Hi Aleks, > Le 2 févr. 2018 à 20:46, Aleksandar Lazic <[email protected]> a écrit : > > Hi Manu. > > Am 02-02-2018 10:49, schrieb Emmanuel Hocdet: >> Hi Aleks >>> Le 1 févr. 2018 à 23:34, Aleksandar Lazic <[email protected]> a écrit : >>> Hi. >>> ------ Originalnachricht ------ >>> Von: "Emmanuel Hocdet" <[email protected]> >>> An: "haproxy" <[email protected]> >>> Gesendet: 01.02.2018 17:54:46 >>> Betreff: [PATCH] MINOR: introduce proxy-v2-options for send-proxy-v2 >>>> Hi, >>>> It’s patch introduce proxy-v2-options for send-proxy-v2. >>>> Goal is to add more options from doc/proxy-protocol.txt, especially >>>> all TLS informations related to security. >>> Can then this function replace the current one `send-proxy-v2-ssl-cn` && >>> `send-proxy-v2-ssl` >> yes and no, you must add send-proxy-v2 to activate proxy-v2 >>> Let's say when the option is 'ssl-cn' then add all three flags as in the >>> current `srv_parse_send_proxy_cn` function? >>> http://git.haproxy.org/?p=haproxy.git;a=blob;f=src/ssl_sock.c;hb=497959290789002b814b9021a737a3c5f14e7407#l7788 >>> http://git.haproxy.org/?p=haproxy.git;a=blob;f=src/ssl_sock.c;hb=497959290789002b814b9021a737a3c5f14e7407#l7796 >>> We offer with this suggested solution a backward compatibility and the new >>> function is in use. >> you must used "send-proxy-v2 proxy-v2-options ssl » for current >> send-proxy-v2-ssl >> you must used "send-proxy-v2 proxy-v2-options cert-cn » for current >> send-proxy-v2-ssl-cn >> next options should be authority,cert-key,cert-sig,ssl-cipher >>> Maybe in the next step there could be a 'tlv' option which can decode >>> custom tlv's ? >>> http://git.haproxy.org/?p=haproxy.git;a=blob;f=src/connection.c;hb=497959290789002b814b9021a737a3c5f14e7407#l606 >>> Just some brainstorming ;-) >>> What do you mean? >> Haproxy is naturally a producer for ‘tlv’ options (for sure when >> related to ssl). I don’t know how ‘tlv’ options (other than netns) >> could be really useful to consume, passthru coud be more useful. > > How about this example. > > https://www.mail-archive.com/[email protected]/msg28647.html > <https://www.mail-archive.com/[email protected]/msg28647.html> > > How to parse custom PROXY protocol v2 header for custom routing in HAProxy > configuration? > > This case describes a case for AWS own header in PP2 PP2_SUBTYPE_AWS_VPCE_ID > I know it's not easy but maybe worth to discuss how to use the free fields in > PP2 for some acls >
Consume and produce pp-v2 tlv are two different things. For tlv consume, i work with Varnish and the problem is the same: where to store them and how to use them. I do not know of a generic solution, specially in the case of custom tlv. ++ Manu
