Welcome! Log In Create A New Profile

Advanced

How to parse custom PROXY protocol v2 header for custom routing in HAProxy configuration?

Posted by Adam Sherwood 
I have written this up as a StackOverflow question here:
https://stackoverflow.com/q/48195311/2081835.

When adding PROXY v2 with AWS VPC PrivateLink connected to a Network Load
Balancer, the endpoint ID of the connecting account is added as a TLV. I
need to use this for routing frontend to backend, but I cannot sort out how.

Is there a way to call a custom matcher that could do the parsing logic, or
is this already built-in and I'm just not finding the documentation?

Any ideas on the topic would be super helpful. Thank you.
Hi.

------ Originalnachricht ------
Von: "Adam Sherwood" <[email protected]>
An: haproxy@formilux.org
Gesendet: 10.01.2018 23:40:25
Betreff: How to parse custom PROXY protocol v2 header for custom routing
in HAProxy configuration?

>I have written this up as a StackOverflow question here:
>https://stackoverflow.com/q/48195311/2081835.
>
>When adding PROXY v2 with AWS VPC PrivateLink connected to a Network
>Load Balancer, the endpoint ID of the connecting account is added as a
>TLV. I need to use this for routing frontend to backend, but I cannot
>sort out how.
>
>Is there a way to call a custom matcher that could do the parsing
>logic, or is this already built-in and I'm just not finding the
>documentation?
>
>Any ideas on the topic would be super helpful. Thank you.
Looks like AWS use the "2.2.7. Reserved type ranges" as described in
https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt therefore
you will need to parse this part by your own.

This could be possible in lua, maybe I'm not an expert in lua, yet ;-)

There are javexamples in the doc link (
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol
) which you have added int the stackoverflow request.

Regards
Aleks
Hi.

Follow up question to proxy protocol

Is it possible to handle the Type-Length-Value (TLV) fields in from pp2
in haproxy config or in lua?

I refer to
2.2.7. Reserved type ranges
https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt

from the question on so
https://stackoverflow.com/questions/48195311/how-to-parse-custom-proxy-protocol-v2-header-for-custom-routing-in-haproxy-confi

Regards
aleks

------ Originalnachricht ------
Von: "Aleksandar Lazic" <[email protected]>
An: "Adam Sherwood" <[email protected]>; haproxy@formilux.org
Gesendet: 11.01.2018 12:24:46
Betreff: Re: How to parse custom PROXY protocol v2 header for custom
routing in HAProxy configuration?

>Hi.
>
>------ Originalnachricht ------
>Von: "Adam Sherwood" <[email protected]>
>An: haproxy@formilux.org
>Gesendet: 10.01.2018 23:40:25
>Betreff: How to parse custom PROXY protocol v2 header for custom
>routing in HAProxy configuration?
>
>>I have written this up as a StackOverflow question here:
>>https://stackoverflow.com/q/48195311/2081835.
>>
>>When adding PROXY v2 with AWS VPC PrivateLink connected to a Network
>>Load Balancer, the endpoint ID of the connecting account is added as a
>>TLV. I need to use this for routing frontend to backend, but I cannot
>>sort out how.
>>
>>Is there a way to call a custom matcher that could do the parsing
>>logic, or is this already built-in and I'm just not finding the
>>documentation?
>>
>>Any ideas on the topic would be super helpful. Thank you.
>Looks like AWS use the "2.2.7. Reserved type ranges" as described in
>https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt therefore
>you will need to parse this part by your own.
>
>This could be possible in lua, maybe I'm not an expert in lua, yet ;-)
>
>There are javexamples in the doc link (
>https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol
>) which you have added int the stackoverflow request.
>
>Regards
>Aleks
>
>
Hi.

Any one any hints?

Regards
aleks

------ Originalnachricht ------
Von: "Aleksandar Lazic" <[email protected]>
An: "Adam Sherwood" <[email protected]>; haproxy@formilux.org
Gesendet: 15.01.2018 16:52:15
Betreff: Re[2]: How to parse custom PROXY protocol v2 header for custom
routing in HAProxy configuration?

