Hi Baptiste, Maxim,
On Wed, Dec 28, 2016 at 02:04:44PM +0100, Baptiste wrote:
> On Fri, Dec 23, 2016 at 5:21 PM, Willy Tarreau <w...@1wt.eu> wrote:
> > Regarding this issue, I think that in fact we should decide to split the
> > server port apart from the address. After all, we're manipulating the port
> > and the address separately everywhere, we even have some extra settings in
> > other places (eg the fact that the ports are relative). I have not yet
> > analysed the impact of all of this but I think that's definitely something
> > we need to consider for the mid term. It will also remove most of the
> > "switch (family)" needed to retrieve/manipulate ports.
(...)
> I tend to fully agree if you mean having a "service_port" parameter in the
> "struct server" (or some kind of)
> Each time we have to manipulate addr and/or port in the struct
> sockaddr_storage, it's a nightmare and we have to think about all the
> corner cases...
OK so I managed to do it and I think I got it working fine now. It took
some time because in order not to miss any place I renamed the struct
member so that I was sure to spot all places.
I found a small bug in the current DNS resolution implementation when the
family is set to AF_UNSPEC, it immediately marks it as invalid and tries
again, so my DNS server got flooded during my tests :-) But that's fixed
now.
Thus now str2sa_range() doesn't change the family if the address doesn't
resolved. It however continues to *also* copy the port into the address
in the case where it resolves so that we don't have to touch all other
call places (listeners, peers, source, etc). I could get this config to
resolve all addresses as expected :
resolvers mydns
nameserver dns1 8.8.8.8:53
resolve_retries 3
timeout retry 1s
hold valid 1s
defaults
option httplog
log 127.0.0.1:5514 local0
mode http
timeout connect 5s
timeout client 60s
timeout server 90s
frontend f
bind *:8888
#bind :::8888
backend b
# default-server resolvers mydns ## doesn't work
server s1 127.0.0.1:8000 check
server s2 127.0.0.2:8000 check disabled
server s3 wtap.haproxy.local:8000 init-addr none check resolvers
mydns
server s4 haproxy.ipv6.1wt.eu:80 init-addr none check resolvers mydns
server s5 www6.1wt.eu:80
server s6 i...@www6.1wt.eu:80
server s7 i...@www6.1wt.eu:80 init-addr libc
server s8 1wt.eu:80 resolve-prefer ipv6 check init-addr none
resolvers mydns
server s9 1wt.eu:80 resolve-prefer ipv4 check
By the way I found that "resolvers" doesn't work in default-server AND
doesn't emit any warning so I had to specify it on each line. We need to
fix this before issuing 1.7.2.
I'd like you guys to take a look at the attached patches (rebased on 1.7).
There's also an all-in-one patch that you can apply to latest 1.7 snapshot
Maxim if you're interested.
For me it passes all tests and seems to be OK now.
Barring any objection, I'll merge all of them into 1.7 and will make a note
for distro maintainers to properly pick them or they'll get annoying bug
reports.
Thanks,
Willy
>From c5ffce6f998945c1c477387da9908d408b464622 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w...@1wt.eu>
Date: Fri, 6 Jan 2017 17:41:29 +0100
Subject: MEDIUM: server: split the address and the port into two different
fields
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Keeping the address and the port in the same field causes a lot of problems,
specifically on the DNS part where we're forced to cheat on the family to be
able to keep the port. This causes some issues such as some families not being
resolvable anymore.
This patch first moves the service port to a new field "svc_port" so that the
port field is never used anymore in the "addr" field (struct sockaddr_storage).
All call places were adapted (there aren't that many).
---
include/types/server.h | 3 ++-
src/backend.c | 21 +++++++++++++--------
src/checks.c | 14 +++++++++++---
src/server.c | 5 +++--
src/stats.c | 4 ++--
5 files changed, 31 insertions(+), 16 deletions(-)
diff --git a/include/types/server.h b/include/types/server.h
index 20c314b..4678934 100644
--- a/include/types/server.h
+++ b/include/types/server.h
@@ -230,7 +230,8 @@ struct server {
const struct netns_entry *netns; /* contains network namespace
name or NULL. Network namespace comes from configuration */
/* warning, these structs are huge, keep them at the bottom */
- struct sockaddr_storage addr; /* the address to connect to */
+ struct sockaddr_storage addr; /* the address to connect to,
doesn't include the port */
+ unsigned int svc_port; /* the port to connect to (for
relevant families) */
struct xprt_ops *xprt; /* transport-layer operations */
unsigned down_time; /* total time the server was
down */
time_t last_change; /* last time, when the state
was changed */
diff --git a/src/backend.c b/src/backend.c
index efa9472..094c519 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -770,6 +770,7 @@ int assign_server_address(struct stream *s)
return SRV_STATUS_INTERNAL;
srv_conn->addr.to = objt_server(s->target)->addr;
+ set_host_port(&srv_conn->addr.to,
objt_server(s->target)->svc_port);
if (!is_addr(&srv_conn->addr.to) && cli_conn) {
/* if the server has no address, we use the same address
@@ -1346,7 +1347,8 @@ int tcp_persist_rdp_cookie(struct stream *s, struct
channel *req, int an_bit)
int ret;
struct sample smp;
struct server *srv = px->srv;
- struct sockaddr_in addr;
+ uint16_t port;
+ uint32_t addr;
char *p;
DPRINTF(stderr,"[%u] %s: stream=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d
analysers=%02x\n",
@@ -1367,22 +1369,25 @@ int tcp_persist_rdp_cookie(struct stream *s, struct
channel *req, int an_bit)
if (ret == 0 || (smp.flags & SMP_F_MAY_CHANGE) || smp.data.u.str.len ==
0)
goto no_cookie;
- memset(&addr, 0, sizeof(addr));
- addr.sin_family = AF_INET;
-
- /* Considering an rdp cookie detected using acl, str ended with
<cr><lf> and should return */
- addr.sin_addr.s_addr = strtoul(smp.data.u.str.str, &p, 10);
+ /* Considering an rdp cookie detected using acl, str ended with
<cr><lf> and should return.
