Re: WGLC: draft-ietf-appsawg-http-forwarded-02.txt - section 5.1 from Willy Tarreau on 2012-05-06 (ietf-http-wg@w3.org from April to June 2012)

From: Willy Tarreau <w@1wt.eu>
Date: Sun, 6 May 2012 07:51:04 +0200
To: Amos Jeffries <squid3@treenet.co.nz>
Cc: ietf-http-wg@w3.org
Message-ID: <20120506055104.GB8105@1wt.eu>

On Sun, May 06, 2012 at 01:43:38PM +1200, Amos Jeffries wrote:
> On 4/05/2012 9:34 p.m., Andreas Petersson wrote:
> >On Wed, 02 May 2012 14:32:59 +1200
> >Amos Jeffries<squid3@treenet.co.nz>  wrote:
> >>** section 5.1, must it be an interface label?
> >>
> >>what about interception ports where the TCP details are not related to
> >>the interface in any way and both details needed?
> 
> With the TPROXY/divert socket features in recent kernels replacing NAT 
> there is a big disconnection of the TCP details and application 
> listening port details.
> 
> For example an application can be listening on 192.168.1.1:3129  and 
> receiving TCP packets with src 10.1.1.1:12345 dst 10.2.3.4:80. Which of 
> the three IP:port values is best added to the header?
> 
> I know this only affects interception proxies which we dont *realy* want 
> to cater for specifically. But it does bring up a clarity issue with the 
> texts.
> 
> >>what about interfaces labelled with non-alphanumeric characters?
> 
> Using squid as an example:
> 
>   http_port 127.0.0.1:3128 name=localhost-3128
>   http_port 127.0.0.1:3129 name=localhost-3129
> 
> "-" character is not matching the alpha-numeric ABNF requirements. Also 
> the admin might have entered any UTF-8 characters from whatever language 
> they use as the label.

I'm used to see a similar thing at places where front SSL-offload caches
are installed. The instance name which receives the connection is named
in requests going to the backend servers, and it holds the name of the
application or of the customer, which is a 1:1 association from the
listening ip:port. I too think that we should allow a slightly larger
alphabet to permit "[:._-]" and possibly a few other characters. Some
people might also want to name the incoming interface on transparent
intercepting proxies. It's likely that the few chars above are enough
to unambiguously name network interfaces.

Given that the underscore has a special meaning when stated first, we
could have the chars above only allowed after a first ALPHANUM character.

What do others think ?

Willy

Received on Sunday, 6 May 2012 05:52:55 UTC