Re: PG Startup message and HAProxy ACL

https://www.postgresql.org/docs/13/protocol-flow.html

The above explains what goes over the wire in what order.

I understood the implementation above from reading
https://github.com/tlocke/pg8000/blob/master/pg8000/core.py

I may be diverting here, this helped me understand how the message flows
from client to server.
Ignore if not relevant.

On Thu, Jun 3, 2021, 2:40 AM Godfrin, Philippe E <philippe(dot)godfrin(at)nov(dot)com>
wrote:

> Greetings folks!
>
>
>
> I am trying to parse the PG startup message using an HAProxy ACL – but the
> acl never returns true. Here’s what it looks like:
>
>
>
> listen pg_ingress
>
> #mode tcp
>
> bind *:5000
>
> option tcplog # enable addvanced logging
>
> # hex convert tsdbrw
>
> acl check-rw req.payload(0,0),hex -m sub 757365720074736462727700
>
> use_backend pg_readwrite if check-rw
>
> default_backend pg_readonly
>
>
>
> In detail:
>
>
>
> acl check-rw req.payload(0,0),hex -m sub 757365720074736462727700
>
>
>
> The req.payload should return a binary block of the entire request buffer.
> I am assuming that the startup message will be there but I suspect it is
> not.
>
> The “hex” statement converts the binary into hex, and the -m sub attempts
> to match a substring of the following hex – which is “user\0tsdbrw\0”
>
>
>
> I think this should work, but it doesn’t look that way…
>
>
>
> When exactly does the startup message come across the tcp wire?
>
> Much thanks,
>
> Pg
>
>
>
> Phil Godfrin | *Database Administrator*
>
> *NOV*
>
> NOV US | Engineering Data
>
> 9720 Beechnut St | Houston, Texas 77036
>
> M 281.825.2311
>
> E Philippe(dot)Godfrin(at)nov(dot)com
>
>
>