Hi Willy, I had some direct mail conversations with him and he wanted to create a patch based in the findings. In the meantime we got it working using the patch I provided, therefore I sent it yesterday so that it gets integrated and we do not need to patch haproxy on our end everytime a new version comes out.
I wrote him yesterday that the patch was sent by me, but he seems to be out of office until monday - so maybe he will get back to us then. Regards, Andreas On Fri, Jul 7, 2017 at 2:25 PM, Willy Tarreau <[email protected]> wrote: > Hi Andreas, > > [ Ccing Bertrand ] > > On Thu, Jul 06, 2017 at 01:31:27PM +0200, Andreas Mahnke wrote: > > Hello, > > > > this patch resolves a bug inside the "NetScaler CIP handling" > > implementation. > > The issue is explained deeper in the existing mailling list thread under > > [1]. > > > > [1]: https://www.mail-archive.com/[email protected]/msg25100.html > > We didn't get feedback from Bertrand who was trying to contact Citrix > regarding this. However, I agree that your changes match the examples > shown on the support links you provided. Maybe Bertrand is/was using > a different version ? > > Thanks, > Willy > > ---- > > From 2482fc346033cbc8a74cd36d9ef27db4bb0daf6c Mon Sep 17 00:00:00 2001 > > From: mahnke <[email protected]> > > Date: Thu, 6 Jul 2017 12:56:10 +0200 > > Subject: [PATCH] BUG: NetScaler CIP handling is incorrect > > > > The "NetScaler CIP handling" implementation was not working as expected. > > > > Based on tcp dump analysis of the CIP data and the specificaton from > > citrix: > > > > - https://support.citrix.com/article/CTX205670 > > - > > https://www.citrix.com/blogs/2016/04/25/how-to-enable- > client-ip-in-tcpip-option-of-netscaler/ > > > > some adjustments had to be done in the code in order to get the feature > > working as expected. > > > > The fix was tested with IPv4 and IPv6 backends using NetScaler VPX > > version "NS11.1: Build 54.14.nc" > > --- > > src/connection.c | 6 +++--- > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/src/connection.c b/src/connection.c > > index 3629094..492fbfe 100644 > > --- a/src/connection.c > > +++ b/src/connection.c > > @@ -722,7 +722,7 @@ int conn_recv_netscaler_cip(struct connection *conn, > > int flag) > > if (trash.len < 28) > > goto missing; > > > > - line += 8; > > + line += 12; > > > > /* Get IP version from the first four bits */ > > ip_v = (*line & 0xf0) >> 4; > > @@ -741,7 +741,7 @@ int conn_recv_netscaler_cip(struct connection *conn, > > int flag) > > /* The protocol does not include a TCP header */ > > conn->err_code = CO_ER_CIP_BAD_PROTO; > > goto fail; > > - } else if (trash.len < (28 + ntohs(hdr_ip4->ip_len))) { > > + } else if (trash.len < (12 + ntohs(hdr_ip4->ip_len))) { > > /* Fail if buffer length is not large enough to contain > > * CIP magic, CIP length, IPv4 header, TCP header */ > > goto missing; > > @@ -799,7 +799,7 @@ int conn_recv_netscaler_cip(struct connection *conn, > > int flag) > > goto fail; > > } > > > > - line += cip_len; > > + line += (cip_len - 12); > > trash.len = line - trash.str; > > > > /* remove the NetScaler Client IP header from the request. For this > > -- > > 2.7.4 >
