RFC: Implement haproxy auto-detection #485
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Balazs Scheidler <[email protected]>
…ransportStack Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Balazs Scheidler <[email protected]>
Previously TLS compression was enabled using an overly complicated mechanism crossing a number of layers (TransportMapperInet -> TransportFactoryTLS -> TLSSession -> SSL). This can be a lot simpler, which this patch implements. NOTE: compression will not work in most cases due to OpenSSL security levels and this patch adds a warning about it. Signed-off-by: Balazs Scheidler <[email protected]>
Instead of going to the fd directly, wrap the lower-level LogTransport instance into a BIO and use that. This implements proper stacking for LogTransportTLS. This adds the use of OpenSSL BIOs to wrap the lower level LogTransport instance. Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Balazs Scheidler <[email protected]>
…rtStack level Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Balazs Scheidler <[email protected]>
…sages The "auto" protocol can be applied to both syslog() and network(), so it's not strictly RFC6587 related and it does not add too much information anyway. Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Balazs Scheidler <[email protected]>
Instead of using proxy protocol specific name value pairs, set the addresses in the message's saddr/daddr members. This should be a lot faster and a lot easier to use. Signed-off-by: Balazs Scheidler <[email protected]>
…resses Signed-off-by: Balazs Scheidler <[email protected]>
…e_index Signed-off-by: Balazs Scheidler <[email protected]>
…e message Signed-off-by: Balazs Scheidler <[email protected]>
This reworks the various boolean members in TransportMapperInet that control which logproto/transport we apply to a specific connection. With these renames, it's much easier to follow what happens and why. NOTE: there's a followup bugfix that fixes the same bug as axoflow#482. Signed-off-by: Balazs Scheidler <[email protected]>
"auto" has originally been planned to auto-detect TLS as well as framing format, but at this point it does not do TLS auto-detection. But this means that transport(auto) with tls() options set will start reading data without SSL, e.g. the encrypted stuff will make it into the messages received. This patch fixes that for both the syslog() and the network() driver. The only change is that delegate_tls_start_to_logproto is FALSE for the "auto" case. This will be changed once the TLS auto detection feature is also in. Signed-off-by: Balazs Scheidler <[email protected]>
… transports Signed-off-by: Balazs Scheidler <[email protected]>
Instead of just exercising the proxyprotocol try all valid transports, including the "auto" variants. Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Balazs Scheidler <[email protected]>
…citly If we are to receive an SSL connection attempt with impossible client-side settings, we might end up with an SSL alert instead of a ClienHello. Handle that case with an explicit action, instead of pulling in binary data from the socket. Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Balazs Scheidler <[email protected]>
Signed-off-by: Balazs Scheidler <[email protected]>
bazsi
force-pushed
the
implement-haproxy-auto
branch
from
849e425 to
24dfade
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.