Hello, We are using haproxy version 1.8.14-1 in a docker container running ubuntu 14.04 / kernel: 4.15.0-39-generic (Base host where container is running 18.04 / kernel 4.15.0-39-generic) getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, sa, &salen) is in fact sometimes returning the source IP instead the destination IP. Using getsockname() instead looks like solving the issue.
https://stackoverflow.com/questions/11417187/getsockopt-so-original-dst-occasionally-returns-client-address For example: Out of 6569124 requests , 4 requests were wrong 0.000060891 % Can we file this as bug ? Get the fixed version in next release ? Also getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, sa, &salen) is used only for send-proxy feature (for connected proxy IP) or any other feature in haproxy also using this ? Thanks for your help. -Roobesh G M From: Mohandass, Roobesh Sent: Wednesday, December 19, 2018 11:36 AM To: haproxy@formilux.org Subject: Send-proxy not modifying some traffic with proxy ip/port details instead retaining same client ip port Hi Team, We have send-proxy configured and running fine all these days. Noticed when we started logging, some traffic which passed from haproxy to backend server noticed that send-proxy is not actually modifying the proxy ip/port, instead retaining same client ip/port like below, PROXY TCP4 192.220.26.39 192.220.26.39 45066 45066 PROXY TCP4 192.220.26.39 192.220.26.39 45075 45075 We tried to sniff the packet the moment it leaves haproxy and above is what we see. This is only happening only sometimes for some traffic and rest of the traffic properly looks good. Could you please see this is a known bug in the version we running or something known issue with send-proxy v1 ? We are running below version of code, haproxy -vv HA-Proxy version 1.8.14-1ppa1~trusty 2018/09/23 Copyright 2000-2018 Willy Tarreau wi...@haproxy.org<mailto:wi...@haproxy.org> Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_NS=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014 Running on OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 Built with Lua version : Lua 5.3.1 Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Encrypted password support via crypt(3): yes Built with multi-threading support. Built with PCRE version : 8.31 2012-07-06 Running on PCRE version : 8.31 2012-07-06 PCRE library supports JIT : no (libpcre build without JIT?) Built with zlib version : 1.2.8 Running on zlib version : 1.2.8 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with network namespace support. Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available filters : [SPOE] spoe [COMP] compression [TRACE] trace Thanks for your help. -Roobesh G M