Commit
7f26391bc5 ("BUG/MINOR: connection: make sure to correctly tag
local PROXY connections") revealed that some implementations do not
properly ignore addresses in LOCAL connections (at least Dovecot was
spotted). More context information in the thread below:
https://www.mail-archive.com/haproxy@formilux.org/msg36890.html
The patch above was using LOCAL on top of local addresses in order to
minimize the risk of breakage but revealed worse than a clean fix. So
let's partially revert it and send pure LOCAL connections instead now.
After a bit of observation, this patch should be progressively backported
to stable branches. However if it reveals new breakage, the backport of
the patch above will have to be reverted from stable branches while other
products work on fixing their code based on the master branch.
/* At least one of src or dst is not of AF_INET or AF_INET6 */
if ( !src
|| !dst
+ || conn_is_back(remote)
|| (src->ss_family != AF_INET && src->ss_family != AF_INET6)
|| (dst->ss_family != AF_INET && dst->ss_family != AF_INET6)) {
if (buf_len < PP2_HDR_LEN_UNSPEC)
ret = PP2_HDR_LEN_UNSPEC;
}
else {
- /* Note: due to historic compatibility with V1 which required
- * to send "PROXY" with local addresses for local connections,
- * we can end up here with the remote in fact being our outgoing
- * connection. We still want to send real addresses and LOCAL on
- * it.
- */
- hdr->ver_cmd = PP2_VERSION;
- hdr->ver_cmd |= conn_is_back(remote) ? PP2_CMD_LOCAL : PP2_CMD_PROXY;
+ hdr->ver_cmd = PP2_VERSION | PP2_CMD_PROXY;
/* IPv4 for both src and dst */
if (src->ss_family == AF_INET && dst->ss_family == AF_INET) {
if (buf_len < PP2_HDR_LEN_INET)
projects / thirdparty / haproxy.git / commitdiff
