Software `/` code `/` prosody-modules

Annotate

mod_net_proxy/mod_net_proxy.lua @ 6251:694f8fab07d4

: mod_sasl2*** : Update Compability for all of them diff --git a/mod_sasl2/README.md b/mod_sasl2/README.md --- a/mod_sasl2/README.md +++ b/mod_sasl2/README.md @@ -31,6 +31,7 @@ This module requires Prosody **trunk** a Prosody Version Status ----------------------- ---------------- - trunk as of 2024-11-24 Works + trunk as of 2025-05-25 Works + 0.13 Works 0.12 Does not work ----------------------- ---------------- diff --git a/mod_sasl2_bind2/README.md b/mod_sasl2_bind2/README.md --- a/mod_sasl2_bind2/README.md +++ b/mod_sasl2_bind2/README.md @@ -16,5 +16,6 @@ This module depends on [mod_sasl2]. It e Prosody-Version Status --------------- ---------------------- - trunk Works as of 2024-12-21 + trunk Works as of 2025-05-25 + 0.13 Works 0.12 Does not work diff --git a/mod_sasl2_fast/README.md b/mod_sasl2_fast/README.md --- a/mod_sasl2_fast/README.md +++ b/mod_sasl2_fast/README.md @@ -33,5 +33,6 @@ clients being logged out unexpectedly. Prosody-Version Status --------------- ---------------------- - trunk Works as of 2024-12-21 + trunk Works as of 2025-05-25 + 0.13 Work 0.12 Does not work diff --git a/mod_sasl2_sm/README.md b/mod_sasl2_sm/README.md --- a/mod_sasl2_sm/README.md +++ b/mod_sasl2_sm/README.md @@ -17,5 +17,6 @@ configuration options. Prosody-Version Status --------------- ---------------------- - trunk Works as of 2024-12-21 + trunk Works as of 2025-05-25 + 0.13 Work 0.12 Does not work diff --git a/mod_sasl_ssdp/README.md b/mod_sasl_ssdp/README.md --- a/mod_sasl_ssdp/README.md +++ b/mod_sasl_ssdp/README.md @@ -18,8 +18,8 @@ There are no configuration options for t # Compatibility -For SASL2 (XEP-0388) clients, it is compatible with the mod_sasl2 community module. - -For clients using RFC 6120 SASL, it requires Prosody trunk 33e5edbd6a4a or -later. It is not compatible with Prosody 0.12 (it will load, but simply -won't do anything) for "legacy SASL". + Prosody-Version Status + --------------- ---------------------- + trunk Works as of 2025-05-25 + 0.13 Works + 0.12 Does not work

author	Menel <menel@snikket.de>
date	Mon, 12 May 2025 11:07:45 +0200
parent	6247:49fad071e644

rev	line source
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	1 -- mod_net_proxy.lua
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	2 -- Copyright (C) 2018 Pascal Mathis <mail@pascalmathis.com>
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	3 --
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	4 -- Implementation of PROXY protocol versions 1 and 2
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	5 -- Specifications: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	6
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	7 module:set_global();
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	8
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	9 -- Imports
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	10 local softreq = require "util.dependencies".softreq;
4944 9d65eb3fcb15 mod_net_proxy: Fix for bitop with Lua 5.4 moparisthebest <admin@moparisthebest.com> parents: 3562 diff changeset	11 local bit = assert(softreq "bit" or softreq "bit32" or softreq "util.bitcompat", "No bit module found. See https://prosody.im/doc/depends#bitop");
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	12 local hex = require "util.hex";
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	13 local ip = require "util.ip";
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	14 local net = require "util.net";
2961 33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	15 local set = require "util.set";
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	16 local portmanager = require "core.portmanager";
6247 49fad071e644 mod_net_proxy: Use safer util.format for generating description string (thanks tom) Matthew Wild <mwild1@gmail.com> parents: 4944 diff changeset	17 local fmt = require "util.format".format;
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	18
2931 e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	19 -- Backwards Compatibility
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	20 local function net_ntop_bc(input)
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	21 if input:len() == 4 then
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	22 return string.format("%d.%d.%d.%d", input:byte(1, 4));
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	23 elseif input:len() == 16 then
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	24 local octets = { nil, nil, nil, nil, nil, nil, nil, nil };
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	25
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	26 -- Convert received bytes into IPv6 address and skip leading zeroes for each group
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	27 for index = 1, 8 do
2935 7319fd5dbc89 mod_net_proxy: Fixed luacheck warnings Pascal Mathis <mail@pascalmathis.com> parents: 2931 diff changeset	28 local high, low = input:byte(index * 2 - 1, index * 2);
2931 e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	29 octets[index] = string.format("%x", high * 256 + low);
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	30 end
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	31 local address = table.concat(octets, ":", 1, 8);
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	32
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	33 -- Search for the longest sequence of zeroes
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	34 local token;
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	35 local length = (address:match("^0:[0:]+()") or 1) - 1;
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	36 for s in address:gmatch(":0:[0:]+") do
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	37 if length < #s then
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	38 length, token = #s, s;
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	39 end
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	40 end
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	41
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	42 -- Return the shortened IPv6 address
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	43 return address:gsub(token or "^0:[0:]+", "::", 1);
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	44 end
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	45 end
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	46
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	47 local net_ntop = net.ntop or net_ntop_bc
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	48
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	49 -- Utility Functions
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	50 local function _table_invert(input)
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	51 local output = {};
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	52 for key, value in pairs(input) do
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	53 output[value] = key;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	54 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	55 return output;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	56 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	57
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	58 -- Constants
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	59 local ADDR_FAMILY = { UNSPEC = 0x0, INET = 0x1, INET6 = 0x2, UNIX = 0x3 };
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	60 local ADDR_FAMILY_STR = _table_invert(ADDR_FAMILY);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	61 local TRANSPORT = { UNSPEC = 0x0, STREAM = 0x1, DGRAM = 0x2 };
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	62 local TRANSPORT_STR = _table_invert(TRANSPORT);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	63
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	64 local PROTO_MAX_HEADER_LENGTH = 256;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	65 local PROTO_HANDLERS = {
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	66 PROXYv1 = { signature = hex.from("50524F5859"), callback = nil },
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	67 PROXYv2 = { signature = hex.from("0D0A0D0A000D0A515549540A"), callback = nil }
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	68 };
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	69 local PROTO_HANDLER_STATUS = { SUCCESS = 0, POSTPONE = 1, FAILURE = 2 };
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	70
2963 504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	71 -- Configuration Variables
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	72 local config_mappings = module:get_option("proxy_port_mappings", {});
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	73 local config_ports = module:get_option_set("proxy_ports", {});
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	74 local config_trusted_proxies = module:get_option_set("proxy_trusted_proxies", {"127.0.0.1", "::1"});
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	75
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	76 -- Persistent In-Memory Storage
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	77 local sessions = {};
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	78 local mappings = {};
2963 504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	79 local trusted_networks = set.new();
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	80
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	81 -- Proxy Data Methods
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	82 local proxy_data_mt = {}; proxy_data_mt.__index = proxy_data_mt;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	83
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	84 function proxy_data_mt:describe()
6247 49fad071e644 mod_net_proxy: Use safer util.format for generating description string (thanks tom) Matthew Wild <mwild1@gmail.com> parents: 4944 diff changeset	85 return fmt("proto=%s/%s src=%s:%d dst=%s:%d",
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	86 self:addr_family_str(), self:transport_str(), self:src_addr(), self:src_port(), self:dst_addr(), self:dst_port());
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	87 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	88
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	89 function proxy_data_mt:addr_family_str()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	90 return ADDR_FAMILY_STR[self._addr_family] or ADDR_FAMILY_STR[ADDR_FAMILY.UNSPEC];
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	91 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	92
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	93 function proxy_data_mt:transport_str()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	94 return TRANSPORT_STR[self._transport] or TRANSPORT_STR[TRANSPORT.UNSPEC];
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	95 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	96
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	97 function proxy_data_mt:version()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	98 return self._version;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	99 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	100
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	101 function proxy_data_mt:addr_family()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	102 return self._addr_family;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	103 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	104
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	105 function proxy_data_mt:transport()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	106 return self._transport;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	107 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	108
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	109 function proxy_data_mt:src_addr()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	110 return self._src_addr;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	111 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	112
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	113 function proxy_data_mt:src_port()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	114 return self._src_port;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	115 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	116
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	117 function proxy_data_mt:dst_addr()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	118 return self._dst_addr;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	119 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	120
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	121 function proxy_data_mt:dst_port()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	122 return self._dst_port;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	123 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	124
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	125 -- Protocol Handler Functions
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	126 PROTO_HANDLERS["PROXYv1"].callback = function(conn, session)
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	127 local addr_family_mappings = { TCP4 = ADDR_FAMILY.INET, TCP6 = ADDR_FAMILY.INET6 };
