"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "doc/proxy-protocol.txt" between
haproxy-2.0.13.tar.gz and haproxy-2.0.14.tar.gz

About: HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. LTS (Long-Term Support) release.

proxy-protocol.txt  (haproxy-2.0.13):proxy-protocol.txt  (haproxy-2.0.14)
2017/03/10 Willy Tarreau 2020/03/05 Willy Tarreau
HAProxy Technologies HAProxy Technologies
The PROXY protocol The PROXY protocol
Versions 1 & 2 Versions 1 & 2
Abstract Abstract
The PROXY protocol provides a convenient way to safely transport connection The PROXY protocol provides a convenient way to safely transport connection
information such as a client's address across multiple layers of NAT or TCP information such as a client's address across multiple layers of NAT or TCP
proxies. It is designed to require little changes to existing components and proxies. It is designed to require little changes to existing components and
to limit the performance impact caused by the processing of the transported to limit the performance impact caused by the processing of the transported
skipping to change at line 29 skipping to change at line 29
2012/11/19 - final review and fixes 2012/11/19 - final review and fixes
2014/05/18 - modify and extend PROXY protocol version 2 2014/05/18 - modify and extend PROXY protocol version 2
2014/06/11 - fix example code to consider ver+cmd merge 2014/06/11 - fix example code to consider ver+cmd merge
2014/06/14 - fix v2 header check in example code, and update Forwarded spec 2014/06/14 - fix v2 header check in example code, and update Forwarded spec
2014/07/12 - update list of implementations (add Squid) 2014/07/12 - update list of implementations (add Squid)
2015/05/02 - update list of implementations and format of the TLV add-ons 2015/05/02 - update list of implementations and format of the TLV add-ons
2017/03/10 - added the checksum, noop and more SSL-related TLV types, 2017/03/10 - added the checksum, noop and more SSL-related TLV types,
reserved TLV type ranges, added TLV documentation, clarified reserved TLV type ranges, added TLV documentation, clarified
string encoding. With contributions from Andriy Palamarchuk string encoding. With contributions from Andriy Palamarchuk
(Amazon.com). (Amazon.com).
2020/03/05 - added the unique ID TLV type (Tim Düsterhus)
1. Background 1. Background
Relaying TCP connections through proxies generally involves a loss of the Relaying TCP connections through proxies generally involves a loss of the
original TCP connection parameters such as source and destination addresses, original TCP connection parameters such as source and destination addresses,
ports, and so on. Some protocols make it a little bit easier to transfer such ports, and so on. Some protocols make it a little bit easier to transfer such
information. For SMTP, Postfix authors have proposed the XCLIENT protocol [1] information. For SMTP, Postfix authors have proposed the XCLIENT protocol [1]
which received broad adoption and is particularly suited to mail exchanges. which received broad adoption and is particularly suited to mail exchanges.
For HTTP, there is the "Forwarded" extension [2], which aims at replacing the For HTTP, there is the "Forwarded" extension [2], which aims at replacing the
omnipresent "X-Forwarded-For" header which carries information about the omnipresent "X-Forwarded-For" header which carries information about the
skipping to change at line 532 skipping to change at line 533
A receiver may choose to skip over and ignore the TLVs he is not interested in A receiver may choose to skip over and ignore the TLVs he is not interested in
or he does not understand. Senders can generate the TLVs only for or he does not understand. Senders can generate the TLVs only for
the information they choose to publish. the information they choose to publish.
The following types have already been registered for the <type> field : The following types have already been registered for the <type> field :
#define PP2_TYPE_ALPN 0x01 #define PP2_TYPE_ALPN 0x01
#define PP2_TYPE_AUTHORITY 0x02 #define PP2_TYPE_AUTHORITY 0x02
#define PP2_TYPE_CRC32C 0x03 #define PP2_TYPE_CRC32C 0x03
#define PP2_TYPE_NOOP 0x04 #define PP2_TYPE_NOOP 0x04
#define PP2_TYPE_UNIQUE_ID 0x05
#define PP2_TYPE_SSL 0x20 #define PP2_TYPE_SSL 0x20
#define PP2_SUBTYPE_SSL_VERSION 0x21 #define PP2_SUBTYPE_SSL_VERSION 0x21
#define PP2_SUBTYPE_SSL_CN 0x22 #define PP2_SUBTYPE_SSL_CN 0x22
#define PP2_SUBTYPE_SSL_CIPHER 0x23 #define PP2_SUBTYPE_SSL_CIPHER 0x23
#define PP2_SUBTYPE_SSL_SIG_ALG 0x24 #define PP2_SUBTYPE_SSL_SIG_ALG 0x24
#define PP2_SUBTYPE_SSL_KEY_ALG 0x25 #define PP2_SUBTYPE_SSL_KEY_ALG 0x25
#define PP2_TYPE_NETNS 0x30 #define PP2_TYPE_NETNS 0x30
2.2.1 PP2_TYPE_ALPN 2.2.1 PP2_TYPE_ALPN
skipping to change at line 591 skipping to change at line 593
providing the header as invalid. providing the header as invalid.
