Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Invalid source address" when accepting proxy protocol with IPv4-mapped v6 address #91

Closed
jtackaberry opened this issue Jan 3, 2023 · 2 comments
Closed

"Invalid source address" when accepting proxy protocol with IPv4-mapped v6 address #91

jtackaberry opened this issue Jan 3, 2023 · 2 comments

Comments

@jtackaberry
Copy link
Contributor

Another proxy upstream of caddy-l4 (haproxy currently) is sending the following proxy protocol header:

PROXY TCP6 ::ffff:192.168.0.1 ::ffff:192.168.0.1 53740 10001

But caddy-l4 rejects this with:

2023/01/03 04:37:55.017 ERROR   layer4  handling connection     {"remote": "192.168.0.1:33838", "error": "parsing the PROXY header: invalid source address"}

When the src address is a non-IPv4-mapped IPv6 address it works, it's only with the mapped address that it rejects it.
@jtackaberry
Copy link
Contributor Author

Ah, I see caddy uses another project (github.com/mastercactapus/proxyprotocol) to parse the proxy protocol, and the bug appears to be there.

Specifically, this line will return false with a v4-mapped address.

I'll open an issue with that project.

@jtackaberry jtackaberry mentioned this issue Jan 3, 2023
Closed
@mholt
Copy link
Owner

mholt commented Jan 3, 2023

Thanks for the report! And for opening an issue upstream. It will likely get fixed faster that way :)

@mholt mholt closed this as completed Jan 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mholt @jtackaberry