| author | Matthew Wild <mwild1@gmail.com> |
| Sat, 24 Sep 2022 09:26:26 +0100 | |
| changeset 5063 | 5f1120c284c5 |
| parent 4948 | 9d65eb3fcb15 |
| permissions | -rw-r--r-- |
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
1 |
-- mod_net_proxy.lua |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
2 |
-- Copyright (C) 2018 Pascal Mathis <mail@pascalmathis.com> |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
3 |
-- |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
4 |
-- Implementation of PROXY protocol versions 1 and 2 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
5 |
-- Specifications: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
6 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
7 |
module:set_global(); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
8 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
9 |
-- Imports |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
10 |
local softreq = require "util.dependencies".softreq; |
|
4948
9d65eb3fcb15
mod_net_proxy: Fix for bitop with Lua 5.4
moparisthebest <admin@moparisthebest.com>
parents:
3566
diff
changeset
|
11 |
local bit = assert(softreq "bit" or softreq "bit32" or softreq "util.bitcompat", "No bit module found. See https://prosody.im/doc/depends#bitop"); |
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
12 |
local hex = require "util.hex"; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
13 |
local ip = require "util.ip"; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
14 |
local net = require "util.net"; |
|
2965
33227efa2cdc
mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured
Pascal Mathis <mail@pascalmathis.com>
parents:
2939
diff
changeset
|
15 |
local set = require "util.set"; |
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
16 |
local portmanager = require "core.portmanager"; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
17 |
|
|
2935
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
18 |
-- Backwards Compatibility |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
19 |
local function net_ntop_bc(input) |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
20 |
if input:len() == 4 then |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
21 |
return string.format("%d.%d.%d.%d", input:byte(1, 4)); |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
22 |
elseif input:len() == 16 then |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
23 |
local octets = { nil, nil, nil, nil, nil, nil, nil, nil }; |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
24 |
|
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
25 |
-- Convert received bytes into IPv6 address and skip leading zeroes for each group |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
26 |
for index = 1, 8 do |
|
2939
7319fd5dbc89
mod_net_proxy: Fixed luacheck warnings
Pascal Mathis <mail@pascalmathis.com>
parents:
2935
diff
changeset
|
27 |
local high, low = input:byte(index * 2 - 1, index * 2); |
|
2935
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
28 |
octets[index] = string.format("%x", high * 256 + low); |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
29 |
end |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
30 |
local address = table.concat(octets, ":", 1, 8); |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
31 |
|
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
32 |
-- Search for the longest sequence of zeroes |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
33 |
local token; |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
34 |
local length = (address:match("^0:[0:]+()") or 1) - 1; |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
35 |
for s in address:gmatch(":0:[0:]+") do |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
36 |
if length < #s then |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
37 |
length, token = #s, s; |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
38 |
end |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
39 |
end |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
40 |
|
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
41 |
-- Return the shortened IPv6 address |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
42 |
return address:gsub(token or "^0:[0:]+", "::", 1); |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
43 |
end |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
44 |
end |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
45 |
|
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
46 |
local net_ntop = net.ntop or net_ntop_bc |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
47 |
|
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
48 |
-- Utility Functions |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
49 |
local function _table_invert(input) |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
50 |
local output = {}; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
51 |
for key, value in pairs(input) do |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
52 |
output[value] = key; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
53 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
54 |
return output; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
55 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
56 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
57 |
-- Constants |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
58 |
local ADDR_FAMILY = { UNSPEC = 0x0, INET = 0x1, INET6 = 0x2, UNIX = 0x3 }; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
59 |
local ADDR_FAMILY_STR = _table_invert(ADDR_FAMILY); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
60 |
local TRANSPORT = { UNSPEC = 0x0, STREAM = 0x1, DGRAM = 0x2 }; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
61 |
local TRANSPORT_STR = _table_invert(TRANSPORT); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
62 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
63 |
local PROTO_MAX_HEADER_LENGTH = 256; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
64 |
local PROTO_HANDLERS = { |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
65 |
PROXYv1 = { signature = hex.from("50524F5859"), callback = nil }, |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
66 |
PROXYv2 = { signature = hex.from("0D0A0D0A000D0A515549540A"), callback = nil } |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
67 |
}; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
68 |
local PROTO_HANDLER_STATUS = { SUCCESS = 0, POSTPONE = 1, FAILURE = 2 }; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
69 |
|
|
2967
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
70 |
-- Configuration Variables |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
71 |