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	128
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	129 -- Postpone processing if CRLF (PROXYv1 header terminator) does not exist within buffer
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	130 if session.buffer:find("\r\n") == nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	131 return PROTO_HANDLER_STATUS.POSTPONE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	132 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	133
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	134 -- Declare header pattern and match current buffer against pattern
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	135 local header_pattern = "^PROXY (%S+) (%S+) (%S+) (%d+) (%d+)\r\n";
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	136 local addr_family, src_addr, dst_addr, src_port, dst_port = session.buffer:match(header_pattern);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	137 src_port, dst_port = tonumber(src_port), tonumber(dst_port);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	138
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	139 -- Ensure that header was successfully parsed and contains a valid address family
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	140 if addr_family == nil or src_addr == nil or dst_addr == nil or src_port == nil or dst_port == nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	141 module:log("warn", "Received unparseable PROXYv1 header from %s", conn:ip());
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	142 return PROTO_HANDLER_STATUS.FAILURE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	143 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	144 if addr_family_mappings[addr_family] == nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	145 module:log("warn", "Received invalid PROXYv1 address family from %s: %s", conn:ip(), addr_family);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	146 return PROTO_HANDLER_STATUS.FAILURE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	147 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	148
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	149 -- Ensure that received source and destination ports are within 1 and 65535 (0xFFFF)
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	150 if src_port <= 0 or src_port >= 0xFFFF then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	151 module:log("warn", "Received invalid PROXYv1 source port from %s: %d", conn:ip(), src_port);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	152 return PROTO_HANDLER_STATUS.FAILURE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	153 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	154 if dst_port <= 0 or dst_port >= 0xFFFF then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	155 module:log("warn", "Received invalid PROXYv1 destination port from %s: %d", conn:ip(), dst_port);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	156 return PROTO_HANDLER_STATUS.FAILURE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	157 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	158
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	159 -- Ensure that received source and destination address can be parsed
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	160 local _, err = ip.new_ip(src_addr);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	161 if err ~= nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	162 module:log("warn", "Received unparseable PROXYv1 source address from %s: %s", conn:ip(), src_addr);
2975 7eb6fa9b03fd mod_net_proxy: Added missing return when detecting unparseable PROXYv1 source address Pascal Mathis <mail@pascalmathis.com> parents: 2963 diff changeset	163 return PROTO_HANDLER_STATUS.FAILURE, nil;
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	164 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	165 _, err = ip.new_ip(dst_addr);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	166 if err ~= nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	167 module:log("warn", "Received unparseable PROXYv1 destination address from %s: %s", conn:ip(), dst_addr);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	168 return PROTO_HANDLER_STATUS.FAILURE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	169 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	170
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	171 -- Strip parsed header from session buffer and build proxy data
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	172 session.buffer = session.buffer:gsub(header_pattern, "");
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	173
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	174 local proxy_data = {
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	175 _version = 1,
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	176 _addr_family = addr_family, _transport = TRANSPORT.STREAM,
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	177 _src_addr = src_addr, _src_port = src_port,
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	178 _dst_addr = dst_addr, _dst_port = dst_port
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	179 };
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	180 setmetatable(proxy_data, proxy_data_mt);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	181
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	182 -- Return successful response with gathered proxy data
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	183 return PROTO_HANDLER_STATUS.SUCCESS, proxy_data;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	184 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	185
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	186 PROTO_HANDLERS["PROXYv2"].callback = function(conn, session)
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	187 -- Postpone processing if less than 16 bytes are available
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	188 if #session.buffer < 16 then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	189 return PROTO_HANDLER_STATUS.POSTPONE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	190 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	191
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	192 -- Parse first 16 bytes of protocol header
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	193 local version = bit.rshift(bit.band(session.buffer:byte(13), 0xF0), 4);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	194 local command = bit.band(session.buffer:byte(13), 0x0F);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	195 local addr_family = bit.rshift(bit.band(session.buffer:byte(14), 0xF0), 4);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	196 local transport = bit.band(session.buffer:byte(14), 0x0F);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	197 local length = bit.bor(session.buffer:byte(16), bit.lshift(session.buffer:byte(15), 8));
