1 /* 2 * include/types/connection.h 3 * This file describes the connection struct and associated constants. 4 * 5 * Copyright (C) 2000-2014 Willy Tarreau - w@1wt.eu 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation, version 2.1 10 * exclusively. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 */ 21 22 #ifndef _TYPES_CONNECTION_H 23 #define _TYPES_CONNECTION_H 24 25 #include <stdlib.h> 26 #include <sys/socket.h> 27 28 #include <common/config.h> 29 #include <common/ist.h> 30 31 #include <types/listener.h> 32 #include <types/obj_type.h> 33 #include <types/port_range.h> 34 #include <types/protocol.h> 35 36 #include <netinet/in_systm.h> 37 #include <netinet/ip.h> 38 #include <netinet/ip6.h> 39 40 /* referenced below */ 41 struct connection; 42 struct conn_stream; 43 struct cs_info; 44 struct buffer; 45 struct proxy; 46 struct server; 47 struct session; 48 struct pipe; 49 50 /* socks4 upstream proxy definitions */ 51 struct socks4_request { 52 uint8_t version; /* SOCKS version number, 1 byte, must be 0x04 for this version */ 53 uint8_t command; /* 0x01 = establish a TCP/IP stream connection */ 54 uint16_t port; /* port number, 2 bytes (in network byte order) */ 55 uint32_t ip; /* IP address, 4 bytes (in network byte order) */ 56 char user_id[8]; /* the user ID string, variable length, terminated with a null (0x00); Using "HAProxy\0" */ 57 }; 58 59 /* Note: subscribing to these events is only valid after the caller has really 60 * attempted to perform the operation, and failed to proceed or complete. 61 */ 62 enum sub_event_type { 63 SUB_RETRY_RECV = 0x00000001, /* Schedule the tasklet when we can attempt to recv again */ 64 SUB_RETRY_SEND = 0x00000002, /* Schedule the tasklet when we can attempt to send again */ 65 }; 66 67 struct wait_event { 68 struct tasklet *tasklet; 69 int events; /* set of enum sub_event_type above */ 70 }; 71 72 /* A connection handle is how we differentiate two connections on the lower 73 * layers. It usually is a file descriptor but can be a connection id. 74 */ 75 union conn_handle { 76 int fd; /* file descriptor, for regular sockets */ 77 }; 78 79 /* conn_stream flags */ 80 enum { 81 CS_FL_NONE = 0x00000000, /* Just for initialization purposes */ 82 CS_FL_SHRD = 0x00000010, /* read shut, draining extra data */ 83 CS_FL_SHRR = 0x00000020, /* read shut, resetting extra data */ 84 CS_FL_SHR = CS_FL_SHRD | CS_FL_SHRR, /* read shut status */ 85 86 CS_FL_SHWN = 0x00000040, /* write shut, verbose mode */ 87 CS_FL_SHWS = 0x00000080, /* write shut, silent mode */ 88 CS_FL_SHW = CS_FL_SHWN | CS_FL_SHWS, /* write shut status */ 89 90 91 CS_FL_ERROR = 0x00000100, /* a fatal error was reported */ 92 CS_FL_RCV_MORE = 0x00000200, /* We may have more bytes to transfert */ 93 CS_FL_WANT_ROOM = 0x00000400, /* More bytes to transfert, but not enough room */ 94 CS_FL_ERR_PENDING = 0x00000800, /* An error is pending, but there's still data to be read */ 95 CS_FL_EOS = 0x00001000, /* End of stream delivered to data layer */ 96 /* unused: 0x00002000 */ 97 CS_FL_EOI = 0x00004000, /* end-of-input reached */ 98 CS_FL_MAY_SPLICE = 0x00008000, /* caller may use rcv_pipe() only if this flag is set */ 99 CS_FL_WAIT_FOR_HS = 0x00010000, /* This stream is waiting for handhskae */ 100 CS_FL_KILL_CONN = 0x00020000, /* must kill the connection when the CS closes */ 101 102 /* following flags are supposed to be set by the mux and read/unset by 103 * the stream-interface : 104 */ 105 CS_FL_NOT_FIRST = 0x00100000, /* this stream is not the first one */ 106 CS_FL_READ_PARTIAL = 