Mark Bergsma has uploaded a new change for review.
https://gerrit.wikimedia.org/r/81244
Change subject: Initial version of PROXY support for Varnish
......................................................................
Initial version of PROXY support for Varnish
Change-Id: I325ea40c1777ffc48ec7ca6f4b92834812b626ea
---
M bin/varnishd/Makefile.am
M bin/varnishd/Makefile.in
M bin/varnishd/cache.h
M bin/varnishd/cache_acceptor.c
M bin/varnishd/cache_center.c
M bin/varnishd/cache_vrt_var.c
M bin/varnishd/heritage.h
M bin/varnishd/mgt_child.c
M bin/varnishd/mgt_param.c
A bin/varnishd/proxy_proto.c
M include/vrt_obj.h
M include/vss.h
M lib/libvarnish/vss.c
M lib/libvcl/generate.py
M lib/libvcl/vcc_fixed_token.c
M lib/libvcl/vcc_obj.c
16 files changed, 430 insertions(+), 8 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/debs/varnish
refs/changes/44/81244/1
diff --git a/bin/varnishd/Makefile.am b/bin/varnishd/Makefile.am
index bfeb6b9..50e92ea 100644
--- a/bin/varnishd/Makefile.am
+++ b/bin/varnishd/Makefile.am
@@ -61,6 +61,7 @@
mgt_sandbox_solaris.c \
mgt_shmem.c \
mgt_vcc.c \
+ proxy_proto.c \
rfc2616.c \
stevedore.c \
storage_file.c \
diff --git a/bin/varnishd/Makefile.in b/bin/varnishd/Makefile.in
index 0dda608..e9db4b0 100644
--- a/bin/varnishd/Makefile.in
+++ b/bin/varnishd/Makefile.in
@@ -92,8 +92,8 @@
varnishd-mgt_sandbox.$(OBJEXT) \
varnishd-mgt_sandbox_solaris.$(OBJEXT) \
varnishd-mgt_shmem.$(OBJEXT) varnishd-mgt_vcc.$(OBJEXT) \
- varnishd-rfc2616.$(OBJEXT) varnishd-stevedore.$(OBJEXT) \
- varnishd-storage_file.$(OBJEXT) \
+ varnishd-proxy_proto.$(OBJEXT) varnishd-rfc2616.$(OBJEXT) \
+ varnishd-stevedore.$(OBJEXT) varnishd-storage_file.$(OBJEXT) \
varnishd-storage_malloc.$(OBJEXT) \
varnishd-storage_persistent.$(OBJEXT) \
varnishd-storage_persistent_mgt.$(OBJEXT) \
@@ -366,6 +366,7 @@
mgt_sandbox_solaris.c \
mgt_shmem.c \
mgt_vcc.c \
+ proxy_proto.c \
rfc2616.c \
stevedore.c \
storage_file.c \
@@ -556,6 +557,7 @@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/varnishd-mgt_sandbox_solaris.Po@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/varnishd-mgt_shmem.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/varnishd-mgt_vcc.Po@am__quote@
+@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/varnishd-proxy_proto.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/varnishd-rfc2616.Po@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/varnishd-stevedore.Po@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/varnishd-stevedore_utils.Po@am__quote@
@@ -1305,6 +1307,20 @@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE)
$(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES)
$(AM_CPPFLAGS) $(CPPFLAGS) $(varnishd_CFLAGS) $(CFLAGS) -c -o
varnishd-mgt_vcc.obj `if test -f 'mgt_vcc.c'; then $(CYGPATH_W) 'mgt_vcc.c';
else $(CYGPATH_W) '$(srcdir)/mgt_vcc.c'; fi`
+varnishd-proxy_proto.o: proxy_proto.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES)
