From 51b55bd9ec076867a14fa5eb37c5d60855f93430 Mon Sep 17 00:00:00 2001 From: iurri Date: Thu, 23 Jan 2020 11:40:50 +0100 Subject: [PATCH 1/4] handle tcp request with tcp_accept_haproxy even no PROXY header found --- src/core/tcp_main.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/core/tcp_main.c b/src/core/tcp_main.c index a9fdf8445ad..1dbd5e0325a 100644 --- a/src/core/tcp_main.c +++ b/src/core/tcp_main.c @@ -1109,8 +1109,8 @@ int tcpconn_read_haproxy(struct tcp_connection *c) { return 1; /* EOF? Return "no IP change" in any case */ } else { - /* Wrong protocol */ - return -1; + /* Wrong protocol*/ + return 2; } done: @@ -1163,10 +1163,12 @@ struct tcp_connection* tcpconn_new(int sock, union sockaddr_union* su, if (unlikely(ksr_tcp_accept_haproxy && state == S_CONN_ACCEPT)) { ret = tcpconn_read_haproxy(c); if (ret == -1) { - LM_ERR("invalid PROXY protocol header\n"); + LM_WARN("invalid PROXY protocol header\n"); goto error; } else if (ret == 1) { LM_DBG("PROXY protocol did not override IP addresses\n"); + } else if (ret == 2) { + LM_DBG("PROXY protocol header not found or wrong. can't owerride IP adresses\n"); } } print_ip("tcpconn_new: new tcp connection: ", &c->rcv.src_ip, "\n"); From 93f8fca48226412692d085233f0fc0c71d894409 Mon Sep 17 00:00:00 2001 From: iurri Date: Mon, 27 Jan 2020 08:21:52 +0100 Subject: [PATCH 2/4] core:tcp allow to handle TCP connections even message does not contain PROXY protocol header --- src/core/tcp_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/tcp_main.c b/src/core/tcp_main.c index 1dbd5e0325a..1def25ac35d 100644 --- a/src/core/tcp_main.c +++ b/src/core/tcp_main.c @@ -1168,7 +1168,7 @@ struct tcp_connection* tcpconn_new(int sock, union sockaddr_union* su, } else if (ret == 1) { LM_DBG("PROXY protocol did not override IP addresses\n"); } else if (ret == 2) { - LM_DBG("PROXY protocol header not found or wrong. can't owerride IP adresses\n"); + LM_WARN("PROXY protocol header not found or wrong. can't owerride IP addresses\n"); } } print_ip("tcpconn_new: new tcp connection: ", &c->rcv.src_ip, "\n"); From 8918bd7657dde20325e368f928eeb31801b425d6 Mon Sep 17 00:00:00 2001 From: iurri Date: Mon, 27 Jan 2020 08:50:54 +0100 Subject: [PATCH 3/4] core:tcp allow to handle TCP connections even message does not contain PROXY protocol header - function tcpconn_read_haproxy() returns 2 if no PROXY header found. message about no header shown at the debug level --- src/core/tcp_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/tcp_main.c b/src/core/tcp_main.c index 1def25ac35d..82433666684 100644 --- a/src/core/tcp_main.c +++ b/src/core/tcp_main.c @@ -1168,7 +1168,7 @@ struct tcp_connection* tcpconn_new(int sock, union sockaddr_union* su, } else if (ret == 1) { LM_DBG("PROXY protocol did not override IP addresses\n"); } else if (ret == 2) { - LM_WARN("PROXY protocol header not found or wrong. can't owerride IP addresses\n"); + LM_DBG("PROXY protocol header not found. can't owerride IP addresses\n"); } } print_ip("tcpconn_new: new tcp connection: ", &c->rcv.src_ip, "\n"); From 55fa4da56f03839726762b5668c945ebd35ca9c5 Mon Sep 17 00:00:00 2001 From: iurri Date: Mon, 27 Jan 2020 10:28:13 +0100 Subject: [PATCH 4/4] core:tcp shwitched back to LM_ERR level for invalid PROXY header message --- src/core/tcp_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/tcp_main.c b/src/core/tcp_main.c index 82433666684..f802427cba7 100644 --- a/src/core/tcp_main.c +++ b/src/core/tcp_main.c @@ -1163,7 +1163,7 @@ struct tcp_connection* tcpconn_new(int sock, union sockaddr_union* su, if (unlikely(ksr_tcp_accept_haproxy && state == S_CONN_ACCEPT)) { ret = tcpconn_read_haproxy(c); if (ret == -1) { - LM_WARN("invalid PROXY protocol header\n"); + LM_ERR("invalid PROXY protocol header\n"); goto error; } else if (ret == 1) { LM_DBG("PROXY protocol did not override IP addresses\n");