0x00200000, /* some data were received (not necessarily xferred) */ 107 }; 108 109 /* cs_shutr() modes */ 110 enum cs_shr_mode { 111 CS_SHR_DRAIN = 0, /* read shutdown, drain any extra stuff */ 112 CS_SHR_RESET = 1, /* read shutdown, reset any extra stuff */ 113 }; 114 115 /* cs_shutw() modes */ 116 enum cs_shw_mode { 117 CS_SHW_NORMAL = 0, /* regular write shutdown */ 118 CS_SHW_SILENT = 1, /* imminent close, don't notify peer */ 119 }; 120 121 /* For each direction, we have a CO_FL_{SOCK,DATA}_<DIR>_ENA flag, which 122 * indicates if read or write is desired in that direction for the respective 123 * layers. The current status corresponding to the current layer being used is 124 * remembered in the CO_FL_CURR_<DIR>_ENA flag. The need to poll (ie receipt of 125 * EAGAIN) is remembered at the file descriptor level so that even when the 126 * activity is stopped and restarted, we still remember whether it was needed 127 * to poll before attempting the I/O. 128 * 129 * The CO_FL_CURR_<DIR>_ENA flag is set from the FD status in 130 * conn_refresh_polling_flags(). The FD state is updated according to these 131 * flags in conn_cond_update_polling(). 132 */ 133 134 /* flags for use in connection->flags */ 135 enum { 136 CO_FL_NONE = 0x00000000, /* Just for initialization purposes */ 137 138 /* Do not change these values without updating conn_*_poll_changes() ! */ 139 /* unusued : 0x00000001 */ 140 CO_FL_XPRT_RD_ENA = 0x00000002, /* receiving data is allowed */ 141 CO_FL_CURR_RD_ENA = 0x00000004, /* receiving is currently allowed */ 142 /* unused : 0x00000008 */ 143 144 /* unused : 0x00000010 */ 145 CO_FL_XPRT_WR_ENA = 0x00000020, /* sending data is desired */ 146 CO_FL_CURR_WR_ENA = 0x00000040, /* sending is currently desired */ 147 148 CO_FL_WANT_DRAIN = 0x00000080, /* try to drain pending data when closing */ 149 150 /* These flags indicate whether the Control and Transport layers are initialized */ 151 CO_FL_CTRL_READY = 0x00000100, /* FD was registered, fd_delete() needed */ 152 CO_FL_XPRT_READY = 0x00000200, /* xprt_init() done, xprt_close() needed */ 153 154 CO_FL_WILL_UPDATE = 0x00000400, /* the conn handler will take care of updating the polling */ 155 156 /* This flag is used by data layers to indicate they had to stop 157 * receiving data because a buffer was full. The connection handler 158 * clears it before first calling the I/O and data callbacks. 159 */ 160 CO_FL_WAIT_ROOM = 0x00000800, /* data sink is full */ 161 162 /* These flags are used to report whether the from/to addresses are set or not */ 163 CO_FL_ADDR_FROM_SET = 0x00001000, /* addr.from is set */ 164 CO_FL_ADDR_TO_SET = 0x00002000, /* addr.to is set */ 165 166 CO_FL_EARLY_SSL_HS = 0x00004000, /* We have early data pending, don't start SSL handshake yet */ 167 CO_FL_EARLY_DATA = 0x00008000, /* At least some of the data are early data */ 168 CO_FL_SOCKS4_SEND = 0x00010000, /* handshaking with upstream SOCKS4 proxy, going to send the handshake */ 169 CO_FL_SOCKS4_RECV = 0x00020000, /* handshaking with upstream SOCKS4 proxy, going to check if handshake succeed */ 170 171 /* flags used to remember what shutdown have been performed/reported */ 172 CO_FL_SOCK_RD_SH = 0x00040000, /* SOCK layer was notified about shutr/read0 */ 173 CO_FL_SOCK_WR_SH = 0x00080000, /* SOCK layer asked for shutw */ 174 175 /* flags used to report connection errors or other closing conditions */ 176 CO_FL_ERROR = 0x00100000, /* a fatal error was reported */ 177 CO_FL_NOTIFY_DONE = 0x001C0000, /* any xprt shut/error flags above needs to be reported */ 178 CO_FL_NOTIFY_DATA = 0x001C0000, /* any shut/error flags above needs to be reported */ 179 180 /* flags used to report connection status updates */ 181 CO_FL_CONNECTED = 0x00200000, /* L4+L6 now ready ; extra handshakes may or may not exist */ 182 CO_FL_WAIT_L4_CONN = 0x00400000, /* waiting for L4 to be connected */ 183 CO_FL_WAIT_L6_CONN = 0x00800000, /* waiting for L6 to be connected (eg: SSL) */ 184 185 /*** All the flags below are used for connection handshakes. Any new 186 * handshake should be added after this point, and CO_FL_HANDSHAKE 187 * should be updated. 188 */ 189 CO_FL_SEND_PROXY = 0x01000000, /* send a valid PROXY protocol header */ 190 CO_FL_SSL_WAIT_HS = 0x02000000, /* wait for an SSL handshake to complete */ 191 CO_FL_ACCEPT_PROXY = 0x04000000, /* receive a valid PROXY protocol header */ 192 CO_FL_ACCEPT_CIP = 0x08000000, /* receive a valid NetScaler Client IP header */ 193 194 /* below we have all handshake flags grouped into one */ 195 CO_FL_HANDSHAKE = CO_FL_SEND_PROXY | CO_FL_SSL_WAIT_HS | CO_FL_ACCEPT_PROXY | CO_FL_ACCEPT_CIP | CO_FL_SOCKS4_SEND | CO_FL_SOCKS4_RECV, 196 CO_FL_HANDSHAKE_NOSSL = CO_FL_SEND_PROXY | CO_FL_ACCEPT_PROXY | CO_FL_ACCEPT_CIP | CO_FL_SOCKS4_SEND | CO_FL_SOCKS4_RECV, 197 198 /* This connection may not be shared between clients */ 199 CO_FL_PRIVATE = 0x10000000, 200 201 /* This flag is used to know that a PROXY protocol header was sent by the client */ 202 CO_FL_RCVD_PROXY = 0x20000000, 203 204 /* The connection is unused by its owner */ 205 CO_FL_SESS_IDLE = 0x40000000, 206 207 /* This last flag indicates that the transport layer is used (for instance 208 * by logs) and must not be cleared yet. The last call to conn_xprt_close() 209 * must be done after clearing this flag. 210 */ 211 CO_FL_XPRT_TRACKED = 0x80000000, 212 213 /* below we have all SOCKS handshake flags grouped into one */ 214 CO_FL_SOCKS4 = CO_FL_SOCKS4_SEND | CO_FL_SOCKS4_RECV, 215 }; 216 217 /* possible connection error codes */ 218 enum { 219 CO_ER_NONE, /* no error */ 220 221 CO_ER_CONF_FDLIM, /* reached process' configured FD limitation */ 222 CO_ER_PROC_FDLIM, /* reached process' FD limitation */ 223 CO_ER_SYS_FDLIM, /* reached system's FD limitation */ 224 CO_ER_SYS_MEMLIM, /* reached system buffers limitation */ 225 CO_ER_NOPROTO, /* protocol not supported */ 226 CO_ER_SOCK_ERR, /* other socket error */ 227 228 CO_ER_PORT_RANGE, /* source port range exhausted */ 229 CO_ER_CANT_BIND, /* can't bind to source address */ 230 CO_ER_FREE_PORTS, /* no more free ports on the system */ 231 CO_ER_ADDR_INUSE, /* local address already in use */ 232 233 CO_ER_PRX_EMPTY, /* nothing received in PROXY protocol header */ 234 CO_ER_PRX_ABORT, /* client abort during PROXY protocol header */ 235 CO_ER_PRX_TIMEOUT, /* timeout while waiting for a PROXY header */ 236 CO_ER_PRX_TRUNCATED, /* truncated PROXY protocol header */ 237 CO_ER_PRX_NOT_HDR, /* not a PROXY protocol header */ 238 CO_ER_PRX_BAD_HDR, /* bad PROXY protocol header */ 239 CO_ER_PRX_BAD_PROTO, /* unsupported protocol in PROXY header */ 240 241 CO_ER_CIP_EMPTY, /* nothing received in NetScaler Client IP header */ 242 CO_ER_CIP_ABORT, /* client abort during NetScaler Client IP header */ 243 CO_ER_CIP_TIMEOUT, /* timeout while waiting for a NetScaler Client IP header */ 244 CO_ER_CIP_TRUNCATED, /* truncated NetScaler Client IP header */ 245 CO_ER_CIP_BAD_MAGIC, /* bad magic number in NetScaler Client IP header */ 246 CO_ER_CIP_BAD_PROTO, /* unsupported protocol in NetScaler Client IP header */ 247 248 CO_ER_SSL_EMPTY, /* client