"Fossies" - the Fresh Open Source Software Archive

Member "haproxy-2.0.0/include/types/listener.h" (16 Jun 2019, 13410 Bytes) of package /linux/misc/haproxy-2.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "listener.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 1.9.8_vs_2.0.0.

    1 /*
    2  * include/types/listener.h
    3  * This file defines the structures needed to manage listeners.
    4  *
    5  * Copyright (C) 2000-2012 Willy Tarreau - w@1wt.eu
    6  *
    7  * This library is free software; you can redistribute it and/or
    8  * modify it under the terms of the GNU Lesser General Public
    9  * License as published by the Free Software Foundation, version 2.1
   10  * exclusively.
   11  *
   12  * This library is distributed in the hope that it will be useful,
   13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   15  * Lesser General Public License for more details.
   16  *
   17  * You should have received a copy of the GNU Lesser General Public
   18  * License along with this library; if not, write to the Free Software
   19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
   20  */
   21 
   22 #ifndef _TYPES_LISTENER_H
   23 #define _TYPES_LISTENER_H
   24 
   25 #include <sys/types.h>
   26 #include <sys/socket.h>
   27 
   28 #ifdef USE_OPENSSL
   29 #include <common/openssl-compat.h>
   30 #include <types/ssl_sock.h>
   31 #endif
   32 
   33 #include <common/config.h>
   34 #include <common/mini-clist.h>
   35 #include <common/hathreads.h>
   36 #include <common/standard.h>
   37 
   38 #include <types/obj_type.h>
   39 #include <eb32tree.h>
   40 
   41 /* Some pointer types reference below */
   42 struct task;
   43 struct protocol;
   44 struct xprt_ops;
   45 struct proxy;
   46 struct fe_counters;
   47 
   48 /* listener state */
   49 enum li_state {
   50     LI_NEW  = 0,    /* not initialized yet */
   51     LI_INIT,        /* all parameters filled in, but not assigned yet */
   52     LI_ASSIGNED,    /* assigned to the protocol, but not listening yet */
   53     LI_PAUSED,      /* listener was paused, it's bound but not listening  */
   54     LI_ZOMBIE,  /* The listener doesn't belong to the process, but is kept opened */
   55     LI_LISTEN,      /* started, listening but not enabled */
   56     LI_READY,       /* started, listening and enabled */
   57     LI_FULL,        /* reached its connection limit */
   58     LI_LIMITED,     /* transient state: limits have been reached, listener is queued */
   59 } __attribute__((packed));
   60 
   61 /* Listener transitions
   62  * calloc()     set()      add_listener()       bind()
   63  * -------> NEW ----> INIT ----------> ASSIGNED -----> LISTEN
   64  * <-------     <----      <----------          <-----
   65  *    free()   bzero()     del_listener()       unbind()
   66  *
   67  * The file descriptor is valid only during these three states :
   68  *
   69  *             disable()
   70  * LISTEN <------------ READY
   71  *   A|   ------------>  |A
   72  *   ||  !max & enable() ||
   73  *   ||                  ||
   74  *   ||              max ||
   75  *   || max & enable()   V| !max
   76  *   |+---------------> FULL
   77  *   +-----------------
   78  *            disable()
   79  *
   80  * The LIMITED state my be used when a limit has been detected just before
   81  * using a listener. In this case, the listener MUST be queued into the
   82  * appropriate wait queue (either the proxy's or the global one). It may be
   83  * set back to the READY state at any instant and for any reason, so one must
   84  * not rely on this state.
