-
Notifications
You must be signed in to change notification settings - Fork 734
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DPVS proxy_protocol目前发现Push数据的时候才会传递源IP,是否可以在TCP建立完成之后(ACK之后)主动发送PROXY TCP透传源IP #1001
Comments
Proxy_protocol数据添加在第一个发给RS的ACK数据包中,不会等到Client Push数据才发送。请检查是否启用了syn_proxy,并配置了defer_rs_syn. |
开启之后还是不行,DPVS 配置如下: ! netif config
} ! worker config (lcores)
} ! timer config ! dpvs neighbor config ! dpvs ipset config ! dpvs ipv4 config ! dpvs ipv6 config ! control plane config ! ipvs config
} ! sa_pool config |
同时打开 syn_proxy 和 defer_rs_syn 的情况下,依然是要等客户端push 数据,DPVS这里才会将最后的ACK+Push数据同时发送给RS。期望状态是,客户端建立三次握手之后,服务端就可以获取到用户的IP,并且RS做日志记录和发送欢迎信息给客户端。现在的情况是,客户端需要先发送指令例如helo locahost到服务器,服务器才会将欢迎信息和helo localhost 指令的结果一并发送给客户端。 |
同时关闭syn_proxy和defer_rs_syn,抓包看看 TCP建立连接之后client->dpvs 的第一个ACK包中有无proxyprotocol数据。 |
确实,dpvs里的实现是在握手阶段的第一个带有payload的数据包中添加pp,但是根据pp协议,rs在接收到pp数据之前不能处理这个连接。The receiver MUST NOT start processing the connection before it receives a |
好的,明白,感谢感谢 |
DPVS proxy_protocol目前发现Push数据的时候才会传递源IP,是否可以在TCP建立完成之后(ACK之后)主动发送PROXY TCP透传源IP。
在邮件协议中,开启ProxyProtocol之后,欢迎信息会在用户发送第一个指令的时候一起返回,因为服务端没有通过PROXY TCP获取到用户IP,如果服务端提前返回了欢迎信息,DPVS应该会跳过ProxyProtocol数据的发送,因为链接已经是ESTAB状态了。
当前版本:dpvs version: 1.9-6, build on 2024.05.23.14:33:51
Keepalived v2.0.19 (01/02,2024), git commit v1.9.6+
Copyright(C) 2001-2024 Alexandre Cassen, [email protected]
Built with kernel headers for Linux 3.10.0
Running on Linux 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020
configure options: --enable-ipv6
Config options: LVS VRRP VRRP_AUTH OLD_CHKSUM_COMPAT FIB_ROUTING
System options: PIPE2 SIGNALFD INOTIFY_INIT1 VSYSLOG EPOLL_CREATE1 IPV6_ADVANCED_API LIBNL1 RTA_ENCAP RTA_EXPIRES RTA_PREF FRA_SUPPRESS_PREFIXLEN FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK RTA_VIA FRA_OIFNAME IFA_FLAGS IP_MULTICAST_ALL NET_LINUX_IF_H_COLLISION LIBIPTC_LINUX_NET_IF_H_COLLISION LIBIPVS_NETLINK VRRP_VMAC IFLA_LINK_NETNSID CN_PROC SOCK_NONBLOCK SOCK_CLOEXEC O_PATH GLOB_BRACE INET6_ADDR_GEN_MODE SO_MARK SCHED_RT SCHED_RESET_ON_FORK
The text was updated successfully, but these errors were encountered: