From a3b31c481c293dccb7ed40285fb4807e8d3c4523 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Mon, 28 Feb 2022 11:49:02 +0100 Subject: [PATCH] BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI health-checks When an HTTP health-check is performed in FCGI, we must not rely on the SI source and destination addresses to set default parameters (REMOTE_ADDR/REMOTE_PORT and SERVER_NAME/SERVER_PORT) because the backend conn-stream is not attached to a stream but to a healt-check. Thus, there is no stream-interface. In addition, there is no client connection because it is an "internal" session. Thus, for now, in this case, there is only the server connection that can be used. So src/dst addresses are retrieved from the server connection when the CS application is a health-check. This patch should solve issue #1572. It must be backported to 2.5. Note than the CS api has changed. Thus, on HAProxy 2.5, we should test the session's origin instead: const struct sockaddr_storage *src = (cs_check(fstrm->cs) ? ...); const struct sockaddr_storage *dst = (cs_check(fstrm->cs) ? ...); (cherry picked from commit 4ab8438362e9c37338350984afb76b393769f998) Signed-off-by: Christopher Faulet --- src/mux_fcgi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/mux_fcgi.c b/src/mux_fcgi.c index ba3a546..99bf3f2 100644 --- a/src/mux_fcgi.c +++ b/src/mux_fcgi.c @@ -1229,8 +1229,8 @@ static int fcgi_set_default_param(struct fcgi_conn *fconn, struct fcgi_strm *fst struct fcgi_strm_params *params) { struct connection *cli_conn = objt_conn(fstrm->sess->origin); - const struct sockaddr_storage *src = si_src(si_opposite(fstrm->cs->data)); - const struct sockaddr_storage *dst = si_dst(si_opposite(fstrm->cs->data)); + const struct sockaddr_storage *src = (objt_check(fstrm->sess->origin) ? conn_src(fconn->conn) : si_src(si_opposite(fstrm->cs->data))); + const struct sockaddr_storage *dst = (objt_check(fstrm->sess->origin) ? conn_dst(fconn->conn) : si_dst(si_opposite(fstrm->cs->data))); struct ist p; if (!sl) -- 1.7.10.4