HaProxy send-proxy-v2 is not sending client_ip

gundaldo · March 13, 2024, 10:52am

Hello Team

We have configured HA Proxy as a load balancer/reverse proxy to proxy the requests to backend service. As part of the requirement, we need to capture client IPs in backend service for tracking purpose.

We are using “send-proxy-v2” and it used to work but all of sudden stopped working. Our backend service team would like to know if HaProxy is really sending client IP.

We tried this tcpdump command to capture proxy protocol packets but nothing is getting reported.
tcpdump -i eth0 -n -s 0 -A ‘tcp[((tcp[12] & 0xF0) >> 2):4] = 0x50524f58’

Can anyone please assist on this?

Thanks

Dragonn · March 19, 2024, 6:36am

Hello,
I believe you are trying to match proxy v1 protocol (which is text based) but using proxy v2 protocol (binary). See e.g. this page which explains the difference with nice examples - Exploring the PROXY Protocol - Benjamin Boudreau

If you want to dump it by tcpdump, try following:

tcpdump -ni eth0 -s 0 -X 'tcp[((tcp[12] & 0xF0) >> 2)+7:4] = 0x51554954'

Decoding original source and destination IP address is a bit tricky, because its binary but definitely doable.

Topic		Replies	Views
Proxy Protocol won't work with TCP Load balancing Help!	4	505	July 12, 2022
HAProxy to retain client IP Help!	3	12540	July 2, 2019
Source IP in backend Help!	2	1030	September 25, 2024
Java Log Client IP using send-proxy header Help!	0	333	September 10, 2021
TCP mode with forward ip Help!	2	1634	May 23, 2023

HaProxy send-proxy-v2 is not sending client_ip

Related topics