+ * The cookie format is <ip> "." <port> where "ip" is the integer
corresponding to the
+ * server's IP address in network order, and "port" is the integer
corresponding to the
+ * server's port in network order. Comments please Emeric.
+ */
+ addr = strtoul(smp.data.u.str.str, &p, 10);
if (*p != '.')
goto no_cookie;
p++;
- addr.sin_port = (unsigned short)strtoul(p, &p, 10);
+
+ port = ntohs(strtoul(p, &p, 10));
if (*p != '.')
goto no_cookie;
s->target = NULL;
while (srv) {
if (srv->addr.ss_family == AF_INET &&
- memcmp(&addr, &(srv->addr), sizeof(addr)) == 0) {
+ port == srv->svc_port &&
+ addr == ((struct sockaddr_in
*)&srv->addr)->sin_addr.s_addr) {
if ((srv->state != SRV_ST_STOPPED) || (px->options &
PR_O_PERSIST)) {
/* we found the server and it is usable */
s->flags |= SF_DIRECT | SF_ASSIGNED;
diff --git a/src/checks.c b/src/checks.c
index 8eb2c7a..53513ca 100644
--- a/src/checks.c
+++ b/src/checks.c
@@ -533,7 +533,10 @@ static int httpchk_build_status_header(struct server *s,
char *buffer, int size)
(s->state != SRV_ST_STOPPED) ? (s->check.fall) :
(s->check.rise));
addr_to_str(&s->addr, addr, sizeof(addr));
- port_to_str(&s->addr, port, sizeof(port));
+ if (s->addr.ss_family == AF_INET || s->addr.ss_family == AF_INET6)
+ snprintf(port, sizeof(port), "%u", s->svc_port);
+ else
+ *port = 0;
hlen += snprintf(buffer + hlen, size - hlen, "; address=%s; port=%s;
name=%s/%s; node=%s; weight=%d/%d; scur=%d/%d; qcur=%d",
addr, port, s->proxy->id, s->id,
@@ -1784,7 +1787,11 @@ static int prepare_external_check(struct check *check)
addr_to_str(&s->addr, buf, sizeof(buf));
check->argv[3] = strdup(buf);
- port_to_str(&s->addr, buf, sizeof(buf));
+
+ if (s->addr.ss_family == AF_INET || s->addr.ss_family == AF_INET6)
+ snprintf(buf, sizeof(buf), "%u", s->svc_port);
+ else
+ *buf = 0;
check->argv[4] = strdup(buf);
for (i = 0; i < 5; i++) {
@@ -3448,7 +3455,8 @@ int srv_check_healthcheck_port(struct check *chk)
*/
if (srv->flags & SRV_F_MAPPORTS)
return 0;
- i = get_host_port(&srv->addr); /* by default */
+
+ i = srv->svc_port; /* by default */
if (i > 0)
return i;
diff --git a/src/server.c b/src/server.c
index 08cc9cd..109663c 100644
--- a/src/server.c
+++ b/src/server.c
@@ -1063,6 +1063,7 @@ int parse_server(const char *file, int linenum, char
**args, struct proxy *curpr
skip_name_resolution:
newsrv->addr = *sk;
+ newsrv->svc_port = get_host_port(sk);
newsrv->xprt = newsrv->check.xprt = newsrv->agent.xprt
= &raw_sock;
if (!protocol_by_family(newsrv->addr.ss_family)) {
@@ -2810,7 +2811,7 @@ const char *update_server_addr_port(struct server *s,
const char *addr, const ch
chunk_appendf(msg, ", ");
/* collecting data currently setup */
- current_port = get_host_port(&s->addr);
+ current_port = s->svc_port;
/* check if PORT change is required */
port_change_required = 0;
@@ -2851,7 +2852,7 @@ const char *update_server_addr_port(struct server *s,
const char *addr, const ch
/* applying PORT changes if required and update response
message */
if (port_change_required) {
/* apply new port */
- set_host_port(&s->addr, new_port);
+ s->svc_port = new_port;
/* prepare message */
chunk_appendf(msg, "port changed from '");
diff --git a/src/stats.c b/src/stats.c
index 52dcfe8..60b3756 100644
--- a/src/stats.c
+++ b/src/stats.c
@@ -1445,11 +1445,11 @@ int stats_fill_sv_stats(struct proxy *px, struct server
*sv, int flags,
switch (addr_to_str(&sv->addr, str, sizeof(str))) {
case AF_INET:
stats[ST_F_ADDR] = mkf_str(FO_CONFIG|FS_SERVICE,
chunk_newstr(out));
- chunk_appendf(out, "%s:%d", str,
get_host_port(&sv->addr));
+ chunk_appendf(out, "%s:%d", str, sv->svc_port);
break;
case AF_INET6:
stats[ST_F_ADDR] = mkf_str(FO_CONFIG|FS_SERVICE,
chunk_newstr(out));
- chunk_appendf(out, "[%s]:%d", str,
get_host_port(&sv->addr));
+ chunk_appendf(out, "[%s]:%d", str, sv->svc_port);
break;
case AF_UNIX:
stats[ST_F_ADDR] = mkf_str(FO_CONFIG|FS_SERVICE,
"unix");
--
1.7.12.1
>From 2218b6380256fb3ca9e329c269f00b8846ca5935 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w...@1wt.eu>
Date: Fri, 6 Jan 2017 18:32:38 +0100
Subject: MINOR: tools: make str2sa_range() return the port in a separate
argument
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
This will be needed so that we're don't have to extract it from the
returned address where it will not always be anymore (eg: for unresolved
servers).
