CLEANUP: tcp rules: mention everywhere that tcp-conn rules are L4
This is in order to make integration of tcp-request-session cleaner :
- tcp_exec_req_rules() was renamed tcp_exec_l4_rules()
- LI_O_TCP_RULES was renamed LI_O_TCP_L4_RULES
(LI_O_*'s horrible indent was also fixed and a provision was left
for L5 rules).
diff --git a/include/proto/proto_tcp.h b/include/proto/proto_tcp.h
index 8ca7290..05b6e02 100644
--- a/include/proto/proto_tcp.h
+++ b/include/proto/proto_tcp.h
@@ -38,7 +38,7 @@
int tcp_drain(int fd);
int tcp_inspect_request(struct stream *s, struct channel *req, int an_bit);
int tcp_inspect_response(struct stream *s, struct channel *rep, int an_bit);
-int tcp_exec_req_rules(struct session *sess);
+int tcp_exec_l4_rules(struct session *sess);
/* TCP keywords. */
void tcp_req_conn_keywords_register(struct action_kw_list *kw_list);
diff --git a/include/types/listener.h b/include/types/listener.h
index afe2ad8..8cfe40b 100644
--- a/include/types/listener.h
+++ b/include/types/listener.h
@@ -80,19 +80,19 @@
*/
/* listener socket options */
-#define LI_O_NONE 0x0000
-#define LI_O_NOLINGER 0x0001 /* disable linger on this socket */
-#define LI_O_FOREIGN 0x0002 /* permit listening on foreing addresses */
-#define LI_O_NOQUICKACK 0x0004 /* disable quick ack of immediate data (linux) */
-#define LI_O_DEF_ACCEPT 0x0008 /* wait up to 1 second for data before accepting */
-#define LI_O_TCP_RULES 0x0010 /* run TCP rules checks on the incoming connection */
-#define LI_O_CHK_MONNET 0x0020 /* check the source against a monitor-net rule */
-#define LI_O_ACC_PROXY 0x0040 /* find the proxied address in the first request line */
-#define LI_O_UNLIMITED 0x0080 /* listener not subject to global limits (peers & stats socket) */
-#define LI_O_TCP_FO 0x0100 /* enable TCP Fast Open (linux >= 3.7) */
-#define LI_O_V6ONLY 0x0200 /* bind to IPv6 only on Linux >= 2.4.21 */
-#define LI_O_V4V6 0x0400 /* bind to IPv4/IPv6 on Linux >= 2.4.21 */
-#define LI_O_ACC_CIP 0x0800 /* find the proxied address in the NetScaler Client IP header */
+#define LI_O_NONE 0x0000
+#define LI_O_NOLINGER 0x0001 /* disable linger on this socket */
+#define LI_O_FOREIGN 0x0002 /* permit listening on foreing addresses ("transparent") */
+#define LI_O_NOQUICKACK 0x0004 /* disable quick ack of immediate data (linux) */
+#define LI_O_DEF_ACCEPT 0x0008 /* wait up to 1 second for data before accepting */
+#define LI_O_TCP_L4_RULES 0x0010 /* run TCP L4 rules checks on the incoming connection */
+#define LI_O_CHK_MONNET 0x0040 /* check the source against a monitor-net rule */
+#define LI_O_ACC_PROXY 0x0080 /* find the proxied address in the first request line */
+#define LI_O_UNLIMITED 0x0100 /* listener not subject to global limits (peers & stats socket) */
+#define LI_O_TCP_FO 0x0200 /* enable TCP Fast Open (linux >= 3.7) */
+#define LI_O_V6ONLY 0x0400 /* bind to IPv6 only on Linux >= 2.4.21 */
+#define LI_O_V4V6 0x0800 /* bind to IPv4/IPv6 on Linux >= 2.4.21 */
+#define LI_O_ACC_CIP 0x1000 /* find the proxied address in the NetScaler Client IP header */
/* Note: if a listener uses LI_O_UNLIMITED, it is highly recommended that it adds its own
* maxconn setting to the global.maxsock value so that its resources are reserved.
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 7b58ef6..17f9d19 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -8828,7 +8828,7 @@
listener->default_target = curproxy->default_target;
if (!LIST_ISEMPTY(&curproxy->tcp_req.l4_rules))
- listener->options |= LI_O_TCP_RULES;
+ listener->options |= LI_O_TCP_L4_RULES;
if (curproxy->mon_mask.s_addr)
listener->options |= LI_O_CHK_MONNET;
diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index c3c998e..0223b8e 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -1353,7 +1353,7 @@
* matches or if no more rule matches. It can only use rules which don't need
* any data. This only works on connection-based client-facing stream interfaces.
*/
-int tcp_exec_req_rules(struct session *sess)
+int tcp_exec_l4_rules(struct session *sess)
{
struct act_rule *rule;
struct stksess *ts;
@@ -1881,10 +1881,12 @@
else {
struct action_kw *kw;
if (where & SMP_VAL_FE_CON_ACC) {
+ /* L4 */
kw = tcp_req_conn_action(args[arg]);
rule->kw = kw;
rule->from = ACT_F_TCP_REQ_CON;
} else {
+ /* L6 */
kw = tcp_req_cont_action(args[arg]);
rule->kw = kw;
rule->from = ACT_F_TCP_REQ_CNT;
diff --git a/src/session.c b/src/session.c
index 0c23364..d160a05 100644
--- a/src/session.c
+++ b/src/session.c
@@ -166,7 +166,7 @@
/* now evaluate the tcp-request layer4 rules. We only need a session
* and no stream for these rules.
*/
- if ((l->options & LI_O_TCP_RULES) && !tcp_exec_req_rules(sess)) {
+ if ((l->options & LI_O_TCP_L4_RULES) && !tcp_exec_l4_rules(sess)) {
/* let's do a no-linger now to close with a single RST. */
setsockopt(cfd, SOL_SOCKET, SO_LINGER, (struct linger *) &nolinger, sizeof(struct linger));
ret = 0; /* successful termination */