Hi Bertrand, On Sun, Nov 13, 2016 at 04:37:07PM +0000, Bertrand Jacquin wrote: > This can be useful in order to extend ACL and log format with upstream > proxy information when accept-proxy or accept-netscaler-cip is being > used
Thanks for these patches! Well, I understand that it can be useful, however I'm having an issue with doubling the size of the connection struct, particularly due to the fact that few people use the proxy protocol and that these 256 extra bytes are never used/usable on the other side. For 100k conns, that's 51 extra MB of memory that are used. The most annoying here is that we know that most users only have IPv4 and would be fine with 8-16 bytes per connection). I'm wondering what could be done to address this. I've been thinking about having a pool of available address blocks which would be usable at several places (we also need to have some in the stream interface to fix another problem related to the proxy mode). We could even imagine later having multiple pools depending on the address size if we want to save more resources. I'm not against merging this patchset as-is, but at least I'd like to be sure that we find an elegant long-term solution to this. If it's not too hard to implement we could even implement it later and backport it as a resource usage fix. What do you think ? Thanks, Willy
