I'm currently facing a bug in gerrit 3.1.x which strip the last hextet of an IPv6 address. https://bugs.chromium.org/p/gerrit/issues/detail?id=12429#c4
A patch is on its way. Maybe it will make IPv6 logging more consistent. Will post my finding then. -- Ionel GARDAIS ----- Mail original ----- De: "Lukas Tribus" <[email protected]> À: "Ionel GARDAIS" <[email protected]> Cc: "haproxy" <[email protected]> Envoyé: Mardi 3 Mars 2020 20:57:45 Objet: [*EXT*] Re option forwardfor with IPv6 Hello, On Tue, 3 Mar 2020 at 19:06, Ionel GARDAIS <[email protected]> wrote: > > Hi, > > What is the expected behavior of "option forwardfor" with an IPv6 connection ? > Frontend listen on IPv4 and IPv6. The expected behavior is to insert the IPv6 address into the X-F-F header, and this is exactly what happens in my repro here. > For IPv4 incoming connections, the server correctly displays the original IP > address, wether the haproxy-to-server is made with IPv4 or IPv6. > For IPv6 incoming connections, the server displays the IP of haproxy, wether > the haproxy-to-server is made with IPv4 or IPv6. Ok, but "server displays" is not equivalent with "haproxy sends in the X-Forwarded-For header". Does your server actually support IPv6 addresses in this header? If yes, what do you see in your logs/on your servers, when you make a call directly to it without haproxy in the question? curl -H "X-Forwarded-For: 2001:0db8:85a3:0000:0000:8a2e:0370:7334" http://direct-backend-server.example.org/testurl Lukas -- 232 avenue Napoleon BONAPARTE 92500 RUEIL MALMAISON Capital EUR 219 300,00 - RCS Nanterre B 408 832 301 - TVA FR 09 408 832 301
