[exim] PROXYv2 support

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MJeremy Harris at ->
Delete this message
Reply to this message
Author: John Jetmore
Date:  
To: Exim Users
Subject: [exim] PROXYv2 support
Does anyone have HAProxy+Exim working with PROXYv2 (not v1)? I don't know
much about HAProxy, but it was easy enough to set up with Exim and
version1. However, when I switched to version2, Exim stopped accepting
HAProxy's PROXY request. As far as I can tell from the spec HAProxy is
sending a legal v2 string.

Details below on what HAProxy is actually sending over the wire (which
looks correct to me)

When HAProxy sends the v2 proxy string, Exim debugs:

6194 Detected proxy protocol configured host
6194 Detected PROXYv2 header
6194 Truncated or too large PROXYv2 header (28/3088)
6194 Failure to extract proxied host, only QUIT allowed

I'm almost positive there's some sort of network order/endian issue causing
this. Specifically, that (28/3088) is (bytes read from network/16+expected
size of network portion).

As you can see in the dumps below, the value HAProxy is sending for number
of bytes in network portion is "000c", or 12. It is also actually sending
28 bytes. However, if I flip the byte order in 000c, it becomes 0x0c00 +
16, which is 3088.

It's possible HAProxy is wrong here but I thought I'd start with Exim.
Thanks and Happy New Year

--John

Here's what HAProxy is sending:

18:05:27.179345 IP localhost.55148 > localhost.smtp: Flags [P.], seq 1:29,
ack 1, win 342, options [nop,nop,TS val 6226053 ecr 6226053], length 28
0x0000: 4500 0050 adb9 4000 4006 8eec 7f00 0001 E..P..@.@.......
0x0010: 7f00 0001 d76c 0019 c47b ad33 f488 66c3 .....l...{.3..f.
0x0020: 8018 0156 fe44 0000 0101 080a 005f 0085 ...V.D......._..
0x0030: 005f 0085 0d0a 0d0a 000d 0a51 5549 540a ._.........QUIT.
0x0040: 2111 000c c0a8 000f c0a8 0005 c295 0401 !...............


Which breaks down like this: 

Bytes 1-12, header = 0d0a 0d0a 000d 0a51 5549 540a
Byte 13, high nibble  = 2 (version, 2)
Byte 13, low nibble   = 1 (command, PROXY)
Byte 14, high nibble  = 1 (family, AF_INET)
Byte 14, low bibble   = 1 (transport, STREAM)
Byte 15+16            = 000c (12 - number of bytes for network addr+port
info so server can skip it if it doesn't know it)


Source addr: c0a8 000f (192.168.0.15) c295 0401
Dest Addr: c0a8 0005 (192.168.0.5)
Source port: c295 (49813)
Dest port: 0401 (1025)
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Mailman Admins - How much do you pay Yahoo to acceptmail tosubscribers?Re: [exim] Mailman Admins - How much do you pay Yahoo to acceptmail tosubscribers?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)