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	198
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	199 -- Postpone processing if less than 16+<length> bytes are available
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	200 if #session.buffer < 16 + length then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	201 return PROTO_HANDLER_STATUS.POSTPONE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	202 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	203
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	204 -- Ensure that version number is correct
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	205 if version ~= 0x2 then
2962 6b01600b9c02 mod_net_proxy: Adjusted log level of errors triggered by remote connections to 'warn' Pascal Mathis <mail@pascalmathis.com> parents: 2961 diff changeset	206 module:log("warn", "Received unsupported PROXYv2 version from %s: %d", conn:ip(), version);
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	207 return PROTO_HANDLER_STATUS.FAILURE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	208 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	209
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	210 local payload = session.buffer:sub(17);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	211 if command == 0x0 then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	212 -- Gather source/destination addresses and ports from local socket
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	213 local src_addr, src_port = conn:socket():getpeername();
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	214 local dst_addr, dst_port = conn:socket():getsockname();
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	215
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	216 -- Build proxy data based on real connection information
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	217 local proxy_data = {
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	218 _version = version,
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	219 _addr_family = addr_family, _transport = transport,
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	220 _src_addr = src_addr, _src_port = src_port,
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	221 _dst_addr = dst_addr, _dst_port = dst_port
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	222 };
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	223 setmetatable(proxy_data, proxy_data_mt);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	224
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	225 -- Return successful response with gathered proxy data
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	226 return PROTO_HANDLER_STATUS.SUCCESS, proxy_data;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	227 elseif command == 0x1 then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	228 local offset = 1;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	229 local src_addr, src_port, dst_addr, dst_port;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	230
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	231 -- Verify transport protocol is either STREAM or DGRAM
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	232 if transport ~= TRANSPORT.STREAM and transport ~= TRANSPORT.DGRAM then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	233 module:log("warn", "Received unsupported PROXYv2 transport from %s: 0x%02X", conn:ip(), transport);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	234 return PROTO_HANDLER_STATUS.FAILURE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	235 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	236
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	237 -- Parse source and destination addresses
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	238 if addr_family == ADDR_FAMILY.INET then
2931 e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	239 src_addr = net_ntop(payload:sub(offset, offset + 3)); offset = offset + 4;
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	240 dst_addr = net_ntop(payload:sub(offset, offset + 3)); offset = offset + 4;
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	241 elseif addr_family == ADDR_FAMILY.INET6 then
2931 e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	242 src_addr = net_ntop(payload:sub(offset, offset + 15)); offset = offset + 16;
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	243 dst_addr = net_ntop(payload:sub(offset, offset + 15)); offset = offset + 16;
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	244 elseif addr_family == ADDR_FAMILY.UNIX then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	245 src_addr = payload:sub(offset, offset + 107); offset = offset + 108;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	246 dst_addr = payload:sub(offset, offset + 107); offset = offset + 108;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	247 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	248
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	249 -- Parse source and destination ports
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	250 if addr_family == ADDR_FAMILY.INET or addr_family == ADDR_FAMILY.INET6 then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	251 src_port = bit.bor(payload:byte(offset + 1), bit.lshift(payload:byte(offset), 8)); offset = offset + 2;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	252 -- luacheck: ignore 311
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	253 dst_port = bit.bor(payload:byte(offset + 1), bit.lshift(payload:byte(offset), 8)); offset = offset + 2;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	254 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	255
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	256 -- Strip parsed header from session buffer and build proxy data
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	257 session.buffer = session.buffer:sub(17 + length);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	258
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	259 local proxy_data = {
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	260 _version = version,
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	261 _addr_family = addr_family, _transport = transport,
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	262 _src_addr = src_addr, _src_port = src_port,
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	263 _dst_addr = dst_addr, _dst_port = dst_port