local config_mappings = module:get_option("proxy_port_mappings", {}); |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
72 |
local config_ports = module:get_option_set("proxy_ports", {}); |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
73 |
local config_trusted_proxies = module:get_option_set("proxy_trusted_proxies", {"127.0.0.1", "::1"}); |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
74 |
|
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
75 |
-- Persistent In-Memory Storage |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
76 |
local sessions = {}; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
77 |
local mappings = {}; |
|
2967
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
78 |
local trusted_networks = set.new(); |
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
79 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
80 |
-- Proxy Data Methods |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
81 |
local proxy_data_mt = {}; proxy_data_mt.__index = proxy_data_mt; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
82 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
83 |
function proxy_data_mt:describe() |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
84 |
return string.format("proto=%s/%s src=%s:%d dst=%s:%d", |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
85 |
self:addr_family_str(), self:transport_str(), self:src_addr(), self:src_port(), self:dst_addr(), self:dst_port()); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
86 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
87 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
88 |
function proxy_data_mt:addr_family_str() |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
89 |
return ADDR_FAMILY_STR[self._addr_family] or ADDR_FAMILY_STR[ADDR_FAMILY.UNSPEC]; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
90 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
91 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
92 |
function proxy_data_mt:transport_str() |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
93 |
return TRANSPORT_STR[self._transport] or TRANSPORT_STR[TRANSPORT.UNSPEC]; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
94 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
95 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
96 |
function proxy_data_mt:version() |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
97 |
return self._version; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
98 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
99 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
100 |
function proxy_data_mt:addr_family() |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
101 |
return self._addr_family; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
102 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
103 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
104 |
function proxy_data_mt:transport() |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
105 |
return self._transport; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
106 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
107 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
108 |
function proxy_data_mt:src_addr() |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
109 |
return self._src_addr; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
110 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
111 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
112 |
function proxy_data_mt:src_port() |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
113 |
return self._src_port; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
114 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
115 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
116 |
function proxy_data_mt:dst_addr() |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
117 |
return self._dst_addr; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
118 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
119 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
120 |
function proxy_data_mt:dst_port() |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
121 |
return self._dst_port; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
122 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
123 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
124 |
-- Protocol Handler Functions |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
125 |
PROTO_HANDLERS["PROXYv1"].callback = function(conn, session) |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
126 |
local addr_family_mappings = { TCP4 = ADDR_FAMILY.INET, TCP6 = ADDR_FAMILY.INET6 }; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
127 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
128 |
-- Postpone processing if CRLF (PROXYv1 header terminator) does not exist within buffer |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
129 |
if session.buffer:find("\r\n") == nil then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
130 |
return PROTO_HANDLER_STATUS.POSTPONE, nil; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
131 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
132 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
133 |
-- Declare header pattern and match current buffer against pattern |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
134 |
local header_pattern = "^PROXY (%S+) (%S+) (%S+) (%d+) (%d+)\r\n"; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
135 |
local addr_family, src_addr, dst_addr, src_port, dst_port = session.buffer:match(header_pattern); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
136 |
src_port, dst_port = tonumber(src_port), tonumber(dst_port); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
137 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
138 |
-- Ensure that header was successfully parsed and contains a valid address family |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
139 |
if addr_family == nil or src_addr == nil or dst_addr == nil or src_port == nil or dst_port == nil then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
140 |
module:log("warn", "Received unparseable PROXYv1 header from %s", conn:ip()); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
141 |
return PROTO_HANDLER_STATUS.FAILURE, nil; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
142 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
143 |
if addr_family_mappings[addr_family] == nil then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
144 |
module:log("warn", "Received invalid PROXYv1 address family from %s: %s", conn:ip(), addr_family); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
145 |
return PROTO_HANDLER_STATUS.FAILURE, nil; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
