Welcome! Log In Create A New Profile

Advanced

Re: [PATCH] Support of proxy v2 protocol for NGINX stream module

Vasiliy Soshnikov
April 09, 2021 11:10AM
Hello,

Yeah. The proposed design would work well for me.

On Fri, Apr 9, 2021 at 5:17 PM Maxim Dounin <mdounin@mdounin.ru> wrote:

> Hello!
>
> On Fri, Apr 09, 2021 at 04:26:52PM +0300, Vasiliy Soshnikov wrote:
>
> [...]
>
> > + /** SSL TLVs */
> > +
> > +#if (NGX_STREAM_SSL)
> > +
> > + data = NULL;
> > + data_len = 0;
> > +
> > + tlv = (ngx_tlv_ssl_t *) (buf + len);
> > + ngx_memzero(tlv, sizeof(ngx_tlv_ssl_t));
> > +
> > + tlv->tlv.type = NGX_PROXY_PROTOCOL_V2_TYPE_SSL;
> > + pos = buf + len + sizeof(ngx_tlv_ssl_t);
> > +
> > + tlv->client |= NGX_PROXY_PROTOCOL_V2_CLIENT_SSL;
> > +
> > + if (c->ssl != NULL) {
> > +
> > +#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
> > + SSL_get0_alpn_selected(c->ssl->connection, &data, &data_len);
> > +
> > +#ifdef TLSEXT_TYPE_next_proto_neg
> > + if (data_len == 0) {
> > + SSL_get0_next_proto_negotiated(c->ssl->connection,
> > + &data, &data_len);
> > + }
> > +#endif
> > +
> > +#else /* TLSEXT_TYPE_next_proto_neg */
> > + SSL_get0_next_proto_negotiated(c->ssl->connection, &data,
> > &data_len);
> > +#endif
> > +
> > + if (data_len) {
> > +
> > + pos = ngx_copy_tlv(pos, last,
> > + NGX_PROXY_PROTOCOL_V2_TYPE_ALPN,
> > + (u_char *) data, (uint16_t) data_len);
> > + if (pos == NULL) {
> > + return NULL;
> > + }
> > + }
> > +
> > + value = (u_char *) SSL_get_version(c->ssl->connection);
> > + if (value != NULL) {
> > +
> > + pos = ngx_copy_tlv(pos, last,
> > + NGX_PROXY_PROTOCOL_V2_SUBTYPE_SSL_VERSION,
> > + value, ngx_strlen(value));
> > + if (pos == NULL) {
> > + return NULL;
> > + }
> > + }
>
> [...]
>
> Thanks for the patch.
>
> For the record, as discussed privately: this is more or less
> proof-of-concept for the ticket #1639[1], used for tests with
> RabbitMQ[2]. A committable solution probably needs something similar
> to proxy_set_header / fastcgi_param to control TLVs sent to the
> upstream server instead of hardcoding them.
>
> [1] https://trac.nginx.org/nginx/ticket/1639
> [2] https://www.rabbitmq.com/networking.html#proxy-protocol
>
> --
> Maxim Dounin
> http://mdounin.ru/
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH] Support of proxy v2 protocol for NGINX stream module

Vasiliy Soshnikov 111 April 09, 2021 09:28AM

Re: [PATCH] Support of proxy v2 protocol for NGINX stream module

Maxim Dounin 16 April 09, 2021 10:18AM

Re: [PATCH] Support of proxy v2 protocol for NGINX stream module

Vasiliy Soshnikov 30 April 09, 2021 11:10AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 68
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready