From: Willy Tarreau Date: Thu, 7 May 2020 16:13:07 +0000 (+0200) Subject: Revert "BUG/MINOR: connection: make sure to correctly tag local PROXY connections" X-Git-Tag: v2.1.5~37 X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=2731037323374525e34a4176ca12b2874f7f9edc;p=haproxy-2.1.git Revert "BUG/MINOR: connection: make sure to correctly tag local PROXY connections" This reverts commit f1b378487af3f22fd66b8013e52530c9a6c522de. As explained in this thread, it breaks Dovecot: https://www.mail-archive.com/haproxy@formilux.org/msg36890.html Sadly, the proposed fix there in turn broke Apache 2.4. A different (likely configurable) solution will be needed. This patch must also be reverted from 2.0. --- diff --git a/src/connection.c b/src/connection.c index 008f3b1..d7a7623 100644 --- a/src/connection.c +++ b/src/connection.c @@ -1284,18 +1284,11 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec ret = PP2_HDR_LEN_UNSPEC; } else { - /* Note: due to historic compatibility with V1 which required - * to send "PROXY" with local addresses for local connections, - * we can end up here with the remote in fact being our outgoing - * connection. We still want to send real addresses and LOCAL on - * it. - */ - hdr->ver_cmd = PP2_VERSION; - hdr->ver_cmd |= conn_is_back(remote) ? PP2_CMD_LOCAL : PP2_CMD_PROXY; /* IPv4 for both src and dst */ if (src->ss_family == AF_INET && dst->ss_family == AF_INET) { if (buf_len < PP2_HDR_LEN_INET) return 0; + hdr->ver_cmd = PP2_VERSION | PP2_CMD_PROXY; hdr->fam = PP2_FAM_INET | PP2_TRANS_STREAM; hdr->addr.ip4.src_addr = ((struct sockaddr_in *)src)->sin_addr.s_addr; hdr->addr.ip4.src_port = ((struct sockaddr_in *)src)->sin_port; @@ -1309,6 +1302,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec if (buf_len < PP2_HDR_LEN_INET6) return 0; + hdr->ver_cmd = PP2_VERSION | PP2_CMD_PROXY; hdr->fam = PP2_FAM_INET6 | PP2_TRANS_STREAM; if (src->ss_family == AF_INET) { v4tov6(&tmp, &((struct sockaddr_in *)src)->sin_addr);