Replying to myself, I decided to jump in and just see how far I could get. Looks like I've got something working, a patch of my prototype is here:
http://seriousorange.com/varnish-proxy-proto.patch The one obvious thing wrong with it is that I'm using malloc() to get some memory for configuration (and never freeing it); I can't figure out which memory routines are the right ones to use. Hopefully someone can point me in the right direction with that. Comments gratefully appreciated. Roger Le 3 déc. 2012 à 08:35, Roger Nesbitt a écrit : > Hello, > > I've got a big chunk of time free and would like to scratch my own itch by > implementing the PROXY protocol, as defined at this URL: > http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt > > My thoughts are to initially implement version 1 of the protocol as part of > the HTTP server component. This will allow SSL frontends such as stunnel to > pass through client IP information, a feature that seems to be often > requested. > > I'm completely new to the Varnish source; after having a little look today I > assume that a VMOD will not be possible due to the integration required into > the HTTP parser. > > On first looks, I'm thinking of a detection hook in http1_detect(), although > I'd have to figure out some way to indicate that it's the first http request > handled on a new connection. If a PROXY line is detected, the code would put > the source/destination IP addresses and ports into new variables (maybe > something like proxy.source_ip, proxy.dest_ip, proxy.source_port, > proxy.dest_port) and leave it up to the user to build an X-Forwarded-For > header in VCL should they wish (after checking that client.ip is trusted.) > > Detecting the PROXY line should just be a single memcmp; I'm not sure whether > the community would want this feature to be able to be manually enabled and > disabled. > > Is anyone else currently working on this? Does this idea and general > strategy seem sound? > > Thanks for your help and suggestions. > Roger > _______________________________________________ > varnish-dev mailing list > [email protected] > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
_______________________________________________ varnish-dev mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
