Redirect to socks server would be very good for us, we use haproxy to
load balance internal user traffic, happy to use one single rock
stable haproxy solution.


On Mon, Jun 3, 2019 at 8:47 AM Aleksandar Lazic <al-hapr...@none.at> wrote:
>
> Hi.
>
> cipriancraciun, nutinshell and I discussed in the issue above some Socks use 
> cases.
>
> Let me summarize the thread here.
>
> cipriancraciun suggest to handle socks similar to proxy protocol.
> https://github.com/haproxy/haproxy/issues/82#issuecomment-498004333
>
> I don't think that socks could be handled in such simple way
> https://github.com/haproxy/haproxy/issues/82#issuecomment-498023780
>
> nutinshell have another use case which is a `socks4-redirect`
> https://github.com/haproxy/haproxy/issues/82#issuecomment-498007739
>
> I thought that a new action for tcp-request content could be a solution.
> https://github.com/haproxy/haproxy/issues/82#issuecomment-498051143
>
>
> I see at least this use cases from this thread.
>
> * client with explicit SOCKS support -> HAProxy SOCKS frontend -> normal 
> backend
> / servers -- useful for routing only specific domains through HAProxy
>
> The suggestion here is to handle socks in the same way as proxy protocol. As
> mentioned above I don't think that's that easy as the socks protocol is a
> request response system which proxy protocol isn't.
> There are also not only "the" socks protocol as there is socks4,socks4a and
> socks5 with different feature sets and requirements. From what I seen in the
> thread is only socks4 with command **connect** expected. This means that the
> client sends the destination ip and port therefore haproxy does not need to
> resolve the destination.
>
> From my point of view it is at least a similar option like `accept-proxy`
> required for example `accept-socks(4|4a|5)`
>
> One of the question which is open is make `accept-proxy` and
> `accept-socks(4|4a|5)` sense?
>
> @cipriancraciun and others opinions?
>
> * client (with / without) SOCKS support -> HAProxy frontend -> SOCKS enabled
> server -- useful for traffic filtering, and redirection to a proper SOCKS 
> proxy;
>
> The reason why the patch from alec isn't enough is that answer
>
> ```
> From what I read @alec-liu implemented SOCKS4 in the backend only as a way to
> submit requests for to a "fixed" server IP through a "fixed" SOCKS4 proxy 
> server.
> ```
>
> * socks4-redirect "here we want tcp go directly to socks."
>
> I though it could be handled with a new action in `tcp-request content ..` but
> I'm not sure.
>
> ``` for example
> tcp-request content redirect %[src,map(src2dest.txt)] [{if | unless} 
> <condition>]
> ```
>
> It would be nice to see how the redsocks2 server handle this redirect as what 
> I
> have seen from the code are some firewall tools used for the solution. I had
> never such a requirement.
>
> Src: https://github.com/semigodking/redsocks/blob/master/base.c#L306-L318
>
> @nutinshell It would be very helpful to understand what this `socks4-redirect`
> do on tcp/socks level.
>
> I think this feature would be nice in HAProxy but I also think it's a huge
> amount of work and increases the complexity to debug any errors.
>
> Please feel free to correct me if I'm wrong at any statement.
>
> Opinions, suggestions, patches?
>
> Best regards
> Aleks
>

Reply via email to