Replies: 1 comment 1 reply
-
Thank you - moving this to discussions as an idea. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Thank you - moving this to discussions as an idea. |
Beta Was this translation helpful? Give feedback.
-
haproxy has published what they call the PROXY protocol. It appears to be used by haproxy, nginx, and Cloudflare among others. As an example, version 1 precedes a connection with a single text line along the lines of "PROXY TCP4 1.1.1.1 2.2.2.2 3333 4444\r\n" to indicate the src/dest IPs and ports. Version 2 has a binary header.
It appears zeek (as of v3.0.11) registers a connection using this protocol only as a CONN event, indicating that it does no further protocol parsing. IOW, If it contains a forwarded HTTPS connection, there are no TLS or HTTP events from Zeek.
I would think adding support for this would be straightforward, as it was designed with simplicity and speed of parsing in mind. Neither version is radically dissimilar to other IP encapsulation protocols.
https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
https://developers.cloudflare.com/spectrum/proxy-protocol
https://www.digitalocean.com/blog/load-balancers-now-support-proxy-protocol/
Beta Was this translation helpful? Give feedback.
All reactions