Re: PG Startup message and HAProxy ACL
От | Vijaykumar Jain |
---|---|
Тема | Re: PG Startup message and HAProxy ACL |
Дата | |
Msg-id | CAM+6J94kD5vfj+H8q+K84H-0DO+_63zyfw4R_G9ED7ke83i5ow@mail.gmail.com обсуждение исходный текст |
Ответ на | Re: PG Startup message and HAProxy ACL (Vijaykumar Jain <vijaykumarjain.github@gmail.com>) |
Ответы |
RE: [EXTERNAL] Re: PG Startup message and HAProxy ACL
("Godfrin, Philippe E" <philippe.godfrin@nov.com>)
|
Список | pgsql-admin |
https://www.postgresql.org/docs/13/protocol-flow.htmlThe above explains what goes over the wire in what order.I understood the implementation above from readingI may be diverting here, this helped me understand how the message flows from client to server.Ignore if not relevant.On Thu, Jun 3, 2021, 2:40 AM Godfrin, Philippe E <philippe.godfrin@nov.com> wrote:Greetings folks!
I am trying to parse the PG startup message using an HAProxy ACL – but the acl never returns true. Here’s what it looks like:
listen pg_ingress
#mode tcp
bind *:5000
option tcplog # enable addvanced logging
# hex convert tsdbrw
acl check-rw req.payload(0,0),hex -m sub 757365720074736462727700
use_backend pg_readwrite if check-rw
default_backend pg_readonly
In detail:
acl check-rw req.payload(0,0),hex -m sub 757365720074736462727700
The req.payload should return a binary block of the entire request buffer. I am assuming that the startup message will be there but I suspect it is not.
The “hex” statement converts the binary into hex, and the -m sub attempts to match a substring of the following hex – which is “user\0tsdbrw\0”
I think this should work, but it doesn’t look that way…
When exactly does the startup message come across the tcp wire?
Much thanks,
Pg
Phil Godfrin | Database Administrator
NOV
NOV US | Engineering Data
9720 Beechnut St | Houston, Texas 77036
M 281.825.2311
В списке pgsql-admin по дате отправления:
Следующее
От: "Godfrin, Philippe E"Дата:
Сообщение: RE: [EXTERNAL] Re: PG Startup message and HAProxy ACL