Hi Cyril, On Sun, Oct 20, 2013 at 11:35:37PM +0200, Cyril Bonté wrote: > Hi Charles-Antoine, > > Le 14/10/2013 12:01, Willy Tarreau a écrit : > >Hi Charles-Antoine, > > > >On Fri, Oct 11, 2013 at 06:14:17PM +0200, Charles-antoine Guillat-Guignard > >wrote: > >>Hello, > >> > >>After testing the proxy protocol feature to balance SMTP connections to > >>a Postfix > >>2.10 farm, I have to say it is doing nicely, using HAProxy 1.5-dev19. > >> > >>Thank you for this very welcome feature. > >> > >>But I was wondering, is the proxy protocol patch for the current stable > >>version > >>(1.4.24) publicly available? I have been looking for the patch, but > >>could not find > >>it, only mentions of it. > > > >The only proxy protocol patches I'm aware of are those from Cyril Bonté > >and concern the accept side. I think a backport to act on the send side > >would be harder to implement though you may want to attempt it. > > > >If it's just for an internal policy of deploying only stable versions, > >we're still working hard trying to finalize the server-side keep-alive > >so that we can release 1.5. It's more than a few weeks away but could > >possibly match your needs and save you from a backport. > > Indeed, at work we only needed accept-proxy, so I didn't spend time to > backport the "send-proxy" features. And we are planning to officialize > the use of the haproxy 1.5 branch on all of our platforms (at least > those who will upgrade). > If it's not an option for you, let me know and I'll have a look on the > patch to include the "send-proxy" features. It could take some times > before I can release it, as I'm quite (too) busy nowadays.
I would really discourage you from attempting to do so. The send-proxy is quite tricky in that it replaces the normal send() with a temporary one based on an offset in the send-proxy string that is supposed to be built on the fly. On 1.5 it remained bogus for some time and it was hard to get it right. 1.4 is significantly different from 1.5 here and there are some risks of improperly reporting failed connection attempts if not done correctly. Well, you may want to experiment with it for fun, but one should be very cautious about side effects before playing with this on a production server. Best regards, Willy