---
include/common/standard.h | 5 ++++-
src/cfgparse.c | 18 +++++++++---------
src/hlua.c | 2 +-
src/server.c | 8 ++++----
src/standard.c | 4 +++-
5 files changed, 21 insertions(+), 16 deletions(-)
diff --git a/include/common/standard.h b/include/common/standard.h
index e16b304..87f90a6 100644
--- a/include/common/standard.h
+++ b/include/common/standard.h
@@ -279,7 +279,10 @@ extern const char *invalid_domainchar(const char *name);
* address (typically the path to a unix socket). If use_dns is not true,
* the funtion cannot accept the DNS resolution.
*/
-struct sockaddr_storage *str2sa_range(const char *str, int *low, int *high,
char **err, const char *pfx, char **fqdn, int use_dns);
+struct sockaddr_storage *str2sa_range(const char *str,
+ int *port, int *low, int *high,
+ char **err, const char *pfx,
+ char **fqdn, int resolve);
/* converts <str> to a struct in_addr containing a network mask. It can be
* passed in dotted form (255.255.255.0) or in CIDR form (24). It returns 1
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 0ffc74d..db8feeb 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -243,7 +243,7 @@ int str2listener(char *str, struct proxy *curproxy, struct
bind_conf *bind_conf,
*next++ = 0;
}
- ss2 = str2sa_range(str, &port, &end, err,
+ ss2 = str2sa_range(str, NULL, &port, &end, err,
curproxy == global.stats_fe ? NULL :
global.unix_bind.prefix,
NULL, 1);
if (!ss2)
@@ -1651,7 +1651,7 @@ int cfg_parse_global(const char *file, int linenum, char
**args, int kwm)
}
}
- sk = str2sa_range(args[1], &port1, &port2, &errmsg, NULL, NULL,
1);
+ sk = str2sa_range(args[1], NULL, &port1, &port2, &errmsg, NULL,
NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s': %s\n", file, linenum,
args[0], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
@@ -2180,7 +2180,7 @@ int cfg_parse_peers(const char *file, int linenum, char
**args, int kwm)
newpeer->last_change = now.tv_sec;
newpeer->id = strdup(args[1]);
- sk = str2sa_range(args[2], &port1, &port2, &errmsg, NULL, NULL,
1);
+ sk = str2sa_range(args[2], NULL, &port1, &port2, &errmsg, NULL,
NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s %s' : %s\n", file,
linenum, args[0], args[1], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
@@ -2394,7 +2394,7 @@ int cfg_parse_resolvers(const char *file, int linenum,
char **args, int kwm)
newnameserver->conf.line = linenum;
newnameserver->id = strdup(args[1]);
- sk = str2sa_range(args[2], &port1, &port2, &errmsg, NULL, NULL,
1);
+ sk = str2sa_range(args[2], NULL, &port1, &port2, &errmsg, NULL,
NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s %s' : %s\n", file,
linenum, args[0], args[1], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
@@ -2610,7 +2610,7 @@ int cfg_parse_mailers(const char *file, int linenum, char
**args, int kwm)
newmailer->id = strdup(args[1]);
- sk = str2sa_range(args[2], &port1, &port2, &errmsg, NULL, NULL,
1);
+ sk = str2sa_range(args[2], NULL, &port1, &port2, &errmsg, NULL,
NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s %s' : %s\n", file,
linenum, args[0], args[1], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
@@ -5874,7 +5874,7 @@ stats_error_parsing:
else if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum,
args[0], NULL))
err_code |= ERR_WARN;
- sk = str2sa_range(args[1], &port1, &port2, &errmsg, NULL, NULL,
1);
+ sk = str2sa_range(args[1], NULL, &port1, &port2, &errmsg, NULL,
NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s' : %s\n", file, linenum,
args[0], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
@@ -6204,7 +6204,7 @@ stats_error_parsing:
}
}
- sk = str2sa_range(args[1], &port1, &port2, &errmsg,
NULL, NULL, 1);
+ sk = str2sa_range(args[1], NULL, &port1, &port2,
&errmsg, NULL, NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s': %s\n", file,
linenum, args[0], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
@@ -6256,7 +6256,7 @@ stats_error_parsing:
curproxy->conn_src.iface_name = NULL;
curproxy->conn_src.iface_len = 0;
- sk = str2sa_range(args[1], &port1, &port2, &errmsg, NULL, NULL,
1);
+ sk = str2sa_range(args[1], NULL, &port1, &port2, &errmsg, NULL,
NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s %s' : %s\n",
file, linenum, args[0], args[1], errmsg);
@@ -6341,7 +6341,7 @@ stats_error_parsing:
} else {
struct sockaddr_storage *sk;
- sk = str2sa_range(args[cur_arg + 1],
&port1, &port2, &errmsg, NULL, NULL, 1);
+ sk = str2sa_range(args[cur_arg + 1],
NULL, &port1, &port2, &errmsg, NULL, NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s
%s' : %s\n",
file, linenum,
args[cur_arg], args[cur_arg+1], errmsg);
diff --git a/src/hlua.c b/src/hlua.c
index 1f28b46..1337566 100644
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -2189,7 +2189,7 @@ __LJMP static int hlua_socket_connect(struct lua_State *L)
conn->target = socket->s->target;
/* Parse ip address. */
- addr = str2sa_range(ip, &low, &high, NULL, NULL, NULL, 0);
+ addr = str2sa_range(ip, NULL, &low, &high, NULL, NULL, NULL, 0);
if (!addr)
WILL_LJMP(luaL_error(L, "connect: cannot parse destination
address '%s'", ip));
if (low != high)
diff --git a/src/server.c b/src/server.c
index 109663c..34a838b 100644
--- a/src/server.c
+++ b/src/server.c
@@ -1006,7 +1006,7 @@ int parse_server(const char *file, int linenum, char
**args, struct proxy *curpr
* - IP:+N => port=+N, relative
* - IP:-N => port=-N, relative
*/
- sk = str2sa_range(args[2], &port1, &port2, &errmsg,
NULL, &fqdn, 0);
+ sk = str2sa_range(args[2], NULL, &port1, &port2,
&errmsg, NULL, &fqdn, 0);
if (!sk) {
Alert("parsing [%s:%d] : '%s %s' : %s\n", file,
linenum, args[0], args[1], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
@@ -1394,7 +1394,7 @@ int parse_server(const char *file, int linenum, char
**args, struct proxy *curpr
int port1, port2;
struct protocol *proto;
- sk = str2sa_range(args[cur_arg + 1], &port1,
&port2, &errmsg, NULL, NULL, 1);
+ sk = str2sa_range(args[cur_arg + 1], NULL,
&port1, &port2, &errmsg, NULL, NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s' : %s\n",
file, linenum, args[cur_arg],
errmsg);
@@ -1606,7 +1606,7 @@ int parse_server(const char *file, int linenum, char
**args, struct proxy *curpr
}
newsrv->conn_src.opts |= CO_SRC_BIND;
- sk = str2sa_range(args[cur_arg + 1], &port_low,
&port_high, &errmsg, NULL, NULL, 1);
+ sk = str2sa_range(args[cur_arg + 1], NULL,
&port_low, &port_high, &errmsg, NULL, NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s %s' :
%s\n",
file, linenum, args[cur_arg],
args[cur_arg+1], errmsg);
@@ -1706,7 +1706,7 @@ int parse_server(const char *file, int linenum, char
**args, struct proxy *curpr
struct sockaddr_storage
*sk;
int port1, port2;
- sk =
str2sa_range(args[cur_arg + 1], &port1, &port2, &errmsg, NULL, NULL, 1);
+ sk =
str2sa_range(args[cur_arg + 1], NULL, &port1, &port2, &errmsg, NULL, NULL, 1);
if (!sk) {
Alert("parsing
[%s:%d] : '%s %s' : %s\n",
file,
linenum, args[cur_arg], args[cur_arg+1], errmsg);
diff --git a/src/standard.c b/src/standard.c
index 5a8f493..f4e50ed 100644
--- a/src/standard.c
+++ b/src/standard.c
@@ -816,7 +816,7 @@ struct sockaddr_storage *str2ip2(const char *str, struct
sockaddr_storage *sa, i
* When a file descriptor is passed, its value is put into the s_addr part of
* the address when cast to sockaddr_in and the address family is AF_UNSPEC.
*/
-struct sockaddr_storage *str2sa_range(const char *str, int *low, int *high,
char **err, const char *pfx, char **fqdn, int resolve)
+struct sockaddr_storage *str2sa_range(const char *str, int *port, int *low,
int *high, char **err, const char *pfx, char **fqdn, int resolve)
{
static struct sockaddr_storage ss;
struct sockaddr_storage *ret = NULL;
@@ -983,6 +983,8 @@ struct sockaddr_storage *str2sa_range(const char *str, int
*low, int *high, char
ret = &ss;
out:
+ if (port)
+ *port = porta;
if (low)
*low = portl;
if (high)
--
1.7.12.1
>From 1aff57565fbaaca648725d5c40ceece09b0c0336 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w...@1wt.eu>
Date: Fri, 6 Jan 2017 18:36:06 +0100
Subject: MINOR: server: take the destination port from the port field, not
the addr
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Next patch will cause the port to disappear from the address field when servers
do not resolve so we need to take it from the separate field provided by
str2sa_range().
