MAJOR: sample: pass a pointer to the session to each sample fetch function
Many such function need a session, and till now they used to dereference
the stream. Once we remove the stream from the embryonic session, this
will not be possible anymore.
So as of now, sample fetch functions will be called with this :
- sess = NULL, strm = NULL : never
- sess = valid, strm = NULL : tcp-req connection
- sess = valid, strm = valid, strm->txn = NULL : tcp-req content
- sess = valid, strm = valid, strm->txn = valid : http-req / http-res
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index f39d973..42a71c9 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3084,11 +3084,10 @@
/* boolean, returns true if client cert was present */
static int
-smp_fetch_ssl_fc_has_crt(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_fc_has_crt(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
struct connection *conn;
- struct session *sess = strm_sess(strm);
conn = objt_conn(sess->origin);
if (!conn || conn->xprt != &ssl_sock)
@@ -3111,14 +3110,13 @@
* should be use.
*/
static int
-smp_fetch_ssl_x_der(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_x_der(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
int cert_peer = (kw[4] == 'c') ? 1 : 0;
X509 *crt = NULL;
int ret = 0;
struct chunk *smp_trash;
- struct session *sess = strm_sess(strm);
struct connection *conn;
conn = objt_conn(sess->origin);
@@ -3157,14 +3155,13 @@
* should be use.
*/
static int
-smp_fetch_ssl_x_serial(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_x_serial(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
int cert_peer = (kw[4] == 'c') ? 1 : 0;
X509 *crt = NULL;
int ret = 0;
struct chunk *smp_trash;
- struct session *sess = strm_sess(strm);
struct connection *conn;
conn = objt_conn(sess->origin);
@@ -3203,7 +3200,7 @@
* should be use.
*/
static int
-smp_fetch_ssl_x_sha1(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_x_sha1(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
int cert_peer = (kw[4] == 'c') ? 1 : 0;
@@ -3211,7 +3208,6 @@
const EVP_MD *digest;
int ret = 0;
struct chunk *smp_trash;
- struct session *sess = strm_sess(strm);
struct connection *conn;
conn = objt_conn(sess->origin);
@@ -3249,14 +3245,13 @@
* should be use.
*/
static int
-smp_fetch_ssl_x_notafter(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_x_notafter(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
int cert_peer = (kw[4] == 'c') ? 1 : 0;
X509 *crt = NULL;
int ret = 0;
struct chunk *smp_trash;
- struct session *sess = strm_sess(strm);
struct connection *conn;
conn = objt_conn(sess->origin);
@@ -3294,7 +3289,7 @@
* should be use.
*/
static int
-smp_fetch_ssl_x_i_dn(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_x_i_dn(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
int cert_peer = (kw[4] == 'c') ? 1 : 0;
@@ -3302,7 +3297,6 @@
X509_NAME *name;
int ret = 0;
struct chunk *smp_trash;
- struct session *sess = strm_sess(strm);
struct connection *conn;
conn = objt_conn(sess->origin);
@@ -3355,14 +3349,13 @@
* should be use.
*/
static int
-smp_fetch_ssl_x_notbefore(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_x_notbefore(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
int cert_peer = (kw[4] == 'c') ? 1 : 0;
X509 *crt = NULL;
int ret = 0;
struct chunk *smp_trash;
- struct session *sess = strm_sess(strm);
struct connection *conn;
conn = objt_conn(sess->origin);
@@ -3400,7 +3393,7 @@
* should be use.
*/
static int
-smp_fetch_ssl_x_s_dn(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_x_s_dn(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
int cert_peer = (kw[4] == 'c') ? 1 : 0;
@@ -3408,7 +3401,6 @@
X509_NAME *name;
int ret = 0;
struct chunk *smp_trash;
- struct session *sess = strm_sess(strm);
struct connection *conn;
conn = objt_conn(sess->origin);
@@ -3458,11 +3450,10 @@
/* integer, returns true if current session use a client certificate */
static int
-smp_fetch_ssl_c_used(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_c_used(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
X509 *crt;
- struct session *sess = strm_sess(strm);
struct connection *conn;
conn = objt_conn(sess->origin);
@@ -3490,12 +3481,11 @@
* should be use.
*/
static int
-smp_fetch_ssl_x_version(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_x_version(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
int cert_peer = (kw[4] == 'c') ? 1 : 0;
X509 *crt;
- struct session *sess = strm_sess(strm);
struct connection *conn;
conn = objt_conn(sess->origin);
@@ -3528,13 +3518,12 @@
* should be use.
*/
static int
-smp_fetch_ssl_x_sig_alg(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_x_sig_alg(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
int cert_peer = (kw[4] == 'c') ? 1 : 0;
X509 *crt;
int nid;
- struct session *sess = strm_sess(strm);
struct connection *conn;
conn = objt_conn(sess->origin);
@@ -3578,13 +3567,12 @@
* should be use.