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	264 };
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	265 setmetatable(proxy_data, proxy_data_mt);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	266
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	267 -- Return successful response with gathered proxy data
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	268 return PROTO_HANDLER_STATUS.SUCCESS, proxy_data;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	269 else
2962 6b01600b9c02 mod_net_proxy: Adjusted log level of errors triggered by remote connections to 'warn' Pascal Mathis <mail@pascalmathis.com> parents: 2961 diff changeset	270 module:log("warn", "Received unsupported PROXYv2 command from %s: 0x%02X", conn:ip(), command);
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	271 return PROTO_HANDLER_STATUS.FAILURE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	272 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	273 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	274
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	275 -- Wrap an existing connection with the provided proxy data. This will override several methods of the 'conn' object to
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	276 -- return the proxied source instead of the source which initiated the TCP connection. Afterwards, the listener of the
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	277 -- connection gets set according to the globally defined port<>service mappings and the methods 'onconnect' and
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	278 -- 'onincoming' are being called manually with the current session buffer.
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	279 local function wrap_proxy_connection(conn, session, proxy_data)
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	280 -- Override and add functions of 'conn' object when source information has been collected
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	281 conn.proxyip, conn.proxyport = conn.ip, conn.port;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	282 if proxy_data:src_addr() ~= nil and proxy_data:src_port() ~= nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	283 conn.ip = function()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	284 return proxy_data:src_addr();
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	285 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	286 conn.port = function()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	287 return proxy_data:src_port();
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	288 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	289 conn.clientport = conn.port;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	290 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	291
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	292 -- Attempt to find service by processing port<>service mappings
3562 b33b2fbdc713 mod_net_proxy: Ensure port numbers are coerced into numbers Kim Alvefur <zash@zash.se> parents: 2997 diff changeset	293 local mapping = mappings[tonumber(conn:serverport())];
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	294 if mapping == nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	295 conn:close();
2962 6b01600b9c02 mod_net_proxy: Adjusted log level of errors triggered by remote connections to 'warn' Pascal Mathis <mail@pascalmathis.com> parents: 2961 diff changeset	296 module:log("warn", "Connection %s@%s terminated: Could not find mapping for port %d",
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	297 conn:ip(), conn:proxyip(), conn:serverport());
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	298 return;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	299 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	300
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	301 if mapping.service == nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	302 local service = portmanager.get_service(mapping.service_name);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	303
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	304 if service ~= nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	305 mapping.service = service;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	306 else
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	307 conn:close();
2962 6b01600b9c02 mod_net_proxy: Adjusted log level of errors triggered by remote connections to 'warn' Pascal Mathis <mail@pascalmathis.com> parents: 2961 diff changeset	308 module:log("warn", "Connection %s@%s terminated: Could not process mapping for unknown service %s",
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	309 conn:ip(), conn:proxyip(), mapping.service_name);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	310 return;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	311 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	312 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	313
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	314 -- Pass connection to actual service listener and simulate onconnect/onincoming callbacks
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	315 local service_listener = mapping.service.listener;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	316
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	317 module:log("info", "Passing proxied connection %s:%d to service %s", conn:ip(), conn:port(), mapping.service_name);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	318 conn:setlistener(service_listener);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	319 if service_listener.onconnect then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	320 service_listener.onconnect(conn);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	321 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	322 return service_listener.onincoming(conn, session.buffer);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	323 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	324
2963 504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	325 local function is_trusted_proxy(conn)
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	326 -- If no trusted proxies were configured, trust any incoming connection
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	327 -- While this may seem insecure, the module defaults to only trusting 127.0.0.1 and ::1
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	328 if trusted_networks:empty() then
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	329 return true;
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	330 end
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	331
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	332 -- Iterate through all trusted proxies and check for match against connected IP address
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	333 local conn_ip = ip.new_ip(conn:ip());
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	334 for trusted_network in trusted_networks:items() do
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	335 if ip.match(trusted_network.ip, conn_ip, trusted_network.cidr) then
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	336 return true;
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	337 end
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	338 end
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	339
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	340 -- Connection does not match any trusted proxy
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	341 return false;
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	342 end
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	343
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	344 -- Network Listener Methods
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	345 local listener = {};
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	346
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	347 function listener.onconnect(conn)
2997 97b30fec709c mod_net_proxy: Fixed errors when connection with nil ip is being processed Pascal Mathis <mail@pascalmathis.com> parents: 2975 diff changeset	348 -- Silently drop connections with an IP address of <nil>, which can happen when the socket was closed before the
97b30fec709c mod_net_proxy: Fixed errors when connection with nil ip is being processed Pascal Mathis <mail@pascalmathis.com> parents: 2975 diff changeset	349 -- responsible net.server backend was able to grab the IP address of the connecting client.
97b30fec709c mod_net_proxy: Fixed errors when connection with nil ip is being processed Pascal Mathis <mail@pascalmathis.com> parents: 2975 diff changeset	350 if conn:ip() == nil then
97b30fec709c mod_net_proxy: Fixed errors when connection with nil ip is being processed Pascal Mathis <mail@pascalmathis.com> parents: 2975 diff changeset	351 conn:close();
97b30fec709c mod_net_proxy: Fixed errors when connection with nil ip is being processed Pascal Mathis <mail@pascalmathis.com> parents: 2975 diff changeset	352 return;
97b30fec709c mod_net_proxy: Fixed errors when connection with nil ip is being processed Pascal Mathis <mail@pascalmathis.com> parents: 2975 diff changeset	353 end
97b30fec709c mod_net_proxy: Fixed errors when connection with nil ip is being processed Pascal Mathis <mail@pascalmathis.com> parents: 2975 diff changeset	354
2963 504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	355 -- Check if connection is coming from a trusted proxy
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	356 if not is_trusted_proxy(conn) then
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	357 conn:close();
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	358 module:log("warn", "Dropped connection from untrusted proxy: %s", conn:ip());
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	359 return;
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	360 end
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	361
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	362 -- Initialize session variables
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	363 sessions[conn] = {
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	364 handler = nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	365 buffer = nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	366 };
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	367 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	368
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	369 function listener.onincoming(conn, data)
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	370 -- Abort processing if no data has been received
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	371 if not data then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	372 return;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	373 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	374
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	375 -- Lookup session for connection and append received data to buffer
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	376 local session = sessions[conn];
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	377 session.buffer = session.buffer and session.buffer .. data or data;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	378
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	379 -- Attempt to determine protocol handler if not done previously
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	380 if session.handler == nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	381 -- Match current session buffer against all known protocol signatures to determine protocol handler
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	382 for handler_name, handler in pairs(PROTO_HANDLERS) do
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	383 if session.buffer:find("^" .. handler.signature) ~= nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	384 session.handler = handler.callback;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	385 module:log("debug", "Detected %s connection from %s:%d", handler_name, conn:ip(), conn:port());
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	386 break;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	387 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	388 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	389
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	390 -- Decide between waiting for a complete header signature or terminating the connection when no handler has been found
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	391 if session.handler == nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	392 -- Terminate connection if buffer size has exceeded tolerable maximum size
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	393 if #session.buffer > PROTO_MAX_HEADER_LENGTH then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	394 conn:close();
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	395 module:log("warn", "Connection %s:%d terminated: No valid PROXY header within %d bytes",
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	396 conn:ip(), conn:port(), PROTO_MAX_HEADER_LENGTH);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	397 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	398
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	399 -- Skip further processing without a valid protocol handler
