On Thu, May 23, 2024 at 11:55:13AM +0100, William Manley wrote:
> On Thu, May 23, 2024, at 11:34 AM, William Manley wrote:
> > On Thu, May 23, 2024, at 10:08 AM, Amaury Denoyelle wrote:
> > > On Wed, May 22, 2024 at 04:58:44PM +0100, William Manley wrote:
> > > > On Wed, May 22, 2024, at 1:06 PM, Amaury Denoyelle wrote:
> > > > > FYI, I just merged a series of fix to improve reverse HTTP. It is now
> > > > > possible to use PROXY protocol on preconnect stage. Also, you have the
> > > > > availability to use PROXY v2 TLV to differentiate connections. Note
> > > > > however that PROXY unique-id is not supported for now due to internal
> > > > > API limitations.
> > > > > > If you can do not hesitate to test this and report us if it's
> > > > > > sufficient
> > > > > for you.
> > > > I've just tried this out and there's something about these changes that
> > > > are causing my tests to fail.
> > > > It seems to be triggered by "MEDIUM: rhttp: create session for active
> > > > preconnect"
> > > > Tested versions:
> > > > eb89a7da33ae30da3ed61570aa1597987b59dff3 OK
> > > > ceebb09744df367ad84586a341d9336f84f72bce OK
> > > > 45b80aed70a597614e31b748328570785099dfec OK
> > > > 12c40c25a9520fe3365950184fe724a1f4e91d03 BAD
> > > > 60496e884e5220b9330a1d8b3a1218f7988c879a BAD
> > > > 4a968d9d274a24e5d00bd3c03dd22fe2563b13af BAD
> > > > I'll investigate further tomorrow.
> > > > > Hum can you describe what sort of tests you are running ?
> >
> > [...]
> >
> > I've attached the configs used during the test. You'll notice that each
> > block uses a different IP address from 127.0.0.*. This makes the TCP flow
> > graph in wireshark meaningful. I've attached a packet capture of the test
> > failing. I'd also attach a packet capture from it succeeding, but it's a
> > bit big. I'll look into them and try to figure out where it's going wrong.
> I've compared the good trace and the bad trace and I think I can see where
> this is going wrong. My RHTTP block on the node looks like:
> # Requests from the portal to the node arrive at this frontend over
> rhttp:
> listen flask_reverse_proxy
> mode http
> log global
> bind rhttp@rhttp_backend/srv
> # We dynamically route to the listening socket based on the
> hostname, this
> # way we can add new domains without a node deploy:
> http-request capture req.hdr(X-Remote-IP) len 15
> http-request capture req.hdr(X-Remote-Port) len 5
> http-request set-dst hdr(X-Remote-IP)
> http-request set-dst-port hdr(X-Remote-Port)
> http-response add-header Vary X-Remote-IP,X-Remote-Port
> server srv 0.0.0.0:0 source 127.0.0.8
> It seems like with the active preconnect commit (12c40c25) it ignores
> set-dst, so instead of connecting to the IP requested (in this case
> 127.0.0.7) it attempts to connect to 127.0.0.8.
Interesting. Could you please try the attached patch and tell me if this
solves your issue ? Many thanks,
--
Amaury Denoyelle
>From f32cd9a542be2caee223d3902011199b472b361d Mon Sep 17 00:00:00 2001
From: Amaury Denoyelle <adenoye...@haproxy.com>
Date: Thu, 23 May 2024 15:06:52 +0200
Subject: [PATCH] BUG/MINOR: connection: swap session addresses on reverse
---
src/connection.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/connection.c b/src/connection.c
index 97af8f65e..2df2fb700 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -2785,6 +2785,7 @@ int conn_reverse(struct connection *conn)
session_unown_conn(sess, conn);
sess->origin = NULL;
session_free(sess);
+ sess = NULL;
conn_set_owner(conn, NULL, NULL);
conn->flags |= CO_FL_REVERSED;
@@ -2802,6 +2803,8 @@ int conn_reverse(struct connection *conn)
/* Invert source and destination addresses if already set. */
SWAP(conn->src, conn->dst);
+ if (sess)
+ SWAP(sess->src, sess->dst);
conn->reverse.target = NULL;
ha_free(&conn->reverse.name.area);
--
2.45.1