closed during SSL handshake */ 249 CO_ER_SSL_ABORT, /* client abort during SSL handshake */ 250 CO_ER_SSL_TIMEOUT, /* timeout during SSL handshake */ 251 CO_ER_SSL_TOO_MANY, /* too many SSL connections */ 252 CO_ER_SSL_NO_MEM, /* no more memory to allocate an SSL connection */ 253 CO_ER_SSL_RENEG, /* forbidden client renegociation */ 254 CO_ER_SSL_CA_FAIL, /* client cert verification failed in the CA chain */ 255 CO_ER_SSL_CRT_FAIL, /* client cert verification failed on the certificate */ 256 CO_ER_SSL_MISMATCH, /* Server presented an SSL certificate different from the configured one */ 257 CO_ER_SSL_MISMATCH_SNI, /* Server presented an SSL certificate different from the expected one */ 258 CO_ER_SSL_HANDSHAKE, /* SSL error during handshake */ 259 CO_ER_SSL_HANDSHAKE_HB, /* SSL error during handshake with heartbeat present */ 260 CO_ER_SSL_KILLED_HB, /* Stopped a TLSv1 heartbeat attack (CVE-2014-0160) */ 261 CO_ER_SSL_NO_TARGET, /* unknown target (not client nor server) */ 262 CO_ER_SSL_EARLY_FAILED, /* Server refused early data */ 263 264 CO_ER_SOCKS4_SEND, /* SOCKS4 Proxy write error during handshake */ 265 CO_ER_SOCKS4_RECV, /* SOCKS4 Proxy read error during handshake */ 266 CO_ER_SOCKS4_DENY, /* SOCKS4 Proxy deny the request */ 267 CO_ER_SOCKS4_ABORT, /* SOCKS4 Proxy handshake aborted by server */ 268 }; 269 270 /* source address settings for outgoing connections */ 271 enum { 272 /* Tproxy exclusive values from 0 to 7 */ 273 CO_SRC_TPROXY_ADDR = 0x0001, /* bind to this non-local address when connecting */ 274 CO_SRC_TPROXY_CIP = 0x0002, /* bind to the client's IP address when connecting */ 275 CO_SRC_TPROXY_CLI = 0x0003, /* bind to the client's IP+port when connecting */ 276 CO_SRC_TPROXY_DYN = 0x0004, /* bind to a dynamically computed non-local address */ 277 CO_SRC_TPROXY_MASK = 0x0007, /* bind to a non-local address when connecting */ 278 279 CO_SRC_BIND = 0x0008, /* bind to a specific source address when connecting */ 280 }; 281 282 /* flags that can be passed to xprt->rcv_buf() and mux->rcv_buf() */ 283 enum { 284 CO_RFL_BUF_WET = 0x0001, /* Buffer still has some output data present */ 285 CO_RFL_BUF_FLUSH = 0x0002, /* Flush mux's buffers but don't read more data */ 286 }; 287 288 /* flags that can be passed to xprt->snd_buf() and mux->snd_buf() */ 289 enum { 290 CO_SFL_MSG_MORE = 0x0001, /* More data to come afterwards */ 291 CO_SFL_STREAMER = 0x0002, /* Producer is continuously streaming data */ 292 }; 293 294 /* known transport layers (for ease of lookup) */ 295 enum { 296 XPRT_RAW = 0, 297 XPRT_SSL = 1, 298 XPRT_HANDSHAKE = 2, 299 XPRT_ENTRIES /* must be last one */ 300 }; 301 302 /* MUX-specific flags */ 303 enum { 304 MX_FL_NONE = 0x00000000, 305 MX_FL_CLEAN_ABRT = 0x00000001, /* abort is clearly reported as an error */ 306 MX_FL_HTX = 0x00000002, /* set if it is an HTX multiplexer */ 307 }; 308 309 /* xprt_ops describes transport-layer operations for a connection. They 310 * generally run over a socket-based control layer, but not always. Some 311 * of them are used for data transfer with the upper layer (rcv_*, snd_*) 312 * and the other ones are used to setup and release the transport layer. 