Hi,
(it's strange I didn't get the original e-mail).
On Tue, Apr 23, 2013 at 6:27 AM, Godbach <nylzhao...@gmail.com> wrote:
Hi, all
I have tested 'source' config in haproxy-1.5-dev18, but it didn't work
with the following line in default section:
source 0.0.0.0 usesrc clientip
Other related settings by iptables and ip rule have been set correctly.
There are some codes in cfg_parse_listen() (Line 1812-1815 in lastest
commit) to do source function init for a new backend proxy as below
if (defproxy.conn_src.iface_name)
curproxy->conn_src.iface_name =
strdup(defproxy.conn_src.iface_name);
curproxy->conn_src.iface_len = defproxy.conn_src.iface_len;
curproxy->conn_src.opts = defproxy.conn_src.opts & ~CO_SRC_TPROXY_MASK;
The last line of codes will set the value of opts represents such as
'client', 'clientip' and so on in defproxy to current backend proxy. But
I was confused that why clear the low three bits. CO_SRC_TPROXY_MASK is
defined in include/types/connection.h as below:
/* source address settings for outgoing connections */
enum {
/* Tproxy exclusive values from 0 to 7 */
CO_SRC_TPROXY_ADDR = 0x0001, /* bind to this non-local address
when connecting */
CO_SRC_TPROXY_CIP = 0x0002, /* bind to the client's IP address
when connecting */
CO_SRC_TPROXY_CLI = 0x0003, /* bind to the client's IP+port
when connecting */
CO_SRC_TPROXY_DYN = 0x0004, /* bind to a dynamically computed
non-local address */
CO_SRC_TPROXY_MASK = 0x0007, /* bind to a non-local address when
connecting */
CO_SRC_BIND = 0x0008, /* bind to a specific source
address when connecting */
};
The low three bits store the configuration of usesrc, they should be
copied to the backend proxy without modified. But they were clear in
backend proxy actually.
Then I put source configuration 'source 0.0.0.0 usesrc clientip' in
backend section, the source function can work well.
So in my opinion, the code
curproxy->conn_src.opts = defproxy.conn_src.opts & ~CO_SRC_TPROXY_MASK;
shoulde be modifed as below:
curproxy->conn_src.opts = defproxy.conn_src.opts;
Godbach, thanks for your analysis, you're perfectly right. I've looked
at the code and before dev15, the bind options were set in the proxy's
options, covered by PR_O_TPXY_MASK, and these bits were not cleared when
creating a new backend from the default section. Since commit ef9a3605,
we have dedicated options for this and indeed the bits are cleared.
Please confirm the modification you suggest works (specifically binding
to an explicit sources address such as "source 0.0.0.0 usesrc 1.2.3.4"),
and if that's OK, please send a patch which I'll happily apply. You can
reuse your analysis above as the commit message, it's perfectly clear!
Best regards,
Willy
Hi, Willy
I have tested the configuration you suggested with the following patch:
diff --git a/src/cfgparse.c b/src/cfgparse.c
index cc515a2..3514e83 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1812,7 +1812,7 @@ int cfg_parse_listen(const char *file, int
linenum, char **args, int kwm)
if (defproxy.conn_src.iface_name)
curproxy->conn_src.iface_name =
strdup(defproxy.conn_src.iface_name);
curproxy->conn_src.iface_len =
defproxy.conn_src.iface_len;
- curproxy->conn_src.opts = defproxy.conn_src.opts
& ~CO_SRC_TPROXY_MASK;
+ curproxy->conn_src.opts = defproxy.conn_src.opts;
}
if (curproxy->cap & PR_CAP_FE) {
With explicit source address set, it still can not work well in default
section, and can work well in backend section.
Wiht 'usesrc client' configuration, it can work well both in default and
backend section after applying the above patch.
I will go on debugging this problem.
Best Regards,
Godbach
