn->addr.to)->sin6_port = 0;
+ }
+ cli_conn->flags |= CO_FL_ADDR_TO_SET;
+ }
+ }
+ return ACT_RET_CONT;
+}
+
+/*
* Execute the "set-src-port" action. May be called from {tcp,http}request
* We must test the sin_family before setting the port
*/
@@ -1479,6 +1506,32 @@ enum act_return tcp_action_req_set_src_port(struct act_rule *rule, struct proxy
return ACT_RET_CONT;
}
+/*
+ * Execute the "set-dst-port" action. May be called from {tcp,http}request
+ * We must test the sin_family before setting the port
+ */
+enum act_return tcp_action_req_set_dst_port(struct act_rule *rule, struct proxy *px,
+ struct session *sess, struct stream *s, int flags)
+{
+ struct connection *cli_conn;
+
+ if ((cli_conn = objt_conn(sess->origin)) && conn_ctrl_ready(cli_conn)) {
+ struct sample *smp;
+
+ conn_get_to_addr(cli_conn);
+
+ smp = sample_fetch_as_type(px, sess, s, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->arg.expr, SMP_T_SINT);
+ if (smp) {
+ if (((struct sockaddr_storage *)&cli_conn->addr.to)->ss_family == AF_INET) {
+ ((struct sockaddr_in *)&cli_conn->addr.to)->sin_port = htons(smp->data.u.sint);
+ } else if (((struct sockaddr_storage *)&cli_conn->addr.to)->ss_family == AF_INET6) {
+ ((struct sockaddr_in6 *)&cli_conn->addr.to)->sin6_port = htons(smp->data.u.sint);
+ }
+ }
+ }
+ return ACT_RET_CONT;
+}
+
/* Executes the "silent-drop" action. May be called from {tcp,http}{request,response} */
static enum act_return tcp_exec_action_silent_drop(struct act_rule *rule, struct proxy *px, struct session *sess, struct stream *strm, int flags)
{
@@ -2087,8 +2140,8 @@ static int tcp_parse_tcp_req(char **args, int section_type, struct proxy *curpx,
return -1;
}
-/* parse "set-src" and "set-src-port" actions */
-enum act_parse_ret tcp_parse_set_src(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
+/* parse "set-{src,dst}[-port]" action */
+enum act_parse_ret tcp_parse_set_src_dst(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
{
int cur_arg;
struct sample_expr *expr;
@@ -2119,6 +2172,10 @@ enum act_parse_ret tcp_parse_set_src(const char **args, int *orig_arg, struct pr
rule->action_ptr = tcp_action_req_set_src;
} else if (!strcmp(args[*orig_arg-1], "set-src-port")) {
rule->action_ptr = tcp_action_req_set_src_port;
+ } else if (!strcmp(args[*orig_arg-1], "set-dst")) {
+ rule->action_ptr = tcp_action_req_set_dst;
+ } else if (!strcmp(args[*orig_arg-1], "set-dst-port")) {
+ rule->action_ptr = tcp_action_req_set_dst_port;
} else {
return ACT_RET_PRS_ERR;
}
@@ -2520,8 +2577,10 @@ static struct srv_kw_list srv_kws = { "TCP", { }, {
static struct action_kw_list tcp_req_conn_actions = {ILH, {
{ "silent-drop", tcp_parse_silent_drop },
- { "set-src", tcp_parse_set_src },
- { "set-src-port", tcp_parse_set_src },
+ { "set-src", tcp_parse_set_src_dst },
+ { "set-src-port", tcp_parse_set_src_dst },
+ { "set-dst" , tcp_parse_set_src_dst },
+ { "set-dst-port", tcp_parse_set_src_dst },
{ /* END */ }
}};
@@ -2537,8 +2596,10 @@ static struct action_kw_list tcp_res_cont_actions = {ILH, {
static struct action_kw_list http_req_actions = {ILH, {
{ "silent-drop", tcp_parse_silent_drop },
- { "set-src", tcp_parse_set_src },
- { "set-src-port", tcp_parse_set_src },
+ { "set-src", tcp_parse_set_src_dst },
+ { "set-src-port", tcp_parse_set_src_dst },
+ { "set-dst", tcp_parse_set_src_dst },
+ { "set-dst-port", tcp_parse_set_src_dst },
{ /* END */ }
}};
--
2.7.3