146 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
147 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
148 |
-- Ensure that received source and destination ports are within 1 and 65535 (0xFFFF) |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
149 |
if src_port <= 0 or src_port >= 0xFFFF then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
150 |
module:log("warn", "Received invalid PROXYv1 source port from %s: %d", conn:ip(), src_port); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
151 |
return PROTO_HANDLER_STATUS.FAILURE, nil; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
152 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
153 |
if dst_port <= 0 or dst_port >= 0xFFFF then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
154 |
module:log("warn", "Received invalid PROXYv1 destination port from %s: %d", conn:ip(), dst_port); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
155 |
return PROTO_HANDLER_STATUS.FAILURE, nil; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
156 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
157 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
158 |
-- Ensure that received source and destination address can be parsed |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
159 |
local _, err = ip.new_ip(src_addr); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
160 |
if err ~= nil then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
161 |
module:log("warn", "Received unparseable PROXYv1 source address from %s: %s", conn:ip(), src_addr); |
|
2979
7eb6fa9b03fd
mod_net_proxy: Added missing return when detecting unparseable PROXYv1 source address
Pascal Mathis <mail@pascalmathis.com>
parents:
2967
diff
changeset
|
162 |
return PROTO_HANDLER_STATUS.FAILURE, nil; |
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
163 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
164 |
_, err = ip.new_ip(dst_addr); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
165 |
if err ~= nil then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
166 |
module:log("warn", "Received unparseable PROXYv1 destination address from %s: %s", conn:ip(), dst_addr); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
167 |
return PROTO_HANDLER_STATUS.FAILURE, nil; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
168 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
169 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
170 |
-- Strip parsed header from session buffer and build proxy data |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
171 |
session.buffer = session.buffer:gsub(header_pattern, ""); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
172 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
173 |
local proxy_data = { |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
174 |
_version = 1, |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
175 |
_addr_family = addr_family, _transport = TRANSPORT.STREAM, |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
176 |
_src_addr = src_addr, _src_port = src_port, |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
177 |
_dst_addr = dst_addr, _dst_port = dst_port |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
178 |
}; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
179 |
setmetatable(proxy_data, proxy_data_mt); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
180 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
181 |
-- Return successful response with gathered proxy data |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
182 |
return PROTO_HANDLER_STATUS.SUCCESS, proxy_data; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
183 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
184 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
185 |
PROTO_HANDLERS["PROXYv2"].callback = function(conn, session) |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
186 |
-- Postpone processing if less than 16 bytes are available |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
187 |
if #session.buffer < 16 then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
188 |
return PROTO_HANDLER_STATUS.POSTPONE, nil; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
189 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
190 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
191 |
-- Parse first 16 bytes of protocol header |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
192 |
local version = bit.rshift(bit.band(session.buffer:byte(13), 0xF0), 4); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
193 |
local command = bit.band(session.buffer:byte(13), 0x0F); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
194 |
local addr_family = bit.rshift(bit.band(session.buffer:byte(14), 0xF0), 4); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
195 |
local transport = bit.band(session.buffer:byte(14), 0x0F); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
196 |
local length = bit.bor(session.buffer:byte(16), bit.lshift(session.buffer:byte(15), 8)); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
197 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
198 |
-- Postpone processing if less than 16+<length> bytes are available |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
199 |
if #session.buffer < 16 + length then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
200 |
return PROTO_HANDLER_STATUS.POSTPONE, nil; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
201 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
202 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
203 |
-- Ensure that version number is correct |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
204 |
if version ~= 0x2 then |
|
2966
6b01600b9c02
mod_net_proxy: Adjusted log level of errors triggered by remote connections to 'warn'
Pascal Mathis <mail@pascalmathis.com>
parents:
2965
diff
changeset
|
205 |
module:log("warn", "Received unsupported PROXYv2 version from %s: %d", conn:ip(), version); |
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
206 |
return PROTO_HANDLER_STATUS.FAILURE, nil; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
207 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
208 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
209 |
local payload = session.buffer:sub(17); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
210 |
if command == 0x0 then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
211 |
-- Gather source/destination addresses and ports from local socket |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
212 |
local src_addr, src_port = conn:socket():getpeername(); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
213 |
local dst_addr, dst_port = conn:socket():getsockname(); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
