[master] 8289ea013 Forbid .via backend stacking for now
Nils Goroll
nils.goroll at uplex.de
Mon Feb 20 15:38:06 UTC 2023
commit 8289ea01317c02fc201d8f32cc7210ff1136d552
Author: Nils Goroll <nils.goroll at uplex.de>
Date: Tue Aug 30 14:43:29 2022 +0200
Forbid .via backend stacking for now
suggested by Dridi
diff --git a/bin/varnishtest/tests/c00042.vtc b/bin/varnishtest/tests/c00042.vtc
index 698599d99..b2a99dc97 100644
--- a/bin/varnishtest/tests/c00042.vtc
+++ b/bin/varnishtest/tests/c00042.vtc
@@ -12,7 +12,7 @@ server s2 {
txresp -hdr "Server: s2"
} -start
-# the use case for via-proxy is to have a(n ha)proxy make a(n ssl)
+# the use case for via-proxy is to have a(n ha)proxy make a (TLS)
# connection on our behalf. For the purpose of testing, we use another
# varnish in place - but we are behaving realistically in that we do
# not use any prior information for the actual backend connection -
@@ -145,6 +145,7 @@ client c1 {
txreq -url /s1/5
rxresp
expect resp.status == 200
+
# vmod_proxy returns the empty string if the TLV is absent.
expect resp.http.Authority == ""
} -run
@@ -157,3 +158,21 @@ varnish v1 -errvcl "Cannot set both .via and .path" {
.path = "/path/to/uds";
}
}
+
+varnish v1 -errvcl "Can not stack .via backends" {
+ backend a { .host = "${v2_addr}"; .port = "${v2_port}"; }
+
+ backend b {
+ .via = a;
+ .host = "127.0.0.1";
+ }
+
+ backend c {
+ .via = b;
+ .host = "127.0.0.2";
+ }
+
+ sub vcl_backend_fetch {
+ set bereq.backend = c;
+ }
+}
diff --git a/doc/sphinx/reference/vcl-backend.rst b/doc/sphinx/reference/vcl-backend.rst
index cd4307639..ae1a994ec 100644
--- a/doc/sphinx/reference/vcl-backend.rst
+++ b/doc/sphinx/reference/vcl-backend.rst
@@ -169,8 +169,9 @@ supported.
The ``.via`` attribute is unrelated to ``.proxy_header``. If both are
used, a second header is sent as per ``.proxy_header`` specification.
-As of this release, the *proxy* backend used with ``.via`` can not be a
-director and the protocol is fixed to `PROXY2`_.
+As of this release, the *proxy* backend used with ``.via`` can not be
+a director, it can not itself use ``.via`` (error: *Can not stack .via
+backends*) and the protocol is fixed to `PROXY2`_.
Implementation detail:
diff --git a/lib/libvcc/vcc_backend.c b/lib/libvcc/vcc_backend.c
index c86896623..81f0da98a 100644
--- a/lib/libvcc/vcc_backend.c
+++ b/lib/libvcc/vcc_backend.c
@@ -364,7 +364,8 @@ vcc_ParseProbe(struct vcc *tl)
*/
static void
-vcc_ParseHostDef(struct vcc *tl, const struct token *t_be, const char *vgcname)
+vcc_ParseHostDef(struct vcc *tl, struct symbol *sym,
+ const struct token *t_be, const char *vgcname)
{
const struct token *t_field;
const struct token *t_val;
@@ -548,6 +549,19 @@ vcc_ParseHostDef(struct vcc *tl, const struct token *t_be, const char *vgcname)
ERRCHK(tl);
AN(via);
AN(via->rname);
+
+ if (via->extra != NULL) {
+ AZ(strcmp(via->extra, "via"));
+ VSB_cat(tl->sb,
+ "Can not stack .via backends at\n");
+ vcc_ErrWhere(tl, tl->t);
+ VSB_destroy(&tl->fb);
+ return;
+ }
+
+ AN(sym);
+ AZ(sym->extra);
+ sym->extra = "via";
SkipToken(tl, ';');
} else if (vcc_IdIs(t_field, "authority")) {
ExpectErr(tl, CSTR);
@@ -582,6 +596,9 @@ vcc_ParseHostDef(struct vcc *tl, const struct token *t_be, const char *vgcname)
return;
}
+ if (via != NULL)
+ AZ(via->extra);
+
vsb1 = VSB_new_auto();
AN(vsb1);
VSB_printf(vsb1,
@@ -666,7 +683,7 @@ void
vcc_ParseBackend(struct vcc *tl)
{
struct token *t_first, *t_be;
- struct symbol *sym;
+ struct symbol *sym = NULL;
const char *dn;
tl->ndirector++;
@@ -704,7 +721,7 @@ vcc_ParseBackend(struct vcc *tl)
}
}
Fh(tl, 0, "\nstatic VCL_BACKEND %s;\n", dn);
- vcc_ParseHostDef(tl, t_be, dn);
+ vcc_ParseHostDef(tl, sym, t_be, dn);
if (tl->err) {
VSB_printf(tl->sb,
"\nIn %.*s specification starting at:\n", PF(t_first));
More information about the varnish-commit
mailing list