*/
static int
-smp_fetch_ssl_x_key_alg(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_x_key_alg(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
int cert_peer = (kw[4] == 'c') ? 1 : 0;
X509 *crt;
int nid;
- struct session *sess = strm_sess(strm);
struct connection *conn;
conn = objt_conn(sess->origin);
@@ -3627,7 +3615,7 @@
* char is 'b'.
*/
static int
-smp_fetch_ssl_fc(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_fc(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
int back_conn = (kw[4] == 'b') ? 1 : 0;
@@ -3640,11 +3628,10 @@
/* boolean, returns true if client present a SNI */
static int
-smp_fetch_ssl_fc_has_sni(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_fc_has_sni(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
- struct session *sess = strm_sess(l4);
struct connection *conn = objt_conn(sess->origin);
smp->type = SMP_T_BOOL;
@@ -3662,7 +3649,7 @@
* char is 'b'.
*/
static int
-smp_fetch_ssl_fc_cipher(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_fc_cipher(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
int back_conn = (kw[4] == 'b') ? 1 : 0;
@@ -3691,7 +3678,7 @@
* char is 'b'.
*/
static int
-smp_fetch_ssl_fc_alg_keysize(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_fc_alg_keysize(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
int back_conn = (kw[4] == 'b') ? 1 : 0;
@@ -3716,7 +3703,7 @@
* char is 'b'.
*/
static int
-smp_fetch_ssl_fc_use_keysize(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_fc_use_keysize(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
int back_conn = (kw[4] == 'b') ? 1 : 0;
@@ -3739,11 +3726,10 @@
#ifdef OPENSSL_NPN_NEGOTIATED
static int
-smp_fetch_ssl_fc_npn(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_fc_npn(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
struct connection *conn;
- struct session *sess = strm_sess(l4);
smp->flags = SMP_F_CONST;
smp->type = SMP_T_STR;
@@ -3765,11 +3751,10 @@
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
static int
-smp_fetch_ssl_fc_alpn(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_fc_alpn(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
struct connection *conn;
- struct session *sess = strm_sess(l4);
smp->flags = SMP_F_CONST;
smp->type = SMP_T_STR;
@@ -3794,7 +3779,7 @@
* char is 'b'.
*/
static int
-smp_fetch_ssl_fc_protocol(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_fc_protocol(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
int back_conn = (kw[4] == 'b') ? 1 : 0;
@@ -3822,12 +3807,12 @@
* char is 'b'.
*/
static int
-smp_fetch_ssl_fc_session_id(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_fc_session_id(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
#if OPENSSL_VERSION_NUMBER > 0x0090800fL
int back_conn = (kw[4] == 'b') ? 1 : 0;
- SSL_SESSION *sess;
+ SSL_SESSION *ssl_sess;
struct connection *conn;
smp->flags = SMP_F_CONST;
@@ -3837,11 +3822,11 @@
if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
return 0;
- sess = SSL_get_session(conn->xprt_ctx);
- if (!sess)
+ ssl_sess = SSL_get_session(conn->xprt_ctx);
+ if (!ssl_sess)
return 0;
- smp->data.str.str = (char *)SSL_SESSION_get_id(sess, (unsigned int *)&smp->data.str.len);
+ smp->data.str.str = (char *)SSL_SESSION_get_id(ssl_sess, (unsigned int *)&smp->data.str.len);
if (!smp->data.str.str || !&smp->data.str.len)
return 0;
@@ -3852,12 +3837,11 @@
}
static int
-smp_fetch_ssl_fc_sni(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_fc_sni(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
struct connection *conn;
- struct session *sess = strm_sess(l4);
smp->flags = SMP_F_CONST;
smp->type = SMP_T_STR;
@@ -3878,7 +3862,7 @@
}
static int
-smp_fetch_ssl_fc_unique_id(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_fc_unique_id(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
#if OPENSSL_VERSION_NUMBER > 0x0090800fL
@@ -3919,10 +3903,9 @@
/* integer, returns the first verify error in CA chain of client certificate chain. */
static int
-smp_fetch_ssl_c_ca_err(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_c_ca_err(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
- struct session *sess = strm_sess(strm);
struct connection *conn;
conn = objt_conn(sess->origin);
@@ -3943,10 +3926,9 @@
/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
static int
-smp_fetch_ssl_c_ca_err_depth(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_c_ca_err_depth(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
- struct session *sess = strm_sess(strm);
struct connection *conn;
conn = objt_conn(sess->origin);
@@ -3967,10 +3949,9 @@
/* integer, returns the first verify error on client certificate */
static int
-smp_fetch_ssl_c_err(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_c_err(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
- struct session *sess = strm_sess(strm);
struct connection *conn;
conn = objt_conn(sess->origin);
@@ -3991,10 +3972,9 @@
/* integer, returns the verify result on client cert */
static int
-smp_fetch_ssl_c_verify(struct proxy *px, struct stream *strm, unsigned int opt,
+smp_fetch_ssl_c_verify(struct proxy *px, struct session *sess, struct stream *strm, unsigned int opt,
const struct arg *args, struct sample *smp, const char *kw, void *private)
{
- struct session *sess = strm_sess(strm);
struct connection *conn;
conn = objt_conn(sess->origin);