214 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
215 |
-- Build proxy data based on real connection information |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
216 |
local proxy_data = { |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
217 |
_version = version, |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
218 |
_addr_family = addr_family, _transport = transport, |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
219 |
_src_addr = src_addr, _src_port = src_port, |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
220 |
_dst_addr = dst_addr, _dst_port = dst_port |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
221 |
}; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
222 |
setmetatable(proxy_data, proxy_data_mt); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
223 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
224 |
-- Return successful response with gathered proxy data |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
225 |
return PROTO_HANDLER_STATUS.SUCCESS, proxy_data; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
226 |
elseif command == 0x1 then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
227 |
local offset = 1; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
228 |
local src_addr, src_port, dst_addr, dst_port; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
229 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
230 |
-- Verify transport protocol is either STREAM or DGRAM |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
231 |
if transport ~= TRANSPORT.STREAM and transport ~= TRANSPORT.DGRAM then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
232 |
module:log("warn", "Received unsupported PROXYv2 transport from %s: 0x%02X", conn:ip(), transport); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
233 |
return PROTO_HANDLER_STATUS.FAILURE, nil; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
234 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
235 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
236 |
-- Parse source and destination addresses |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
237 |
if addr_family == ADDR_FAMILY.INET then |
|
2935
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
238 |
src_addr = net_ntop(payload:sub(offset, offset + 3)); offset = offset + 4; |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
239 |
dst_addr = net_ntop(payload:sub(offset, offset + 3)); offset = offset + 4; |
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
240 |
elseif addr_family == ADDR_FAMILY.INET6 then |
|
2935
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
241 |
src_addr = net_ntop(payload:sub(offset, offset + 15)); offset = offset + 16; |
|
e79b9a55aa2e
mod_net_proxy: Fixed backwards compatibility to Prosody 0.10
Pascal Mathis <mail@pascalmathis.com>
parents:
2934
diff
changeset
|
242 |
dst_addr = net_ntop(payload:sub(offset, offset + 15)); offset = offset + 16; |
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
243 |
elseif addr_family == ADDR_FAMILY.UNIX then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
244 |
src_addr = payload:sub(offset, offset + 107); offset = offset + 108; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
245 |
dst_addr = payload:sub(offset, offset + 107); offset = offset + 108; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
246 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
247 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
248 |
-- Parse source and destination ports |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
249 |
if addr_family == ADDR_FAMILY.INET or addr_family == ADDR_FAMILY.INET6 then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
250 |
src_port = bit.bor(payload:byte(offset + 1), bit.lshift(payload:byte(offset), 8)); offset = offset + 2; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
251 |
-- luacheck: ignore 311 |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
252 |
dst_port = bit.bor(payload:byte(offset + 1), bit.lshift(payload:byte(offset), 8)); offset = offset + 2; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
253 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
254 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
255 |
-- Strip parsed header from session buffer and build proxy data |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
256 |
session.buffer = session.buffer:sub(17 + length); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
257 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
258 |
local proxy_data = { |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
259 |
_version = version, |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
260 |
_addr_family = addr_family, _transport = transport, |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
261 |
_src_addr = src_addr, _src_port = src_port, |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
262 |
_dst_addr = dst_addr, _dst_port = dst_port |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
263 |
}; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
264 |
setmetatable(proxy_data, proxy_data_mt); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
265 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
266 |
-- Return successful response with gathered proxy data |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
267 |
return PROTO_HANDLER_STATUS.SUCCESS, proxy_data; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
268 |
else |
|
2966
6b01600b9c02
mod_net_proxy: Adjusted log level of errors triggered by remote connections to 'warn'
Pascal Mathis <mail@pascalmathis.com>
parents:
2965
diff
changeset
|
269 |
module:log("warn", "Received unsupported PROXYv2 command from %s: 0x%02X", conn:ip(), command); |
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
270 |
return PROTO_HANDLER_STATUS.FAILURE, nil; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
271 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
272 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
273 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
274 |
-- Wrap an existing connection with the provided proxy data. This will override several methods of the 'conn' object to |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
275 |
-- return the proxied source instead of the source which initiated the TCP connection. Afterwards, the listener of the |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
276 |
-- connection gets set according to the globally defined port<>service mappings and the methods 'onconnect' and |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
277 |
-- 'onincoming' are being called manually with the current session buffer. |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
278 |
