Re: Failed to use the source address for outgoing connections

Mon, 22 Apr 2013 22:42:37 -0700 

Hi,

Have you tried moving the "source" statement directly in the backend?
(just to confirm it works as expected).

Baptiste

On Tue, Apr 23, 2013 at 6:27 AM, Godbach <nylzhao...@gmail.com> wrote:
> Hi, all
>
> I have tested 'source' config in haproxy-1.5-dev18, but it didn't work
> with the following line in default section:
>     source 0.0.0.0 usesrc clientip
>
> Other related settings by iptables and ip rule have been set correctly.
>
> There are some codes in cfg_parse_listen() (Line 1812-1815 in lastest
> commit) to do source function init for a new backend proxy as below
>
>     if (defproxy.conn_src.iface_name)
>         curproxy->conn_src.iface_name =
> strdup(defproxy.conn_src.iface_name);
>     curproxy->conn_src.iface_len = defproxy.conn_src.iface_len;
>     curproxy->conn_src.opts = defproxy.conn_src.opts & ~CO_SRC_TPROXY_MASK;
>
> The last line of codes will set the value of opts represents such as
> 'client', 'clientip' and so on in defproxy to current backend proxy. But
> I was confused that why clear the low three bits. CO_SRC_TPROXY_MASK is
> defined in include/types/connection.h as below:
>
>     /* source address settings for outgoing connections */
>     enum {
>         /* Tproxy exclusive values from 0 to 7 */
>         CO_SRC_TPROXY_ADDR = 0x0001,    /* bind to this non-local address
> when connecting */
>         CO_SRC_TPROXY_CIP  = 0x0002,    /* bind to the client's IP address
> when connecting */
>         CO_SRC_TPROXY_CLI  = 0x0003,    /* bind to the client's IP+port
> when connecting */
>         CO_SRC_TPROXY_DYN  = 0x0004,    /* bind to a dynamically computed
> non-local address */
>         CO_SRC_TPROXY_MASK = 0x0007,    /* bind to a non-local address when
> connecting */
>
>         CO_SRC_BIND        = 0x0008,    /* bind to a specific source
> address when connecting */
>     };
>
> The low three bits store the configuration of usesrc, they should be
> copied to the backend proxy without modified. But they were clear in
> backend proxy actually.
>
> Then I put source configuration 'source 0.0.0.0 usesrc clientip' in
> backend section, the source function can work well.
>
> So in my opinion, the code
>     curproxy->conn_src.opts = defproxy.conn_src.opts & ~CO_SRC_TPROXY_MASK;
> shoulde be modifed as below:
>     curproxy->conn_src.opts = defproxy.conn_src.opts;
>
> Best Regards,
> Godbach
>
>

Reply via email to