Software `/` code `/` prosody-modules

Annotate

mod_net_proxy/mod_net_proxy.lua @ 6281:9d88c3d9eea5

mod_http_oauth2: Enforce the registered grant types Thus a client can limit itself to certain grant types. Not sure if this prevents any attacks, but what was the point of including this in the registration if it was not going to be enforced? This became easier to do with client_id being available earlier.

author	Kim Alvefur <zash@zash.se>
date	Mon, 02 Jun 2025 20:55:20 +0200
parent	6247:49fad071e644

rev	line source
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	1 -- mod_net_proxy.lua
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	2 -- Copyright (C) 2018 Pascal Mathis <mail@pascalmathis.com>
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	3 --
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	4 -- Implementation of PROXY protocol versions 1 and 2
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	5 -- Specifications: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	6
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	7 module:set_global();
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	8
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	9 -- Imports
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	10 local softreq = require "util.dependencies".softreq;
4944 9d65eb3fcb15 mod_net_proxy: Fix for bitop with Lua 5.4 moparisthebest <admin@moparisthebest.com> parents: 3562 diff changeset	11 local bit = assert(softreq "bit" or softreq "bit32" or softreq "util.bitcompat", "No bit module found. See https://prosody.im/doc/depends#bitop");
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	12 local hex = require "util.hex";
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	13 local ip = require "util.ip";
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	14 local net = require "util.net";
2961 33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	15 local set = require "util.set";
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	16 local portmanager = require "core.portmanager";
6247 49fad071e644 mod_net_proxy: Use safer util.format for generating description string (thanks tom) Matthew Wild <mwild1@gmail.com> parents: 4944 diff changeset	17 local fmt = require "util.format".format;
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	18
2931 e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	19 -- Backwards Compatibility
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	20 local function net_ntop_bc(input)
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	21 if input:len() == 4 then
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	22 return string.format("%d.%d.%d.%d", input:byte(1, 4));
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	23 elseif input:len() == 16 then
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	24 local octets = { nil, nil, nil, nil, nil, nil, nil, nil };
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	25
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	26 -- Convert received bytes into IPv6 address and skip leading zeroes for each group
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	27 for index = 1, 8 do
2935 7319fd5dbc89 mod_net_proxy: Fixed luacheck warnings Pascal Mathis <mail@pascalmathis.com> parents: 2931 diff changeset	28 local high, low = input:byte(index * 2 - 1, index * 2);
2931 e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	29 octets[index] = string.format("%x", high * 256 + low);
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	30 end
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	31 local address = table.concat(octets, ":", 1, 8);
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	32
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	33 -- Search for the longest sequence of zeroes
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	34 local token;
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	35 local length = (address:match("^0:[0:]+()") or 1) - 1;
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	36 for s in address:gmatch(":0:[0:]+") do
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	37 if length < #s then
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	38 length, token = #s, s;
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	39 end
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	40 end
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	41
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	42 -- Return the shortened IPv6 address
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	43 return address:gsub(token or "^0:[0:]+", "::", 1);
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	44 end
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	45 end
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	46
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	47 local net_ntop = net.ntop or net_ntop_bc
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	48
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	49 -- Utility Functions
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	50 local function _table_invert(input)
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	51 local output = {};
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	52 for key, value in pairs(input) do
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	53 output[value] = key;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	54 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	55 return output;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	56 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	57
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	58 -- Constants
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	59 local ADDR_FAMILY = { UNSPEC = 0x0, INET = 0x1, INET6 = 0x2, UNIX = 0x3 };
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	60 local ADDR_FAMILY_STR = _table_invert(ADDR_FAMILY);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	61 local TRANSPORT = { UNSPEC = 0x0, STREAM = 0x1, DGRAM = 0x2 };
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	62 local TRANSPORT_STR = _table_invert(TRANSPORT);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	63
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	64 local PROTO_MAX_HEADER_LENGTH = 256;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	65 local PROTO_HANDLERS = {
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	66 PROXYv1 = { signature = hex.from("50524F5859"), callback = nil },
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	67 PROXYv2 = { signature = hex.from("0D0A0D0A000D0A515549540A"), callback = nil }
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	68 };
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	69 local PROTO_HANDLER_STATUS = { SUCCESS = 0, POSTPONE = 1, FAILURE = 2 };
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	70
2963 504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	71 -- Configuration Variables
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	72 local config_mappings = module:get_option("proxy_port_mappings", {});
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	73 local config_ports = module:get_option_set("proxy_ports", {});
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	74 local config_trusted_proxies = module:get_option_set("proxy_trusted_proxies", {"127.0.0.1", "::1"});
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	75
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	76 -- Persistent In-Memory Storage
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	77 local sessions = {};
