Dne 25.9.2015 v 11:21 Emeric Brun napsal(a):
On 09/25/2015 11:00 AM, Miloš Kozák wrote:
OK, and is it possible to dump the content of such a buffer for inspection?
There is no easy way to do that.
Dne 25.9.2015 v 10:16 Baptiste napsal(a):
On Fri, Sep 25, 2015 at 9:49 AM, Miloš Kozák <milos.ko...@lejmr.com> wrote:
Hi,
thank you for that fix. My solution, which uses -m found, works perfectly
now!
BTW how one can check which packets are considered in that inspect-delay
time period?
Milos
Hi,
HAProxy is not aware of packets. Your kernel is.
Your kernel aggregates packets and report a buffer with data inside to HAProxy.
When HAProxy does not find the information it's looking for, it waits
more, until a timeout or inspect delay occurs.
Hi,
So in you case, every client which provide less than 8 Bytes until the inspect
delay expire.
Anyway i think your last configuration is better than '-m found':
acl px req.payload(0,4) -m bin FF00FF00
acl rib req.payload(5,4) -m bin 00000000
tcp-request content accept if px rib
tcp-request inspect-delay 1s
stick-table type binary len 4 size 50k expire 30m
stick on req.payload(5,4) table protokolX if px !rib
My final working configuration is:
acl px req.payload(0,4) -m bin FF00FF00
acl rib req.payload(5,4) -m bin 00000000
acl ID req.payload(5,4) -m found
tcp-request content accept if px rib
tcp-request inspect-delay 1s
stick-table type binary len 4 size 50k expire 30m
stick on req.payload(5,4) table protokolX if px ID !rib
Because without "-m found" id just does not work.. and I was unable to
find the problem.
Because this way, you will submit incoming clients using 00000000 as ID to the
load balancing algo.
If you use '-m found', all users using ID 00000000 will be sticked on the same
server.
R,
Emeric