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	400 module:log("debug", "No valid header signature detected from %s:%d, waiting for more data...",
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	401 conn:ip(), conn:port());
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	402 return;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	403 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	404 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	405
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	406 -- Execute proxy protocol handler and process response
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	407 local response, proxy_data = session.handler(conn, session);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	408 if response == PROTO_HANDLER_STATUS.SUCCESS then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	409 module:log("info", "Received PROXY header from %s: %s", conn:ip(), proxy_data:describe());
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	410 return wrap_proxy_connection(conn, session, proxy_data);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	411 elseif response == PROTO_HANDLER_STATUS.POSTPONE then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	412 module:log("debug", "Postponed parsing of incomplete PROXY header received from %s", conn:ip());
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	413 return;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	414 elseif response == PROTO_HANDLER_STATUS.FAILURE then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	415 conn:close();
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	416 module:log("warn", "Connection %s terminated: Could not process PROXY header from client, " +
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	417 "see previous log messages.", conn:ip());
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	418 return;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	419 else
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	420 -- This code should be never reached, but is included for completeness
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	421 conn:close();
2962 6b01600b9c02 mod_net_proxy: Adjusted log level of errors triggered by remote connections to 'warn' Pascal Mathis <mail@pascalmathis.com> parents: 2961 diff changeset	422 module:log("warn", "Connection terminated: Received invalid protocol handler response with code %d", response);
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	423 return;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	424 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	425 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	426
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	427 function listener.ondisconnect(conn)
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	428 sessions[conn] = nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	429 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	430
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	431 listener.ondetach = listener.ondisconnect;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	432
2963 504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	433 -- Parse trusted proxies which can either contain single hosts or networks
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	434 if not config_trusted_proxies:empty() then
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	435 for trusted_proxy in config_trusted_proxies:items() do
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	436 local network = {};
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	437 network.ip, network.cidr = ip.parse_cidr(trusted_proxy);
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	438 trusted_networks:add(network);
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	439 end
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	440 else
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	441 module:log("warn", "No trusted proxies configured, all connections will be accepted - this might be dangerous");
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	442 end
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	443
2961 33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	444 -- Process all configured port mappings and generate a list of mapped ports
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	445 local mapped_ports = {};
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	446 for port, mapping in pairs(config_mappings) do
3562 b33b2fbdc713 mod_net_proxy: Ensure port numbers are coerced into numbers Kim Alvefur <zash@zash.se> parents: 2997 diff changeset	447 port = tonumber(port);
2961 33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	448 table.insert(mapped_ports, port);
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	449 mappings[port] = {
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	450 service_name = mapping,
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	451 service = nil,
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	452 };
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	453 end
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	454
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	455 -- Log error message when user manually specifies ports without configuring the necessary port mappings
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	456 if not config_ports:empty() then
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	457 local missing_ports = config_ports - set.new(mapped_ports);
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	458 if not missing_ports:empty() then
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	459 module:log("error", "Missing port<>service mappings for these ports: %s", tostring(missing_ports));
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	460 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	461 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	462
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	463 -- Register the previously declared network listener
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	464 module:provides("net", {
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	465 name = "proxy";
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	466 listener = listener;
2961 33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	467 default_ports = mapped_ports;
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	468 });

prosody-modules

694f8fab07d4

mod_net_proxy/mod_net_proxy.lua

Software / code / prosody-modules

Annotate

mod_net_proxy/mod_net_proxy.lua @ 6251:694f8fab07d4

Software `/` code `/` prosody-modules