Greetings folks!
I am trying to parse the PG startup message using an HAProxy ACL – but the acl never returns true. Here’s what it looks like:
listen pg_ingress
#mode tcp
bind *:5000
option tcplog # enable addvanced logging
# hex convert tsdbrw
acl check-rw req.payload(0,0),hex -m sub 757365720074736462727700
use_backend pg_readwrite if check-rw
default_backend pg_readonly
In detail:
acl check-rw req.payload(0,0),hex -m sub 757365720074736462727700
The req.payload should return a binary block of the entire request buffer. I am assuming that the startup message will be there but I suspect it is not.
The “hex” statement converts the binary into hex, and the -m sub attempts to match a substring of the following hex – which is “user\0tsdbrw\0”
I think this should work, but it doesn’t look that way…
When exactly does the startup message come across the tcp wire?
Much thanks,
Pg
Phil Godfrin | Database Administrator
NOV
NOV US | Engineering Data
9720 Beechnut St | Houston, Texas 77036
M 281.825.2311
https://www.postgresql.org/docs/13/protocol-flow.html
The above explains what goes over the wire in what order.
I understood the implementation above from reading
I may be diverting here, this helped me understand how the message flows from client to server.
Ignore if not relevant.
On Thu, Jun 3, 2021, 2:40 AM Godfrin, Philippe E <philippe.godfrin@xxxxxxx> wrote:
