listen block missing tcp_request

Question

listen block missing tcp_request

quulah opened this issue 6 years ago · 8 comments

It's supported there, and also in backend, but this role seems to be missing a parameter for it.

I also noticed, that there's some differences between the template and the README.

The README says:

haproxy_frontend.{n}.tcp_request: [optional]: Perform an action on a new session depending on a layer 4-7 condition. (e.g. content captureparam req.ssl_sni len 50)

But the template has action, param and cond like in http_request:

  tcp-request {{ tcp_request.action }}{% if tcp_request.param is defined %} {{ tcp_request.param }}{% endif %}{% if tcp_request.cond is defined %} {{ tcp_request.cond }}{% endif %}

Answer 1 · 2018-05-05T08:57:27.000Z

I made a fork and was in the process of making some changes and a pull request, but I'm not sure how to handle the action, param and cond stuff.

If you look at the configuration for HAProxy, http-request and tcp-request differ a bit.

tcp-request has things like content and connection in the keyword, and then the action and condition.

Currently, the action would be content for example, which I think is a bit wrong.

Answer 2 · 2018-05-05T08:58:42.000Z

If you follow the README, then it would just be a list of things and the template needs changing.

If you want to separate the actions, conditions and other parameters then both the README and template need some fixing.

:)

Answer 3 · 2018-05-08T07:24:53.000Z

I agree that the README is a bit cripple (and the implementation might be too :-)). Can you add a link of the tcp-request documentation. I'll try to have a look at it soon.

Answer 4 · 2018-05-15T18:08:21.000Z

https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4.2-tcp-request%20connection And down from there. Currently, I'm mostly interested in the tcp-request content.

…

On Tue, May 8, 2018 at 10:24 AM, Mischa ter Smitten < ***@***.***> wrote: I agree that the README is a bit cripple (and the implementation might be too :-)). Can you add a link of the tcp-request documentation. I'll try to have a look at it soon. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#75 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABVkiHpo0CuBswoa6NOOOXm7P-iOptgwks5twUhGgaJpZM4TzjkI> .

-- MK

Answer 5 · 2018-05-15T20:18:32.000Z

I guess there should be 4 separate options:

tcp-request connection
tcp-request content
tcp-request inspect-delay
tcp-request session

With corresponding arguments (e.g. action, condition, timeout).

Answer 6 · 2018-05-15T20:20:54.000Z

Can you add them where they're supported.

And remove the general tcp_request?

Answer 7 · 2018-05-16T04:49:36.000Z

Sure, I'll try to take a look at it as soon as I can. :)

…

On Tue, May 15, 2018, 23:20 Mischa ter Smitten ***@***.***> wrote: Can you add them where they're supported. [image: screenshot from 2018-05-15 22-19-38] <https://user-images.githubusercontent.com/3392962/40081396-23b1cbca-588e-11e8-9a39-b4d35b2d0d16.png> And remove the general tcp_request? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#75 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABVkiN-5be2V-26r1lPkmFNqFjfQbv82ks5tyzimgaJpZM4TzjkI> .

Answer 8 · 2018-06-16T20:20:00.000Z

Finally got around to doing the changes. I added new variables tcp_request_content, tcp_request_connection, tcp_request_session and tcp_request_inspect_delay to the templates for listen, backend and frontend.

The variable names are a bit long, might also be a tcp_request dict, but tell me what you think. :)