Welcome! Log In Create A New Profile

Re: [PATCH] proxy-protocol dst variables and proxy-proxy-protocol

Forum List Message List New Topic Print View

Dmitry Volyntsev

September 20, 2016 11:20AM

On 20.09.2016 15:50, Bjørnar Ness wrote:
> 2016-09-20 13:16 GMT+02:00 Dmitry Volyntsev <xeioex@nginx.com>:
>> Could you please clarify what a problem are you trying to solve? Any real
>> world scenario?
>
> Hello, Dmitry, thanks for responding.
>
> The first problem I am trying to solve is the case where we have:
>
> LB -> nginx_proxy -> (something_with_proxy_protocol_support)
>
> Here, if proxy_protocol is enabled on both listen and outgoing, it
> is logical to assume the user wants the incoming header passed
> on directly.

Transparent proxy protocol bypass sounds like a valid use case.

>
> Also, I want access to the _dst part of the proxy protocol to make
> decisions based on the original destination address, which is
> currently unavailable.

Why do you need to know the destination address? could you elaborate
what do you want to know on the
"(something_with_proxy_protocol_support)" side?

If you have a fixed set of LBs you could configure a separate listen
in nginx configuration per each LB.

>
> I chose to expose both $proxy_protocol_(src|dst)_(addr|port) and keep
> backwards compability with the original $proxy_protocol_(addr|port),
> which I suggest removing since its naming is confusing wrt src/dst.
>
> Storing these as ngx_str_t can definately be discussed, atleast if
> you plan/want proxyprotocol v2 support. In that case it would
> perhaps make sense to use something like:
>
> struct proxy_protocol_data {
> int socket_type;
> struct sockaddr src;
> struct sockaddr dst;
> }
>
> and in ngx_connection_t
>
> struct proxy_protocol_data *proxy_protocol;
>
> What do you think? I feel storing as strings makes sense until the need
> for v2 arises, also, it makes the proxy-proxy-protocol support simple.
>
>> http://nginx.org/en/docs/contributing_changes.html
>>> Try to make it clear why the suggested change is needed, and provide a use
>>> case, if possible.
>
> Thanks, I will keep to this standard in future updates.
>
> --
> Bj(/)rnar
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH] proxy-protocol dst variables and proxy-proxy-protocol	Bjørnar Ness	433	September 18, 2016 08:14AM
Re: [PATCH] proxy-protocol dst variables and proxy-proxy-protocol	Bjørnar Ness	210	September 19, 2016 03:50PM
Re: [PATCH] proxy-protocol dst variables and proxy-proxy-protocol	Dmitry Volyntsev	208	September 20, 2016 07:18AM
Re: [PATCH] proxy-protocol dst variables and proxy-proxy-protocol	Bjørnar Ness	190	September 20, 2016 08:52AM
Re: [PATCH] proxy-protocol dst variables and proxy-proxy-protocol	Dmitry Volyntsev	233	September 20, 2016 11:20AM
Re: [PATCH] proxy-protocol dst variables and proxy-proxy-protocol	Bjørnar Ness	208	September 20, 2016 01:20PM
Re: [PATCH] proxy-protocol dst variables and proxy-proxy-protocol	Bjørnar Ness	177	November 03, 2016 03:38PM
Re: [PATCH] proxy-protocol dst variables and proxy-proxy-protocol	Maxim Dounin	155	November 09, 2016 01:22PM
Re: [PATCH] proxy-protocol dst variables and proxy-proxy-protocol	Bjørnar Ness	181	November 09, 2016 02:54PM
Re: [PATCH] proxy-protocol dst variables and proxy-proxy-protocol	Maxim Dounin	158	November 09, 2016 06:54PM
Re: [PATCH] proxy-protocol dst variables and proxy-proxy-protocol	Bjørnar Ness	160	November 09, 2016 07:08PM
Re: [PATCH] proxy-protocol dst variables and proxy-proxy-protocol	Maxim Dounin	187	November 10, 2016 10:02AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 180

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018