Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make the client IP accessible from a request_filter #105

Closed
LessThanGreaterThan opened this issue Mar 3, 2024 · 6 comments
Closed

Make the client IP accessible from a request_filter #105

LessThanGreaterThan opened this issue Mar 3, 2024 · 6 comments
Assignees
@drcaramelsyrup
Labels
enhancement New feature or request

Comments

@LessThanGreaterThan
Copy link

LessThanGreaterThan commented Mar 3, 2024
edited
Loading

What is the problem your feature solves, or the need it fulfills?

I would like to access the IP of a user connecting to a pingora proxy server to allow for further filtering/routing.

This could be used for rate limits or a "per user" upstream selection

Describe the solution you'd like

a function in the Session struct to give out the IP address

Describe alternatives you've considered

I don't see how i could implement a ip based rate limit without an IP on the application level, an alternative would be using nftables but that seems far from optimal.

Additional context

None
@BrandonLeeDotDev
Copy link

BrandonLeeDotDev commented Mar 6, 2024
edited
Loading

It looks like the addr is just being dropped... pingora-core/src/protocols/l4/listener.rs or am I missing something?

impl Listener {
    /// Accept a connection from the listening endpoint
    pub async fn accept(&self) -> io::Result<Stream> {
        match &self {
            Self::Tcp(l) => l.accept().await.map(|(stream, _)| stream.into()),
            Self::Unix(l) => l.accept().await.map(|(stream, _)| stream.into()),
        }
    }
}

Please pass along the addr so we can rate limit, add it to forwarding headers, modify iptables, or what ever may be needed

@eaufavor eaufavor added the enhancement New feature or request label Mar 6, 2024
@dward
Copy link

dward commented Mar 6, 2024

Should additional metadata also be provided within Session, such as the server ip/port, and SSL metadata such as cipher, tls version, etc? I can create a new ticket with requests if needed.

@LessThanGreaterThan
Copy link
Author

Should additional metadata also be provided within Session, such as the server ip/port, and SSL metadata such as cipher, tls version, etc? I can create a new ticket with requests if needed.

this would be pretty helpful as it allows to generate JA3 fingerprints etc.

@drcaramelsyrup
Copy link
Contributor

We're also looking at this internally right now too!

Should additional metadata also be provided within Session, such as the server ip/port, and SSL metadata such as cipher, tls version, etc? I can create a new ticket with requests if needed.

Server IP/port can probably be bundled with this ask, I think additional metadata deserves its own tracking issue.

@eaufavor eaufavor added the WIP We are working on this feature internally label Mar 7, 2024
@drcaramelsyrup
Copy link
Contributor

client_addr() (and server_addr()) are now methods accessible from Session in 20fd391.

@eaufavor eaufavor removed the WIP We are working on this feature internally label Mar 22, 2024
@vicanso vicanso mentioned this issue Mar 29, 2024
Closed
@drcaramelsyrup drcaramelsyrup mentioned this issue Apr 9, 2024
Open
@leric
Copy link

leric commented Apr 10, 2024

This feature has released in v0.1.1, but the crate repo hasn't get this update, might need some manual operation
https://crates.io/crates/pingora

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@drcaramelsyrup drcaramelsyrup

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@dward @drcaramelsyrup @eaufavor @leric @BrandonLeeDotDev @LessThanGreaterThan