MINOR: add ALPN information to send-proxy-v2
Send ALPN information in proxy-protocol-v2 if an alpn have been
negotiated.
diff --git a/doc/configuration.txt b/doc/configuration.txt
index b63ceb4..8d06248 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -11458,10 +11458,10 @@
over any connection established to this server. The PROXY protocol informs
the other end about the layer 3/4 addresses of the incoming connection, so
that it can know the client's address or the public address it accessed to,
- whatever the upper layer protocol. This setting must not be used if the
- server isn't aware of this version of the protocol. See also the
- "no-send-proxy-v2" option of this section and send-proxy" option of the
- "bind" keyword.
+ whatever the upper layer protocol. It also send ALPN information if an alpn
+ have been negotiated. This setting must not be used if the server isn't aware
+ of this version of the protocol. See also the "no-send-proxy-v2" option of
+ this section and send-proxy" option of the "bind" keyword.
send-proxy-v2-ssl
The "send-proxy-v2-ssl" parameter enforces use of the PROXY protocol version
diff --git a/src/connection.c b/src/connection.c
index 012f805..d235ec5 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -952,7 +952,6 @@
return ret;
}
-#if defined(USE_OPENSSL) || defined(CONFIG_HAP_NS)
static int make_tlv(char *dest, int dest_len, char type, uint16_t length, const char *value)
{
struct tlv *tlv;
@@ -968,7 +967,6 @@
memcpy(tlv->value, value, length);
return length + sizeof(*tlv);
}
-#endif
int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connection *remote)
{
@@ -978,13 +976,8 @@
struct sockaddr_storage null_addr = { .ss_family = 0 };
struct sockaddr_storage *src = &null_addr;
struct sockaddr_storage *dst = &null_addr;
-
-#ifdef USE_OPENSSL
- const char *value = NULL;
- struct tlv_ssl *tlv;
- int ssl_tlv_len = 0;
- struct chunk *cn_trash;
-#endif
+ const char *value;
+ int value_len;
if (buf_len < PP2_HEADER_LEN)
return 0;
@@ -1025,8 +1018,16 @@
ret = PP2_HDR_LEN_UNSPEC;
}
+ if (conn_get_alpn(remote, &value, &value_len)) {
+ if ((buf_len - ret) < sizeof(struct tlv))
+ return 0;
+ ret += make_tlv(&buf[ret], buf_len, PP2_TYPE_ALPN, value_len, value);
+ }
+
#ifdef USE_OPENSSL
if (srv->pp_opts & SRV_PP_V2_SSL) {
+ struct tlv_ssl *tlv;
+ int ssl_tlv_len = 0;
if ((buf_len - ret) < sizeof(struct tlv_ssl))
return 0;
tlv = (struct tlv_ssl *)&buf[ret];
@@ -1046,7 +1047,7 @@
tlv->client |= PP2_CLIENT_CERT_CONN;
}
if (srv->pp_opts & SRV_PP_V2_SSL_CN) {
- cn_trash = get_trash_chunk();
+ struct chunk *cn_trash = get_trash_chunk();
if (ssl_sock_get_remote_common_name(remote, cn_trash) > 0) {
ssl_tlv_len += make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_SUBTYPE_SSL_CN, cn_trash->len, cn_trash->str);
}