$(AM_CPPFLAGS) $(CPPFLAGS) $(varnishd_CFLAGS) $(CFLAGS) -MT
varnishd-proxy_proto.o -MD -MP -MF $(DEPDIR)/varnishd-proxy_proto.Tpo -c -o
varnishd-proxy_proto.o `test -f 'proxy_proto.c' || echo
'$(srcdir)/'`proxy_proto.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/varnishd-proxy_proto.Tpo
$(DEPDIR)/varnishd-proxy_proto.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='proxy_proto.c'
object='varnishd-proxy_proto.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE)
$(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES)
$(AM_CPPFLAGS) $(CPPFLAGS) $(varnishd_CFLAGS) $(CFLAGS) -c -o
varnishd-proxy_proto.o `test -f 'proxy_proto.c' || echo
'$(srcdir)/'`proxy_proto.c
+
+varnishd-proxy_proto.obj: proxy_proto.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES)
$(AM_CPPFLAGS) $(CPPFLAGS) $(varnishd_CFLAGS) $(CFLAGS) -MT
varnishd-proxy_proto.obj -MD -MP -MF $(DEPDIR)/varnishd-proxy_proto.Tpo -c -o
varnishd-proxy_proto.obj `if test -f 'proxy_proto.c'; then $(CYGPATH_W)
'proxy_proto.c'; else $(CYGPATH_W) '$(srcdir)/proxy_proto.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/varnishd-proxy_proto.Tpo
$(DEPDIR)/varnishd-proxy_proto.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='proxy_proto.c'
object='varnishd-proxy_proto.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE)
$(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES)
$(AM_CPPFLAGS) $(CPPFLAGS) $(varnishd_CFLAGS) $(CFLAGS) -c -o
varnishd-proxy_proto.obj `if test -f 'proxy_proto.c'; then $(CYGPATH_W)
'proxy_proto.c'; else $(CYGPATH_W) '$(srcdir)/proxy_proto.c'; fi`
+
varnishd-rfc2616.o: rfc2616.c
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES)
$(AM_CPPFLAGS) $(CPPFLAGS) $(varnishd_CFLAGS) $(CFLAGS) -MT varnishd-rfc2616.o
-MD -MP -MF $(DEPDIR)/varnishd-rfc2616.Tpo -c -o varnishd-rfc2616.o `test -f
'rfc2616.c' || echo '$(srcdir)/'`rfc2616.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/varnishd-rfc2616.Tpo
$(DEPDIR)/varnishd-rfc2616.Po
diff --git a/bin/varnishd/cache.h b/bin/varnishd/cache.h
index 0ad00d8..f98d5e2 100644
--- a/bin/varnishd/cache.h
+++ b/bin/varnishd/cache.h
@@ -563,6 +563,9 @@
char *port;
char *client_identity;
+ /* PROXY data */
+ struct proxy_state *ps;
+
/* HTTP request */
const char *doclose;
struct http *http;
@@ -969,6 +972,19 @@
void SMP_Init(void);
void SMP_Ready(void);
+/* proxy_proto.c */
+struct proxy_state;
+
+struct proxy_state *Proxy_Init(struct sess *sp);
+void Proxy_Finish(struct sess *sp);
+int Proxy_Read(const struct sess *sp);
+int Proxy_Parse(struct sess *sp);
+unsigned Proxy_Valid(const struct sess *sp);
+struct sockaddr_storage *Proxy_Client_Address(const struct sess *sp);
+struct sockaddr_storage *Proxy_Server_Address(const struct sess *sp);
+int Proxy_Client_Port(const struct sess *sp);
+int Proxy_Server_Port(const struct sess *sp);
+
/*
* A normal pointer difference is signed, but we never want a negative value
* so this little tool will make sure we don't get that.
