1

I know I can capture 6 bytes length packet using this config:

global
        log /dev/log    local0 debug
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

defaults
        log     global
        mode    tcp
        timeout client 10m
        timeout connect 10s
        timeout server 10m

backend talk_0
        server stupid_0 example.com:80
frontend listen_0
        mode tcp
        option tcplog
        bind :12345
        default_backend talk_0
        tcp-request inspect-delay 5s
        tcp-request content capture req.payload(0,6) len 6
        log-format %[capture.req.hdr(0)]

However, I can't figure out how to capture full packet without knowing its length. Is it possible using haproxy? If yes, how to do it?

Defozo
  • 153
  • 5
  • I'm just wondering why you would need the entire TCP packet, including its data. Do you want to base the decision of which backend to chose based on the data inside the TCP stream? – Tommiie Jan 08 '19 at 14:18
  • No, I just want to inspect the data for debugging purposes. I know there are more specialized sniffers for that purpose but since I'm already using haproxy I just wonder if it's possible... – Defozo Jan 08 '19 at 14:55
  • As Ethernet frames have a max size of 1500 bytes (excl. the header) and the IPv4 header is 20 bytes, your max length is 1480 bytes. Give that number instead of **6** and you always capture the entire packet. – Tommiie Jan 08 '19 at 15:16

0 Answers0