From: Frédéric Lécaille <flecai...@haproxy.com>
This patch adds pointer to a struct server to peer structure which
is initialized after having parsed a remote "peer" line.
After having parsed all peers section we run ->prepare_srv to initialize
all SSL/TLS stuff of remote perr (or server).
Remaining thing to do to completely support peer protocol over SSL/TLS:
make "bind" keyword be supported in "peers" sections to make SSL/TLS
incoming connections to local peers work.
May be backported to 1.5 and newer.
---
include/proto/peers.h | 26 ++++++++++++++++++++++++++
include/types/peers.h | 1 +
src/cfgparse.c | 13 +++++++++++--
src/peers.c | 5 +++--
4 files changed, 41 insertions(+), 4 deletions(-)
diff --git a/include/proto/peers.h b/include/proto/peers.h
index 9d4aaff2..ce4feaa4 100644
--- a/include/proto/peers.h
+++ b/include/proto/peers.h
@@ -25,9 +25,35 @@
#include <common/config.h>
#include <common/ticks.h>
#include <common/time.h>
+#include <proto/connection.h>
#include <types/stream.h>
#include <types/peers.h>
+#if defined(USE_OPENSSL)
+static inline enum obj_type *peer_session_target(struct peer *p, struct stream
*s)
+{
+ if (p->srv->use_ssl)
+ return &p->srv->obj_type;
+ else
+ return &s->be->obj_type;
+}
+
+static inline struct xprt_ops *peer_xprt(struct peer *p)
+{
+ return p->srv->use_ssl ? xprt_get(XPRT_SSL) : xprt_get(XPRT_RAW);
+}
+#else
+static inline enum obj_type *peer_session_target(struct peer *p, struct stream
*s)
+{
+ return &s->be->obj_type;
+}
+
+static inline struct xprt_ops *peer_xprt(struct peer *p)
+{
+ return xprt_get(XPRT_RAW);
+}
+#endif
+
int peers_init_sync(struct peers *peers);
void peers_register_table(struct peers *, struct stktable *table);
void peers_setup_frontend(struct proxy *fe);
diff --git a/include/types/peers.h b/include/types/peers.h
index 58c8c4ee..5200d56b 100644
--- a/include/types/peers.h
+++ b/include/types/peers.h
@@ -67,6 +67,7 @@ struct peer {
struct shared_table *remote_table;
struct shared_table *last_local_table;
struct shared_table *tables;
+ struct server *srv;
__decl_hathreads(HA_SPINLOCK_T lock); /* lock used to handle this peer
section */
struct peer *next; /* next peer in the list */
};
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 6d199c97..f6f25143 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -514,6 +514,7 @@ static int init_peers_frontend(const char *file, int
linenum,
out:
if (id && !p->id)
p->id = strdup(id);
+ free(p->conf.file);
p->conf.args.file = p->conf.file = strdup(file);
p->conf.args.line = p->conf.line = linenum;
@@ -624,9 +625,10 @@ int cfg_parse_peers(const char *file, int linenum, char
**args, int kwm)
newpeer->sock_init_arg = NULL;
HA_SPIN_INIT(&newpeer->lock);
- if (strcmp(newpeer->id, localpeer) != 0)
- /* We are done. */
+ if (strcmp(newpeer->id, localpeer) != 0) {
+ newpeer->srv = curpeers->peers_fe->srv;
goto out;
+ }
if (cfg_peers->local) {
ha_alert("parsing [%s:%d] : '%s %s' : local peer name
already referenced at %s:%d.\n",
@@ -3634,6 +3636,13 @@ out_uri_auth_compat:
curpeers->peers_fe = NULL;
}
else {
+ p = curpeers->remote;
+ while (p) {
+ if (p->srv && p->srv->use_ssl &&
+ xprt_get(XPRT_SSL) &&
xprt_get(XPRT_SSL)->prepare_srv)
+ cfgerr +=
xprt_get(XPRT_SSL)->prepare_srv(p->srv);
+ p = p->next;
+ }
if (!peers_init_sync(curpeers)) {
ha_alert("Peers section '%s': out of
memory, giving up on peers.\n",
curpeers->id);
diff --git a/src/peers.c b/src/peers.c
index e580f2ca..d4d3859e 100644
--- a/src/peers.c
+++ b/src/peers.c
@@ -39,6 +39,7 @@
#include <proto/log.h>
#include <proto/hdr_idx.h>
#include <proto/mux_pt.h>
+#include <proto/peers.h>
#include <proto/proxy.h>
#include <proto/session.h>
#include <proto/stream.h>
@@ -1996,10 +1997,10 @@ static struct appctx *peer_session_create(struct peers
*peers, struct peer *peer
if (unlikely((cs = cs_new(conn)) == NULL))
goto out_free_conn;
- conn->target = s->target = &s->be->obj_type;
+ conn->target = s->target = peer_session_target(peer, s);
memcpy(&conn->addr.to, &peer->addr, sizeof(conn->addr.to));
- conn_prepare(conn, peer->proto, peer->xprt);
+ conn_prepare(conn, peer->proto, peer_xprt(peer));
conn_install_mux(conn, &mux_pt_ops, cs, s->be, NULL);
si_attach_cs(&s->si[1], cs);
--
2.11.0
