BUG/MEDIUM: backend: fix reuse with set-dst/set-dst-port

On backend connection reuse, a hash is calculated from various
parameters, to ensure the selected connection match the requested
parameters. Notably, destination address is one of these parameters.
However, it is only taken into account if using a transparent server
(server address 0.0.0.0).

This may cause issue where an incorrect connection is reused, which is
not targetted to the correct destination address. This may be the case
if a set-dst/set-dst-port is used with a transparent proxy (proxy option
transparent).

The fix is simple enough. Destination address is now always used as
input to the connection reuse hash.

This must be backported up to 2.6. Note that for reverse HTTP to work,
it relies on the following patch, which ensures destination address
remains NULL in this case.

  commit e94baf6ca71cb2319610baa74dbf17b9bc602b18
  BUG/MINOR: rhttp: fix incorrect dst/dst_port values

This commit is contained in:

Amaury Denoyelle

2025-03-31 17:57:56 +02:00

parent d7fa8e88c4

commit 5fda64e87e

1 changed files with 1 additions and 2 deletions

									
										3

src/backend.c
									
											View File
											
				@ -1597,8 +1597,7 @@ int connect_server(struct stream *s)

					}

					/* 3. destination address */

					if (srv && srv_is_transparent(srv))

						hash_params.dst_addr = s->scb->dst;

					hash_params.dst_addr = s->scb->dst;

					/* 4. source address */

					hash_params.src_addr = bind_addr;

BUG/MEDIUM: backend: fix reuse with set-dst/set-dst-port

3 src/backend.c Unescape Escape View File

3

src/backend.c

View File