LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1670 Commits
1 Branch
46 MiB
Tree: ee24bbfeb4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ee24bbfeb4'
${ noResults }
openwrt-packages-dist/net/haproxy/patches/0004-BUG-MEDIUM-checks-fix-...

102 lines
4.0 KiB
Raw Normal View History

haproxy: patches from upstream - [PATCH 1/6] BUILD: fix "make install" to support spaces in the - [PATCH 2/6] BUG/MEDIUM: ssl: fix bad ssl context init can cause - [PATCH 3/6] BUG/MEDIUM: ssl: force a full GC in case of memory - [PATCH 4/6] BUG/MEDIUM: checks: fix conflicts between agent checks - [PATCH 5/6] BUG/MINOR: config: don't inherit the default balance - [PATCH 6/6] BUG/MAJOR: frontend: initialize capture pointers earlier Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
10 years ago
 
  1. From 1f96a87c4e1412ccdc6cfe81bfd6f20a1782886a Mon Sep 17 00:00:00 2001
  2. From: =?UTF-8?q?Cyril=20Bont=C3=A9?= <cyril.bonte@free.fr>
  3. Date: Sat, 15 Nov 2014 22:41:27 +0100
  4. Subject: [PATCH 4/6] BUG/MEDIUM: checks: fix conflicts between agent checks
  5.  and ssl healthchecks
  6. 

  7. Lasse Birnbaum Jensen reported an issue when agent checks are used at the same
  8. time as standard healthchecks when SSL is enabled on the server side.
  9. 

  10. The symptom is that agent checks try to communicate in SSL while it should
  11. manage raw data. This happens because the transport layer is shared between all
  12. kind of checks.
  13. 

  14. To fix the issue, the transport layer is now stored in each check type,
  15. allowing to use SSL healthchecks when required, while an agent check should
  16. always use the raw_sock implementation.
  17. 

  18. The fix must be backported to 1.5.
  19. (cherry picked from commit 9ce1311ebc834e20addc7a8392c0fc4e4ad687b7)
  20. ---

  21.  include/types/checks.h | 3 ++-
  22.  include/types/server.h | 1 -
  23.  src/checks.c           | 2 +-
  24.  src/server.c           | 2 +-
  25.  src/ssl_sock.c         | 2 +-
  26.  5 files changed, 5 insertions(+), 5 deletions(-)
  27. 

  28. diff --git a/include/types/checks.h b/include/types/checks.h

  29. index a50043b..42b7b07 100644

  30. --- a/include/types/checks.h

  31. +++ b/include/types/checks.h

  32. @@ -125,6 +125,7 @@ enum {

  33.  };
  34.  
  35.  struct check {
  36. +	struct xprt_ops *xprt;			/* transport layer operations for health checks */

  37.  	struct connection *conn;		/* connection state for health checks */
  38.  	unsigned short port;			/* the port to use for the health checks */
  39.  	struct buffer *bi, *bo;			/* input and output buffers to send/recv check */
  40. @@ -132,7 +133,7 @@ struct check {

  41.  	struct timeval start;			/* last health check start time */
  42.  	long duration;				/* time in ms took to finish last health check */
  43.  	short status, code;			/* check result, check code */
  44. -	char desc[HCHK_DESC_LEN];		/* health check descritpion */

  45. +	char desc[HCHK_DESC_LEN];		/* health check description */

  46.  	int use_ssl;				/* use SSL for health checks */
  47.  	int send_proxy;				/* send a PROXY protocol header with checks */
  48.  	struct tcpcheck_rule *current_step;     /* current step when using tcpcheck */
  49. diff --git a/include/types/server.h b/include/types/server.h

  50. index 313f58d..c419b40 100644

  51. --- a/include/types/server.h

  52. +++ b/include/types/server.h

  53. @@ -194,7 +194,6 @@ struct server {

  54.  
  55.  	struct {                                /* configuration  used by health-check and agent-check */
  56.  		struct protocol *proto;	        /* server address protocol for health checks */
  57. -		struct xprt_ops *xprt;          /* transport layer operations for health checks */

  58.  		struct sockaddr_storage addr;   /* the address to check, if different from <addr> */
  59.  	} check_common;
  60.  
  61. diff --git a/src/checks.c b/src/checks.c

  62. index 5318f35..84bf0e5 100644

  63. --- a/src/checks.c

  64. +++ b/src/checks.c

  65. @@ -1413,7 +1413,7 @@ static int connect_chk(struct task *t)

  66.  
  67.  	/* prepare a new connection */
  68.  	conn_init(conn);
  69. -	conn_prepare(conn, s->check_common.proto, s->check_common.xprt);

  70. +	conn_prepare(conn, s->check_common.proto, check->xprt);

  71.  	conn_attach(conn, check, &check_conn_cb);
  72.  	conn->target = &s->obj_type;
  73.  
  74. diff --git a/src/server.c b/src/server.c

  75. index fdb63cc..94a31b6 100644

  76. --- a/src/server.c

  77. +++ b/src/server.c

  78. @@ -929,7 +929,7 @@ int parse_server(const char *file, int linenum, char **args, struct proxy *curpr

  79.  
  80.  			newsrv->addr = *sk;
  81.  			newsrv->proto = newsrv->check_common.proto = protocol_by_family(newsrv->addr.ss_family);
  82. -			newsrv->xprt  = newsrv->check_common.xprt  = &raw_sock;

  83. +			newsrv->xprt  = newsrv->check.xprt = newsrv->agent.xprt = &raw_sock;

  84.  
  85.  			if (!newsrv->proto) {
  86.  				Alert("parsing [%s:%d] : Unknown protocol family %d '%s'\n",
  87. diff --git a/src/ssl_sock.c b/src/ssl_sock.c

  88. index f50efe5..b73d6f9 100644

  89. --- a/src/ssl_sock.c

  90. +++ b/src/ssl_sock.c

  91. @@ -1812,7 +1812,7 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy)

  92.  	if (srv->use_ssl)
  93.  		srv->xprt = &ssl_sock;
  94.  	if (srv->check.use_ssl)
  95. -		srv->check_common.xprt = &ssl_sock;

  96. +		srv->check.xprt = &ssl_sock;

  97.  
  98.  	srv->ssl_ctx.ctx = SSL_CTX_new(SSLv23_client_method());
  99.  	if (!srv->ssl_ctx.ctx) {
  100. -- 

  101. 2.0.4
  102.