---
src/server.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/server.c b/src/server.c
index 34a838b..3957b75 100644
--- a/src/server.c
+++ b/src/server.c
@@ -968,7 +968,7 @@ int parse_server(const char *file, int linenum, char
**args, struct proxy *curpr
if (!defsrv) {
struct sockaddr_storage *sk;
- int port1, port2;
+ int port1, port2, port;
struct protocol *proto;
struct dns_resolution *curr_resolution;
@@ -1006,7 +1006,7 @@ int parse_server(const char *file, int linenum, char
**args, struct proxy *curpr
* - IP:+N => port=+N, relative
* - IP:-N => port=-N, relative
*/
- sk = str2sa_range(args[2], NULL, &port1, &port2,
&errmsg, NULL, &fqdn, 0);
+ sk = str2sa_range(args[2], &port, &port1, &port2,
&errmsg, NULL, &fqdn, 0);
if (!sk) {
Alert("parsing [%s:%d] : '%s %s' : %s\n", file,
linenum, args[0], args[1], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
@@ -1063,7 +1063,7 @@ int parse_server(const char *file, int linenum, char
**args, struct proxy *curpr
skip_name_resolution:
newsrv->addr = *sk;
- newsrv->svc_port = get_host_port(sk);
+ newsrv->svc_port = port;
newsrv->xprt = newsrv->check.xprt = newsrv->agent.xprt
= &raw_sock;
if (!protocol_by_family(newsrv->addr.ss_family)) {
--
1.7.12.1
>From 54c16020378f18b9ad58fbffc287389123641b4f Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w...@1wt.eu>
Date: Fri, 6 Jan 2017 18:42:57 +0100
Subject: MEDIUM: server: disable protocol validations when the server doesn't
resolve
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
When a server doesn't resolve we don't know the address family so we
can't perform the basic protocol validations. However we know that we'll
ultimately resolve to AF_INET4 or AF_INET6 so the controls are OK. It is
important to proceed like this otherwise it will not be possible to start
with unresolved addresses.
---
src/server.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/server.c b/src/server.c
index 3957b75..71cf249 100644
--- a/src/server.c
+++ b/src/server.c
@@ -1014,7 +1014,7 @@ int parse_server(const char *file, int linenum, char
**args, struct proxy *curpr
}
proto = protocol_by_family(sk->ss_family);
- if (!proto || !proto->connect) {
+ if (!fqdn && (!proto || !proto->connect)) {
Alert("parsing [%s:%d] : '%s %s' : connect()
not supported for this address family.\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
@@ -1066,7 +1066,7 @@ int parse_server(const char *file, int linenum, char
**args, struct proxy *curpr
newsrv->svc_port = port;
newsrv->xprt = newsrv->check.xprt = newsrv->agent.xprt
= &raw_sock;
- if (!protocol_by_family(newsrv->addr.ss_family)) {
+ if (!newsrv->hostname &&
!protocol_by_family(newsrv->addr.ss_family)) {
Alert("parsing [%s:%d] : Unknown protocol
family %d '%s'\n",
file, linenum, newsrv->addr.ss_family,
args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
--
1.7.12.1
>From 3287b59b15e7f188974a86c72fd677505b22c833 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w...@1wt.eu>
Date: Fri, 6 Jan 2017 19:23:20 +0100
Subject: BUG/MEDIUM: tools: do not force an unresolved address to
AF_INET:0.0.0.0
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
This prevents DNS from resolving IPv6-only servers in 1.7. Note, this
patch depends on the previous series :
1. BUG/MINOR: tools: fix off-by-one in port size check
2. BUG/MEDIUM: server: consider AF_UNSPEC as a valid address family
3. WIP/MEDIUM: server: split the address and the port into two different
fields
4. WIP/MINOR: tools: make str2sa_range() return the port in a separate
argument
5. WIP/MINOR: server: take the destination port from the port field, not the
addr
6. MEDIUM: server: disable protocol validations when the server doesn't
resolve
This fix (hence the whole series) must be backported to 1.7.
---
src/standard.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/src/standard.c b/src/standard.c
index f4e50ed..8df1da6 100644
--- a/src/standard.c
+++ b/src/standard.c
@@ -958,14 +958,7 @@ struct sockaddr_storage *str2sa_range(const char *str, int
*port, int *low, int
* set or if resolve is set, otherwise it's an error.
*/
if (str2ip2(str2, &ss, 0) == NULL) {
- if (!resolve && fqdn) {
- /* we'll still want to store the port, so let's
- * force it to IPv4 for now.
- */
- memset(&ss, 0, sizeof(ss));
- ss.ss_family = AF_INET;
- }
- else if ((!resolve && !fqdn) ||
+ if ((!resolve && !fqdn) ||
(resolve && str2ip2(str2, &ss, 1) == NULL)) {
memprintf(err, "invalid address: '%s' in
'%s'\n", str2, str);
goto out;
--
1.7.12.1
diff --git a/include/common/standard.h b/include/common/standard.h
index e16b304..87f90a6 100644
--- a/include/common/standard.h
+++ b/include/common/standard.h
@@ -279,7 +279,10 @@ extern const char *invalid_domainchar(const char *name);
* address (typically the path to a unix socket). If use_dns is not true,
* the funtion cannot accept the DNS resolution.
