Hi, > During my tests I can see in the logs that fc_dst_port is 8080. However, > the ACL isn't set to true. If I try the same with "acl test > fc_dst 127.0.0.2" it works as expected. However, this is not what I > need. I also tried different matchers like "acl test fc_dst_port -m int > 8080", "acl test fc_dst_port -m str 8080", "acl test fc_dst_port eq > 8080" but nothing works. What am I doing wrong? Or is it a bug? haproxy > version is 2.6.7-c55bfdb. Thank you for any help. > > Corin
Indeed, there is a bug in the function smp_fetch_dport(): conn_get_src() is used where conn_get_dst() should be used instead. > diff --git a/src/tcp_sample.c b/src/tcp_sample.c > index 925b93291..45a8e0f38 100644 > --- a/src/tcp_sample.c > +++ b/src/tcp_sample.c > @@ -235,7 +235,7 @@ smp_fetch_dport(const struct arg *args, struct sample > *smp, const char *kw, void > else if (kw[0] == 'f') { /* fc_dst_post */ > struct connection *conn = objt_conn(smp->sess->origin); > > - if (conn && conn_get_src(conn)) > + if (conn && conn_get_dst(conn)) > dst = conn_dst(conn); > } > else /* dst_port */ Thank you for telling us, I'm working on the patch Meanwhile, maybe "dst_port" could work as a workaround depending on your needs? Regards, Aurelien