On Sun, Nov 13, 2016 at 07:48:46PM +0100, Willy Tarreau wrote: > Hi Bertrand, > > On Sun, Nov 13, 2016 at 04:37:07PM +0000, Bertrand Jacquin wrote: > > This can be useful in order to extend ACL and log format with upstream > > proxy information when accept-proxy or accept-netscaler-cip is being > > used > > Thanks for these patches! > > Well, I understand that it can be useful, however I'm having an issue > with doubling the size of the connection struct, particularly due to > the fact that few people use the proxy protocol and that these 256 > extra bytes are never used/usable on the other side. For 100k conns, > that's 51 extra MB of memory that are used. The most annoying here is > that we know that most users only have IPv4 and would be fine with > 8-16 bytes per connection).
This makes total sense indeed. > I'm wondering what could be done to address this. I've been thinking > about having a pool of available address blocks which would be usable > at several places (we also need to have some in the stream interface > to fix another problem related to the proxy mode). We could even > imagine later having multiple pools depending on the address size if > we want to save more resources. > > I'm not against merging this patchset as-is, but at least I'd like > to be sure that we find an elegant long-term solution to this. If > it's not too hard to implement we could even implement it later and > backport it as a resource usage fix. > > What do you think ? I personally have no urgency in getting this merged, so if your prefer to get the right thing done from day one, I really don't mind delay this feature. I understand your proposal, I need to dive deep in this since I believe the change will be pretty invasive, this would take quite some time. Maybe we can #ifdef this feature until we have a proper solution so at least some people might be able to use it while enhancement of addresses structure can happens. Or more easily I may be able to replace the struct proxy_addr with a pointer to a struct proxy_addr that would be initialized only of one of the proxy protocol is in use. Cheers -- Bertrand
signature.asc
Description: Digital signature