*/
-struct sockaddr_storage *str2sa_range(const char *str, int *low, int *high,
char **err, const char *pfx, char **fqdn, int use_dns);
+struct sockaddr_storage *str2sa_range(const char *str,
+ int *port, int *low, int *high,
+ char **err, const char *pfx,
+ char **fqdn, int resolve);
/* converts <str> to a struct in_addr containing a network mask. It can be
* passed in dotted form (255.255.255.0) or in CIDR form (24). It returns 1
diff --git a/include/types/server.h b/include/types/server.h
index 20c314b..4678934 100644
--- a/include/types/server.h
+++ b/include/types/server.h
@@ -230,7 +230,8 @@ struct server {
const struct netns_entry *netns; /* contains network namespace
name or NULL. Network namespace comes from configuration */
/* warning, these structs are huge, keep them at the bottom */
- struct sockaddr_storage addr; /* the address to connect to */
+ struct sockaddr_storage addr; /* the address to connect to,
doesn't include the port */
+ unsigned int svc_port; /* the port to connect to (for
relevant families) */
struct xprt_ops *xprt; /* transport-layer operations */
unsigned down_time; /* total time the server was
down */
time_t last_change; /* last time, when the state
was changed */
diff --git a/src/backend.c b/src/backend.c
index efa9472..094c519 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -770,6 +770,7 @@ int assign_server_address(struct stream *s)
return SRV_STATUS_INTERNAL;
srv_conn->addr.to = objt_server(s->target)->addr;
+ set_host_port(&srv_conn->addr.to,
objt_server(s->target)->svc_port);
if (!is_addr(&srv_conn->addr.to) && cli_conn) {
/* if the server has no address, we use the same address
@@ -1346,7 +1347,8 @@ int tcp_persist_rdp_cookie(struct stream *s, struct
channel *req, int an_bit)
int ret;
struct sample smp;
struct server *srv = px->srv;
- struct sockaddr_in addr;
+ uint16_t port;
+ uint32_t addr;
char *p;
DPRINTF(stderr,"[%u] %s: stream=%p b=%p, exp(r,w)=%u,%u bf=%08x bh=%d
analysers=%02x\n",
@@ -1367,22 +1369,25 @@ int tcp_persist_rdp_cookie(struct stream *s, struct
channel *req, int an_bit)
if (ret == 0 || (smp.flags & SMP_F_MAY_CHANGE) || smp.data.u.str.len ==
0)
goto no_cookie;
- memset(&addr, 0, sizeof(addr));
- addr.sin_family = AF_INET;
-
- /* Considering an rdp cookie detected using acl, str ended with
<cr><lf> and should return */
- addr.sin_addr.s_addr = strtoul(smp.data.u.str.str, &p, 10);
+ /* Considering an rdp cookie detected using acl, str ended with
<cr><lf> and should return.
+ * The cookie format is <ip> "." <port> where "ip" is the integer
corresponding to the
+ * server's IP address in network order, and "port" is the integer
corresponding to the
+ * server's port in network order. Comments please Emeric.
+ */
+ addr = strtoul(smp.data.u.str.str, &p, 10);
if (*p != '.')
goto no_cookie;
p++;
- addr.sin_port = (unsigned short)strtoul(p, &p, 10);
+
+ port = ntohs(strtoul(p, &p, 10));
if (*p != '.')
goto no_cookie;
s->target = NULL;
while (srv) {
if (srv->addr.ss_family == AF_INET &&
- memcmp(&addr, &(srv->addr), sizeof(addr)) == 0) {
+ port == srv->svc_port &&
+ addr == ((struct sockaddr_in
*)&srv->addr)->sin_addr.s_addr) {
if ((srv->state != SRV_ST_STOPPED) || (px->options &
PR_O_PERSIST)) {
/* we found the server and it is usable */
s->flags |= SF_DIRECT | SF_ASSIGNED;
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 0ffc74d..db8feeb 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -243,7 +243,7 @@ int str2listener(char *str, struct proxy *curproxy, struct
bind_conf *bind_conf,
*next++ = 0;
}
- ss2 = str2sa_range(str, &port, &end, err,
+ ss2 = str2sa_range(str, NULL, &port, &end, err,
curproxy == global.stats_fe ? NULL :
global.unix_bind.prefix,
NULL, 1);
if (!ss2)
@@ -1651,7 +1651,7 @@ int cfg_parse_global(const char *file, int linenum, char
**args, int kwm)
}
}
- sk = str2sa_range(args[1], &port1, &port2, &errmsg, NULL, NULL,
1);
+ sk = str2sa_range(args[1], NULL, &port1, &port2, &errmsg, NULL,
NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s': %s\n", file, linenum,
args[0], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
@@ -2180,7 +2180,7 @@ int cfg_parse_peers(const char *file, int linenum, char
**args, int kwm)
newpeer->last_change = now.tv_sec;
newpeer->id = strdup(args[1]);
- sk = str2sa_range(args[2], &port1, &port2, &errmsg, NULL, NULL,
1);
+ sk = str2sa_range(args[2], NULL, &port1, &port2, &errmsg, NULL,
NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s %s' : %s\n", file,
linenum, args[0], args[1], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
@@ -2394,7 +2394,7 @@ int cfg_parse_resolvers(const char *file, int linenum,
char **args, int kwm)
newnameserver->conf.line = linenum;
newnameserver->id = strdup(args[1]);
- sk = str2sa_range(args[2], &port1, &port2, &errmsg, NULL, NULL,
1);
+ sk = str2sa_range(args[2], NULL, &port1, &port2, &errmsg, NULL,
NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s %s' : %s\n", file,
linenum, args[0], args[1], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
@@ -2610,7 +2610,7 @@ int cfg_parse_mailers(const char *file, int linenum, char
**args, int kwm)
newmailer->id = strdup(args[1]);
- sk = str2sa_range(args[2], &port1, &port2, &errmsg, NULL, NULL,
1);
+ sk = str2sa_range(args[2], NULL, &port1, &port2, &errmsg, NULL,
NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s %s' : %s\n", file,
linenum, args[0], args[1], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
@@ -5874,7 +5874,7 @@ stats_error_parsing:
else if (warnifnotcap(curproxy, PR_CAP_BE, file, linenum,
args[0], NULL))
err_code |= ERR_WARN;
- sk = str2sa_range(args[1], &port1, &port2, &errmsg, NULL, NULL,
1);
+ sk = str2sa_range(args[1], NULL, &port1, &port2, &errmsg, NULL,
NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s' : %s\n", file, linenum,
args[0], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
@@ -6204,7 +6204,7 @@ stats_error_parsing:
}
}
- sk = str2sa_range(args[1], &port1, &port2, &errmsg,
NULL, NULL, 1);
+ sk = str2sa_range(args[1], NULL, &port1, &port2,
&errmsg, NULL, NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s': %s\n", file,
linenum, args[0], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
@@ -6256,7 +6256,7 @@ stats_error_parsing:
curproxy->conn_src.iface_name = NULL;
curproxy->conn_src.iface_len = 0;
- sk = str2sa_range(args[1], &port1, &port2, &errmsg, NULL, NULL,
1);
+ sk = str2sa_range(args[1], NULL, &port1, &port2, &errmsg, NULL,
NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s %s' : %s\n",
file, linenum, args[0], args[1], errmsg);
@@ -6341,7 +6341,7 @@ stats_error_parsing:
} else {
struct sockaddr_storage *sk;
- sk = str2sa_range(args[cur_arg + 1],
&port1, &port2, &errmsg, NULL, NULL, 1);
+ sk = str2sa_range(args[cur_arg + 1],
NULL, &port1, &port2, &errmsg, NULL, NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s
%s' : %s\n",
file, linenum,
args[cur_arg], args[cur_arg+1], errmsg);
diff --git a/src/checks.c b/src/checks.c
index 8eb2c7a..53513ca 100644
--- a/src/checks.c
+++ b/src/checks.c
@@ -533,7 +533,10 @@ static int httpchk_build_status_header(struct server *s,
char *buffer, int size)
(s->state != SRV_ST_STOPPED) ? (s->check.fall) :
(s->check.rise));
addr_to_str(&s->addr, addr, sizeof(addr));
- port_to_str(&s->addr, port, sizeof(port));
+ if (s->addr.ss_family == AF_INET || s->addr.ss_family == AF_INET6)
+ snprintf(port, sizeof(port), "%u", s->svc_port);
+ else
+ *port = 0;
hlen += snprintf(buffer + hlen, size - hlen, "; address=%s; port=%s;
name=%s/%s; node=%s; weight=%d/%d; scur=%d/%d; qcur=%d",
addr, port, s->proxy->id, s->id,
@@ -1784,7 +1787,11 @@ static int prepare_external_check(struct check *check)
addr_to_str(&s->addr, buf, sizeof(buf));
check->argv[3] = strdup(buf);
- port_to_str(&s->addr, buf, sizeof(buf));
+
+ if (s->addr.ss_family == AF_INET || s->addr.ss_family == AF_INET6)
+ snprintf(buf, sizeof(buf), "%u", s->svc_port);
+ else
+ *buf = 0;
check->argv[4] = strdup(buf);
for (i = 0; i < 5; i++) {
@@ -3448,7 +3455,8 @@ int srv_check_healthcheck_port(struct check *chk)
*/
if (srv->flags & SRV_F_MAPPORTS)
return 0;
- i = get_host_port(&srv->addr); /* by default */
+
+ i = srv->svc_port; /* by default */
if (i > 0)
return i;
diff --git a/src/hlua.c b/src/hlua.c
index 1f28b46..1337566 100644
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -2189,7 +2189,7 @@ __LJMP static int hlua_socket_connect(struct lua_State *L)
conn->target = socket->s->target;
/* Parse ip address. */
- addr = str2sa_range(ip, &low, &high, NULL, NULL, NULL, 0);
+ addr = str2sa_range(ip, NULL, &low, &high, NULL, NULL, NULL, 0);
if (!addr)
WILL_LJMP(luaL_error(L, "connect: cannot parse destination
address '%s'", ip));
if (low != high)
diff --git a/src/server.c b/src/server.c
index 08cc9cd..71cf249 100644
--- a/src/server.c
+++ b/src/server.c
@@ -968,7 +968,7 @@ int parse_server(const char *file, int linenum, char
**args, struct proxy *curpr
if (!defsrv) {
struct sockaddr_storage *sk;
- int port1, port2;
+ int port1, port2, port;
struct protocol *proto;
struct dns_resolution *curr_resolution;
@@ -1006,7 +1006,7 @@ int parse_server(const char *file, int linenum, char
**args, struct proxy *curpr
* - IP:+N => port=+N, relative
* - IP:-N => port=-N, relative
*/
- sk = str2sa_range(args[2], &port1, &port2, &errmsg,
NULL, &fqdn, 0);
+ sk = str2sa_range(args[2], &port, &port1, &port2,
&errmsg, NULL, &fqdn, 0);
if (!sk) {
Alert("parsing [%s:%d] : '%s %s' : %s\n", file,
linenum, args[0], args[1], errmsg);
err_code |= ERR_ALERT | ERR_FATAL;
@@ -1014,7 +1014,7 @@ int parse_server(const char *file, int linenum, char
**args, struct proxy *curpr
}
proto = protocol_by_family(sk->ss_family);
- if (!proto || !proto->connect) {