The default procedure for handling an invalid TCP connection is to abort it. The default procedure for handling an invalid TCP connection is to abort it.
2.2.4. PP2_TYPE_NOOP 2.2.4. PP2_TYPE_NOOP
The TLV of this type should be ignored when parsed. The value is zero or more The TLV of this type should be ignored when parsed. The value is zero or more
bytes. Can be used for data padding or alignment. Note that it can be used bytes. Can be used for data padding or alignment. Note that it can be used
to align only by 3 or more bytes because a TLV can not be smaller than that. to align only by 3 or more bytes because a TLV can not be smaller than that.
2.2.5. The PP2_TYPE_SSL type and subtypes 2.2.5. PP2_TYPE_UNIQUE_ID
The value of the type PP2_TYPE_UNIQUE_ID is an opaque byte sequence of up to
128 bytes generated by the upstream proxy that uniquely identifies the
connection.
The unique ID can be used to easily correlate connections across multiple
layers of proxies, without needing to look up IP addresses and port numbers.
2.2.6. The PP2_TYPE_SSL type and subtypes
For the type PP2_TYPE_SSL, the value is itself a defined like this : For the type PP2_TYPE_SSL, the value is itself a defined like this :
struct pp2_tlv_ssl { struct pp2_tlv_ssl {
uint8_t client; uint8_t client;
uint32_t verify; uint32_t verify;
struct pp2_tlv sub_tlv[0]; struct pp2_tlv sub_tlv[0];
}; };
The <verify> field will be zero if the client presented a certificate The <verify> field will be zero if the client presented a certificate
skipping to change at line 642 skipping to change at line 653
The second level TLV PP2_SUBTYPE_SSL_KEY_ALG provides the US-ASCII string name The second level TLV PP2_SUBTYPE_SSL_KEY_ALG provides the US-ASCII string name
of the algorithm used to generate the key of the certificate presented by the of the algorithm used to generate the key of the certificate presented by the
frontend when the incoming connection was made over an SSL/TLS transport layer, frontend when the incoming connection was made over an SSL/TLS transport layer,
for example "RSA2048". for example "RSA2048".
In all cases, the string representation (in UTF8) of the Common Name field In all cases, the string representation (in UTF8) of the Common Name field
(OID: 2.5.4.3) of the client certificate's Distinguished Name, is appended (OID: 2.5.4.3) of the client certificate's Distinguished Name, is appended
using the TLV format and the type PP2_SUBTYPE_SSL_CN. E.g. "example.com". using the TLV format and the type PP2_SUBTYPE_SSL_CN. E.g. "example.com".
2.2.6. The PP2_TYPE_NETNS type 2.2.7. The PP2_TYPE_NETNS type
The type PP2_TYPE_NETNS defines the value as the US-ASCII string representation The type PP2_TYPE_NETNS defines the value as the US-ASCII string representation
of the namespace's name. of the namespace's name.
2.2.7. Reserved type ranges 2.2.8. Reserved type ranges
The following range of 16 type values is reserved for application-specific The following range of 16 type values is reserved for application-specific
data and will be never used by the PROXY Protocol. If you need more values data and will be never used by the PROXY Protocol. If you need more values
consider extending the range with a type field in your TLVs. consider extending the range with a type field in your TLVs.
#define PP2_TYPE_MIN_CUSTOM 0xE0 #define PP2_TYPE_MIN_CUSTOM 0xE0
#define PP2_TYPE_MAX_CUSTOM 0xEF #define PP2_TYPE_MAX_CUSTOM 0xEF
This range of 8 values is reserved for temporary experimental use by This range of 8 values is reserved for temporary experimental use by
application developers and protocol designers. The values from the range will application developers and protocol designers. The values from the range will
 End of changes. 6 change blocks. 
4 lines changed or deleted 15 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)