[HAPROXY] use $SOURCEIP instead of $PROXIED_SRCIP #5305
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
03f19e9 to
9f2db58
Compare
|
Build FAILURE |
d975302 to
f27454d
Compare
|
Build FAILURE |
|
@kira-syslogng test this please test=functions/source-drivers/file-source-driver/multiple-lines; |
|
Build FAILURE |
|
@kira-syslogng retest this please |
|
Build FAILURE |
f27454d to
32a900e
Compare
|
Build FAILURE |
Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
…ransportStack Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
Previously TLS compression was enabled using an overly complicated mechanism crossing a number of layers (TransportMapperInet -> TransportFactoryTLS -> TLSSession -> SSL). This can be a lot simpler, which this patch implements. NOTE: compression will not work in most cases due to OpenSSL security levels and this patch adds a warning about it. Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
Instead of going to the fd directly, wrap the lower-level LogTransport instance into a BIO and use that. This implements proper stacking for LogTransportTLS. This adds the use of OpenSSL BIOs to wrap the lower level LogTransport instance. Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
…rtStack level Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
…sages The "auto" protocol can be applied to both syslog() and network(), so it's not strictly RFC6587 related and it does not add too much information anyway. Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
Instead of using proxy protocol specific name value pairs, set the addresses in the message's saddr/daddr members. This should be a lot faster and a lot easier to use. Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
…resses Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
…e_index Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
…e message Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
This reworks the various boolean members in TransportMapperInet that control which logproto/transport we apply to a specific connection. With these renames, it's much easier to follow what happens and why. NOTE: there's a followup bugfix that fixes the same bug as syslog-ng#482. Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
"auto" has originally been planned to auto-detect TLS as well as framing format, but at this point it does not do TLS auto-detection. But this means that transport(auto) with tls() options set will start reading data without SSL, e.g. the encrypted stuff will make it into the messages received. This patch fixes that for both the syslog() and the network() driver. The only change is that delegate_tls_start_to_logproto is FALSE for the "auto" case. This will be changed once the TLS auto detection feature is also in. Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
… transports Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
This was a one-off allocation, but it's better if it is freed. Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
Instead of just exercising the proxyprotocol try all valid transports, including the "auto" variants. Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com> Signed-off-by: Hofi <hofione@gmail.com>
32a900e to
5b2e723
Compare
|
Build FAILURE |
kovgeri01
approved these changes
Apr 23, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a large refactor of the HAProxy support, and preparations for protocol auto detection. It also changes the HAProxy support to use the standard source/destination addresses in LogMessage, instead of a proxy specific values e.g. $SOURCEIP instead of $PROXIED_SRCIP.
Short summary of the patches:
Backport of 361 by @bazsi
Depend on #5303