PG Startup message and HAProxy ACL

Greetings folks!

I am trying to parse the PG startup message using an HAProxy ACL – but the acl never returns true. Here’s what it looks like:

listen  pg_ingress

        #mode   tcp

        bind    *:5000

        option tcplog           # enable addvanced logging

        # hex convert tsdbrw   

        acl check-rw req.payload(0,0),hex -m sub 757365720074736462727700

        use_backend pg_readwrite if check-rw

        default_backend pg_readonly

In detail:

        acl check-rw req.payload(0,0),hex -m sub 757365720074736462727700

The req.payload should return a binary block of the entire request buffer. I am assuming that the startup message will be there but I suspect it is not.

The “hex” statement converts the binary into hex, and the -m sub attempts to match a substring of the following hex – which is “user\0tsdbrw\0”

I think this should work, but it doesn’t look that way…

When exactly does the startup message come across the tcp wire?

Much thanks,

Pg

Phil Godfrin | Database Administrator

NOV

NOV US | Engineering Data

9720 Beechnut St | Houston, Texas 77036

M  281.825.2311

E   Philippe.Godfrin@nov.com