Hello, this patch resolves a bug inside the "NetScaler CIP handling" implementation. The issue is explained deeper in the existing mailling list thread under [1].
[1]: https://www.mail-archive.com/haproxy@formilux.org/msg25100.html Best regards, Andreas >From 2482fc346033cbc8a74cd36d9ef27db4bb0daf6c Mon Sep 17 00:00:00 2001 From: mahnke <andreas.mah...@hansemerkur.de> Date: Thu, 6 Jul 2017 12:56:10 +0200 Subject: [PATCH] BUG: NetScaler CIP handling is incorrect The "NetScaler CIP handling" implementation was not working as expected. Based on tcp dump analysis of the CIP data and the specificaton from citrix: - https://support.citrix.com/article/CTX205670 - https://www.citrix.com/blogs/2016/04/25/how-to-enable-client-ip-in-tcpip-option-of-netscaler/ some adjustments had to be done in the code in order to get the feature working as expected. The fix was tested with IPv4 and IPv6 backends using NetScaler VPX version "NS11.1: Build 54.14.nc" --- src/connection.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/connection.c b/src/connection.c index 3629094..492fbfe 100644 --- a/src/connection.c +++ b/src/connection.c @@ -722,7 +722,7 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag) if (trash.len < 28) goto missing; - line += 8; + line += 12; /* Get IP version from the first four bits */ ip_v = (*line & 0xf0) >> 4; @@ -741,7 +741,7 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag) /* The protocol does not include a TCP header */ conn->err_code = CO_ER_CIP_BAD_PROTO; goto fail; - } else if (trash.len < (28 + ntohs(hdr_ip4->ip_len))) { + } else if (trash.len < (12 + ntohs(hdr_ip4->ip_len))) { /* Fail if buffer length is not large enough to contain * CIP magic, CIP length, IPv4 header, TCP header */ goto missing; @@ -799,7 +799,7 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag) goto fail; } - line += cip_len; + line += (cip_len - 12); trash.len = line - trash.str; /* remove the NetScaler Client IP header from the request. For this -- 2.7.4