diff --git a/bin/varnishd/cache_acceptor.c b/bin/varnishd/cache_acceptor.c
index c513e1a..4557c38 100644
--- a/bin/varnishd/cache_acceptor.c
+++ b/bin/varnishd/cache_acceptor.c
@@ -429,7 +429,7 @@
if (ls->sock < 0)
continue;
VTCP_myname(ls->sock, h, sizeof h, p, sizeof p);
- VCLI_Out(cli, "%s %s\n", h, p);
+ VCLI_Out(cli, "%s %s %d\n", h, p, ls->proxy_port);
}
}
diff --git a/bin/varnishd/cache_center.c b/bin/varnishd/cache_center.c
index 61d3fb4..e3b9b8e 100644
--- a/bin/varnishd/cache_center.c
+++ b/bin/varnishd/cache_center.c
@@ -1130,7 +1130,6 @@
static int
cnt_first(struct sess *sp)
{
-
/*
* XXX: If we don't have acceptfilters we are somewhat subject
* XXX: to DoS'ing here. One remedy would be to set a shorter
@@ -1140,8 +1139,24 @@
assert(sp->xid == 0);
assert(sp->restarts == 0);
+
VCA_Prep(sp);
+ /* Process the PROXY protocol */
+ if (sp->mylsock->proxy_port) {
+ AZ(sp->ps);
+ if (Proxy_Init(sp) == NULL
+ || Proxy_Read(sp) < 0
+ || Proxy_Parse(sp) < 0) {
+ vca_close_session(sp, "PROXY protocol error");
+ sp->step = STP_DONE;
+ if (sp->ps != NULL)
+ Proxy_Finish(sp);
+ return (0);
+ }
+ Proxy_Finish(sp);
+ }
+
/* Record the session watermark */
sp->ws_ses = WS_Snapshot(sp->ws);
diff --git a/bin/varnishd/cache_vrt_var.c b/bin/varnishd/cache_vrt_var.c
index fa65d84..bf96e28 100644
--- a/bin/varnishd/cache_vrt_var.c
+++ b/bin/varnishd/cache_vrt_var.c
@@ -377,6 +377,41 @@
return (sp->restarts);
}
+unsigned
+VRT_r_req_proxy(const struct sess *sp)
+{
+
+ return (Proxy_Valid(sp));
+}
+
+struct sockaddr_storage *
+VRT_r_req_proxy_client_ip(const struct sess *sp)
+{
+
+ return (Proxy_Client_Address(sp));
+}
+
+int
+VRT_r_req_proxy_client_port(const struct sess *sp)
+{
+
+ return (Proxy_Client_Port(sp));
+}
+
+struct sockaddr_storage *
+VRT_r_req_proxy_server_ip(const struct sess *sp)
+{
+
+ return (Proxy_Server_Address(sp));
+}
+
+int
+VRT_r_req_proxy_server_port(const struct sess *sp)
+{
+
+ return (Proxy_Server_Port(sp));
+}
+
/*--------------------------------------------------------------------
* NB: TTL is relative to when object was created, whereas grace and
* keep are relative to ttl.
diff --git a/bin/varnishd/heritage.h b/bin/varnishd/heritage.h
index 66d2a05..4e6b956 100644
--- a/bin/varnishd/heritage.h
+++ b/bin/varnishd/heritage.h
@@ -39,6 +39,7 @@
int sock;
char *name;
struct vss_addr *addr;
+ int proxy_port;
};
VTAILQ_HEAD(listen_sock_head, listen_sock);
@@ -137,6 +138,10 @@
/* Listen depth */
unsigned listen_depth;
+ /* PROXY protocol */
+ unsigned proxy_protocol_port;
+ unsigned proxy_protocol_timeout;
+
/* CLI related */
unsigned cli_timeout;
unsigned ping_interval;
diff --git a/bin/varnishd/mgt_child.c b/bin/varnishd/mgt_child.c
index ee74452..10e60fa 100644
--- a/bin/varnishd/mgt_child.c
+++ b/bin/varnishd/mgt_child.c
@@ -236,6 +236,9 @@
mgt_child_inherit(ls->sock, "sock");
+ if (VTCP_port(VSS_sockaddr(ls->addr)) ==
params->proxy_protocol_port)
+ ls->proxy_port = 1;
+
/*
* Set nonblocking mode to avoid a race where a client
* closes before we call accept(2) and nobody else are in
diff --git a/bin/varnishd/mgt_param.c b/bin/varnishd/mgt_param.c
index 5687766..29710df 100644
--- a/bin/varnishd/mgt_param.c
+++ b/bin/varnishd/mgt_param.c
@@ -391,6 +391,7 @@
ls->addr = ta[j];
ls->name = strdup(av[i]);
AN(ls->name);
+ ls->proxy_port = 0;
VTAILQ_INSERT_TAIL(&lsh, ls, list);
}
free(ta);
@@ -990,6 +991,19 @@
"content.\n",
EXPERIMENTAL,
"256", "kilobytes" },
+ { "proxy_protocol_port", tweak_uint, &master.proxy_protocol_port,
+ 0, 65535,
+ "TCP listen ports which should process the PROXY protocol. "
+ "On these TCP ports, Varnish requires the PROXY protocol "
+ "header to be sent before the first HTTP request.\n",
+ MUST_RESTART,
+ "0", "" },
+ { "proxy_protocol_timeout", tweak_uint,
+ &master.proxy_protocol_timeout, 0, UINT_MAX,
+ "The timeout for the workerthread waiting for the PROXY"
+ "protocol header to be received.\n",
+ 0,
+ "500", "ms" },
{ NULL, NULL, NULL }
};
diff --git a/bin/varnishd/proxy_proto.c b/bin/varnishd/proxy_proto.c
new file mode 100644
index 0000000..6f03cd2
--- /dev/null
+++ b/bin/varnishd/proxy_proto.c
@@ -0,0 +1,226 @@
+/*-
+ * Copyright (c) 2013 Wikimedia Foundation
+ * All rights reserved.
