Hi Willy, Can you send me your testing configuration for this? Thank you.
Regards, Alexander Liu On Sun, Jun 2, 2019 at 5:57 PM Willy Tarreau <[email protected]> wrote: > > On Sun, Jun 02, 2019 at 05:30:05PM +0800, Alec Liu wrote: > > Hi Willy, > > > > Here is the full conf: > (...) > > listen HTTPS-20443 > > bind 0.0.0.0:20443 > > mode http > > option tcp-check > > server Apache2_Via_SocksProxy1_HTTP_SP 192.168.101.227:49980 > > send-proxy verify none socks4 127.0.0.1:1080 check-send-proxy > > check-via-socks4 check inter 30000 fastinter 1000 > > Even with this I can't get it to fail here using the SSH trick you > sent me. I can send requests which are perfectly forwarded and get > the response back. > > My config receives HTTP requests on port 20080 (TCP mode), forwards > them to my ssh-based socks server (port 1080), with proxy-proto > encapsulation inside. It then forwards that to a second instance > on port 10080, which decapsulates the PP header, receives the HTTP > requests, processes it, sends a redirect back. > > It gives me this (just relevant lines) : > > # curl connects to haproxy 1st stage: > 11:50:41.844303 accept4(4, {sa_family=AF_INET, sin_port=htons(53894), > sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 9 > > # haproxy connects to socks server: > 11:50:41.844406 socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 10 > 11:50:41.844433 connect(10, {sa_family=AF_INET, sin_port=htons(1080), > sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in > progress) > 11:50:41.844496 sendto(10, "\4\1'`\177\0\0\1HAProxy\0", 16, > MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 16 > 11:50:41.844512 recvfrom(10, 0x7ffd7c330f68, 8, MSG_PEEK, NULL, NULL) = -1 > EAGAIN (Resource temporarily unavailable) > 11:50:41.844524 epoll_ctl(3, EPOLL_CTL_ADD, 10, {EPOLLIN|EPOLLRDHUP, {u32=10, > u64=10}}) = 0 > > # socks server connects to second stage: > 11:50:41.844613 accept4(5, {sa_family=AF_INET, sin_port=htons(41026), > sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 11 > 11:50:41.844647 recvfrom(11, 0x19082b0, 16384, MSG_PEEK, NULL, NULL) = -1 > EAGAIN (Resource temporarily unavailable) > 11:50:41.844656 epoll_ctl(3, EPOLL_CTL_ADD, 11, {EPOLLIN|EPOLLRDHUP, {u32=11, > u64=11}}) = 0 > > # socks server responds with SOCKS4 header: > 11:50:41.844691 recvfrom(10, "\0Z\0\0\0\0\0\0", 8, MSG_PEEK, NULL, NULL) = 8 > 11:50:41.844700 recvfrom(10, "\0Z\0\0\0\0\0\0", 8, 0, NULL, NULL) = 8 > > # haproxy sends the proxy protocol header: > 11:50:41.844711 sendto(10, "PROXY TCP4 127.0.0.1 127.0.0.1 53894 20080\r\n", > 44, MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 44 > 11:50:41.844726 recvfrom(10, 0x196f480, 16384, 0, NULL, NULL) = -1 EAGAIN > (Resource temporarily unavailable) > 11:50:41.844736 epoll_ctl(3, EPOLL_CTL_MOD, 10, {EPOLLIN|EPOLLRDHUP, {u32=10, > u64=10}}) = 0 > > # SOCKS server forwards it to second layer: > 11:50:41.844812 recvfrom(11, "PROXY TCP4 127.0.0.1 127.0.0.1 53894 > 20080\r\n", 16384, MSG_PEEK, NULL, NULL) = 44 > 11:50:41.844822 recvfrom(11, "PROXY TCP4 127.0.0.1 127.0.0.1 53894 > 20080\r\n", 44, 0, NULL, NULL) = 44 > > # curl sends its HTTP request to first stage: > 11:50:41.844897 recvfrom(9, "GET / HTTP/1.1\r\nHost: 0:20080\r\nUser-Agent: > curl/7.57.0\r\nAccept: */*\r\n\r\n", 16384, 0, NULL, NULL) = 71 > > # haproxy forwards it to socks server: > 11:50:41.844915 sendto(10, "GET / HTTP/1.1\r\nHost: 0:20080\r\nUser-Agent: > curl/7.57.0\r\nAccept: */*\r\n\r\n", 71, MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) > = 71 > > # which in turn forwards it to second stage: > 11:50:41.844995 recvfrom(11, "GET / HTTP/1.1\r\nHost: 0:20080\r\nUser-Agent: > curl/7.57.0\r\nAccept: */*\r\n\r\n", 16328, 0, NULL, NULL) = 71 > > # second stage responds to socks server: > 11:50:41.845091 sendto(11, "HTTP/1.1 302 Found\r\ncontent-length: > 0\r\nlocation: /PP\r\ncache-control: no-cache\r\n\r\n", 81, > MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 81 > > # socks server forwards the response to first stage: > 11:50:41.845222 recvfrom(10, "HTTP/1.1 302 Found\r\ncontent-length: > 0\r\nlocation: /PP\r\ncache-control: no-cache\r\n\r\n", 16384, 0, NULL, NULL) > = 81 > > # which sends it back to curl: > 11:50:41.845241 sendto(9, "HTTP/1.1 302 Found\r\ncontent-length: > 0\r\nlocation: /PP\r\ncache-control: no-cache\r\n\r\n", 81, > MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 81 > > So at this point I can't reproduce the behaviour :-( Given that changing > the code changes something for you it must be a race somewhere. > > Willy
