From 02c88036a61e09d0676a2b6b4086af677b023b94 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 14 Apr 2020 12:54:10 +0200 Subject: [PATCH] BUG/MINOR: connection: always send address-less LOCAL PROXY connections Commit 7f26391bc5 ("BUG/MINOR: connection: make sure to correctly tag local PROXY connections") revealed that some implementations do not properly ignore addresses in LOCAL connections (at least Dovecot was spotted). More context information in the thread below: https://www.mail-archive.com/haproxy@formilux.org/msg36890.html The patch above was using LOCAL on top of local addresses in order to minimize the risk of breakage but revealed worse than a clean fix. So let's partially revert it and send pure LOCAL connections instead now. After a bit of observation, this patch should be progressively backported to stable branches. However if it reveals new breakage, the backport of the patch above will have to be reverted from stable branches while other products work on fixing their code based on the master branch. --- src/connection.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/src/connection.c b/src/connection.c index 5a2fd95bc..42c5b23a8 100644 --- a/src/connection.c +++ b/src/connection.c @@ -1378,6 +1378,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec /* At least one of src or dst is not of AF_INET or AF_INET6 */ if ( !src || !dst + || conn_is_back(remote) || (src->ss_family != AF_INET && src->ss_family != AF_INET6) || (dst->ss_family != AF_INET && dst->ss_family != AF_INET6)) { if (buf_len < PP2_HDR_LEN_UNSPEC) @@ -1387,14 +1388,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec ret = PP2_HDR_LEN_UNSPEC; } else { - /* Note: due to historic compatibility with V1 which required - * to send "PROXY" with local addresses for local connections, - * we can end up here with the remote in fact being our outgoing - * connection. We still want to send real addresses and LOCAL on - * it. - */ - hdr->ver_cmd = PP2_VERSION; - hdr->ver_cmd |= conn_is_back(remote) ? PP2_CMD_LOCAL : PP2_CMD_PROXY; + hdr->ver_cmd = PP2_VERSION | PP2_CMD_PROXY; /* IPv4 for both src and dst */ if (src->ss_family == AF_INET && dst->ss_family == AF_INET) { if (buf_len < PP2_HDR_LEN_INET)