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	78 local mappings = {};
2963 504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	79 local trusted_networks = set.new();
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	80
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	81 -- Proxy Data Methods
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	82 local proxy_data_mt = {}; proxy_data_mt.__index = proxy_data_mt;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	83
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	84 function proxy_data_mt:describe()
6247 49fad071e644 mod_net_proxy: Use safer util.format for generating description string (thanks tom) Matthew Wild <mwild1@gmail.com> parents: 4944 diff changeset	85 return fmt("proto=%s/%s src=%s:%d dst=%s:%d",
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	86 self:addr_family_str(), self:transport_str(), self:src_addr(), self:src_port(), self:dst_addr(), self:dst_port());
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	87 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	88
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	89 function proxy_data_mt:addr_family_str()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	90 return ADDR_FAMILY_STR[self._addr_family] or ADDR_FAMILY_STR[ADDR_FAMILY.UNSPEC];
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	91 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	92
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	93 function proxy_data_mt:transport_str()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	94 return TRANSPORT_STR[self._transport] or TRANSPORT_STR[TRANSPORT.UNSPEC];
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	95 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	96
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	97 function proxy_data_mt:version()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	98 return self._version;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	99 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	100
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	101 function proxy_data_mt:addr_family()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	102 return self._addr_family;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	103 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	104
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	105 function proxy_data_mt:transport()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	106 return self._transport;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	107 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	108
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	109 function proxy_data_mt:src_addr()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	110 return self._src_addr;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	111 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	112
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	113 function proxy_data_mt:src_port()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	114 return self._src_port;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	115 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	116
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	117 function proxy_data_mt:dst_addr()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	118 return self._dst_addr;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	119 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	120
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	121 function proxy_data_mt:dst_port()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	122 return self._dst_port;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	123 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	124
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	125 -- Protocol Handler Functions
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	126 PROTO_HANDLERS["PROXYv1"].callback = function(conn, session)
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	127 local addr_family_mappings = { TCP4 = ADDR_FAMILY.INET, TCP6 = ADDR_FAMILY.INET6 };
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	128
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	129 -- Postpone processing if CRLF (PROXYv1 header terminator) does not exist within buffer
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	130 if session.buffer:find("\r\n") == nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	131 return PROTO_HANDLER_STATUS.POSTPONE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	132 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	133
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	134 -- Declare header pattern and match current buffer against pattern
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	135 local header_pattern = "^PROXY (%S+) (%S+) (%S+) (%d+) (%d+)\r\n";
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	136 local addr_family, src_addr, dst_addr, src_port, dst_port = session.buffer:match(header_pattern);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	137 src_port, dst_port = tonumber(src_port), tonumber(dst_port);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	138
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	139 -- Ensure that header was successfully parsed and contains a valid address family
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	140 if addr_family == nil or src_addr == nil or dst_addr == nil or src_port == nil or dst_port == nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	141 module:log("warn", "Received unparseable PROXYv1 header from %s", conn:ip());
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	142 return PROTO_HANDLER_STATUS.FAILURE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	143 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	144 if addr_family_mappings[addr_family] == nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	145 module:log("warn", "Received invalid PROXYv1 address family from %s: %s", conn:ip(), addr_family);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	146 return PROTO_HANDLER_STATUS.FAILURE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	147 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	148
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	149 -- Ensure that received source and destination ports are within 1 and 65535 (0xFFFF)
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	150 if src_port <= 0 or src_port >= 0xFFFF then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	151 module:log("warn", "Received invalid PROXYv1 source port from %s: %d", conn:ip(), src_port);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	152 return PROTO_HANDLER_STATUS.FAILURE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	153 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	154 if dst_port <= 0 or dst_port >= 0xFFFF then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	155 module:log("warn", "Received invalid PROXYv1 destination port from %s: %d", conn:ip(), dst_port);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	156 return PROTO_HANDLER_STATUS.FAILURE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	157 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	158
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	159 -- Ensure that received source and destination address can be parsed
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	160 local _, err = ip.new_ip(src_addr);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	161 if err ~= nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	162 module:log("warn", "Received unparseable PROXYv1 source address from %s: %s", conn:ip(), src_addr);