   85  */
   86 
   87 /* listener socket options */
   88 #define LI_O_NONE               0x0000
   89 #define LI_O_NOLINGER           0x0001  /* disable linger on this socket */
   90 #define LI_O_FOREIGN            0x0002  /* permit listening on foreign addresses ("transparent") */
   91 #define LI_O_NOQUICKACK         0x0004  /* disable quick ack of immediate data (linux) */
   92 #define LI_O_DEF_ACCEPT         0x0008  /* wait up to 1 second for data before accepting */
   93 #define LI_O_TCP_L4_RULES       0x0010  /* run TCP L4 rules checks on the incoming connection */
   94 #define LI_O_TCP_L5_RULES       0x0020  /* run TCP L5 rules checks on the incoming session */
   95 #define LI_O_CHK_MONNET         0x0040  /* check the source against a monitor-net rule */
   96 #define LI_O_ACC_PROXY          0x0080  /* find the proxied address in the first request line */
   97 #define LI_O_UNLIMITED          0x0100  /* listener not subject to global limits (peers & stats socket) */
   98 #define LI_O_TCP_FO             0x0200  /* enable TCP Fast Open (linux >= 3.7) */
   99 #define LI_O_V6ONLY             0x0400  /* bind to IPv6 only on Linux >= 2.4.21 */
  100 #define LI_O_V4V6               0x0800  /* bind to IPv4/IPv6 on Linux >= 2.4.21 */
  101 #define LI_O_ACC_CIP            0x1000  /* find the proxied address in the NetScaler Client IP header */
  102 #define LI_O_INHERITED          0x2000  /* inherited FD from the parent process (fd@) */
  103 #define LI_O_MWORKER            0x4000  /* keep the FD open in the master but close it in the children */
  104 #define LI_O_NOSTOP             0x8000  /* keep the listener active even after a soft stop */
  105 
  106 /* Note: if a listener uses LI_O_UNLIMITED, it is highly recommended that it adds its own
  107  * maxconn setting to the global.maxsock value so that its resources are reserved.
  108  */
  109 
  110 #ifdef USE_OPENSSL
  111 #define BC_SSL_O_NONE           0x0000
  112 #define BC_SSL_O_NO_TLS_TICKETS 0x0100  /* disable session resumption tickets */
  113 #define BC_SSL_O_PREF_CLIE_CIPH 0x0200  /* prefer client ciphers */
  114 #endif
  115 
  116 /* ssl "bind" settings */
  117 struct ssl_bind_conf {
  118 #ifdef USE_OPENSSL
  119 #ifdef OPENSSL_NPN_NEGOTIATED
  120     char *npn_str;             /* NPN protocol string */
  121     int npn_len;               /* NPN protocol string length */
  122 #endif
  123 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
  124     char *alpn_str;            /* ALPN protocol string */
  125     int alpn_len;              /* ALPN protocol string length */
  126 #endif
  127     int verify:3;              /* verify method (set of SSL_VERIFY_* flags) */
  128     int no_ca_names:1;         /* do not send ca names to clients (ca_file related) */
  129     int early_data:1;          /* early data allowed */
  130     char *ca_file;             /* CAfile to use on verify */
  131     char *crl_file;            /* CRLfile to use on verify */
  132     char *ciphers;             /* cipher suite to use if non-null */
  133 #if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
  134     char *ciphersuites;        /* TLS 1.3 cipher suite to use if non-null */
  135 #endif
  136     char *curves;              /* curves suite to use for ECDHE */
  137     char *ecdhe;               /* named curve to use for ECDHE */
  138     struct tls_version_filter ssl_methods; /* ssl methods */
  139 #endif
  140 };
  141 
  142 /* "bind" line settings */
  143 struct bind_conf {
  144 #ifdef USE_OPENSSL
  145     struct ssl_bind_conf ssl_conf; /* ssl conf for ctx setting */
  146     unsigned long long ca_ignerr;  /* ignored verify errors in handshake if depth > 0 */
  147     unsigned long long crt_ignerr; /* ignored verify errors in handshake if depth == 0 */
  148     SSL_CTX *initial_ctx;      /* SSL context for initial negotiation */
  149     SSL_CTX *default_ctx;      /* SSL context of first/default certificate */
  150     struct ssl_bind_conf *default_ssl_conf; /* custom SSL conf of default_ctx */