local function wrap_proxy_connection(conn, session, proxy_data) |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
279 |
-- Override and add functions of 'conn' object when source information has been collected |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
280 |
conn.proxyip, conn.proxyport = conn.ip, conn.port; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
281 |
if proxy_data:src_addr() ~= nil and proxy_data:src_port() ~= nil then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
282 |
conn.ip = function() |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
283 |
return proxy_data:src_addr(); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
284 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
285 |
conn.port = function() |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
286 |
return proxy_data:src_port(); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
287 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
288 |
conn.clientport = conn.port; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
289 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
290 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
291 |
-- Attempt to find service by processing port<>service mappings |
|
3566
b33b2fbdc713
mod_net_proxy: Ensure port numbers are coerced into numbers
Kim Alvefur <zash@zash.se>
parents:
3001
diff
changeset
|
292 |
local mapping = mappings[tonumber(conn:serverport())]; |
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
293 |
if mapping == nil then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
294 |
conn:close(); |
|
2966
6b01600b9c02
mod_net_proxy: Adjusted log level of errors triggered by remote connections to 'warn'
Pascal Mathis <mail@pascalmathis.com>
parents:
2965
diff
changeset
|
295 |
module:log("warn", "Connection %s@%s terminated: Could not find mapping for port %d", |
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
296 |
conn:ip(), conn:proxyip(), conn:serverport()); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
297 |
return; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
298 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
299 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
300 |
if mapping.service == nil then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
301 |
local service = portmanager.get_service(mapping.service_name); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
302 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
303 |
if service ~= nil then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
304 |
mapping.service = service; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
305 |
else |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
306 |
conn:close(); |
|
2966
6b01600b9c02
mod_net_proxy: Adjusted log level of errors triggered by remote connections to 'warn'
Pascal Mathis <mail@pascalmathis.com>
parents:
2965
diff
changeset
|
307 |
module:log("warn", "Connection %s@%s terminated: Could not process mapping for unknown service %s", |
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
308 |
conn:ip(), conn:proxyip(), mapping.service_name); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
309 |
return; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
310 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
311 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
312 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
313 |
-- Pass connection to actual service listener and simulate onconnect/onincoming callbacks |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
314 |
local service_listener = mapping.service.listener; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
315 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
316 |
module:log("info", "Passing proxied connection %s:%d to service %s", conn:ip(), conn:port(), mapping.service_name); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
317 |
conn:setlistener(service_listener); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
318 |
if service_listener.onconnect then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
319 |
service_listener.onconnect(conn); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
320 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
321 |
return service_listener.onincoming(conn, session.buffer); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
322 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
323 |
|
|
2967
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
324 |
local function is_trusted_proxy(conn) |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
325 |
-- If no trusted proxies were configured, trust any incoming connection |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
326 |
-- While this may seem insecure, the module defaults to only trusting 127.0.0.1 and ::1 |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
327 |
if trusted_networks:empty() then |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
328 |
return true; |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
329 |
end |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
330 |
|
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
331 |
-- Iterate through all trusted proxies and check for match against connected IP address |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
332 |
local conn_ip = ip.new_ip(conn:ip()); |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
333 |
for trusted_network in trusted_networks:items() do |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
334 |
if ip.match(trusted_network.ip, conn_ip, trusted_network.cidr) then |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
335 |
return true; |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
336 |
end |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
337 |
end |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
338 |
|
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
339 |
-- Connection does not match any trusted proxy |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
340 |
return false; |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
341 |
end |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
342 |
|
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
343 |
-- Network Listener Methods |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
344 |
local listener = {}; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
345 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
346 |
function listener.onconnect(conn) |
|
3001
97b30fec709c
mod_net_proxy: Fixed errors when connection with nil ip is being processed
Pascal Mathis <mail@pascalmathis.com>
parents:
2979
diff
changeset
|
347 |
-- Silently drop connections with an IP address of <nil>, which can happen when the socket was closed before the |
|
97b30fec709c