2975 7eb6fa9b03fd mod_net_proxy: Added missing return when detecting unparseable PROXYv1 source address Pascal Mathis <mail@pascalmathis.com> parents: 2963 diff changeset	163 return PROTO_HANDLER_STATUS.FAILURE, nil;
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	164 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	165 _, err = ip.new_ip(dst_addr);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	166 if err ~= nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	167 module:log("warn", "Received unparseable PROXYv1 destination address from %s: %s", conn:ip(), dst_addr);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	168 return PROTO_HANDLER_STATUS.FAILURE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	169 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	170
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	171 -- Strip parsed header from session buffer and build proxy data
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	172 session.buffer = session.buffer:gsub(header_pattern, "");
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	173
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	174 local proxy_data = {
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	175 _version = 1,
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	176 _addr_family = addr_family, _transport = TRANSPORT.STREAM,
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	177 _src_addr = src_addr, _src_port = src_port,
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	178 _dst_addr = dst_addr, _dst_port = dst_port
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	179 };
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	180 setmetatable(proxy_data, proxy_data_mt);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	181
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	182 -- Return successful response with gathered proxy data
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	183 return PROTO_HANDLER_STATUS.SUCCESS, proxy_data;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	184 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	185
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	186 PROTO_HANDLERS["PROXYv2"].callback = function(conn, session)
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	187 -- Postpone processing if less than 16 bytes are available
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	188 if #session.buffer < 16 then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	189 return PROTO_HANDLER_STATUS.POSTPONE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	190 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	191
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	192 -- Parse first 16 bytes of protocol header
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	193 local version = bit.rshift(bit.band(session.buffer:byte(13), 0xF0), 4);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	194 local command = bit.band(session.buffer:byte(13), 0x0F);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	195 local addr_family = bit.rshift(bit.band(session.buffer:byte(14), 0xF0), 4);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	196 local transport = bit.band(session.buffer:byte(14), 0x0F);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	197 local length = bit.bor(session.buffer:byte(16), bit.lshift(session.buffer:byte(15), 8));
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	198
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	199 -- Postpone processing if less than 16+<length> bytes are available
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	200 if #session.buffer < 16 + length then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	201 return PROTO_HANDLER_STATUS.POSTPONE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	202 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	203
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	204 -- Ensure that version number is correct
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	205 if version ~= 0x2 then
2962 6b01600b9c02 mod_net_proxy: Adjusted log level of errors triggered by remote connections to 'warn' Pascal Mathis <mail@pascalmathis.com> parents: 2961 diff changeset	206 module:log("warn", "Received unsupported PROXYv2 version from %s: %d", conn:ip(), version);
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	207 return PROTO_HANDLER_STATUS.FAILURE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	208 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	209
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	210 local payload = session.buffer:sub(17);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	211 if command == 0x0 then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	212 -- Gather source/destination addresses and ports from local socket
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	213 local src_addr, src_port = conn:socket():getpeername();
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	214 local dst_addr, dst_port = conn:socket():getsockname();
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	215
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	216 -- Build proxy data based on real connection information
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	217 local proxy_data = {
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	218 _version = version,
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	219 _addr_family = addr_family, _transport = transport,
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	220 _src_addr = src_addr, _src_port = src_port,
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	221 _dst_addr = dst_addr, _dst_port = dst_port
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	222 };
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	223 setmetatable(proxy_data, proxy_data_mt);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	224
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	225 -- Return successful response with gathered proxy data
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	226 return PROTO_HANDLER_STATUS.SUCCESS, proxy_data;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	227 elseif command == 0x1 then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	228 local offset = 1;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	229 local src_addr, src_port, dst_addr, dst_port;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	230
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	231 -- Verify transport protocol is either STREAM or DGRAM
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	232 if transport ~= TRANSPORT.STREAM and transport ~= TRANSPORT.DGRAM then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	233 module:log("warn", "Received unsupported PROXYv2 transport from %s: 0x%02X", conn:ip(), transport);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	234 return PROTO_HANDLER_STATUS.FAILURE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	235 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	236
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	237 -- Parse source and destination addresses
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	238 if addr_family == ADDR_FAMILY.INET then
2931 e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	239 src_addr = net_ntop(payload:sub(offset, offset + 3)); offset = offset + 4;
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	240 dst_addr = net_ntop(payload:sub(offset, offset + 3)); offset = offset + 4;
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	241 elseif addr_family == ADDR_FAMILY.INET6 then
