ruct session *sess, struct stream *strm, int flags)
{
@@ -2061,7 +2087,7 @@ static int tcp_parse_tcp_req(char **args, int section_type, struct proxy *curpx,
return -1;
}
-/* parse "set-src" action */
+/* parse "set-src" and "set-src-port" actions */
enum act_parse_ret tcp_parse_set_src(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
{
int cur_arg;
@@ -2091,6 +2117,8 @@ enum act_parse_ret tcp_parse_set_src(const char **args, int *orig_arg, struct pr
if (!strcmp(args[*orig_arg-1], "set-src")) {
rule->action_ptr = tcp_action_req_set_src;
+ } else if (!strcmp(args[*orig_arg-1], "set-src-port")) {
+ rule->action_ptr = tcp_action_req_set_src_port;
} else {
return ACT_RET_PRS_ERR;
}
@@ -2493,6 +2521,7 @@ static struct srv_kw_list srv_kws = { "TCP", { }, {
static struct action_kw_list tcp_req_conn_actions = {ILH, {
{ "silent-drop", tcp_parse_silent_drop },
{ "set-src", tcp_parse_set_src },
+ { "set-src-port", tcp_parse_set_src },
{ /* END */ }
}};
@@ -2509,6 +2538,7 @@ static struct action_kw_list tcp_res_cont_actions = {ILH, {
static struct action_kw_list http_req_actions = {ILH, {
{ "silent-drop", tcp_parse_silent_drop },
{ "set-src", tcp_parse_set_src },
+ { "set-src-port", tcp_parse_set_src },
{ /* END */ }
}};
--
2.7.3
>From 3daea1db5a18aeda04f7c8205a32a44d5a0d83a3 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallem...@irq6.net>
Date: Wed, 25 May 2016 02:34:07 +0200
Subject: [PATCH 4/4] MEDIUM: tcp/http: new set-dst/set-dst-port actions
Like 'set-src' and 'set-src-port' but for destination address and port.
It's available in 'tcp-request connection' and 'http-request' actions.
---
doc/configuration.txt | 56 +++
src/proto_tcp.c | 73 ++-
2 files changed, 123 insertions(+), 6 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index d3ff223..678be44 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -3860,6 +3860,34 @@ http-request { allow | deny | tarpit | auth [realm ] | redirect |
Be careful to use "set-src-port" after "set-src", because "set-src" sets
the source port to 0.
+- set-dst :
+ Is used to set the destination IP address to the value of specified
+ expression. Useful when a proxy in front of HAProxy rewrites destination
+ IP, but provides the correct IP in a HTTP header; or you want to mask
+ the IP for privacy. If you want to connect to the new address/port, use
+ '0.0.0.0:0' as a server address in the backend.
+
+ Is a standard HAProxy expression formed by a sample-fetch
+ followed by some converters.
+
+ Example:
+
+ http-request set-dst hdr(x-dst)
+ http-request set-dst dst,ipmask(24)
+
+- set-dst-port :
+ Is used to set the destination port address to the value of specified
+ expression. If you want to connect to the new address/port, use
+ '0.0.0.0:0' as a server address in the backend.
+
+ Is a standard HAProxy expression formed by a sample-fetch
+ followed by some converters.
+
+ Example:
+
+ http-request set-dst-port hdr(x-port)
+ http-request set-dst-port int(4000)
+
- "silent-drop" : this stops the evaluation of the rules and makes the
client-facing connection suddenly disappear using a system-dependant way
that tries to prevent the client from being notified. The effect it then
@@ -8718,6 +8746,34 @@ tcp-request connection [{if | unless} ]
Be careful to use "set-src-port" after "set-src", because "set-src" sets
the source port to 0.
+- set-dst :
+ Is used to set the destination IP address to the value of specified
+ expression. Useful if you want to mask IP for privacy in log.
+ If you want to provide an IP from a HTTP header use "http-request
+ set-dst". If you want to connect to the new address/port, use
+ '0.0.0.0:0' as a server address in the backend.
+
+ Is a standard HAProxy expression formed by a sample-fetch
+ followed by some converters.
+
+ Example:
+
+ tcp-request connection set-dst dst,ipmask(24)
+ tcp-request connection set-dst ipv4(10.0.0.1)
+
+- set-dst-port :
+ Is used to set the destination port address to the value of specified
+ expression. If you want to connect to the new address/port, use
+ '0.0.0.0:0' as a server address in the backend.
+
+
+ Is a standard HAProxy expression formed by a sample-fetch
+ followed by some converters.
+
+ Example:
+
+ tcp-request connection set-dst-port int(400