Proxy Protocol - CLIENT_SSL

Sander Hoentjen sander at hoentjen.eu
Thu Dec 29 16:01:28 CET 2016


On 12/23/2016 11:18 AM, Sander Hoentjen wrote:
> Hi list,
>
> I have a questioned about both Hitch and Varnish:
> Does hitch support (defines) PP2_CLIENT_SSL from proxy-protocol [1]?
> The follow-up question is: Can Varnish proxy this information (in
> essence just keep the proxy header as-is)
>
> Regards,
> Sander
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
Hmm, it seems I forgot the link to proxy-protocol [1]:
http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
And then specifically I am talking about the binary header format
(version 2).

"""

If the length specified in the PROXY protocol header indicates that additional
bytes are part of the header beyond the address information, a receiver may
choose to skip over and ignore those bytes, or attempt to interpret those
bytes.

The information in those bytes will be arranged in Type-Length-Value (TLV
vectors) in the following format.  The first byte is the Type of the vector.
The second two bytes represent the length in bytes of the value (not included
the Type and Length bytes), and following the length field is the number of
bytes specified by the length.

        struct pp2_tlv {
            uint8_t type;
            uint8_t length_hi;
            uint8_t length_lo;
            uint8_t value[0];
        };

The following types have already been registered for the <type> field :

        #define PP2_TYPE_ALPN           0x01
        #define PP2_TYPE_AUTHORITY      0x02
        #define PP2_TYPE_SSL            0x20
        #define PP2_SUBTYPE_SSL_VERSION 0x21
        #define PP2_SUBTYPE_SSL_CN      0x22
        #define PP2_TYPE_NETNS          0x30
"""

It would be very nice if Hitch supports this, but I can't find any info
on it. If this is not the right mailing list to ask, it would be nice if
someone can point me in the right direction.

Regards,
Sander



More information about the varnish-misc mailing list