+ *
+ * Author: Mark Bergsma <m...@wikimedia.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * PROXY protocol handling
+ */
+
+#include <string.h>
+#include <poll.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+
+#include "cache.h"
+
+const char v2sig[13] = "\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A\x02";
+
+struct proxy_v2 {
+ struct {
+ uint8_t sig[12];
+ uint8_t ver;
+ uint8_t cmd;
+ uint8_t fam;
+ uint8_t len;
+ } hdr;
+ union {
+ struct { /* for TCP/UDP over IPv4, len = 12 */
+ uint32_t src_addr;
+ uint32_t dst_addr;
+ uint16_t src_port;
+ uint16_t dst_port;
+ } ip4;
+ struct { /* for TCP/UDP over IPv6, len = 36 */
+ uint8_t src_addr[16];
+ uint8_t dst_addr[16];
+ uint16_t src_port;
+ uint16_t dst_port;
+ } ip6;
+ } addr;
+};
+
+struct proxy_state {
+ unsigned magic;
+#define PROXY_STATE_MAGIC 0xE3D85857
+ int valid;
+ socklen_t client_addr_len;
+ socklen_t server_addr_len;
+ struct sockaddr_storage client_addr;
+ struct sockaddr_storage server_addr;
+
+ struct proxy_v2 *proxy_hdr;
+};
+
+struct proxy_state *
+Proxy_Init(struct sess *sp) {
+ struct proxy_state *ps;
+
+ ps = (struct proxy_state *)WS_Alloc(sp->ws, sizeof *ps);
+ if (ps == NULL)
+ return (NULL);
+ memset(ps, 0, sizeof *ps);
+ ps->magic = PROXY_STATE_MAGIC;
+ if (WS_Reserve(sp->ws, PRNDUP(sizeof(struct proxy_v2))) < sizeof(struct
proxy_v2)) {
+ WS_Reset(sp->ws, (char *)ps);
+ return (NULL);
+ }
+ ps->proxy_hdr = (struct proxy_v2 *)sp->ws->f;
+ sp->ps = ps;
+ return (ps);
+}
+
+void
+Proxy_Finish(struct sess *sp) {
+ CHECK_OBJ_NOTNULL(sp->ps, PROXY_STATE_MAGIC);
+ if (sp->ps->proxy_hdr) {
+ WS_Release(sp->ws, 0);
+ sp->ps->proxy_hdr = NULL;
+ }
+}
+
+/*--------------------------------------------------------------------
+ * Read PROXY protocol header
+ * Returns:
+ * -1 error, disconnect
+ * >0 proxy header received, return number of bytes read
+ */
+int
+Proxy_Read(const struct sess *sp) {
+ struct proxy_v2 *phdr;
+ struct pollfd pfd[1];
+ int msgsize;
+
+ CHECK_OBJ_NOTNULL(sp->ps, PROXY_STATE_MAGIC);
+ phdr = sp->ps->proxy_hdr;
+
+ /* Wait until we have data */
+ if (params->proxy_protocol_timeout > 0) {
+ pfd[0].fd = sp->fd;
+ pfd[0].events = POLLIN;
+ pfd[0].revents = 0;
+ if (poll(pfd, 1, params->proxy_protocol_timeout) != 1)
+ return (-1);
+ }
+
+ /* Read the PROXY header */
+ if (recv(sp->fd, phdr, sizeof *phdr, MSG_PEEK) == sizeof *phdr
+ && memcmp(phdr->hdr.sig, v2sig, sizeof v2sig) == 0
+ && phdr->hdr.len <= sizeof phdr->addr) {
+ msgsize = sizeof phdr->hdr + phdr->hdr.len;
+ assert(msgsize <= sizeof *phdr);
+ if (read(sp->fd, phdr, msgsize) == msgsize) /* Read appropriate
nr of bytes from the socket */
+ return (msgsize);
+ }
+ return (-1);
+}
+
+int
+Proxy_Parse(struct sess *sp) {
+ struct proxy_v2 *phdr;
+
+ CHECK_OBJ_NOTNULL(sp->ps, PROXY_STATE_MAGIC);
+ phdr = sp->ps->proxy_hdr;
+
+ switch (phdr->hdr.cmd) {
+ case 0x01: /* PROXY command */