313 */ 314 struct xprt_ops { 315 size_t (*rcv_buf)(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags); /* recv callback */ 316 size_t (*snd_buf)(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags); /* send callback */ 317 int (*rcv_pipe)(struct connection *conn, void *xprt_ctx, struct pipe *pipe, unsigned int count); /* recv-to-pipe callback */ 318 int (*snd_pipe)(struct connection *conn, void *xprt_ctx, struct pipe *pipe); /* send-to-pipe callback */ 319 void (*shutr)(struct connection *conn, void *xprt_ctx, int); /* shutr function */ 320 void (*shutw)(struct connection *conn, void *xprt_ctx, int); /* shutw function */ 321 void (*close)(struct connection *conn, void *xprt_ctx); /* close the transport layer */ 322 int (*init)(struct connection *conn, void **ctx); /* initialize the transport layer */ 323 int (*prepare_bind_conf)(struct bind_conf *conf); /* prepare a whole bind_conf */ 324 void (*destroy_bind_conf)(struct bind_conf *conf); /* destroy a whole bind_conf */ 325 int (*prepare_srv)(struct server *srv); /* prepare a server context */ 326 void (*destroy_srv)(struct server *srv); /* destroy a server context */ 327 int (*get_alpn)(const struct connection *conn, void *xprt_ctx, const char **str, int *len); /* get application layer name */ 328 char name[8]; /* transport layer name, zero-terminated */ 329 int (*subscribe)(struct connection *conn, void *xprt_ctx, int event_type, void *param); /* Subscribe to events, such as "being able to send" */ 330 int (*unsubscribe)(struct connection *conn, void *xprt_ctx, int event_type, void *param); /* Unsubscribe to events */ 331 int (*remove_xprt)(struct connection *conn, void *xprt_ctx, void *toremove_ctx, const struct xprt_ops *newops, void *newctx); /* Remove an xprt from the connection, used by temporary xprt such as the handshake one */ 332 int (*add_xprt)(struct connection *conn, void *xprt_ctx, void *toadd_ctx, const struct xprt_ops *toadd_ops, void **oldxprt_ctx, const struct xprt_ops **oldxprt_ops); /* Add a new XPRT as the new xprt, and return the old one */ 333 }; 334 335 enum mux_ctl_type { 336 MUX_STATUS, /* Expects an int as output, sets it to a combinaison of MUX_STATUS flags */ 337 }; 338 339 #define MUX_STATUS_READY (1 << 0) 340 341 /* mux_ops describes the mux operations, which are to be performed at the 342 * connection level after data are exchanged with the transport layer in order 343 * to propagate them to streams. The <init> function will automatically be 344 * called once the mux is instanciated by the connection's owner at the end 345 * of a transport handshake, when it is about to transfer data and the data 346 * layer is not ready yet. 347 */ 348 struct mux_ops { 349 int (*init)(struct connection *conn, struct proxy *prx, struct session *sess, struct buffer *input); /* early initialization */ 350 int (*wake)(struct connection *conn); /* mux-layer callback to report activity, mandatory */ 351 size_t (*rcv_buf)(struct conn_stream *cs, struct buffer *buf, size_t count, int flags); /* Called from the upper layer to get data */ 352 size_t (*snd_buf)(struct conn_stream *cs, struct buffer *buf, size_t count, int flags); /* Called from the upper layer to send data */ 353 int (*rcv_pipe)(struct conn_stream *cs, struct pipe *pipe, unsigned int count); /* recv-to-pipe callback */ 354 int (*snd_pipe)(struct conn_stream *cs, struct pipe *pipe); /* send-to-pipe callback */ 355 void (*shutr)(struct conn_stream *cs, enum cs_shr_mode); /* shutr function */ 356 void (*shutw)(struct conn_stream *cs, enum cs_shw_mode); /* shutw function */ 357 358 struct conn_stream *(*attach)(struct connection *, struct session *sess); /* Create and attach a conn_stream to an outgoing connection */ 359 const struct conn_stream *(*get_first_cs)(const struct connection *); /* retrieves any valid conn_stream from this connection */ 360 void (*detach)(struct conn_stream *); /* Detach a conn_stream from