On Friday 08 of July 2011 23:17:12 Sébastien Estienne wrote: > http://devblog.bu.mp/introducing-stud ). Today we have the choice between: > - haproxy 1.4 + patched stunnel > - haproxy 1.5 dev + stud > - patched haproxy 1.4 + stud
There is also fourth option: - patched haproxy 1.4.x + patched stunnel (accept-proxy patch) I'm using attached patch (found it on internet) with stunnel 4.34. Best regards, Brane
diff -ru stunnel-4.34/src/client.c stunnel-4.34-exceliance-aloha-sendproxy/src/client.c --- stunnel-4.34/src/client.c 2010-09-14 17:03:43.000000000 +0200 +++ stunnel-4.34-exceliance-aloha-sendproxy/src/client.c 2010-12-07 22:46:32.421248698 +0100 @@ -86,6 +86,8 @@ c->opt=opt; c->local_rfd.fd=rfd; c->local_wfd.fd=wfd; + if (c->opt->option.sendproxy) + c->sendproxy = 1; return c; } @@ -564,6 +566,73 @@ } } + if (c->sendproxy && !c->ssl_ptr) { + int cfd; + struct sockaddr_storage local_addr; + struct sockaddr_storage peer_addr; + u_char family = AF_UNSPEC; + + cfd = SSL_get_fd(c->ssl); + if (cfd != -1) { + size_t namelen; + + namelen = sizeof(local_addr); + if (!getsockname(cfd, (struct sockaddr *)&local_addr, &namelen)) { + namelen = sizeof(peer_addr); + if (!getpeername(cfd, (struct sockaddr *)&peer_addr, &namelen)) + family = peer_addr.ss_family; + } + } + + if (family == AF_INET) { + + if (BUFFSIZE >= 11) { + memcpy(c->ssl_buff, "PROXY TCP4 ", 11); + c->ssl_ptr += 11; + } + + if (inet_ntop(peer_addr.ss_family, &((struct sockaddr_in*)&peer_addr)->sin_addr, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr)) { + c->ssl_ptr += strlen(c->ssl_buff+c->ssl_ptr); + } + if (c->ssl_ptr != BUFFSIZE) { + c->ssl_buff[c->ssl_ptr] = ' '; + c->ssl_ptr++; + } + if (inet_ntop(local_addr.ss_family, &((struct sockaddr_in*)&local_addr)->sin_addr, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr)) { + c->ssl_ptr += strlen(c->ssl_buff+c->ssl_ptr); + } + c->ssl_ptr += snprintf(c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr, " %u %u\r\n", ntohs(((struct sockaddr_in*)&peer_addr)->sin_port), ntohs(((struct sockaddr_in*)&local_addr)->sin_port)); + } +#if defined(USE_IPv6) && !defined(USE_WIN32) + else if (family == AF_INET6) { + + if (BUFFSIZE >= 11) { + memcpy(c->ssl_buff, "PROXY TCP6 ", 11); + c->ssl_ptr += 11; + } + + if (inet_ntop(peer_addr.ss_family, &((struct sockaddr_in6*)&peer_addr)->sin6_addr, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr)) { + c->ssl_ptr += strlen(c->ssl_buff+c->ssl_ptr); + } + if (c->ssl_ptr != BUFFSIZE) { + c->ssl_buff[c->ssl_ptr] = ' '; + c->ssl_ptr++; + } + if (inet_ntop(local_addr.ss_family, &((struct sockaddr_in6*)&local_addr)->sin6_addr, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr)) { + c->ssl_ptr += strlen(c->ssl_buff+c->ssl_ptr); + } + c->ssl_ptr += snprintf(c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr, " %u %u\r\n", ntohs(((struct sockaddr_in6*)&peer_addr)->sin6_port), ntohs(((struct sockaddr_in6*)&local_addr)->sin6_port)); + } +#endif + else { + if (BUFFSIZE >= 15) { + memcpy(c->ssl_buff, "PROXY UNKNOWN\r\n ", 15); + c->ssl_ptr += 15; + } + } + c->sendproxy = 0; + } + /****************************** update *_wants_* based on new *_ptr */ /* this update is also required for SSL_pending() to be used */ read_wants_read= diff -ru stunnel-4.34/src/options.c stunnel-4.34-exceliance-aloha-sendproxy/src/options.c --- stunnel-4.34/src/options.c 2010-09-14 17:09:36.000000000 +0200 +++ stunnel-4.34-exceliance-aloha-sendproxy/src/options.c 2010-12-07 22:46:26.613204761 +0100 @@ -818,6 +818,29 @@ } #endif + /* sendproxy */ + switch(cmd) { + case CMD_INIT: + section->option.sendproxy=0; + break; + case CMD_EXEC: + if(strcasecmp(opt, "sendproxy")) + break; + if(!strcasecmp(arg, "yes")) + section->option.sendproxy=1; + else if(!strcasecmp(arg, "no")) + section->option.sendproxy=0; + else + return "argument should be either 'yes' or 'no'"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = yes|no append proxy prefix", + "sendproxy"); + break; + } + /* exec */ switch(cmd) { case CMD_INIT: diff -ru stunnel-4.34/src/prototypes.h stunnel-4.34-exceliance-aloha-sendproxy/src/prototypes.h --- stunnel-4.34/src/prototypes.h 2010-09-14 17:09:50.000000000 +0200 +++ stunnel-4.34-exceliance-aloha-sendproxy/src/prototypes.h 2010-12-07 22:47:39.633763055 +0100 @@ -176,6 +176,7 @@ unsigned int retry:1; /* loop remote+program */ unsigned int sessiond:1; unsigned int program:1; + unsigned int sendproxy:1; #ifndef USE_WIN32 unsigned int pty:1; unsigned int transparent:1; @@ -341,6 +342,7 @@ char sock_buff[BUFFSIZE]; /* socket read buffer */ char ssl_buff[BUFFSIZE]; /* SSL read buffer */ + int sendproxy; int sock_ptr, ssl_ptr; /* index of first unused byte in buffer */ FD *sock_rfd, *sock_wfd; /* read and write socket descriptors */ FD *ssl_rfd, *ssl_wfd; /* read and write SSL descriptors */