>Hi.
>
>Follow up question to proxy protocol
>
>Is it possible to handle the Type-Length-Value (TLV) fields in from
>pp2 in haproxy config or in lua?
>
>I refer to
>2.2.7. Reserved type ranges
>https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
>
>from the question on so
>https://stackoverflow.com/questions/48195311/how-to-parse-custom-proxy-protocol-v2-header-for-custom-routing-in-haproxy-confi
>
>Regards
>aleks
>
>------ Originalnachricht ------
>Von: "Aleksandar Lazic" <[email protected]>
>An: "Adam Sherwood" <[email protected]>; haproxy@formilux.org
>Gesendet: 11.01.2018 12:24:46
>Betreff: Re: How to parse custom PROXY protocol v2 header for custom
>routing in HAProxy configuration?
>
>>Hi.
>>
>>------ Originalnachricht ------
>>Von: "Adam Sherwood" <[email protected]>
>>An: haproxy@formilux.org
>>Gesendet: 10.01.2018 23:40:25
>>Betreff: How to parse custom PROXY protocol v2 header for custom
>>routing in HAProxy configuration?
>>
>>>I have written this up as a StackOverflow question here:
>>>https://stackoverflow.com/q/48195311/2081835.
>>>
>>>When adding PROXY v2 with AWS VPC PrivateLink connected to a Network
>>>Load Balancer, the endpoint ID of the connecting account is added as
>>>a TLV. I need to use this for routing frontend to backend, but I
>>>cannot sort out how.
>>>
>>>Is there a way to call a custom matcher that could do the parsing
>>>logic, or is this already built-in and I'm just not finding the
>>>documentation?
>>>
>>>Any ideas on the topic would be super helpful. Thank you.
>>Looks like AWS use the "2.2.7. Reserved type ranges" as described in
>>https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt therefore
>>you will need to parse this part by your own.
>>
>>This could be possible in lua, maybe I'm not an expert in lua, yet ;-)
>>
>>There are javexamples in the doc link (
>>https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol
>>) which you have added int the stackoverflow request.
>>
>>Regards
>>Aleks
>>
>>
>
>
Hi.

Have anyone a Idea how haproxy can handle the custom TLV in the proxy
protocol v2

Best regards
Aleks
------ Originalnachricht ------
Von: "Aleksandar Lazic" <[email protected]>
An: haproxy@formilux.org
Gesendet: 17.01.2018 20:49:58
Betreff: Re[3]: How to parse custom PROXY protocol v2 header for custom
routing in HAProxy configuration?

>Hi.
>
>Any one any hints?
>
>Regards
>aleks
>
>------ Originalnachricht ------
>Von: "Aleksandar Lazic" <[email protected]>
>An: "Adam Sherwood" <[email protected]>; haproxy@formilux.org
>Gesendet: 15.01.2018 16:52:15
>Betreff: Re[2]: How to parse custom PROXY protocol v2 header for custom
>routing in HAProxy configuration?
>
>>Hi.
>>
>>Follow up question to proxy protocol
>>
>>Is it possible to handle the Type-Length-Value (TLV) fields in from
>>pp2 in haproxy config or in lua?
>>
>>I refer to
>>2.2.7. Reserved type ranges
>>https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
>>
>>from the question on so
>>https://stackoverflow.com/questions/48195311/how-to-parse-custom-proxy-protocol-v2-header-for-custom-routing-in-haproxy-confi
>>
>>Regards
>>aleks
>>
>>------ Originalnachricht ------
>>Von: "Aleksandar Lazic" <[email protected]>
>>An: "Adam Sherwood" <[email protected]>; haproxy@formilux.org
>>Gesendet: 11.01.2018 12:24:46
>>Betreff: Re: How to parse custom PROXY protocol v2 header for custom
>>routing in HAProxy configuration?
>>
>>>Hi.
>>>
>>>------ Originalnachricht ------
>>>Von: "Adam Sherwood" <[email protected]>
>>>An: haproxy@formilux.org
>>>Gesendet: 10.01.2018 23:40:25
>>>Betreff: How to parse custom PROXY protocol v2 header for custom
>>>routing in HAProxy configuration?
>>>
>>>>I have written this up as a StackOverflow question here:
>>>>https://stackoverflow.com/q/48195311/2081835.
>>>>
>>>>When adding PROXY v2 with AWS VPC PrivateLink connected to a Network
>>>>Load Balancer, the endpoint ID of the connecting account is added as
>>>>a TLV. I need to use this for routing frontend to backend, but I
>>>>cannot sort out how.
>>>>
>>>>Is there a way to call a custom matcher that could do the parsing
>>>>logic, or is this already built-in and I'm just not finding the
>>>>documentation?
>>>>
>>>>Any ideas on the topic would be super helpful. Thank you.
>>>Looks like AWS use the "2.2.7. Reserved type ranges" as described in
>>>https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt therefore
>>>you will need to parse this part by your own.
>>>
>>>This could be possible in lua, maybe I'm not an expert in lua, yet
>>>;-)
>>>
>>>There are javexamples in the doc link (
>>>https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol
>>>) which you have added int the stackoverflow request.
>>>
>>>Regards
>>>Aleks
>>>
>>>
>>
>>
>
>
Hi,