an outgoing connection, when the request is done */ 361 void (*show_fd)(struct buffer *, struct connection *); /* append some data about connection into chunk for "show fd" */ 362 int (*subscribe)(struct conn_stream *cs, int event_type, void *param); /* Subscribe to events, such as "being able to send" */ 363 int (*unsubscribe)(struct conn_stream *cs, int event_type, void *param); /* Unsubscribe to events */ 364 int (*avail_streams)(struct connection *conn); /* Returns the number of streams still available for a connection */ 365 int (*used_streams)(struct connection *conn); /* Returns the number of streams in use on a connection. */ 366 void (*destroy)(void *ctx); /* Let the mux know one of its users left, so it may have to disappear */ 367 void (*reset)(struct connection *conn); /* Reset the mux, because we're re-trying to connect */ 368 const struct cs_info *(*get_cs_info)(struct conn_stream *cs); /* Return info on the specified conn_stream or NULL if not defined */ 369 int (*ctl)(struct connection *conn, enum mux_ctl_type mux_ctl, void *arg); /* Provides informations about the mux */ 370 unsigned int flags; /* some flags characterizing the mux's capabilities (MX_FL_*) */ 371 char name[8]; /* mux layer name, zero-terminated */ 372 }; 373 374 /* data_cb describes the data layer's recv and send callbacks which are called 375 * when I/O activity was detected after the transport layer is ready. These 376 * callbacks are supposed to make use of the xprt_ops above to exchange data 377 * from/to buffers and pipes. The <wake> callback is used to report activity 378 * at the transport layer, which can be a connection opening/close, or any 379 * data movement. It may abort a connection by returning < 0. 380 */ 381 struct data_cb { 382 int (*wake)(struct conn_stream *cs); /* data-layer callback to report activity */ 383 char name[8]; /* data layer name, zero-terminated */ 384 }; 385 386 struct my_tcphdr { 387 uint16_t source; 388 uint16_t dest; 389 }; 390 391 /* a connection source profile defines all the parameters needed to properly 392 * bind an outgoing connection for a server or proxy. 393 */ 394 395 struct conn_src { 396 unsigned int opts; /* CO_SRC_* */ 397 int iface_len; /* bind interface name length */ 398 char *iface_name; /* bind interface name or NULL */ 399 struct port_range *sport_range; /* optional per-server TCP source ports */ 400 struct sockaddr_storage source_addr; /* the address to which we want to bind for connect() */ 401 #if defined(CONFIG_HAP_TRANSPARENT) 402 struct sockaddr_storage tproxy_addr; /* non-local address we want to bind to for connect() */ 403 char *bind_hdr_name; /* bind to this header name if defined */ 404 int bind_hdr_len; /* length of the name of the header above */ 405 int bind_hdr_occ; /* occurrence number of header above: >0 = from first, <0 = from end, 0=disabled */ 406 #endif 407 }; 408 409 /* 410 * This structure describes the elements of a connection relevant to a stream 411 */ 412 struct conn_stream { 413 enum obj_type obj_type; /* differentiates connection from applet context */ 414 /* 3 bytes hole here */ 415 unsigned int flags; /* CS_FL_* */ 416 struct connection *conn; /* xprt-level connection */ 417 void *data; /* pointer to upper layer's entity (eg: stream interface) */ 418 const struct data_cb *data_cb; /* data layer callbacks. Must be set before xprt->init() */ 419 void *ctx; /* mux-specific context */ 420 }; 421 422 /* 423 * This structure describes the info related to a conn_stream known by the mux 424 * only but usefull for the upper layer. 425 * For now, only some dates and durations are reported. This structure will 426 * envolved. But for now, only the bare minimum is referenced. 427 */ 428 struct cs_info { 429 struct timeval create_date; /* Creation date of the conn_stream in user date */ 430 struct timeval tv_create; /* Creation date of the conn_stream in internal date (monotonic) */ 431 long t_handshake; /* hanshake duration, -1 if never occurs */ 432 long t_idle; /* idle duration, -1 if never occurs */ 433 }; 434 435 /* This structure describes a connection with its methods and data. 436 * A connection may be performed to proxy or server via a local or remote 437 * socket, and can also be made to an internal applet. It can support 438 * several transport schemes (raw, ssl, ...). It can support several 439 * connection control schemes, generally a protocol for socket-oriented 440 * connections, but other methods for applets. The xprt_done_cb() callback 441 * is called once the transport layer initialization is done (success or 442 * failure). It may return < 0 to report an error and require an abort of the 443 * connection being instanciated. It must be removed once done. 444 */ 445 struct connection { 446 /* first cache line */ 447 enum obj_type obj_type; /* differentiates connection from applet context */ 448 unsigned char err_code; /* CO_ER_* */ 449 signed short send_proxy_ofs; /* <0 = offset to (re)send from the end, >0 = send all (reused for SOCKS4) */ 450 unsigned int flags; /* CO_FL_* */ 451 const struct protocol *ctrl; /* operations at the socket layer */ 452 const struct xprt_ops *xprt; /* operations at the transport layer */ 453 const struct mux_ops *mux; /* mux layer opreations. Must be set before xprt->init() */ 454 void *xprt_ctx; /* general purpose pointer, initialized to NULL */ 455 void *ctx; /* highest level context (usually the mux), initialized to NULL */ 456 void *owner; /* pointer to the owner session, or NULL */ 457 enum obj_type *target; /* the target to connect to (server, proxy, applet, ...) */ 458 459 /* second cache line */ 460 struct wait_event *send_wait; /* Task to wake when we're ready to send */ 461 struct wait_event *recv_wait; /* Task to wake when we're ready to recv */ 462 struct list list; /* attach point to various connection lists (idle, ...) */ 463 struct list session_list; /* List of attached connections to a session */ 464 union conn_handle handle; /* connection handle at the socket layer */ 465 const struct netns_entry *proxy_netns; 466 int (*xprt_done_cb)(struct connection *conn); /* callback to notify of end of handshake */ 467 468 /* third cache line and beyond */ 469 void (*destroy_cb)(struct connection *conn); /* callback to notify of imminent death of the connection */ 470 struct { 471 struct sockaddr_storage from; /* client address, or address to spoof when connecting to the server */ 472 struct sockaddr_storage to; /* address reached by the client, or address to connect to */ 473 } addr; /* addresses of the remote side, client for producer and server for consumer */ 474 unsigned int idle_time; /* Time the connection was added to the idle list, or 0 if not in the idle list */ 475 }; 476 477 /* PROTO token registration */ 478 enum proto_proxy_mode { 479 PROTO_MODE_NONE = 0, 480 PROTO_MODE_TCP = 1 << 0, // must not be changed! 481 PROTO_MODE_HTTP = 1 << 1, // must not be changed! 482 PROTO_MODE_HTX = 1 << 2, // must not be changed! 