2931 e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	242 src_addr = net_ntop(payload:sub(offset, offset + 15)); offset = offset + 16;
e79b9a55aa2e mod_net_proxy: Fixed backwards compatibility to Prosody 0.10 Pascal Mathis <mail@pascalmathis.com> parents: 2930 diff changeset	243 dst_addr = net_ntop(payload:sub(offset, offset + 15)); offset = offset + 16;
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	244 elseif addr_family == ADDR_FAMILY.UNIX then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	245 src_addr = payload:sub(offset, offset + 107); offset = offset + 108;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	246 dst_addr = payload:sub(offset, offset + 107); offset = offset + 108;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	247 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	248
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	249 -- Parse source and destination ports
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	250 if addr_family == ADDR_FAMILY.INET or addr_family == ADDR_FAMILY.INET6 then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	251 src_port = bit.bor(payload:byte(offset + 1), bit.lshift(payload:byte(offset), 8)); offset = offset + 2;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	252 -- luacheck: ignore 311
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	253 dst_port = bit.bor(payload:byte(offset + 1), bit.lshift(payload:byte(offset), 8)); offset = offset + 2;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	254 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	255
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	256 -- Strip parsed header from session buffer and build proxy data
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	257 session.buffer = session.buffer:sub(17 + length);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	258
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	259 local proxy_data = {
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	260 _version = version,
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	261 _addr_family = addr_family, _transport = transport,
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	262 _src_addr = src_addr, _src_port = src_port,
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	263 _dst_addr = dst_addr, _dst_port = dst_port
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	264 };
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	265 setmetatable(proxy_data, proxy_data_mt);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	266
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	267 -- Return successful response with gathered proxy data
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	268 return PROTO_HANDLER_STATUS.SUCCESS, proxy_data;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	269 else
2962 6b01600b9c02 mod_net_proxy: Adjusted log level of errors triggered by remote connections to 'warn' Pascal Mathis <mail@pascalmathis.com> parents: 2961 diff changeset	270 module:log("warn", "Received unsupported PROXYv2 command from %s: 0x%02X", conn:ip(), command);
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	271 return PROTO_HANDLER_STATUS.FAILURE, nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	272 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	273 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	274
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	275 -- Wrap an existing connection with the provided proxy data. This will override several methods of the 'conn' object to
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	276 -- return the proxied source instead of the source which initiated the TCP connection. Afterwards, the listener of the
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	277 -- connection gets set according to the globally defined port<>service mappings and the methods 'onconnect' and
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	278 -- 'onincoming' are being called manually with the current session buffer.
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	279 local function wrap_proxy_connection(conn, session, proxy_data)
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	280 -- Override and add functions of 'conn' object when source information has been collected
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	281 conn.proxyip, conn.proxyport = conn.ip, conn.port;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	282 if proxy_data:src_addr() ~= nil and proxy_data:src_port() ~= nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	283 conn.ip = function()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	284 return proxy_data:src_addr();
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	285 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	286 conn.port = function()
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	287 return proxy_data:src_port();
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	288 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	289 conn.clientport = conn.port;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	290 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	291
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	292 -- Attempt to find service by processing port<>service mappings
3562 b33b2fbdc713 mod_net_proxy: Ensure port numbers are coerced into numbers Kim Alvefur <zash@zash.se> parents: 2997 diff changeset	293 local mapping = mappings[tonumber(conn:serverport())];
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	294 if mapping == nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	295 conn:close();
2962 6b01600b9c02 mod_net_proxy: Adjusted log level of errors triggered by remote connections to 'warn' Pascal Mathis <mail@pascalmathis.com> parents: 2961 diff changeset	296 module:log("warn", "Connection %s@%s terminated: Could not find mapping for port %d",
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	297 conn:ip(), conn:proxyip(), conn:serverport());
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	298 return;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	299 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	300
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	301 if mapping.service == nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	302 local service = portmanager.get_service(mapping.service_name);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	303
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	304 if service ~= nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	305 mapping.service = service;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	306 else
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	307 conn:close();
2962 6b01600b9c02 mod_net_proxy: Adjusted log level of errors triggered by remote connections to 'warn' Pascal Mathis <mail@pascalmathis.com> parents: 2961 diff changeset	308 module:log("warn", "Connection %s@%s terminated: Could not process mapping for unknown service %s",
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	309 conn:ip(), conn:proxyip(), mapping.service_name);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	310 return;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	311 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	312 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	313
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	314 -- Pass connection to actual service listener and simulate onconnect/onincoming callbacks
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	315 local service_listener = mapping.service.listener;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	316
