-
Notifications
You must be signed in to change notification settings - Fork 726
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proxy protocol #923
Proxy protocol #923
Conversation
4a59c86
to
f426cc0
Compare
|
return EDPVS_OK; | ||
} | ||
|
||
if (unlikely(EDPVS_OK != proxy_proto_parse(mbuf, offset, &ppinfo))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If DPVS receives invalid proxy_protocol data, should DPVS terminate the connection or reconstruct the proxy_protocol data?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, we did. If the proxy protocol data is invalid in the original packets, ppinfo.datalen is set to zero in proxy_proto_parse
, and then the following proxy_proto_insert
will add a new one later.
But fragile proxy protocol data may not removed if not recognized. But I think it's reasonable to pass the unknown data to backends in the case.
Signed-off-by: ywc689 <[email protected]>
Signed-off-by: ywc689 <[email protected]>
Signed-off-by: ywc689 <[email protected]>
Signed-off-by: ywc689 <[email protected]>
Signed-off-by: ywc689 <[email protected]>
Signed-off-by: ywc689 <[email protected]>
Signed-off-by: ywc689 <[email protected]>
Signed-off-by: ywc689 <[email protected]>
Signed-off-by: ywc689 <[email protected]>
Signed-off-by: ywc689 <[email protected]>
Signed-off-by: ywc689 <[email protected]>
Signed-off-by: ywc689 <[email protected]>
Signed-off-by: ywc689 <[email protected]>
Signed-off-by: ywc689 <[email protected]>
Signed-off-by: ywc689 <[email protected]>
Signed-off-by: ywc689 <[email protected]>
754d717
to
5db1201
Compare
Two versions -- v1-insecure and v2-insecure -- ared added for the proxy cascading case where the proxy protocol addresses should remain unchanged in the backend proxy server. Meanwhile, the v1 and v2 versions are always using the addresses from client's ip header of inbound packets. Signed-off-by: ywc689 <[email protected]>
5db1201
to
5c5aace
Compare
No description provided.