Incoming packet format on the BK port

harlan · April 9, 2018, 9:18am

I don’t yet know enough to ask about this, but that’s not going to stop me

I know we have a box where, in addition to serving bk:// on the expected port, we also run a bkd on port 80, for folks who want to look at repos using a web browser.

This works fine for our BK servers that are directly connected to the internet.

The trick is we want to deploy these boxes on a DMZ network, which is accessed thru an haproxy box.

haproxy does frontend checks on the incoming packet (in this case, http or https) to check the header information to identify the host that the client wants to talk to. Cool. We’re in the process of learning how haproxy can get packets from other ports, specifically for BK, and when we get these packets we’re going to want to see how haproxy can poke in the packet header enough to figure out what hostname the client is trying to reach, so we can redirect the traffic to the appropriate back-end BK server on the DMZ network.

Got any suggestions for me?

wscott · April 11, 2018, 1:44pm

[sorry, on a road trip]

The bk protocol to the bkd on the default port of 14690 is ad-hoc and not totally consistent between commands. Also somewhat famously you can connect to it with telnet or use a network sniffer to record the traffic for typical commands.

However, bk can also be told to use HTTP for all connections. For example, try bk version http://yourbox/repo. This will connect to your port 80 bkd and use http headers. Other bk operations should also work, but you may have used -x options when launching the bkd on port 80 to disable some of the commands to write to repositories.

So if you want to use a proxy or access control it is probably better to access the bkd via http and mess with that connection.