On Fri, 7 Mar 2025 at 21:32, Lukas Tribus <lu...@ltri.eu> wrote: > > On Fri, 7 Mar 2025 at 18:42, Aurelien DARRAGON <adarra...@haproxy.com> wrote: > > > > Looking at the code, and testing it for TCP servers it does seem to be > > supported. To confirm I tried to use a "bad" source address, and it > > fails as expected: > > > > > [ALERT] (104635) : Cannot bind to source address before connect() for > > > backend mybaddns. Aborting. > > In this case for me it does not actually abort and haproxy goes into a > busy loop over this bind().
To reproduce this busy loop with a 5 line config: lukas@dev:~/haproxy$ cat ../cert/dns-source-bind-short.cfg resolvers default nameserver ns1 tcp4@8.8.8.8:53 source 192.168.99.99 listen listen mode http bind :8080 server s1 www.google.com resolvers default init-addr none lukas@dev:~/haproxy$ ./haproxy -f ../cert/dns-source-bind-short.cfg ^C [ALERT] (5227) : Cannot bind to source address before connect() for backend default. Aborting. [ALERT] (5227) : Cannot bind to source address before connect() for backend default. Aborting. [ALERT] (5227) : Cannot bind to source address before connect() for backend default. Aborting. [ALERT] (5227) : Cannot bind to source address before connect() for backend default. Aborting. [ALERT] (5227) : Cannot bind to source address before connect() for backend default. Aborting. [ALERT] (5227) : Cannot bind to source address before connect() for backend default. Aborting. ^C Lukas