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	317 module:log("info", "Passing proxied connection %s:%d to service %s", conn:ip(), conn:port(), mapping.service_name);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	318 conn:setlistener(service_listener);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	319 if service_listener.onconnect then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	320 service_listener.onconnect(conn);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	321 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	322 return service_listener.onincoming(conn, session.buffer);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	323 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	324
2963 504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	325 local function is_trusted_proxy(conn)
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	326 -- If no trusted proxies were configured, trust any incoming connection
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	327 -- While this may seem insecure, the module defaults to only trusting 127.0.0.1 and ::1
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	328 if trusted_networks:empty() then
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	329 return true;
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	330 end
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	331
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	332 -- Iterate through all trusted proxies and check for match against connected IP address
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	333 local conn_ip = ip.new_ip(conn:ip());
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	334 for trusted_network in trusted_networks:items() do
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	335 if ip.match(trusted_network.ip, conn_ip, trusted_network.cidr) then
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	336 return true;
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	337 end
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	338 end
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	339
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	340 -- Connection does not match any trusted proxy
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	341 return false;
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	342 end
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	343
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	344 -- Network Listener Methods
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	345 local listener = {};
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	346
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	347 function listener.onconnect(conn)
2997 97b30fec709c mod_net_proxy: Fixed errors when connection with nil ip is being processed Pascal Mathis <mail@pascalmathis.com> parents: 2975 diff changeset	348 -- Silently drop connections with an IP address of <nil>, which can happen when the socket was closed before the
97b30fec709c mod_net_proxy: Fixed errors when connection with nil ip is being processed Pascal Mathis <mail@pascalmathis.com> parents: 2975 diff changeset	349 -- responsible net.server backend was able to grab the IP address of the connecting client.
97b30fec709c mod_net_proxy: Fixed errors when connection with nil ip is being processed Pascal Mathis <mail@pascalmathis.com> parents: 2975 diff changeset	350 if conn:ip() == nil then
97b30fec709c mod_net_proxy: Fixed errors when connection with nil ip is being processed Pascal Mathis <mail@pascalmathis.com> parents: 2975 diff changeset	351 conn:close();
97b30fec709c mod_net_proxy: Fixed errors when connection with nil ip is being processed Pascal Mathis <mail@pascalmathis.com> parents: 2975 diff changeset	352 return;
97b30fec709c mod_net_proxy: Fixed errors when connection with nil ip is being processed Pascal Mathis <mail@pascalmathis.com> parents: 2975 diff changeset	353 end
97b30fec709c mod_net_proxy: Fixed errors when connection with nil ip is being processed Pascal Mathis <mail@pascalmathis.com> parents: 2975 diff changeset	354
2963 504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	355 -- Check if connection is coming from a trusted proxy
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	356 if not is_trusted_proxy(conn) then
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	357 conn:close();
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	358 module:log("warn", "Dropped connection from untrusted proxy: %s", conn:ip());
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	359 return;
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	360 end
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	361
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	362 -- Initialize session variables
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	363 sessions[conn] = {
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	364 handler = nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	365 buffer = nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	366 };
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	367 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	368
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	369 function listener.onincoming(conn, data)
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	370 -- Abort processing if no data has been received
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	371 if not data then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	372 return;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	373 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	374
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	375 -- Lookup session for connection and append received data to buffer
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	376 local session = sessions[conn];
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	377 session.buffer = session.buffer and session.buffer .. data or data;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	378
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	379 -- Attempt to determine protocol handler if not done previously
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	380 if session.handler == nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	381 -- Match current session buffer against all known protocol signatures to determine protocol handler
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	382 for handler_name, handler in pairs(PROTO_HANDLERS) do
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	383 if session.buffer:find("^" .. handler.signature) ~= nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	384 session.handler = handler.callback;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	385 module:log("debug", "Detected %s connection from %s:%d", handler_name, conn:ip(), conn:port());
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	386 break;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	387 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	388 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	389
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	390 -- Decide between waiting for a complete header signature or terminating the connection when no handler has been found
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	391 if session.handler == nil then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	392 -- Terminate connection if buffer size has exceeded tolerable maximum size
