[master] 8289ea013 Forbid .via backend stacking for now

Mon Feb 20 15:38:06 UTC 2023

commit 8289ea01317c02fc201d8f32cc7210ff1136d552
Author: Nils Goroll <nils.goroll at uplex.de>
Date:   Tue Aug 30 14:43:29 2022 +0200

    Forbid .via backend stacking for now
    
    suggested by Dridi

diff --git a/bin/varnishtest/tests/c00042.vtc b/bin/varnishtest/tests/c00042.vtc
index 698599d99..b2a99dc97 100644
--- a/bin/varnishtest/tests/c00042.vtc
+++ b/bin/varnishtest/tests/c00042.vtc
@@ -12,7 +12,7 @@ server s2 {
 	txresp -hdr "Server: s2"
 } -start
 
-# the use case for via-proxy is to have a(n ha)proxy make a(n ssl)
+# the use case for via-proxy is to have a(n ha)proxy make a (TLS)
 # connection on our behalf. For the purpose of testing, we use another
 # varnish in place - but we are behaving realistically in that we do
 # not use any prior information for the actual backend connection -
@@ -145,6 +145,7 @@ client c1 {
 	txreq -url /s1/5
 	rxresp
 	expect resp.status == 200
+
 	# vmod_proxy returns the empty string if the TLV is absent.
 	expect resp.http.Authority == ""
 } -run
@@ -157,3 +158,21 @@ varnish v1 -errvcl "Cannot set both .via and .path" {
 		.path = "/path/to/uds";
 	}
 }
+
+varnish v1 -errvcl "Can not stack .via backends" {
+	backend a { .host = "${v2_addr}"; .port = "${v2_port}"; }
+
+	backend b {
+		.via = a;
+		.host = "127.0.0.1";
+	}
+
+	backend c {
+		.via = b;
+		.host = "127.0.0.2";
+	}
+
+	sub vcl_backend_fetch {
+		set bereq.backend = c;
+	}
+}
diff --git a/doc/sphinx/reference/vcl-backend.rst b/doc/sphinx/reference/vcl-backend.rst
index cd4307639..ae1a994ec 100644
--- a/doc/sphinx/reference/vcl-backend.rst
+++ b/doc/sphinx/reference/vcl-backend.rst
@@ -169,8 +169,9 @@ supported.
 The ``.via`` attribute is unrelated to ``.proxy_header``. If both are
 used, a second header is sent as per ``.proxy_header`` specification.
 
-As of this release, the *proxy* backend used with ``.via`` can not be a
-director and the protocol is fixed to `PROXY2`_.
+As of this release, the *proxy* backend used with ``.via`` can not be
+a director, it can not itself use ``.via`` (error: *Can not stack .via
+backends*) and the protocol is fixed to `PROXY2`_.
 
 Implementation detail:
 
diff --git a/lib/libvcc/vcc_backend.c b/lib/libvcc/vcc_backend.c
index c86896623..81f0da98a 100644
--- a/lib/libvcc/vcc_backend.c
+++ b/lib/libvcc/vcc_backend.c
@@ -364,7 +364,8 @@ vcc_ParseProbe(struct vcc *tl)
  */
 
 static void
-vcc_ParseHostDef(struct vcc *tl, const struct token *t_be, const char *vgcname)
+vcc_ParseHostDef(struct vcc *tl, struct symbol *sym,
+    const struct token *t_be, const char *vgcname)
 {
 	const struct token *t_field;
 	const struct token *t_val;
@@ -548,6 +549,19 @@ vcc_ParseHostDef(struct vcc *tl, const struct token *t_be, const char *vgcname)
 			ERRCHK(tl);
 			AN(via);
 			AN(via->rname);
+
+			if (via->extra != NULL) {
+				AZ(strcmp(via->extra, "via"));
+				VSB_cat(tl->sb,
+					"Can not stack .via backends at\n");
+				vcc_ErrWhere(tl, tl->t);
+				VSB_destroy(&tl->fb);
+				return;
+			}
+
+			AN(sym);
+			AZ(sym->extra);
+			sym->extra = "via";
 			SkipToken(tl, ';');
 		} else if (vcc_IdIs(t_field, "authority")) {
 			ExpectErr(tl, CSTR);
@@ -582,6 +596,9 @@ vcc_ParseHostDef(struct vcc *tl, const struct token *t_be, const char *vgcname)
 		return;
 	}
 
+	if (via != NULL)
+		AZ(via->extra);
+
 	vsb1 = VSB_new_auto();
 	AN(vsb1);
 	VSB_printf(vsb1,
@@ -666,7 +683,7 @@ void
 vcc_ParseBackend(struct vcc *tl)
 {
 	struct token *t_first, *t_be;
-	struct symbol *sym;
+	struct symbol *sym = NULL;
 	const char *dn;
 
 	tl->ndirector++;
@@ -704,7 +721,7 @@ vcc_ParseBackend(struct vcc *tl)
 		}
 	}
 	Fh(tl, 0, "\nstatic VCL_BACKEND %s;\n", dn);
-	vcc_ParseHostDef(tl, t_be, dn);
+	vcc_ParseHostDef(tl, sym, t_be, dn);
 	if (tl->err) {
 		VSB_printf(tl->sb,
 		    "\nIn %.*s specification starting at:\n", PF(t_first));
