On Thu, May 23, 2024 at 11:55:13AM +0100, William Manley wrote: > On Thu, May 23, 2024, at 11:34 AM, William Manley wrote: > > On Thu, May 23, 2024, at 10:08 AM, Amaury Denoyelle wrote: > > > On Wed, May 22, 2024 at 04:58:44PM +0100, William Manley wrote: > > > > On Wed, May 22, 2024, at 1:06 PM, Amaury Denoyelle wrote: > > > > > FYI, I just merged a series of fix to improve reverse HTTP. It is now > > > > > possible to use PROXY protocol on preconnect stage. Also, you have the > > > > > availability to use PROXY v2 TLV to differentiate connections. Note > > > > > however that PROXY unique-id is not supported for now due to internal > > > > > API limitations. > > > > > > If you can do not hesitate to test this and report us if it's > > > > > > sufficient > > > > > for you. > > > > I've just tried this out and there's something about these changes that > > > > are causing my tests to fail. > > > > It seems to be triggered by "MEDIUM: rhttp: create session for active > > > > preconnect" > > > > Tested versions: > > > > eb89a7da33ae30da3ed61570aa1597987b59dff3 OK > > > > ceebb09744df367ad84586a341d9336f84f72bce OK > > > > 45b80aed70a597614e31b748328570785099dfec OK > > > > 12c40c25a9520fe3365950184fe724a1f4e91d03 BAD > > > > 60496e884e5220b9330a1d8b3a1218f7988c879a BAD > > > > 4a968d9d274a24e5d00bd3c03dd22fe2563b13af BAD > > > > I'll investigate further tomorrow. > > > > > Hum can you describe what sort of tests you are running ? > > > > [...] > > > > I've attached the configs used during the test. You'll notice that each > > block uses a different IP address from 127.0.0.*. This makes the TCP flow > > graph in wireshark meaningful. I've attached a packet capture of the test > > failing. I'd also attach a packet capture from it succeeding, but it's a > > bit big. I'll look into them and try to figure out where it's going wrong. > I've compared the good trace and the bad trace and I think I can see where > this is going wrong. My RHTTP block on the node looks like: > # Requests from the portal to the node arrive at this frontend over > rhttp: > listen flask_reverse_proxy > mode http > log global > bind rhttp@rhttp_backend/srv > # We dynamically route to the listening socket based on the > hostname, this > # way we can add new domains without a node deploy: > http-request capture req.hdr(X-Remote-IP) len 15 > http-request capture req.hdr(X-Remote-Port) len 5 > http-request set-dst hdr(X-Remote-IP) > http-request set-dst-port hdr(X-Remote-Port) > http-response add-header Vary X-Remote-IP,X-Remote-Port > server srv 0.0.0.0:0 source 127.0.0.8 > It seems like with the active preconnect commit (12c40c25) it ignores > set-dst, so instead of connecting to the IP requested (in this case > 127.0.0.7) it attempts to connect to 127.0.0.8.
Interesting. Could you please try the attached patch and tell me if this solves your issue ? Many thanks, -- Amaury Denoyelle
>From f32cd9a542be2caee223d3902011199b472b361d Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle <adenoye...@haproxy.com> Date: Thu, 23 May 2024 15:06:52 +0200 Subject: [PATCH] BUG/MINOR: connection: swap session addresses on reverse --- src/connection.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/connection.c b/src/connection.c index 97af8f65e..2df2fb700 100644 --- a/src/connection.c +++ b/src/connection.c @@ -2785,6 +2785,7 @@ int conn_reverse(struct connection *conn) session_unown_conn(sess, conn); sess->origin = NULL; session_free(sess); + sess = NULL; conn_set_owner(conn, NULL, NULL); conn->flags |= CO_FL_REVERSED; @@ -2802,6 +2803,8 @@ int conn_reverse(struct connection *conn) /* Invert source and destination addresses if already set. */ SWAP(conn->src, conn->dst); + if (sess) + SWAP(sess->src, sess->dst); conn->reverse.target = NULL; ha_free(&conn->reverse.name.area); -- 2.45.1