mod_net_proxy: Fixed errors when connection with nil ip is being processed
Pascal Mathis <mail@pascalmathis.com>
parents:
2979
diff
changeset
|
348 |
-- responsible net.server backend was able to grab the IP address of the connecting client. |
|
97b30fec709c
mod_net_proxy: Fixed errors when connection with nil ip is being processed
Pascal Mathis <mail@pascalmathis.com>
parents:
2979
diff
changeset
|
349 |
if conn:ip() == nil then |
|
97b30fec709c
mod_net_proxy: Fixed errors when connection with nil ip is being processed
Pascal Mathis <mail@pascalmathis.com>
parents:
2979
diff
changeset
|
350 |
conn:close(); |
|
97b30fec709c
mod_net_proxy: Fixed errors when connection with nil ip is being processed
Pascal Mathis <mail@pascalmathis.com>
parents:
2979
diff
changeset
|
351 |
return; |
|
97b30fec709c
mod_net_proxy: Fixed errors when connection with nil ip is being processed
Pascal Mathis <mail@pascalmathis.com>
parents:
2979
diff
changeset
|
352 |
end |
|
97b30fec709c
mod_net_proxy: Fixed errors when connection with nil ip is being processed
Pascal Mathis <mail@pascalmathis.com>
parents:
2979
diff
changeset
|
353 |
|
|
2967
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
354 |
-- Check if connection is coming from a trusted proxy |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
355 |
if not is_trusted_proxy(conn) then |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
356 |
conn:close(); |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
357 |
module:log("warn", "Dropped connection from untrusted proxy: %s", conn:ip()); |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
358 |
return; |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
359 |
end |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
360 |
|
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
361 |
-- Initialize session variables |
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
362 |
sessions[conn] = { |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
363 |
handler = nil; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
364 |
buffer = nil; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
365 |
}; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
366 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
367 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
368 |
function listener.onincoming(conn, data) |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
369 |
-- Abort processing if no data has been received |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
370 |
if not data then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
371 |
return; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
372 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
373 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
374 |
-- Lookup session for connection and append received data to buffer |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
375 |
local session = sessions[conn]; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
376 |
session.buffer = session.buffer and session.buffer .. data or data; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
377 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
378 |
-- Attempt to determine protocol handler if not done previously |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
379 |
if session.handler == nil then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
380 |
-- Match current session buffer against all known protocol signatures to determine protocol handler |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
381 |
for handler_name, handler in pairs(PROTO_HANDLERS) do |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
382 |
if session.buffer:find("^" .. handler.signature) ~= nil then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
383 |
session.handler = handler.callback; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
384 |
module:log("debug", "Detected %s connection from %s:%d", handler_name, conn:ip(), conn:port()); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
385 |
break; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
386 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
387 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
388 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
389 |
-- Decide between waiting for a complete header signature or terminating the connection when no handler has been found |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
390 |
if session.handler == nil then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
391 |
-- Terminate connection if buffer size has exceeded tolerable maximum size |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
392 |
if #session.buffer > PROTO_MAX_HEADER_LENGTH then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
393 |
conn:close(); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
394 |
module:log("warn", "Connection %s:%d terminated: No valid PROXY header within %d bytes", |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
395 |
conn:ip(), conn:port(), PROTO_MAX_HEADER_LENGTH); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
396 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
397 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
398 |
-- Skip further processing without a valid protocol handler |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
399 |
module:log("debug", "No valid header signature detected from %s:%d, waiting for more data...", |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
400 |
conn:ip(), conn:port()); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
401 |
return; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
402 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
403 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
404 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
405 |
-- Execute proxy protocol handler and process response |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
406 |
local response, proxy_data = session.handler(conn, session); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
407 |
if response == PROTO_HANDLER_STATUS.SUCCESS then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
408 |
module:log("info", "Received PROXY header from %s: %s", conn:ip(), proxy_data:describe()); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
409 |
return wrap_proxy_connection(conn, session, proxy_data); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
410 |
elseif response == PROTO_HANDLER_STATUS.POSTPONE then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
411 |
module:log("debug", "Postponed parsing of incomplete PROXY header received from %s", conn:ip()); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
412 |
return; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
413 |
