On Sun, Jun 02, 2019 at 05:30:05PM +0800, Alec Liu wrote:
> Hi Willy,
>
> Here is the full conf:
(...)
> listen HTTPS-20443
> bind 0.0.0.0:20443
> mode http
> option tcp-check
> server Apache2_Via_SocksProxy1_HTTP_SP 192.168.101.227:49980
> send-proxy verify none socks4 127.0.0.1:1080 check-send-proxy
> check-via-socks4 check inter 30000 fastinter 1000
Even with this I can't get it to fail here using the SSH trick you
sent me. I can send requests which are perfectly forwarded and get
the response back.
My config receives HTTP requests on port 20080 (TCP mode), forwards
them to my ssh-based socks server (port 1080), with proxy-proto
encapsulation inside. It then forwards that to a second instance
on port 10080, which decapsulates the PP header, receives the HTTP
requests, processes it, sends a redirect back.
It gives me this (just relevant lines) :
# curl connects to haproxy 1st stage:
11:50:41.844303 accept4(4, {sa_family=AF_INET, sin_port=htons(53894),
sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 9
# haproxy connects to socks server:
11:50:41.844406 socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 10
11:50:41.844433 connect(10, {sa_family=AF_INET, sin_port=htons(1080),
sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now in
progress)
11:50:41.844496 sendto(10, "\4\1'`\177\0\0\1HAProxy\0", 16,
MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 16
11:50:41.844512 recvfrom(10, 0x7ffd7c330f68, 8, MSG_PEEK, NULL, NULL) = -1
EAGAIN (Resource temporarily unavailable)
11:50:41.844524 epoll_ctl(3, EPOLL_CTL_ADD, 10, {EPOLLIN|EPOLLRDHUP, {u32=10,
u64=10}}) = 0
# socks server connects to second stage:
11:50:41.844613 accept4(5, {sa_family=AF_INET, sin_port=htons(41026),
sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 11
11:50:41.844647 recvfrom(11, 0x19082b0, 16384, MSG_PEEK, NULL, NULL) = -1
EAGAIN (Resource temporarily unavailable)
11:50:41.844656 epoll_ctl(3, EPOLL_CTL_ADD, 11, {EPOLLIN|EPOLLRDHUP, {u32=11,
u64=11}}) = 0
# socks server responds with SOCKS4 header:
11:50:41.844691 recvfrom(10, "\0Z\0\0\0\0\0\0", 8, MSG_PEEK, NULL, NULL) = 8
11:50:41.844700 recvfrom(10, "\0Z\0\0\0\0\0\0", 8, 0, NULL, NULL) = 8
# haproxy sends the proxy protocol header:
11:50:41.844711 sendto(10, "PROXY TCP4 127.0.0.1 127.0.0.1 53894 20080\r\n",
44, MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 44
11:50:41.844726 recvfrom(10, 0x196f480, 16384, 0, NULL, NULL) = -1 EAGAIN
(Resource temporarily unavailable)
11:50:41.844736 epoll_ctl(3, EPOLL_CTL_MOD, 10, {EPOLLIN|EPOLLRDHUP, {u32=10,
u64=10}}) = 0
# SOCKS server forwards it to second layer:
11:50:41.844812 recvfrom(11, "PROXY TCP4 127.0.0.1 127.0.0.1 53894 20080\r\n",
16384, MSG_PEEK, NULL, NULL) = 44
11:50:41.844822 recvfrom(11, "PROXY TCP4 127.0.0.1 127.0.0.1 53894 20080\r\n",
44, 0, NULL, NULL) = 44
# curl sends its HTTP request to first stage:
11:50:41.844897 recvfrom(9, "GET / HTTP/1.1\r\nHost: 0:20080\r\nUser-Agent:
curl/7.57.0\r\nAccept: */*\r\n\r\n", 16384, 0, NULL, NULL) = 71
# haproxy forwards it to socks server:
11:50:41.844915 sendto(10, "GET / HTTP/1.1\r\nHost: 0:20080\r\nUser-Agent:
curl/7.57.0\r\nAccept: */*\r\n\r\n", 71, MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) =
71
# which in turn forwards it to second stage:
11:50:41.844995 recvfrom(11, "GET / HTTP/1.1\r\nHost: 0:20080\r\nUser-Agent:
curl/7.57.0\r\nAccept: */*\r\n\r\n", 16328, 0, NULL, NULL) = 71
# second stage responds to socks server:
11:50:41.845091 sendto(11, "HTTP/1.1 302 Found\r\ncontent-length:
0\r\nlocation: /PP\r\ncache-control: no-cache\r\n\r\n", 81,
MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 81
# socks server forwards the response to first stage:
11:50:41.845222 recvfrom(10, "HTTP/1.1 302 Found\r\ncontent-length:
0\r\nlocation: /PP\r\ncache-control: no-cache\r\n\r\n", 16384, 0, NULL, NULL) =
81
# which sends it back to curl:
11:50:41.845241 sendto(9, "HTTP/1.1 302 Found\r\ncontent-length: 0\r\nlocation:
/PP\r\ncache-control: no-cache\r\n\r\n", 81, MSG_DONTWAIT|MSG_NOSIGNAL, NULL,
0) = 81
So at this point I can't reproduce the behaviour :-( Given that changing
the code changes something for you it must be a race somewhere.
Willy
