Should we follow the standard? Would be some breaking changes.
https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
- Auto-detection on same port: We auto-detect PROXY headers on the same port that accepts direct connections. The spec
says receivers "MUST NOT guess" - proxied traffic should be on a dedicated port where PROXY headers are mandatory,
separate from direct client ports.
- TLV handling: We raise UnsupportedTLVType for any TLV that isn't SSL. The spec says to silently ignore unknown TLVs.
This will reject connections from HAProxy/proxies sending ALPN, AUTHORITY, CRC32C, NOOP, UNIQUE_ID, or NETNS TLVs.
- V2 writer: Missing IPv6/Unix support (only affects outbound, e.g., clustering proxy).
Maybe not relevant?
- AF_UNSPEC rejected: We raise InvalidFamily for UNSPEC (0x00). The spec requires accepting this for LOCAL commands or
unknown protocols.
- LOCAL command ignored: We detect LOCAL (0x20) but still try to parse addresses from the header. The spec says LOCAL
means "use actual socket addresses, ignore header addresses."
- CRC32C validation: We don't validate checksums when present (we'd reject it as unsupported TLV anyway).
Should we follow the standard? Would be some breaking changes.
https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
says receivers "MUST NOT guess" - proxied traffic should be on a dedicated port where PROXY headers are mandatory,
separate from direct client ports.
This will reject connections from HAProxy/proxies sending ALPN, AUTHORITY, CRC32C, NOOP, UNIQUE_ID, or NETNS TLVs.
Maybe not relevant?
unknown protocols.
means "use actual socket addresses, ignore header addresses."