New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
extented haproxy protocol support #3731
base: master
Are you sure you want to change the base?
Conversation
We work to clean warning
|
src/core/forward.h
Outdated
if(!dst->id) { | ||
dst->id = con->id; | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any more details about why this is needed? I cannot easy relate it to the commit message.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change is needed for siptrace. Below in this file at the line 334 dst
is passed as an argument to the SREV_NET_DATA_SENT
related function call.
If the tcp connection ID is assigned to dst
param then the tcp_connection search is correct and we have a proper siptrace with HAPROXY IP addresses (IP address of client and IP address of HAPROXY) , otherwise tcp connection search is based on real IP addresses (IP addresses of haproxy and IP address of kamailio) and in this case the siptrace contains not the correct IP-addresses.
src/core/msg_translator.c
Outdated
@@ -2845,6 +2876,47 @@ int branch_builder(unsigned int hash_index, | |||
return size; | |||
} | |||
|
|||
static int is_haproxy(struct dest_info *send_info, struct receive_info *haproxy_rcv) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add some comment to describe the purpose of the function? The name is rather generic, from C code point of view it looks like it tries to figure out if the target via via haproxy...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The function goal is as follows:
- it retrieves the tcp_connetion_id from the
dest_info
parameter - if this TCP connection is a haproxy connection, then the
haproxy_rcv
param is filled with the corresponding haproxy data and the function returns non-zero value - otherwise if the TCP connection is not a connection to haproxy then the function returns zero value.
We will add the comments for this function in the source code.
src/core/parser/msg_parser.h
Outdated
@@ -396,6 +396,7 @@ typedef struct sip_msg | |||
char *unparsed; /*!< here we stopped parsing*/ | |||
|
|||
struct receive_info rcv; /*!< source & dest ip, ports, proto a.s.o*/ | |||
struct receive_info haproxy_rcv; /*!< source & dest ip, ports, proto a.s.o for the message from haproxy*/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Traffic via haproxy is not very common, does it make sense to add a full value-structure for every message instead of a pointer that is allocated only when it is the case. Practically the size of message increases for common traffic over direct UDP/TCP/TLS/SCTP/WebSocket. On the other hand, cloning in shm has to be done if allocated. This is just to ponder on what would be better...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for highlighting that.
We will check what would be less expensive in terms of resource usage - to have a full value-structure, or to have a pointer that needs to be cloned in shm.
src/core/tcp_read.c
Outdated
local_timer_add(&tcp_reader_ltimer, &con->timer, | ||
S_TO_TICKS(TCP_CHILD_TIMEOUT), t); | ||
if(con->rcv.proto_reserved2 && con->type == PROTO_WSS) { | ||
//not setting up timers for haproxy WSS connections |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The patch is quite consistent to important parts of the core. It has to be reviewed properly, so far I did a quick walk through, other developers are welcome to jump in.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please pay attention at this particular change - from line 1846 to line 1856.
The purpose of this change is to keep the WSS connection connected. When testing this haproxy change without this particular piece of change (from line 1846 to line 1856) we observed that kamailio was dropping WSS connection by timer, and this drop looked strange, because it happened in about 5-7 seconds after the connection was established. One of the requirement for haproxy was to keep TLS/WSS connection established during all the dialog and not to drop it without any important reason. I tried to find how to make it not to be dropped by timer, but found the only way is to not to set the timer up for WSS. Also the drop cause is still not cleat for me.
I don't think this is a good solution, but I was not able to find a better one. I would appreciate if you check this change attentively. If needed I can provide with the logs where kamailio drops WSS connection.
I was thinking. Could we have something generic that abstracts the rcv parameter of the message? |
Indeed, it would be good to try to find a more generic way to approach this kind of needs to store intermediary hop address. The patch is rather consistent for the core part and couldn't assert the impact so far. |
361326d
to
b0efcbe
Compare
…cessing - updated TCP connection selection when relaying through haproxy - Via header content is changed onto haproxy address if haproxy is used
This PR is stale because it has been open 6 weeks with no activity. Remove stale label or comment or this will be closed in 2 weeks. |
Pre-Submission Checklist
in
doc/
subfolder, the README file is autogenerated)Type Of Change
Checklist:
Description
Allow creating Record-Route and Via header using destination address and port in the haproxy protocol header.
PR created behalf @ivanuschak