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	393 if #session.buffer > PROTO_MAX_HEADER_LENGTH then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	394 conn:close();
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	395 module:log("warn", "Connection %s:%d terminated: No valid PROXY header within %d bytes",
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	396 conn:ip(), conn:port(), PROTO_MAX_HEADER_LENGTH);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	397 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	398
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	399 -- Skip further processing without a valid protocol handler
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	400 module:log("debug", "No valid header signature detected from %s:%d, waiting for more data...",
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	401 conn:ip(), conn:port());
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	402 return;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	403 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	404 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	405
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	406 -- Execute proxy protocol handler and process response
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	407 local response, proxy_data = session.handler(conn, session);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	408 if response == PROTO_HANDLER_STATUS.SUCCESS then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	409 module:log("info", "Received PROXY header from %s: %s", conn:ip(), proxy_data:describe());
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	410 return wrap_proxy_connection(conn, session, proxy_data);
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	411 elseif response == PROTO_HANDLER_STATUS.POSTPONE then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	412 module:log("debug", "Postponed parsing of incomplete PROXY header received from %s", conn:ip());
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	413 return;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	414 elseif response == PROTO_HANDLER_STATUS.FAILURE then
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	415 conn:close();
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	416 module:log("warn", "Connection %s terminated: Could not process PROXY header from client, " +
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	417 "see previous log messages.", conn:ip());
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	418 return;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	419 else
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	420 -- This code should be never reached, but is included for completeness
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	421 conn:close();
2962 6b01600b9c02 mod_net_proxy: Adjusted log level of errors triggered by remote connections to 'warn' Pascal Mathis <mail@pascalmathis.com> parents: 2961 diff changeset	422 module:log("warn", "Connection terminated: Received invalid protocol handler response with code %d", response);
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	423 return;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	424 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	425 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	426
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	427 function listener.ondisconnect(conn)
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	428 sessions[conn] = nil;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	429 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	430
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	431 listener.ondetach = listener.ondisconnect;
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	432
2963 504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	433 -- Parse trusted proxies which can either contain single hosts or networks
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	434 if not config_trusted_proxies:empty() then
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	435 for trusted_proxy in config_trusted_proxies:items() do
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	436 local network = {};
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	437 network.ip, network.cidr = ip.parse_cidr(trusted_proxy);
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	438 trusted_networks:add(network);
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	439 end
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	440 else
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	441 module:log("warn", "No trusted proxies configured, all connections will be accepted - this might be dangerous");
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	442 end
504bb330e910 mod_net_proxy: Added proxy_trusted_proxies for whitelisting incoming connections Pascal Mathis <mail@pascalmathis.com> parents: 2962 diff changeset	443
2961 33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	444 -- Process all configured port mappings and generate a list of mapped ports
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	445 local mapped_ports = {};
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	446 for port, mapping in pairs(config_mappings) do
3562 b33b2fbdc713 mod_net_proxy: Ensure port numbers are coerced into numbers Kim Alvefur <zash@zash.se> parents: 2997 diff changeset	447 port = tonumber(port);
2961 33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	448 table.insert(mapped_ports, port);
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	449 mappings[port] = {
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	450 service_name = mapping,
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	451 service = nil,
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	452 };
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	453 end
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	454
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	455 -- Log error message when user manually specifies ports without configuring the necessary port mappings
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	456 if not config_ports:empty() then
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	457 local missing_ports = config_ports - set.new(mapped_ports);
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	458 if not missing_ports:empty() then
33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	459 module:log("error", "Missing port<>service mappings for these ports: %s", tostring(missing_ports));
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	460 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	461 end
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	462
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	463 -- Register the previously declared network listener
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	464 module:provides("net", {
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	465 name = "proxy";
9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	466 listener = listener;
2961 33227efa2cdc mod_net_proxy: Automatically listen on all mapped ports if proxy_ports was not configured Pascal Mathis <mail@pascalmathis.com> parents: 2935 diff changeset	467 default_ports = mapped_ports;
2930 9a62780e7ee2 mod_net_proxy: New module implementing PROXY protocol versions 1 and 2 Pascal Mathis <mail@pascalmathis.com> parents: diff changeset	468 });

prosody-modules

9d88c3d9eea5

mod_net_proxy/mod_net_proxy.lua

Software / code / prosody-modules

Annotate

mod_net_proxy/mod_net_proxy.lua @ 6281:9d88c3d9eea5

Software `/` code `/` prosody-modules