elseif response == PROTO_HANDLER_STATUS.FAILURE then |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
414 |
conn:close(); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
415 |
module:log("warn", "Connection %s terminated: Could not process PROXY header from client, " + |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
416 |
"see previous log messages.", conn:ip()); |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
417 |
return; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
418 |
else |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
419 |
-- This code should be never reached, but is included for completeness |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
420 |
conn:close(); |
|
2966
6b01600b9c02
mod_net_proxy: Adjusted log level of errors triggered by remote connections to 'warn'
Pascal Mathis <mail@pascalmathis.com>
parents:
2965
diff
changeset
|
421 |
module:log("warn", "Connection terminated: Received invalid protocol handler response with code %d", response); |
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
422 |
return; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
423 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
424 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
425 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
426 |
function listener.ondisconnect(conn) |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
427 |
sessions[conn] = nil; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
428 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
429 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
430 |
listener.ondetach = listener.ondisconnect; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
431 |
|
|
2967
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
432 |
-- Parse trusted proxies which can either contain single hosts or networks |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
433 |
if not config_trusted_proxies:empty() then |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
434 |
for trusted_proxy in config_trusted_proxies:items() do |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
435 |
local network = {}; |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
436 |
network.ip, network.cidr = ip.parse_cidr(trusted_proxy); |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
437 |
trusted_networks:add(network); |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
438 |
end |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
439 |
else |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
440 |
module:log("warn", "No trusted proxies configured, all connections will be accepted - this might be dangerous"); |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
441 |
end |
|
504bb330e910
mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections
Pascal Mathis <mail@pascalmathis.com>
parents:
2966
diff
changeset
|
442 |
|
|
2965
33227efa2cdc
mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured
Pascal Mathis <mail@pascalmathis.com>
parents:
2939
diff
changeset
|
443 |
-- Process all configured port mappings and generate a list of mapped ports |
|
33227efa2cdc
mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured
Pascal Mathis <mail@pascalmathis.com>
parents:
2939
diff
changeset
|
444 |
local mapped_ports = {}; |
|
33227efa2cdc
mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured
Pascal Mathis <mail@pascalmathis.com>
parents:
2939
diff
changeset
|
445 |
for port, mapping in pairs(config_mappings) do |
|
3566
b33b2fbdc713
mod_net_proxy: Ensure port numbers are coerced into numbers
Kim Alvefur <zash@zash.se>
parents:
3001
diff
changeset
|
446 |
port = tonumber(port); |
|
2965
33227efa2cdc
mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured
Pascal Mathis <mail@pascalmathis.com>
parents:
2939
diff
changeset
|
447 |
table.insert(mapped_ports, port); |
|
33227efa2cdc
mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured
Pascal Mathis <mail@pascalmathis.com>
parents:
2939
diff
changeset
|
448 |
mappings[port] = { |
|
33227efa2cdc
mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured
Pascal Mathis <mail@pascalmathis.com>
parents:
2939
diff
changeset
|
449 |
service_name = mapping, |
|
33227efa2cdc
mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured
Pascal Mathis <mail@pascalmathis.com>
parents:
2939
diff
changeset
|
450 |
service = nil, |
|
33227efa2cdc
mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured
Pascal Mathis <mail@pascalmathis.com>
parents:
2939
diff
changeset
|
451 |
}; |
|
33227efa2cdc
mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured
Pascal Mathis <mail@pascalmathis.com>
parents:
2939
diff
changeset
|
452 |
end |
|
33227efa2cdc
mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured
Pascal Mathis <mail@pascalmathis.com>
parents:
2939
diff
changeset
|
453 |
|
|
33227efa2cdc
mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured
Pascal Mathis <mail@pascalmathis.com>
parents:
2939
diff
changeset
|
454 |
-- Log error message when user manually specifies ports without configuring the necessary port mappings |
|
33227efa2cdc
mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured
Pascal Mathis <mail@pascalmathis.com>
parents:
2939
diff
changeset
|
455 |
if not config_ports:empty() then |
|
33227efa2cdc
mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured
Pascal Mathis <mail@pascalmathis.com>
parents:
2939
diff
changeset
|
456 |
local missing_ports = config_ports - set.new(mapped_ports); |
|
33227efa2cdc
mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured
Pascal Mathis <mail@pascalmathis.com>
parents:
2939
diff
changeset
|
457 |
if not missing_ports:empty() then |
|
33227efa2cdc
mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured
Pascal Mathis <mail@pascalmathis.com>
parents:
2939
diff
changeset
|
458 |
module:log("error", "Missing port<>service mappings for these ports: %s", tostring(missing_ports)); |
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
459 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
460 |
end |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
461 |
|
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
462 |
-- Register the previously declared network listener |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
463 |
module:provides("net", { |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
464 |
name = "proxy"; |
|
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
465 |
listener = listener; |
|
2965
33227efa2cdc
mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured
Pascal Mathis <mail@pascalmathis.com>
parents:
2939
diff
changeset
|
466 |
default_ports = mapped_ports; |
|
2934
9a62780e7ee2
mod_net_proxy: New module implementing PROXY protocol versions 1 and 2
Pascal Mathis <mail@pascalmathis.com>
parents:
diff
changeset
|
467 |
}); |