  151     int strict_sni;            /* refuse negotiation if sni doesn't match a certificate */
  152     int ssl_options;           /* ssl options */
  153     struct eb_root sni_ctx;    /* sni_ctx tree of all known certs full-names sorted by name */
  154     struct eb_root sni_w_ctx;  /* sni_ctx tree of all known certs wildcards sorted by name */
  155     struct tls_keys_ref *keys_ref; /* TLS ticket keys reference */
  156 
  157     char *ca_sign_file;        /* CAFile used to generate and sign server certificates */
  158     char *ca_sign_pass;        /* CAKey passphrase */
  159 
  160     X509     *ca_sign_cert;    /* CA certificate referenced by ca_file */
  161     EVP_PKEY *ca_sign_pkey;    /* CA private key referenced by ca_key */
  162 #endif
  163     struct proxy *frontend;    /* the frontend all these listeners belong to, or NULL */
  164     const struct mux_proto_list *mux_proto; /* the mux to use for all incoming connections (specified by the "proto" keyword) */
  165     struct xprt_ops *xprt;     /* transport-layer operations for all listeners */
  166     int is_ssl;                /* SSL is required for these listeners */
  167     int generate_certs;        /* 1 if generate-certificates option is set, else 0 */
  168     int level;                 /* stats access level (ACCESS_LVL_*) */
  169     int severity_output;       /* default severity output format in cli feedback messages */
  170     struct list listeners;     /* list of listeners using this bind config */
  171     unsigned long bind_proc;   /* bitmask of processes allowed to use these listeners */
  172     unsigned long bind_thread; /* bitmask of threads allowed to use these listeners */
  173     uint32_t ns_cip_magic;     /* Excepted NetScaler Client IP magic number */
  174     struct list by_fe;         /* next binding for the same frontend, or NULL */
  175     char *arg;                 /* argument passed to "bind" for better error reporting */
  176     char *file;                /* file where the section appears */
  177     int line;                  /* line where the section appears */
  178     struct {                   /* UNIX socket permissions */
  179         uid_t uid;         /* -1 to leave unchanged */
  180         gid_t gid;         /* -1 to leave unchanged */
  181         mode_t mode;       /* 0 to leave unchanged */
  182     } ux;
  183 };
  184 
  185 /* The listener will be directly referenced by the fdtab[] which holds its
  186  * socket. The listener provides the protocol-specific accept() function to
  187  * the fdtab.
  188  */
  189 struct listener {
  190     enum obj_type obj_type;         /* object type = OBJ_TYPE_LISTENER */
  191     enum li_state state;            /* state: NEW, INIT, ASSIGNED, LISTEN, READY, FULL */
  192     short int nice;                 /* nice value to assign to the instanciated tasks */
  193     int fd;             /* the listen socket */
  194     int luid;           /* listener universally unique ID, used for SNMP */
  195     int options;            /* socket options : LI_O_* */
  196     struct fe_counters *counters;   /* statistics counters */
  197     struct protocol *proto;     /* protocol this listener belongs to */
  198     int nbconn;         /* current number of connections on this listener */
  199     int maxconn;            /* maximum connections allowed on this listener */
  200     unsigned int backlog;       /* if set, listen backlog */
  201     int maxaccept;         /* if set, max number of connections accepted at once (-1 when disabled) */
  202     int (*accept)(struct listener *l, int fd, struct sockaddr_storage *addr); /* upper layer's accept() */
  203     enum obj_type *default_target;  /* default target to use for accepted sessions or NULL */
  204     /* cache line boundary */
  205     struct list wait_queue;     /* link element to make the listener wait for something (LI_LIMITED)  */
  206     unsigned int thr_idx;           /* thread indexes for queue distribution : (t2<<16)+t1 */
