Hello,
I'm trying to do something that seems simple, at least in my head: a
frontend accepting PROXY(2) requests and forwarding them to a PROXY2
backend, keeping whatever TLVs come along. However, I'm finding
myself struggling with how to make this work.
For context, an extremely streamlined conf, from what I consider the
furthest I could succeed:
frontend FE
bind :1300 accept-proxy
use_backend BE
backend BE
server pp2 127.0.0.1:1200 send-proxy-v2
set-proxy-v2-tlv-fmt(5) %[fc_pp_unique_id,bytes(0,8)]
Now here is where it gets puzzling. This is an excerpt from strace
which I will detail next, manually aligned (fingers crossed it will
stay aligned in the email):
09:26:38.653517 recvfrom(10, "\r\n\r\n\x00\r\nQUIT \n
!\x11\x00\x1c\x7f\x00\x00\x01\x7f\x00\x00\x01\x04
L\xba\xa0\x05\x00\x08 P\x04\x02\xf7\xff\x7f\x00\x00\xe1\x00\x02\x04
L", 44, 0, NULL, NULL) = 44 <0.000005>
09:26:38.653870 sendto(11, "\r\n\r\n\x00\r\nQUIT \n
!\x11\x00\x15\x7f\x00\x00\x01\x7f\x00\x00\x01\x04
L\xba\xa0\x05\x00\x06 P\x04\x02\xf7\xff\x7f",
37, MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 37 <0.000031>
The recvfrom, is HAProxy chopping off the PROXY2 bytes from the
socket, since it already analyzed it in a prior MSG_PEEK. Take note
that I inserted spaces to align things. The contents from recvfrom
line is exactly as another application sent. It includes a PROXY2
header, an IPv4 tuple, TLV 0x5 of size 8, containing a pointer:
0x00007ffff7020450, followed by another TLV, 0xE1, size 2, containing
a u16, 0x044c (decimal 1100).
An important point: my configuration is likely incorrect, or simply
doesn't do what I wished it did in the way it is written.
As for the next line, sendto(), HAProxy is not forwarding exactly what
I would expect. In fact, I was under the impression that I didn't
need to specify anything, that it would be simply forward the PROXY2
message, almost untouched. But in my trials, setting TLV 0x5 kind of
propagated it. Kind of, because it did sent out 6 bytes, not the 8
bytes received---it trimmed the nulls.
Now, for the questions.
1- Do I need to explicitly forward things from the PROXY2 message? Is
there a magic knob that will simply do that, which I am overlooking?
I was under the impression that these would be treated just as HTTP
headers: implicitly forwarded.
2- That data trimming was really unexpected. What am I doing wrong?
I could sort it out on the other side (backend), but it feels
hackish/incorrect doing so.
3- Of least importance and not really a question: I couldn't use
symbolic names in the conf (e.g.: neither UNIQUE_ID or
PP2_TYPE_UNIQUE_ID[1]; it is not clear to me which should be used and
HAProxy complains about either).
HAProxy version 3.2-dev8 2025/03/21
Thank you in advance,
[1] http://docs.haproxy.org/dev/configuration.html#7.3.3-fc_pp_tlv
--
Ricardo Nabinger Sanchez https://www.taghos.com.br/