+ switch (phdr->hdr.fam) {
+ case 0x11: /* TCPv4 */
+ if (phdr->hdr.len < sizeof phdr->addr.ip4)
+ return (-1);
+ sp->ps->client_addr_len = sp->ps->server_addr_len =
sizeof(struct sockaddr_in);
+ ((struct sockaddr_in *)
&sp->ps->client_addr)->sin_family = AF_INET;
+ ((struct sockaddr_in *)
&sp->ps->client_addr)->sin_addr.s_addr =
+ phdr->addr.ip4.src_addr;
+ ((struct sockaddr_in *) &sp->ps->client_addr)->sin_port
= phdr->addr.ip4.src_port;
+ ((struct sockaddr_in *)
&sp->ps->server_addr)->sin_family = AF_INET;
+ ((struct sockaddr_in *)
&sp->ps->server_addr)->sin_addr.s_addr =
+ phdr->addr.ip4.dst_addr;
+ ((struct sockaddr_in *) &sp->ps->server_addr)->sin_port
= phdr->addr.ip4.dst_port;
+ sp->ps->valid = 1;
+ break;
+ case 0x21: /* TCPv6 */
+ if (phdr->hdr.len < sizeof phdr->addr.ip6)
+ return (-1);
+ sp->ps->client_addr_len = sp->ps->server_addr_len =
sizeof(struct sockaddr_in6);
+ ((struct sockaddr_in6 *)
&sp->ps->client_addr)->sin6_family = AF_INET6;
+ memcpy(&((struct sockaddr_in6 *)
&sp->ps->client_addr)->sin6_addr,
+ phdr->addr.ip6.src_addr, 16);
+ ((struct sockaddr_in6 *)
&sp->ps->client_addr)->sin6_port =
+ phdr->addr.ip6.src_port;
+ ((struct sockaddr_in6 *)
&sp->ps->server_addr)->sin6_family = AF_INET6;
+ memcpy(&((struct sockaddr_in6 *)
&sp->ps->server_addr)->sin6_addr,
+ phdr->addr.ip6.dst_addr, 16);
+ ((struct sockaddr_in6 *)
&sp->ps->server_addr)->sin6_port =
+ phdr->addr.ip6.dst_port;
+ sp->ps->valid = 1;
+ break;
+ }
+ /* Error or unsupported protocol, keep local connection address
*/
+ break;
+ case 0x00: /* LOCAL command */
+ /* Use local connection address for LOCAL */
+ sp->ps->client_addr_len = sp->sockaddrlen;
+ sp->ps->server_addr_len = sp->mysockaddrlen;
+ memcpy(&sp->ps->client_addr, sp->sockaddr, sizeof(struct
sockaddr_storage));
+ memcpy(&sp->ps->server_addr, sp->mysockaddr, sizeof(struct
sockaddr_storage));
+ sp->ps->valid = 1;
+ break;
+ }
+ return (sp->ps->valid ? 0 : -1);
+}
+
+inline struct proxy_state *
+Proxy_State(const struct sess *sp) {
+ if (sp->ps == NULL)
+ return (NULL);
+
+ CHECK_OBJ_NOTNULL(sp->ps, PROXY_STATE_MAGIC);
+ return (sp->ps);
+}
+
+/* --------------------------------------------------------------------------
+ */
+
+unsigned Proxy_Valid(const struct sess *sp) {
+ return (sp->ps != NULL && Proxy_State(sp)->valid);
+}
+
+struct sockaddr_storage *
+Proxy_Client_Address(const struct sess *sp) {
+ return (Proxy_Valid(sp) ? &Proxy_State(sp)->client_addr : sp->sockaddr);
+}
+
+struct sockaddr_storage *
+Proxy_Server_Address(const struct sess *sp) {
+ return (Proxy_Valid(sp) ? &Proxy_State(sp)->server_addr :
sp->mysockaddr);
+}
+
+int Proxy_Client_Port(const struct sess *sp) {
+ return (VTCP_port(Proxy_Valid(sp) ? &Proxy_State(sp)->client_addr :
sp->sockaddr));
+}
+
+int Proxy_Server_Port(const struct sess *sp) {
+ return (VTCP_port(Proxy_Valid(sp) ? &Proxy_State(sp)->server_addr :
sp->mysockaddr));
+}
