MINOR: introduce proxy-v2-options for send-proxy-v2
Proxy protocol v2 can transport many optional informations. To avoid
send-proxy-v2-* explosion, this patch introduce proxy-v2-options parameter
and will allow to write: "send-proxy-v2 proxy-v2-options ssl,cert-cn".
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 55956db..89421db 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -11718,6 +11718,11 @@
of this version of the protocol. See also the "no-send-proxy-v2" option of
this section and send-proxy" option of the "bind" keyword.
+proxy-v2-options <option>[,<option>]*
+ The "proxy-v2-options" parameter add option to send in PROXY protocol version
+ 2 when "send-proxy-v2" is used. Options available are "ssl" (see also
+ send-proxy-v2-ssl), "cert-cn" (see also "send-proxy-v2-ssl-cn").
+
send-proxy-v2-ssl
The "send-proxy-v2-ssl" parameter enforces use of the PROXY protocol version
2 over any connection established to this server. The PROXY protocol informs
diff --git a/src/server.c b/src/server.c
index 07a6603..cf04176 100644
--- a/src/server.c
+++ b/src/server.c
@@ -503,6 +503,30 @@
return 0;
}
+/* parse the "proxy-v2-options" */
+static int srv_parse_proxy_v2_options(char **args, int *cur_arg,
+ struct proxy *px, struct server *newsrv, char **err)
+{
+ char *p, *n;
+ for (p = args[*cur_arg+1]; p; p = n) {
+ n = strchr(p, ',');
+ if (n)
+ *n++ = '\0';
+ if (!strcmp(p, "ssl")) {
+ newsrv->pp_opts |= SRV_PP_V2_SSL;
+ } else if (!strcmp(p, "cert-cn")) {
+ newsrv->pp_opts |= SRV_PP_V2_SSL;
+ newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
+ } else
+ goto fail;
+ }
+ return 0;
+ fail:
+ if (err)
+ memprintf(err, "'%s' : proxy v2 option not implemented", p);
+ return ERR_ALERT | ERR_FATAL;
+}
+
/* Parse the "observe" server keyword */
static int srv_parse_observe(char **args, int *cur_arg,
struct proxy *curproxy, struct server *newsrv, char **err)
@@ -1124,6 +1148,7 @@
{ "no-send-proxy-v2", srv_parse_no_send_proxy_v2, 0, 1 }, /* Disable use of PROXY V2 protocol */
{ "non-stick", srv_parse_non_stick, 0, 1 }, /* Disable stick-table persistence */
{ "observe", srv_parse_observe, 1, 1 }, /* Enables health adjusting based on observing communication with the server */
+ { "proxy-v2-options", srv_parse_proxy_v2_options, 1, 1 }, /* options for send-proxy-v2 */
{ "redir", srv_parse_redir, 1, 1 }, /* Enable redirection mode */
{ "send-proxy", srv_parse_send_proxy, 0, 1 }, /* Enforce use of PROXY V1 protocol */
{ "send-proxy-v2", srv_parse_send_proxy_v2, 0, 1 }, /* Enforce use of PROXY V2 protocol */