[Wireshark-bugs] [Bug 15714] Support for the PROXY (v1) protocol (HAPROXY) over TCP

Sat, 20 Apr 2019 06:16:37 -0700 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15714

--- Comment #2 from Peter Wu <pe...@lekensteyn.nl> ---
Created attachment 17077
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17077&action=edit
PROXY (v1) capture using nginx

Attached capture is a sample capture created using nginx 1.14.2 on Arch Linux.

Example nginx configuration and Bash commands for testing:

cat > nginx.conf <<EOF
events {
    worker_connections 768;
}
http {
    access_log off;
    server {
        listen 8080 proxy_protocol;
        listen 4433 ssl proxy_protocol;
        ssl_certificate server.pem;
        ssl_certificate_key server.pem;
        return 200 "dummy response\n";
    }
}
stream {
    proxy_protocol on;
    server {
        listen [::]:8081 ipv6only=off;
        proxy_pass 127.0.0.2:8080;
    }
    server {
        listen [::]:4434 ipv6only=off;
        proxy_pass 127.0.0.2:4433;
    }
    server {
        listen 8053 proxy_protocol;
        proxy_pass 1.1.1.1:53;
        proxy_protocol off;
    }
}
EOF

# Start these two commands in separate shells
nginx -g 'daemon off; pid pid;' -p . -c nginx.conf
dumpcap -i lo -p -f 'tcp and (port 8080 or port 8053 or port 4433)' -w
proxy-v1.pcapng

# TCP4 - HTTP
curl -v http://localhost:8081 -4
# TCP6 - TLS
export SSLKEYLOGFILE=keys.txt
curl -vk https://localhost:4434 -6
# TCP4 - PROXY header and DNS-over-TCP in one segment.
proxy='PROXY TCP4 127.0.0.1 192.0.2.10 56432 53\r\n'
dnslen='\x00\x1d'
dns=3e3b01000001000000000000076578616d706c65036e65740000010001
dns="$(sed 's/../\\x&/g' <<<"$dns")"
printf "$proxy$dnslen$dns" | nc 127.0.0.2 8053 -w2
# TCP4 - PROXY header and DNS-over-TCP in one segment, requiring reassembly.
(printf "$proxy$dnslen"; sleep 1; printf "$dns") | nc 127.0.0.2 8053 -w2

# The attached capture also includes decryption secrets to test that
# PROXY support does not break it.
editcap --inject-secrets tls,keys.txt proxy-v1.pcapng proxy-v1-dsb.pcapng

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to