  207     unsigned int analysers;     /* bitmap of required protocol analysers */
  208     int maxseg;         /* for TCP, advertised MSS */
  209     int tcp_ut;                     /* for TCP, user timeout */
  210     char *interface;        /* interface name or NULL */
  211     char *name;         /* listener's name */
  212 
  213     __decl_hathreads(HA_SPINLOCK_T lock);
  214 
  215     const struct netns_entry *netns; /* network namespace of the listener*/
  216 
  217     /* cache line boundary */
  218     unsigned int thr_conn[MAX_THREADS]; /* number of connections per thread */
  219 
  220     /* cache line boundary */
  221 
  222     struct list by_fe;              /* chaining in frontend's list of listeners */
  223     struct list by_bind;            /* chaining in bind_conf's list of listeners */
  224     struct bind_conf *bind_conf;    /* "bind" line settings, include SSL settings among other things */
  225     struct list proto_list;         /* list in the protocol header */
  226 
  227     /* warning: this struct is huge, keep it at the bottom */
  228     struct sockaddr_storage addr;   /* the address we listen to */
  229     struct {
  230         struct eb32_node id;    /* place in the tree of used IDs */
  231     } conf;             /* config information */
  232 };
  233 
  234 /* Descriptor for a "bind" keyword. The ->parse() function returns 0 in case of
  235  * success, or a combination of ERR_* flags if an error is encountered. The
  236  * function pointer can be NULL if not implemented. The function also has an
  237  * access to the current "bind" config line. The ->skip value tells the parser
  238  * how many words have to be skipped after the keyword.
  239  */
  240 struct bind_kw {
  241     const char *kw;
  242     int (*parse)(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err);
  243     int skip; /* nb of args to skip */
  244 };
  245 struct ssl_bind_kw {
  246     const char *kw;
  247     int (*parse)(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err);
  248     int skip; /* nb of args to skip */
  249 };
  250 
  251 /*
  252  * A keyword list. It is a NULL-terminated array of keywords. It embeds a
  253  * struct list in order to be linked to other lists, allowing it to easily
  254  * be declared where it is needed, and linked without duplicating data nor
  255  * allocating memory. It is also possible to indicate a scope for the keywords.
  256  */
  257 struct bind_kw_list {
  258     const char *scope;
  259     struct list list;
  260     struct bind_kw kw[VAR_ARRAY];
  261 };
  262 
  263 
  264 struct xfer_sock_list {
  265     int fd;
  266     char *iface;
  267     char *namespace;
  268     int options; /* socket options LI_O_* */
  269     struct xfer_sock_list *prev;
  270     struct xfer_sock_list *next;
  271     struct sockaddr_storage addr;
  272 };
  273 
  274 /* This is used to create the accept queue, optimized to be 64 bytes long. */
  275 struct accept_queue_entry {
  276     struct listener *listener;          // 8 bytes
  277     int fd __attribute__((aligned(8))); // 4 bytes
  278     int addr_len;                       // 4 bytes
  279 
  280     union {
  281         sa_family_t family;         // 2 bytes
  282         struct sockaddr_in in;      // 16 bytes
  283         struct sockaddr_in6 in6;    // 28 bytes
  284     } addr; // this is normally 28 bytes
  285     /* 20-bytes hole here */
  286     char pad0[0] __attribute((aligned(64)));
  287 };
  288 
  289 /* The per-thread accept queue ring, must be a power of two minus 1 */
  290 #define ACCEPT_QUEUE_SIZE ((1<<8) - 1)
  291 
  292 struct accept_queue_ring {
  293     unsigned int head;
  294     unsigned int tail;
  295     struct task *task;  /* task of the thread owning this ring */
  296     struct accept_queue_entry entry[ACCEPT_QUEUE_SIZE] __attribute((aligned(64)));
  297 };
  298 
  299 
  300 #endif /* _TYPES_LISTENER_H */
  301 
  302 /*
  303  * Local variables:
  304  *  c-indent-level: 8
  305  *  c-basic-offset: 8
  306  * End:
  307  */