On Mon, Apr 2, 2012 at 11:21 PM, Willy Tarreau <[email protected]> wrote: > Hi Aman, > > On Mon, Apr 02, 2012 at 03:34:08PM -0700, Aman Gupta wrote: >> > OK just to be sure, you should *really* make your changes on 1.5-dev, not >> > 1.4. 1.4 is in deep maintenance mode and I don't intend to merge such >> > changes there, as every time I did I caused some regressions. >> >> I'm in process of porting my patch to 1.5. I don't particularly want >> to run 1.5 in production though, and it occurs to me that my patch is >> quite involved for what I'm trying to accomplish. >> >> My goal is essentially to have the remote ip of the upstream client >> available to my application (sitting behind haproxy). For http >> backends, I can use forwardfor and it works great. However, this >> specific service is raw tcp. I know I can use tproxy, but would prefer >> to avoid upgrading my kernel and setting up additional iptables rules. >> >> The idea with this patch was that the application could connect to >> haproxy to get events and use that data to figure out the upstream >> client's ip. This adds a lot of complexity though, so I'm trying to >> come up with alternatives. The only other obvious solution is to have >> haproxy prepend something to the tcp stream. In my case this will work >> fine, since I can modify my application to extract this from the >> stream before consuming the client data. > > This is the principle of the PROXY protocol. The "send-proxy" server option > was added to 1.5-dev, but it's not in 1.4 though I have the patch to make > this possible. It requires very minor changes to the application and I know > that some people running FTP servers and SSL servers have modified them to > parse this line. The protocol was also already adopted by Stud and Stunnel. > > The protocol is described here : > > http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt > > Please let me know whether you're interested, then I'll check where I left > the patch :-)
This is exactly what I am looking for. I am very much interested in a 1.4 backport, and happy to help with the porting and testing process. Aman > > Willy >
