On 12/23/2016 11:18 AM, Sander Hoentjen wrote:
> Hi list,
>
> I have a questioned about both Hitch and Varnish:
> Does hitch support (defines) PP2_CLIENT_SSL from proxy-protocol [1]?
> The follow-up question is: Can Varnish proxy this information (in
> essence just keep the proxy header as-is)
>
> Regards,
> Sander
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc@varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
Hmm, it seems I forgot the link to proxy-protocol [1]:
http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt And then specifically I am talking about the binary header format
(version 2).
"""
If the length specified in the PROXY protocol header indicates that additional
bytes are part of the header beyond the address information, a receiver may
choose to skip over and ignore those bytes, or attempt to interpret those
bytes.
The information in those bytes will be arranged in Type-Length-Value (TLV
vectors) in the following format. The first byte is the Type of the vector.
The second two bytes represent the length in bytes of the value (not included
the Type and Length bytes), and following the length field is the number of
bytes specified by the length.
struct pp2_tlv {
uint8_t type;
uint8_t length_hi;
uint8_t length_lo;
uint8_t value[0];
};
The following types have already been registered for the <type> field :
#define PP2_TYPE_ALPN 0x01
#define PP2_TYPE_AUTHORITY 0x02
#define PP2_TYPE_SSL 0x20
#define PP2_SUBTYPE_SSL_VERSION 0x21
#define PP2_SUBTYPE_SSL_CN 0x22
#define PP2_TYPE_NETNS 0x30
"""
It would be very nice if Hitch supports this, but I can't find any info
on it. If this is not the right mailing list to ask, it would be nice if
someone can point me in the right direction.
Regards,
Sander
_______________________________________________
varnish-misc mailing list
varnish-misc@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc