út 24. 11. 2020 v 13:57 odesílatel Christopher Faulet <[email protected]>
napsal:
> > The issue is that although I declared tcp-request/tcp-reponse content
> > send-spoa-group rules, my SPOA agent is called only once with request
> length 0
> > and no payload.
> >
>
> tcp rulesets are only evaluated once. But, you may wait to eval a rule
> using an
> ACL. For instance "if { req.len gt 0 }".
>
>From my experiments I started growing the suspicion that it is the case,
thanks for clarification.
> > My goal is to send every chunk of data read/written on given proxy to
> SPOA
> > agent. Ideally I would like to avoid any buffering, which I thought I
> could
> > achieve using
> >
> https://www.arpalert.org/src/haproxy-lua-api/2.2/index.html#Channel.forward
> > <
> https://www.arpalert.org/src/haproxy-lua-api/2.2/index.html#Channel.forward>
>
> > (not used in my example).
> >
> > Is it feasible? Or do I need to implement my own filter?
>
> With the current SPOE design, it is not possible. But the filters API is
> able to
> do that. Thus with a SPOE refactoring is could be possible too. For now,
> the
> only way to achieve that is to write your own filter. The trace filter is
> a good
> example.
>
> But before, you must eval the requests and responses size you expect.
> Because,
> if smaller than a buffer, including the headers, it is already possible.
>
Unfortunately the limits for request/response sizes capture will be at
least hundreds of kB or more.
So it seems that it's time to dig into the depths of HAProxy filters API :)
Btw are you aware whether HAPEE offers such functionality what I am looking
for (full traffic/content inspection/mirroring)?
SP
