Hi Andreas, [ Ccing Bertrand ]
On Thu, Jul 06, 2017 at 01:31:27PM +0200, Andreas Mahnke wrote: > Hello, > > this patch resolves a bug inside the "NetScaler CIP handling" > implementation. > The issue is explained deeper in the existing mailling list thread under > [1]. > > [1]: https://www.mail-archive.com/haproxy@formilux.org/msg25100.html We didn't get feedback from Bertrand who was trying to contact Citrix regarding this. However, I agree that your changes match the examples shown on the support links you provided. Maybe Bertrand is/was using a different version ? Thanks, Willy ---- > From 2482fc346033cbc8a74cd36d9ef27db4bb0daf6c Mon Sep 17 00:00:00 2001 > From: mahnke <andreas.mah...@hansemerkur.de> > Date: Thu, 6 Jul 2017 12:56:10 +0200 > Subject: [PATCH] BUG: NetScaler CIP handling is incorrect > > The "NetScaler CIP handling" implementation was not working as expected. > > Based on tcp dump analysis of the CIP data and the specificaton from > citrix: > > - https://support.citrix.com/article/CTX205670 > - > https://www.citrix.com/blogs/2016/04/25/how-to-enable-client-ip-in-tcpip-option-of-netscaler/ > > some adjustments had to be done in the code in order to get the feature > working as expected. > > The fix was tested with IPv4 and IPv6 backends using NetScaler VPX > version "NS11.1: Build 54.14.nc" > --- > src/connection.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/src/connection.c b/src/connection.c > index 3629094..492fbfe 100644 > --- a/src/connection.c > +++ b/src/connection.c > @@ -722,7 +722,7 @@ int conn_recv_netscaler_cip(struct connection *conn, > int flag) > if (trash.len < 28) > goto missing; > > - line += 8; > + line += 12; > > /* Get IP version from the first four bits */ > ip_v = (*line & 0xf0) >> 4; > @@ -741,7 +741,7 @@ int conn_recv_netscaler_cip(struct connection *conn, > int flag) > /* The protocol does not include a TCP header */ > conn->err_code = CO_ER_CIP_BAD_PROTO; > goto fail; > - } else if (trash.len < (28 + ntohs(hdr_ip4->ip_len))) { > + } else if (trash.len < (12 + ntohs(hdr_ip4->ip_len))) { > /* Fail if buffer length is not large enough to contain > * CIP magic, CIP length, IPv4 header, TCP header */ > goto missing; > @@ -799,7 +799,7 @@ int conn_recv_netscaler_cip(struct connection *conn, > int flag) > goto fail; > } > > - line += cip_len; > + line += (cip_len - 12); > trash.len = line - trash.str; > > /* remove the NetScaler Client IP header from the request. For this > -- > 2.7.4