+ if (!fqdn && (!proto || !proto->connect)) {
Alert("parsing [%s:%d] : '%s %s' : connect()
not supported for this address family.\n",
file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
@@ -1063,9 +1063,10 @@ int parse_server(const char *file, int linenum, char
**args, struct proxy *curpr
skip_name_resolution:
newsrv->addr = *sk;
+ newsrv->svc_port = port;
newsrv->xprt = newsrv->check.xprt = newsrv->agent.xprt
= &raw_sock;
- if (!protocol_by_family(newsrv->addr.ss_family)) {
+ if (!newsrv->hostname &&
!protocol_by_family(newsrv->addr.ss_family)) {
Alert("parsing [%s:%d] : Unknown protocol
family %d '%s'\n",
file, linenum, newsrv->addr.ss_family,
args[2]);
err_code |= ERR_ALERT | ERR_FATAL;
@@ -1393,7 +1394,7 @@ int parse_server(const char *file, int linenum, char
**args, struct proxy *curpr
int port1, port2;
struct protocol *proto;
- sk = str2sa_range(args[cur_arg + 1], &port1,
&port2, &errmsg, NULL, NULL, 1);
+ sk = str2sa_range(args[cur_arg + 1], NULL,
&port1, &port2, &errmsg, NULL, NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s' : %s\n",
file, linenum, args[cur_arg],
errmsg);
@@ -1605,7 +1606,7 @@ int parse_server(const char *file, int linenum, char
**args, struct proxy *curpr
}
newsrv->conn_src.opts |= CO_SRC_BIND;
- sk = str2sa_range(args[cur_arg + 1], &port_low,
&port_high, &errmsg, NULL, NULL, 1);
+ sk = str2sa_range(args[cur_arg + 1], NULL,
&port_low, &port_high, &errmsg, NULL, NULL, 1);
if (!sk) {
Alert("parsing [%s:%d] : '%s %s' :
%s\n",
file, linenum, args[cur_arg],
args[cur_arg+1], errmsg);
@@ -1705,7 +1706,7 @@ int parse_server(const char *file, int linenum, char
**args, struct proxy *curpr
struct sockaddr_storage
*sk;
int port1, port2;
- sk =
str2sa_range(args[cur_arg + 1], &port1, &port2, &errmsg, NULL, NULL, 1);
+ sk =
str2sa_range(args[cur_arg + 1], NULL, &port1, &port2, &errmsg, NULL, NULL, 1);
if (!sk) {
Alert("parsing
[%s:%d] : '%s %s' : %s\n",
file,
linenum, args[cur_arg], args[cur_arg+1], errmsg);
@@ -2810,7 +2811,7 @@ const char *update_server_addr_port(struct server *s,
const char *addr, const ch
chunk_appendf(msg, ", ");
/* collecting data currently setup */
- current_port = get_host_port(&s->addr);
+ current_port = s->svc_port;
/* check if PORT change is required */
port_change_required = 0;
@@ -2851,7 +2852,7 @@ const char *update_server_addr_port(struct server *s,
const char *addr, const ch
/* applying PORT changes if required and update response
message */
if (port_change_required) {
/* apply new port */
- set_host_port(&s->addr, new_port);
+ s->svc_port = new_port;
/* prepare message */
chunk_appendf(msg, "port changed from '");
diff --git a/src/standard.c b/src/standard.c
index 5a8f493..8df1da6 100644
--- a/src/standard.c
+++ b/src/standard.c
@@ -816,7 +816,7 @@ struct sockaddr_storage *str2ip2(const char *str, struct
sockaddr_storage *sa, i
* When a file descriptor is passed, its value is put into the s_addr part of
* the address when cast to sockaddr_in and the address family is AF_UNSPEC.
*/
-struct sockaddr_storage *str2sa_range(const char *str, int *low, int *high,
char **err, const char *pfx, char **fqdn, int resolve)
+struct sockaddr_storage *str2sa_range(const char *str, int *port, int *low,
int *high, char **err, const char *pfx, char **fqdn, int resolve)
{
static struct sockaddr_storage ss;
struct sockaddr_storage *ret = NULL;
@@ -958,14 +958,7 @@ struct sockaddr_storage *str2sa_range(const char *str, int
*low, int *high, char
* set or if resolve is set, otherwise it's an error.
*/
if (str2ip2(str2, &ss, 0) == NULL) {
- if (!resolve && fqdn) {
- /* we'll still want to store the port, so let's
- * force it to IPv4 for now.
- */
- memset(&ss, 0, sizeof(ss));
- ss.ss_family = AF_INET;
- }
- else if ((!resolve && !fqdn) ||
+ if ((!resolve && !fqdn) ||
(resolve && str2ip2(str2, &ss, 1) == NULL)) {
memprintf(err, "invalid address: '%s' in
'%s'\n", str2, str);
goto out;
@@ -983,6 +976,8 @@ struct sockaddr_storage *str2sa_range(const char *str, int
*low, int *high, char
ret = &ss;
out:
+ if (port)
+ *port = porta;
if (low)
*low = portl;
if (high)
diff --git a/src/stats.c b/src/stats.c
index 52dcfe8..60b3756 100644
--- a/src/stats.c
+++ b/src/stats.c
@@ -1445,11 +1445,11 @@ int stats_fill_sv_stats(struct proxy *px, struct server
*sv, int flags,
switch (addr_to_str(&sv->addr, str, sizeof(str))) {
case AF_INET:
stats[ST_F_ADDR] = mkf_str(FO_CONFIG|FS_SERVICE,
chunk_newstr(out));
- chunk_appendf(out, "%s:%d", str,
get_host_port(&sv->addr));
+ chunk_appendf(out, "%s:%d", str, sv->svc_port);
break;
case AF_INET6:
stats[ST_F_ADDR] = mkf_str(FO_CONFIG|FS_SERVICE,
chunk_newstr(out));
- chunk_appendf(out, "[%s]:%d", str,
get_host_port(&sv->addr));
+ chunk_appendf(out, "[%s]:%d", str, sv->svc_port);
break;
case AF_UNIX:
stats[ST_F_ADDR] = mkf_str(FO_CONFIG|FS_SERVICE,
"unix");
