Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 93b227db9502f72f894c83708cd49c41925158b2^! / . / src / session.c
commit93b227db9502f72f894c83708cd49c41925158b2[log] [tgz]
authorBertrand Jacquin <jacquinb@amazon.com>Sat Jun 04 15:11:10 2016 +0100
committerWilly Tarreau <w@1wt.eu>Mon Jun 20 23:02:47 2016 +0200
tree82fdf2b9b2d7969d6a27fefa64b49a9a88b61001
parent24b892f32441369bf7b5b6c2c017ee7ff732f23b [diff] [blame]
MINOR: listener: add the "accept-netscaler-cip" option to the "bind" keyword

When NetScaler application switch is used as L3+ switch, informations
regarding the original IP and TCP headers are lost as a new TCP
connection is created between the NetScaler and the backend server.

NetScaler provides a feature to insert in the TCP data the original data
that can then be consumed by the backend server.

Specifications and documentations from NetScaler:
  https://support.citrix.com/article/CTX205670
  https://www.citrix.com/blogs/2016/04/25/how-to-enable-client-ip-in-tcpip-option-of-netscaler/

When CIP is enabled on the NetScaler, then a TCP packet is inserted just after
the TCP handshake. This is composed as:

  - CIP magic number : 4 bytes
    Both sender and receiver have to agree on a magic number so that
    they both handle the incoming data as a NetScaler Client IP insertion
    packet.

  - Header length : 4 bytes
    Defines the length on the remaining data.

  - IP header : >= 20 bytes if IPv4, 40 bytes if IPv6
    Contains the header of the last IP packet sent by the client during TCP
    handshake.

  - TCP header : >= 20 bytes
    Contains the header of the last TCP packet sent by the client during TCP
    handshake.

diff --git a/src/session.c b/src/session.c
index fdb2404..0c23364 100644
--- a/src/session.c
+++ b/src/session.c

@@ -142,6 +142,12 @@
 		conn_sock_want_recv(cli_conn);
 	}
 
+	/* wait for a NetScaler client IP insertion protocol header */
+	if (l->options & LI_O_ACC_CIP) {
+		cli_conn->flags |= CO_FL_ACCEPT_CIP;
+		conn_sock_want_recv(cli_conn);
+	}
+
 	conn_data_want_recv(cli_conn);
 	if (conn_xprt_init(cli_conn) < 0)
 		goto out_free_conn;
@@ -346,6 +352,7 @@
 		/* with "option dontlognull", we don't log connections with no transfer */
 		if (!conn->err_code ||
 		    conn->err_code == CO_ER_PRX_EMPTY || conn->err_code == CO_ER_PRX_ABORT ||
+		    conn->err_code == CO_ER_CIP_EMPTY || conn->err_code == CO_ER_CIP_ABORT ||
 		    conn->err_code == CO_ER_SSL_EMPTY || conn->err_code == CO_ER_SSL_ABORT)
 			log = 0;
 	}
@@ -354,6 +361,8 @@
 		if (!conn->err_code && (task->state & TASK_WOKEN_TIMER)) {
 			if (conn->flags & CO_FL_ACCEPT_PROXY)
 				conn->err_code = CO_ER_PRX_TIMEOUT;
+			else if (conn->flags & CO_FL_ACCEPT_CIP)
+				conn->err_code = CO_ER_CIP_TIMEOUT;
 			else if (conn->flags & CO_FL_SSL_WAIT_HS)
 				conn->err_code = CO_ER_SSL_TIMEOUT;
 		}