Re: [PATCH] FEATURE/MAJOR: Add upstream-proxy-tunnel feature

Tue, 11 Jun 2024 14:53:47 -0700 

On Mon, 10 Jun 2024, at 22:09, Aleksandar Lazic wrote:
> It is now possible to set via "tcp-request connection upstream-proxy-header" 
> headers for the upstream proxy
>
> ```
> tcp-request connection upstream-proxy-header Host www.test1.com
> tcp-request connection upstream-proxy-header Proxy-Authorization "basic 
> base64-value"
> ```

Thanks Alex!

## sending CONNECT & headers

A simple `listen` server works, but a split frontend/backend one doesn't,
no headers are present in tcpdump/ngrep nor in debug.

I read the header iteration function and I'm not sure what the difference
is, I guess the backend doesn't see the frontend header structure?

### works

listen stream_fe
  bind            :::443        v4v6
  mode tcp
  option tcplog
  tcp-request connection upstream-proxy-header HOST www.httpbun.com
  server stream www.httpbun.com:443 upstream-proxy-tunnel 123.45.67.89:8000

## headers missing when split frontend/backend

frontend stream_fe
  bind            :::443        v4v6
  mode tcp
  option tcplog
  tcp-request connection upstream-proxy-header HOST www.httpbun.com
  default_backend stream_be

backend stream_be
  server stream www.httpbun.com:443 upstream-proxy-tunnel 123.45.67.89:8000

In the failing case, `mtrash->orig` shows it as empty, when I uncomment
your DPRINTF line. Looking at starutp log it captures the header from
the config correctly:

==== debug ========
... config phase ...

Header name :HOST:
Header value :www.httpbun.com:
name  :HOST:
value :www.httpbun.com:

.... so far so good...

... proxy phase ...

HTTP TUNNEL SEND start
proxy->id :stream_be:
hostname: www.httpbun.com
trash->data :38:
connect_length :39:
trash->data :40:
trash->orig :CONNECT www.httpbun.com:443 HTTP/1.1

... there should be more in orig here ...

====================

the working single listen version shows iterating over the headers:

list each name  :HOST:
list each value :www.httpbin.org:

Built with: 
$ gmake -j32 USE_ZLIB=1 USE_OPENSSL=1 USE_THREAD=1 USE_STATIC_PCRE2=1 
USE_PCRE2_JIT=1 TARGET=freebsd DEFINE='-DFREEBSD_PORTS -DDEBUG_FULL'

Run with:
$ ./haproxy -d -db -V -f /usr/local/etc/haproxy/haproxy.conf

Either way, I didn't get to make a tcp connection through, this might need some
more tcpdump work tomorrow.

A+
Dave

Reply via email to