BUILD/MEDIUM: tcp: set-mark setting support for FreeBSD.
This platform has a similar socket option from Linux's SO_MARK,
marking a socket with an id for packet filter purpose, DTrace
monitoring and so on.
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 9ffcc75..060d784 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -6503,13 +6503,14 @@
http-request set-mark <mark> [ { if | unless } <condition> ]
- This is used to set the Netfilter MARK on all packets sent to the client to
- the value passed in <mark> on platforms which support it. This value is an
- unsigned 32 bit value which can be matched by netfilter and by the routing
- table. It can be expressed both in decimal or hexadecimal format (prefixed by
- "0x"). This can be useful to force certain packets to take a different route
- (for example a cheaper network path for bulk downloads). This works on Linux
- kernels 2.6.32 and above and requires admin privileges.
+ This is used to set the Netfilter/IPFW MARK on all packets sent to the client
+ to the value passed in <mark> on platforms which support it. This value is an
+ unsigned 32 bit value which can be matched by netfilter/ipfw and by the
+ routing table or monitoring the packets through DTrace. It can be expressed
+ both in decimal or hexadecimal format (prefixed by "0x").
+ This can be useful to force certain packets to take a different route (for
+ example a cheaper network path for bulk downloads). This works on Linux
+ kernels 2.6.32 and above and requires admin privileges, as well on FreeBSD.
http-request set-method <fmt> [ { if | unless } <condition> ]
@@ -7163,13 +7164,14 @@
http-response set-mark <mark> [ { if | unless } <condition> ]
- This is used to set the Netfilter MARK on all packets sent to the client to
- the value passed in <mark> on platforms which support it. This value is an
- unsigned 32 bit value which can be matched by netfilter and by the routing
- table. It can be expressed both in decimal or hexadecimal format (prefixed
- by "0x"). This can be useful to force certain packets to take a different
- route (for example a cheaper network path for bulk downloads). This works on
- Linux kernels 2.6.32 and above and requires admin privileges.
+ This is used to set the Netfilter/IPFW MARK on all packets sent to the client
+ to the value passed in <mark> on platforms which support it. This value is an
+ unsigned 32 bit value which can be matched by netfilter/ipfw and by the
+ routing table or monitoring the packets through DTrace.
+ It can be expressed both in decimal or hexadecimal format (prefixed by "0x").
+ This can be useful to force certain packets to take a different route (for
+ example a cheaper network path for bulk downloads). This works on Linux
+ kernels 2.6.32 and above and requires admin privileges, as well on FreeBSD.
http-response set-nice <nice> [ { if | unless } <condition> ]
@@ -11898,14 +11900,15 @@
fails and the actions evaluation continues.
- set-mark <mark>:
- Is used to set the Netfilter MARK in all packets sent to the client to
- the value passed in <mark> on platforms which support it. This value is
- an unsigned 32 bit value which can be matched by netfilter and by the
- routing table. It can be expressed both in decimal or hexadecimal format
- (prefixed by "0x"). This can be useful to force certain packets to take a
- different route (for example a cheaper network path for bulk
- downloads). This works on Linux kernels 2.6.32 and above and requires
- admin privileges.
+ Is used to set the Netfilter/IPFW MARK in all packets sent to the client
+ to the value passed in <mark> on platforms which support it. This value
+ is an unsigned 32 bit value which can be matched by netfilter/ipfw and by
+ the routing table or monitoring the packets through DTrace.
+ It can be expressed both in decimal or hexadecimal format (prefixed by
+ "0x"). This can be useful to force certain packets to take a different
+ route (for example a cheaper network path for bulk downloads). This works
+ on Linux kernels 2.6.32 and above and requires admin privileges, as well
+ on FreeBSD.
- set-src <expr> :
Is used to set the source IP address to the value of specified
diff --git a/include/haproxy/connection.h b/include/haproxy/connection.h
index d484346..02096b0 100644
--- a/include/haproxy/connection.h
+++ b/include/haproxy/connection.h
@@ -694,8 +694,11 @@
if (!conn || !conn_ctrl_ready(conn))
return;
-#ifdef SO_MARK
+#if defined(SO_MARK)
setsockopt(conn->handle.fd, SOL_SOCKET, SO_MARK, &mark, sizeof(mark));
+#elif defined(SO_USER_COOKIE)
+ uint32_t mval = (uint32_t)mark;
+ setsockopt(conn->handle.fd, SOL_SOCKET, SO_USER_COOKIE, &mval, sizeof(mval));
#endif
}
diff --git a/src/tcp_act.c b/src/tcp_act.c
index ff521d2..a6c58fb 100644
--- a/src/tcp_act.c
+++ b/src/tcp_act.c
@@ -305,7 +305,7 @@
static enum act_parse_ret tcp_parse_set_mark(const char **args, int *cur_arg, struct proxy *px,
struct act_rule *rule, char **err)
{
-#ifdef SO_MARK
+#if defined(SO_MARK) || defined(SO_USER_COOKIE)
char *endp;
unsigned int mark;
@@ -328,7 +328,7 @@
global.last_checks |= LSTCHK_NETADM;
return ACT_RET_PRS_OK;
#else
- memprintf(err, "not supported on this platform (SO_MARK undefined)");
+ memprintf(err, "not supported on this platform (SO_MARK|SO_USER_COOKIE undefined)");
return ACT_RET_PRS_ERR;
#endif
}