Hi,
> During my tests I can see in the logs that fc_dst_port is 8080. However,
> the ACL isn't set to true. If I try the same with "acl test
> fc_dst 127.0.0.2" it works as expected. However, this is not what I
> need. I also tried different matchers like "acl test fc_dst_port -m int
> 8080", "acl test fc_dst_port -m str 8080", "acl test fc_dst_port eq
> 8080" but nothing works. What am I doing wrong? Or is it a bug? haproxy
> version is 2.6.7-c55bfdb. Thank you for any help.
>
> Corin
Indeed, there is a bug in the function smp_fetch_dport(): conn_get_src()
is used where conn_get_dst() should be used instead.
> diff --git a/src/tcp_sample.c b/src/tcp_sample.c
> index 925b93291..45a8e0f38 100644
> --- a/src/tcp_sample.c
> +++ b/src/tcp_sample.c
> @@ -235,7 +235,7 @@ smp_fetch_dport(const struct arg *args, struct sample
> *smp, const char *kw, void
> else if (kw[0] == 'f') { /* fc_dst_post */
> struct connection *conn = objt_conn(smp->sess->origin);
>
> - if (conn && conn_get_src(conn))
> + if (conn && conn_get_dst(conn))
> dst = conn_dst(conn);
> }
> else /* dst_port */
Thank you for telling us, I'm working on the patch
Meanwhile, maybe "dst_port" could work as a workaround depending on your
needs?
Regards,
Aurelien