----- Mail original -----
> De: "Aleksandar Lazic" <[email protected]>
> À: haproxy@formilux.org
> Envoyé: Lundi 22 Janvier 2018 13:34:33
> Objet: Re[4]: How to parse custom PROXY protocol v2 header for custom routing in HAProxy configuration?
>
> Hi.
>
> Have anyone a Idea how haproxy can handle the custom TLV in the proxy
> protocol v2

Currently, it can't. Only PP2_TYPE_NETNS is supported.
But some work can be done to, at least, support some other predefined fields, or even better, to provide a generic way to capture any type of field.

You can have a look at the function conn_recv_proxy() in src/connection.c :
http://git.haproxy.org/?p=haproxy.git;a=blob;f=src/connection.c;h=0f8acb02dbdbc0a70cdd99830f8a0c9256f731e8;hb=HEAD#l604

Cyril
Hi Cyril.

------ Originalnachricht ------
Von: "Cyril Bonté" <[email protected]>
An: "Aleksandar Lazic" <[email protected]>
Cc: haproxy@formilux.org
Gesendet: 22.01.2018 14:12:30
Betreff: Re: Re[4]: How to parse custom PROXY protocol v2 header for
custom routing in HAProxy configuration?

>Hi,
>
>----- Mail original -----
>>De: "Aleksandar Lazic" <[email protected]>
>>À: haproxy@formilux.org
>>Envoyé: Lundi 22 Janvier 2018 13:34:33
>>Objet: Re[4]: How to parse custom PROXY protocol v2 header for custom
>>routing in HAProxy configuration?
>>
>>Hi.
>>
>>Have anyone a Idea how haproxy can handle the custom TLV in the proxy
>>protocol v2
>
>Currently, it can't. Only PP2_TYPE_NETNS is supported.
>But some work can be done to, at least, support some other predefined
>fields, or even better, to provide a generic way to capture any type of
>field.
>
>You can have a look at the function conn_recv_proxy() in
>src/connection.c :
>http://git.haproxy.org/?p=haproxy.git;a=blob;f=src/connection.c;h=0f8acb02dbdbc0a70cdd99830f8a0c9256f731e8;hb=HEAD#l604

Thanks for answer.

I have read the doc to the proxy-protocol and hopfully understand it.
I try to describe the required steps to add that feature into haproxy.
Please correct me where I'm wrong. I refer to this part of the doc.

http://www.haproxy.org/download/1.9/doc/proxy-protocol.txt

###
2.2.7. Reserved type ranges

The following range of 16 type values is reserved for
application-specific
data and will be never used by the PROXY Protocol. If you need more
values
consider extending the range with a type field in your TLVs.

#define PP2_TYPE_MIN_CUSTOM 0xE0
#define PP2_TYPE_MAX_CUSTOM 0xEF
...
##

1.) Add a custom list struct in *struct connection*
http://git.haproxy.org/?p=haproxy.git;a=blob;f=include/types/connection.h;hb=HEAD#l360

2.) Init the custom list struct in ...?
3.) Add the custom field parsing in

http://git.haproxy.org/?p=haproxy.git;a=blob;f=src/connection.c;h=0f8acb02dbdbc0a70cdd99830f8a0c9256f731e8;hb=HEAD#l604

4.) create a fetch method in ...?
5.) add this custom list struct to lua interface.
6.) create a test case in 'tests' dir.


>Cyril

Due to the fact that I haven't written code in that low level for some
time in C I hope that someone pick up the task ;-)
I know it's not a easy task therefore keep in in the mail archive and
when someone have some time an leisure they maybe pick it up.
Cool would be when AWS sponsor this development as they use it already
in there platform ;-)

https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol

Regards

Aleks
Sorry, only registered users may post in this forum.

Click here to login