diff --git a/include/vrt_obj.h b/include/vrt_obj.h
index 12d0698..56d8bda 100644
--- a/include/vrt_obj.h
+++ b/include/vrt_obj.h
@@ -35,6 +35,11 @@
void VRT_l_req_hash_ignore_busy(struct sess *, unsigned);
unsigned VRT_r_req_hash_always_miss(struct sess *);
void VRT_l_req_hash_always_miss(struct sess *, unsigned);
+unsigned VRT_r_req_proxy(const struct sess *);
+struct sockaddr_storage * VRT_r_req_proxy_client_ip(const struct sess *);
+int VRT_r_req_proxy_client_port(const struct sess *);
+struct sockaddr_storage * VRT_r_req_proxy_server_ip(const struct sess *);
+int VRT_r_req_proxy_server_port(const struct sess *);
const char * VRT_r_bereq_request(const struct sess *);
void VRT_l_bereq_request(const struct sess *, const char *, ...);
const char * VRT_r_bereq_url(const struct sess *);
diff --git a/include/vss.h b/include/vss.h
index d98aa1d..2e779e1 100644
--- a/include/vss.h
+++ b/include/vss.h
@@ -35,3 +35,4 @@
int VSS_listen(const struct vss_addr *addr, int depth);
int VSS_connect(const struct vss_addr *addr, int nonblock);
int VSS_open(const char *str, double tmo);
+const struct sockaddr_storage* VSS_sockaddr(const struct vss_addr *va);
diff --git a/lib/libvarnish/vss.c b/lib/libvarnish/vss.c
index f902023..4d7e581 100644
--- a/lib/libvarnish/vss.c
+++ b/lib/libvarnish/vss.c
@@ -307,3 +307,8 @@
free(vaddr);
return (retval);
}
+
+const struct sockaddr_storage *
+VSS_sockaddr(const struct vss_addr *va) {
+ return (&va->va_addr);
+}
diff --git a/lib/libvcl/generate.py b/lib/libvcl/generate.py
index 4d8f62a..09813ad 100755
--- a/lib/libvcl/generate.py
+++ b/lib/libvcl/generate.py
@@ -235,6 +235,36 @@
( 'recv',),
'struct sess *'
),
+ ('req.proxy',
+ 'BOOL',
+ ( 'proc',),
+ ( ),
+ 'const struct sess *'
+ ),
+ ('req.proxy.client.ip',
+ 'IP',
+ ( 'proc',),
+ ( ),
+ 'const struct sess *'
+ ),
+ ('req.proxy.client.port',
+ 'INT',
+ ( 'proc',),
+ ( ),
+ 'const struct sess *'
+ ),
+ ('req.proxy.server.ip',
+ 'IP',
+ ( 'proc',),
+ ( ),
+ 'const struct sess *'
+ ),
+ ('req.proxy.server.port',
+ 'INT',
+ ( 'proc',),
+ ( ),
+ 'const struct sess *'
+ ),
('bereq.request',
'STRING',
( 'pipe', 'pass', 'miss', 'fetch',),
diff --git a/lib/libvcl/vcc_fixed_token.c b/lib/libvcl/vcc_fixed_token.c
index c8a48d5..b649011 100644
--- a/lib/libvcl/vcc_fixed_token.c
+++ b/lib/libvcl/vcc_fixed_token.c
@@ -155,7 +155,7 @@
vcl_output_lang_h(struct vsb *sb)
{
- /* ../include/vcl.h */
+ /* ../../include/vcl.h */
VSB_cat(sb, "/*\n * NB: This file is machine generated, DO "
"NOT EDIT!\n *\n * Edit and run generate.py instead\n"
@@ -189,7 +189,7 @@
"\tvcl_func_f\t*error_func;\n\tvcl_func_f\t*init_func;\n"
"\tvcl_func_f\t*fini_func;\n\n};\n" );
- /* ../include/vrt.h */
+ /* ../../include/vrt.h */
VSB_cat(sb, "/*-\n * Copyright (c) 2006 Verdens Gang AS\n"
" * Copyright (c) 2006-2010 Varnish Software AS\n * All rights "
@@ -303,7 +303,7 @@
"ing(const struct sess *sp, const char *p, ...);\n"
);
