Hi Willy, Attached is my updated patch per your styling update request.
Thanks, Erik On 2016 May 26 Thu at 08:40:00, Willy Tarreau (w...@1wt.eu) wrote: Hi Erik, sorry for the long delay. On Thu, May 12, 2016 at 11:26:29AM +0200, Erik Seres wrote: > If the client provides the server name it intends to connect to, per RFC3546, > Section 3.1. Server Name Indication, this patch will pass the server name > onto the backend server as part of the proxy protocol v2 header. > > The patch defines the new SSL subtype PP2_TYPE_SSL_SNI and the corresponding > flag PP2_CLIENT_SNI to accomplish this in an additional TLV. > > Please review. I think this is OK technically speaking. And it's something we've indeed been missing. It is also important to note that even with this there is no way for haproxy to extract the SNI information from the PP header, but I don't see how to do this cleanly and efficiently for now. I just have one minor comment regarding a style issue (which is not yours but comes from the few lines you copied a few lines above) : diff --git a/src/connection.c b/src/connection.c index 330f3ef..f7efac3 100644 --- a/src/connection.c +++ b/src/connection.c @@ -820,6 +820,11 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec ssl_tlv_len += make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, cn_trash->len, cn_trash->str); } } + value = ssl_sock_get_servername(remote); + if (value) { + tlv->client |= PP2_CLIENT_SNI; + ssl_tlv_len += make_tlv(&buf[ret+ssl_tlv_len], (buf_len-ret-ssl_tlv_len), PP2_TYPE_SSL_SNI, strlen(value), value); + } Please always put spaces around operators above, that makes expressions much more readable. Otherwise I'm fine with merging it. Regards, Willy
0001-RFC-MINOR-connection-Add-server-name-to-proxy-protoc.patch
Description: Binary data