Hi,
A regression has been introduced into the function handling TCP/HTTP action
"set-dst-port".
It actually does not change the right port (changing the source port on the
server side connection instead of changing the destination one).
The patch in attachment fixes this issue.
Baptiste
From 8cf82be9a8d424804386f3818536716731bd8f74 Mon Sep 17 00:00:00 2001
From: Baptiste Assmann <bed...@gmail.com>
Date: Tue, 3 Oct 2017 23:16:36 +0200
Subject: [PATCH] BUG/MAJOR: tcp/http: set-dst-port action broken
A regression has been introduced in commit
5ce5a14310d248c9f20af9ef258d245d43b1: the port being changed is the
one from 'cli_conn->addr.from' instead of 'cli_conn->addr.to'.
This patch fixes the regression.
Backport status: should be backported to HAProxy 1.7 and above.
---
src/proto_tcp.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index 0fad867..fdb897e 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -1300,14 +1300,14 @@ enum act_return tcp_action_req_set_dst_port(struct act_rule *rule, struct proxy
smp = sample_fetch_as_type(px, sess, s, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->arg.expr, SMP_T_SINT);
if (smp) {
- if (cli_conn->addr.from.ss_family == AF_INET6) {
-((struct sockaddr_in6 *)_conn->addr.from)->sin6_port = htons(smp->data.u.sint);
+ if (cli_conn->addr.to.ss_family == AF_INET6) {
+((struct sockaddr_in6 *)_conn->addr.to)->sin6_port = htons(smp->data.u.sint);
} else {
-if (cli_conn->addr.from.ss_family != AF_INET) {
- cli_conn->addr.from.ss_family = AF_INET;
- ((struct sockaddr_in *)_conn->addr.from)->sin_addr.s_addr = 0;
+if (cli_conn->addr.to.ss_family != AF_INET) {
+ cli_conn->addr.to.ss_family = AF_INET;
+ ((struct sockaddr_in *)_conn->addr.to)->sin_addr.s_addr = 0;
}
-((struct sockaddr_in *)_conn->addr.from)->sin_port = htons(smp->data.u.sint);
+((struct sockaddr_in *)_conn->addr.to)->sin_port = htons(smp->data.u.sint);
}
}
}
--
2.7.4