Dear HAProxy-maintainers, We would like to follow up on the patch to make arbitrary proxy protocol TLV entries accessible (submitted in https://www.mail-archive.com/haproxy@formilux.org/msg43082.html). While the goal of having the TLV entries available for custom processing, e.g. in the backend, is clear, we are not sure whether capture is the right mechanism to realize this behaviour. Capture is often used to make information visible in the logs, but not to make information available in the backend. In addition, the index-based interface to retrieve captured values is not suitable for TLVs, since TLVs have a key-value semantic and using the key for retrieval would enhance readability and is less error-prone. A possible alternative solution would be to store the TLV block in the same way as the authority (PP2_TYPE_AUTHORITY). This could result in a key based interface (e.g. req.pp2.tlv(<type>)).
Another aspect which needs discussion are subtypes. Subtypes according to the proxy protocol specification can be part of the TLV type. However, the term subtype in the submitted patch has a different meaning and is part of the value. As such it is vendor specific and has no standardized format. We believe that the processing of anything contained in the value should be up to the user and not to HAProxy. E.g. the user could evaluate the vendor-specific subtype by means of ACL rules. Before implementing an updated version of the patch, we would like to get your opinion on the above mentioned open questions. We are aware of some issues in the first patch which are violating your guidelines, which we will also address in an updated version. Best regards, Christian Menges SAP SE Germany