483 PROTO_MODE_ANY = PROTO_MODE_TCP | PROTO_MODE_HTTP, // note: HTX is experimental and must not appear here 484 }; 485 486 enum proto_proxy_side { 487 PROTO_SIDE_NONE = 0, 488 PROTO_SIDE_FE = 1, // same as PR_CAP_FE 489 PROTO_SIDE_BE = 2, // same as PR_CAP_BE 490 PROTO_SIDE_BOTH = PROTO_SIDE_FE | PROTO_SIDE_BE, 491 }; 492 493 struct mux_proto_list { 494 const struct ist token; /* token name and length. Empty is catch-all */ 495 enum proto_proxy_mode mode; 496 enum proto_proxy_side side; 497 const struct mux_ops *mux; 498 struct list list; 499 }; 500 501 /* proxy protocol v2 definitions */ 502 #define PP2_SIGNATURE "\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A" 503 #define PP2_SIGNATURE_LEN 12 504 #define PP2_HEADER_LEN 16 505 506 /* ver_cmd byte */ 507 #define PP2_CMD_LOCAL 0x00 508 #define PP2_CMD_PROXY 0x01 509 #define PP2_CMD_MASK 0x0F 510 511 #define PP2_VERSION 0x20 512 #define PP2_VERSION_MASK 0xF0 513 514 /* fam byte */ 515 #define PP2_TRANS_UNSPEC 0x00 516 #define PP2_TRANS_STREAM 0x01 517 #define PP2_TRANS_DGRAM 0x02 518 #define PP2_TRANS_MASK 0x0F 519 520 #define PP2_FAM_UNSPEC 0x00 521 #define PP2_FAM_INET 0x10 522 #define PP2_FAM_INET6 0x20 523 #define PP2_FAM_UNIX 0x30 524 #define PP2_FAM_MASK 0xF0 525 526 #define PP2_ADDR_LEN_UNSPEC (0) 527 #define PP2_ADDR_LEN_INET (4 + 4 + 2 + 2) 528 #define PP2_ADDR_LEN_INET6 (16 + 16 + 2 + 2) 529 #define PP2_ADDR_LEN_UNIX (108 + 108) 530 531 #define PP2_HDR_LEN_UNSPEC (PP2_HEADER_LEN + PP2_ADDR_LEN_UNSPEC) 532 #define PP2_HDR_LEN_INET (PP2_HEADER_LEN + PP2_ADDR_LEN_INET) 533 #define PP2_HDR_LEN_INET6 (PP2_HEADER_LEN + PP2_ADDR_LEN_INET6) 534 #define PP2_HDR_LEN_UNIX (PP2_HEADER_LEN + PP2_ADDR_LEN_UNIX) 535 536 struct proxy_hdr_v2 { 537 uint8_t sig[12]; /* hex 0D 0A 0D 0A 00 0D 0A 51 55 49 54 0A */ 538 uint8_t ver_cmd; /* protocol version and command */ 539 uint8_t fam; /* protocol family and transport */ 540 uint16_t len; /* number of following bytes part of the header */ 541 union { 542 struct { /* for TCP/UDP over IPv4, len = 12 */ 543 uint32_t src_addr; 544 uint32_t dst_addr; 545 uint16_t src_port; 546 uint16_t dst_port; 547 } ip4; 548 struct { /* for TCP/UDP over IPv6, len = 36 */ 549 uint8_t src_addr[16]; 550 uint8_t dst_addr[16]; 551 uint16_t src_port; 552 uint16_t dst_port; 553 } ip6; 554 struct { /* for AF_UNIX sockets, len = 216 */ 555 uint8_t src_addr[108]; 556 uint8_t dst_addr[108]; 557 } unx; 558 } addr; 559 }; 560 561 #define PP2_TYPE_ALPN 0x01 562 #define PP2_TYPE_AUTHORITY 0x02 563 #define PP2_TYPE_CRC32C 0x03 564 #define PP2_TYPE_NOOP 0x04 565 #define PP2_TYPE_UNIQUE_ID 0x05 566 #define PP2_TYPE_SSL 0x20 567 #define PP2_SUBTYPE_SSL_VERSION 0x21 568 #define PP2_SUBTYPE_SSL_CN 0x22 569 #define PP2_SUBTYPE_SSL_CIPHER 0x23 570 #define PP2_SUBTYPE_SSL_SIG_ALG 0x24 571 #define PP2_SUBTYPE_SSL_KEY_ALG 0x25 572 #define PP2_TYPE_NETNS 0x30 573 574 #define TLV_HEADER_SIZE 3 575 struct tlv { 576 uint8_t type; 577 uint8_t length_hi; 578 uint8_t length_lo; 579 uint8_t value[0]; 580 }__attribute__((packed)); 581 582 struct tlv_ssl { 583 struct tlv tlv; 584 uint8_t client; 585 uint32_t verify; 586 uint8_t sub_tlv[0]; 587 }__attribute__((packed)); 588 589 #define PP2_CLIENT_SSL 0x01 590 #define PP2_CLIENT_CERT_CONN 0x02 591 #define PP2_CLIENT_CERT_SESS 0x04 592 593 594 /* 595 * Linux seems to be able to send 253 fds per sendmsg(), not sure 596 * about the other OSes. 597 */ 598 /* Max number of file descriptors we send in one sendmsg() */ 599 #define MAX_SEND_FD 253 600 601 #define SOCKS4_HS_RSP_LEN 8 602 603 #endif /* _TYPES_CONNECTION_H */ 604 605 /* 606 * Local variables: 607 * c-indent-level: 8 608 * c-basic-offset: 8 609 * End: 610 */ 611