PROXY protocol

Roger Nesbitt roger at seriousorange.com
Mon Dec 3 15:10:45 CET 2012 

Replying to myself, I decided to jump in and just see how far I could get.  Looks like I've got something working, a patch of my prototype is here:

  http://seriousorange.com/varnish-proxy-proto.patch

The one obvious thing wrong with it is that I'm using malloc() to get some memory for configuration (and never freeing it); I can't figure out which memory routines are the right ones to use.  Hopefully someone can point me in the right direction with that.

Comments gratefully appreciated.
Roger

Le 3 déc. 2012 à 08:35, Roger Nesbitt a écrit :

> Hello,
> 
> I've got a big chunk of time free and would like to scratch my own itch by implementing the PROXY protocol, as defined at this URL:
> http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
> 
> My thoughts are to initially implement version 1 of the protocol as part of the HTTP server component.  This will allow SSL frontends such as stunnel to pass through client IP information, a feature that seems to be often requested.
> 
> I'm completely new to the Varnish source; after having a little look today I assume that a VMOD will not be possible due to the integration required into the HTTP parser.
> 
> On first looks, I'm thinking of a detection hook in http1_detect(), although I'd have to figure out some way to indicate that it's the first http request handled on a new connection.  If a PROXY line is detected, the code would put the source/destination IP addresses and ports into new variables (maybe something like proxy.source_ip, proxy.dest_ip, proxy.source_port, proxy.dest_port) and leave it up to the user to build an X-Forwarded-For header in VCL should they wish (after checking that client.ip is trusted.)
> 
> Detecting the PROXY line should just be a single memcmp; I'm not sure whether the community would want this feature to be able to be manually enabled and disabled.
> 
> Is anyone else currently working on this?  Does this idea and general strategy seem sound?
> 
> Thanks for your help and suggestions.
> Roger
> _______________________________________________
> varnish-dev mailing list
> varnish-dev at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-dev/attachments/20121203/c05334f6/attachment.html>

More information about the varnish-dev mailing list