- /* ../include/vrt_obj.h */
+ /* ../../include/vrt_obj.h */
VSB_cat(sb, "/*\n * NB: This file is machine generated, DO "
"NOT EDIT!\n *\n * Edit and run generate.py instead\n"
@@ -334,7 +334,12 @@
"gnore_busy(struct sess *);\nvoid VRT_l_req_hash_ignore_busy(stru"
"ct sess *, unsigned);\nunsigned VRT_r_req_hash_always_miss(struc"
"t sess *);\nvoid VRT_l_req_hash_always_miss(struct sess *, "
- "unsigned);\nconst char * VRT_r_bereq_request(const struct "
+ "unsigned);\nunsigned VRT_r_req_proxy(const struct sess *);\n"
+ "struct sockaddr_storage * VRT_r_req_proxy_client_ip(const "
+ "struct sess *);\nint VRT_r_req_proxy_client_port(const struct "
+ "sess *);\nstruct sockaddr_storage * VRT_r_req_proxy_server_ip(co"
+ "nst struct sess *);\nint VRT_r_req_proxy_server_port(const "
+ "struct sess *);\nconst char * VRT_r_bereq_request(const struct "
"sess *);\nvoid VRT_l_bereq_request(const struct sess *, const "
"char *, ...);\nconst char * VRT_r_bereq_url(const struct sess "
"*);\nvoid VRT_l_bereq_url(const struct sess *, const char "
diff --git a/lib/libvcl/vcc_obj.c b/lib/libvcl/vcc_obj.c
index 76e812b..6dc7b51 100644
--- a/lib/libvcl/vcc_obj.c
+++ b/lib/libvcl/vcc_obj.c
@@ -219,6 +219,51 @@
VCL_MET_RECV,
0,
},
+ { "req.proxy", BOOL, 9,
+ "VRT_r_req_proxy(sp)",
+ VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
+ | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
+ | VCL_MET_ERROR,
+ NULL, /* No writes allowed */
+ 0,
+ 0,
+ },
+ { "req.proxy.client.ip", IP, 19,
+ "VRT_r_req_proxy_client_ip(sp)",
+ VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
+ | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
+ | VCL_MET_ERROR,
+ NULL, /* No writes allowed */
+ 0,
+ 0,
+ },
+ { "req.proxy.client.port", INT, 21,
+ "VRT_r_req_proxy_client_port(sp)",
+ VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
+ | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
+ | VCL_MET_ERROR,
+ NULL, /* No writes allowed */
+ 0,
+ 0,
+ },
+ { "req.proxy.server.ip", IP, 19,
+ "VRT_r_req_proxy_server_ip(sp)",
+ VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
+ | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
+ | VCL_MET_ERROR,
+ NULL, /* No writes allowed */
+ 0,
+ 0,
+ },
+ { "req.proxy.server.port", INT, 21,
+ "VRT_r_req_proxy_server_port(sp)",
+ VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
+ | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
+ | VCL_MET_ERROR,
+ NULL, /* No writes allowed */
+ 0,
+ 0,
+ },
{ "bereq.request", STRING, 13,
"VRT_r_bereq_request(sp)",
VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH,
--
To view, visit https://gerrit.wikimedia.org/r/81244
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I325ea40c1777ffc48ec7ca6f4b92834812b626ea
Gerrit-PatchSet: 1
Gerrit-Project: operations/debs/varnish
Gerrit-Branch: patches/proxy-support
Gerrit-Owner: Mark Bergsma <m...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
