On Wed, Apr 16, 2014 at 2:14 PM, Willy Tarreau <[email protected]> wrote: >> > Note that this probably marks the death of protocol v2 that nobody >> > implemented >> > yet, but that was supposed to be easier to parse... >> Exim git HEAD has support (for the forthcoming 4.83 release) for Proxy >> Protocol, when built with EXPERIMENTAL_PROXY. This includes support for >> proxy protocols 1 and 2 both. (This is Exim as a server sat behind a >> proxy speaking the proxy protocol, so that connection source checks can >> use the external origin IP). > Great! I noticed it had support for the protocol but did not notice it > supported V2. So actually Exim can probably proudly claim to be the first > one to implement v2 :-)
We can't claim it yet. I recall when I worked on this that I just threw in some skeleton code for v2. Yesterday I verified that the v2 code does not work, so I'm in the process of fixing it. >> Willy, what are your plans for protocol v2 please? If it's going to die >> an early death, I'd rather ensure that Exim rips out support for v2 >> before the first release with support for proxy protocol, otherwise >> we're in for years of pain if someone deploys a proxy which does support >> it. +1 > Nothing is decided, I really think that v2 is much better than v1 in that > it will significantly simplify the life of people who have to deal with > recv(MSG_PEEK) like postscreen and all those who don't want to implement > a possibly dangerous text-based parser. Personally I prefer the text based one, but maybe that just means I'm a little masochistic. > David proposed nice improvements and there are other people asking for > similar improvements. My first thought was that v2 could be compromised, > but David's latest post seems to suggest otherwise. > > The real issue with v2 is that (Exim aside), nobody implements it yet. > And for having started this protocol within haproxy, I know for sure > that without any other agents, it becomes totally useless. > > So right now I'd rather say that we should evaluate the possibilities > to extend it further, then implement it into haproxy. We could even > imagine that the extension binary version becomes v3 if it changes in > any significant way (at least we'll need to pass some frame length). > >> Todd, was v2 support added for feature completeness, or because you >> needed to work with an implementation using it? Completeness. The only implementation I am aware of that is using Exim with Proxy Protocol is using v1. > If you want my opinion, do not remove it, even if you have no other > user right now. Ok. > We've seen after implementing it for stunnel and stud > that just a few agents are enough to ignite adoption in many other > products. It should even be easy to implement into haproxy, it's just > that we need to add a few keywords on the server side for this. BTW, ...Todd
