Proxy Protocol v2 Initiator

Problem this snippet solves:

Proxy Protocol v1 related articles have already been posted on DevCentral, but there is no v2 support iRule code available. A customer wanted to support Proxy Protocol v2, so I wrote an iRule code for supporting v2.

How to use this snippet:

Back-end server must handle Proxy header prior data exchange. 

Code :

when CLIENT_ACCEPTED {
	# DEBUG On/Off 
	set DEBUG 0

	set v2_proxy_header "0d0a0d0a000d0a515549540a"
	
	# v2 version and command : 0x21 - version 2 & PROXY command
	set v2_ver_command "21"

	# v2 address family and transport protocol : 0x11 - AF_INET (IPv4) & TCP protocol
	set v2_af_tp "11"

	# v2 Address Size : 0x000C - 12 bytes for IPv4 + TCP 
	set v2_address_length "000c"

	# Get TCP port - 2 byte hexadecimal format
	set src_port [format "%04x" [TCP::client_port]]
	set dst_port [format "%04x" [TCP::local_port]]

	# Get Src Address and convert to 4 byte hexadecimal format
	foreach val [split [IP::client_addr] "."] {
		append src_addr [format "%02x" $val]
	}

	# Get Dst Address and convert to 4 byte hexadecimal format
	foreach val [split [IP::local_addr] "."] {
		append dst_addr [format "%02x" $val]
	}

	# Build proxy v2 data
	set proxy_data [binary format H* "${v2_proxy_header}${v2_ver_command}${v2_af_tp}${v2_address_length}${src_addr}${dst_addr}${src_port}${dst_port}"]

	if { $DEBUG } {
		binary scan $proxy_data H* proxy_dump
		log local0. "[IP::client_addr]:[TCP::client_port]_[IP::local_addr]:[TCP::local_port] - proxy_data dump : $proxy_dump"
	}
}

when SERVER_CONNECTED {
	TCP::respond $proxy_data
}

 

Published Jul 17, 2024
Version 1.0
BIG-IP
iRules
LTM
proxy

Was this article helpful?

No CommentsBe the first to comment