-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support specifying IPv6 proxies in CIDR notation #32615
Support specifying IPv6 proxies in CIDR notation #32615
Conversation
9fa14ca
to
bbe19d6
Compare
Hey @sleiner 👋, thank you very much for sending a pull request 👍 We had a pull request a while ago to add IPv6 CIDR support to trusted proxies. Maybe some of the tests and/or discussion are helpful for this pr: #12535
Your pr looks good to me. Yet I have the same feeling as for the other pr 🙈 I believe we should pull in/copy IpUtils (including tests) from Symfony and adapt our code to it and not reinvent the wheel. Let me request some reviews to get more opinions on this one. |
Hi @kesselb, I had not seen #12535 before, thanks for pointing me to that! 😊 After taking a brief look at it, here are my thoughts:
In general, I have no strong attachment to the specific code of this patch, I mainly would like to use the feature ;-) I have never contributed to Nextcloud (or written any PHP, for that matter) before so I had no idea what your policies are concerning pulling in code from external libraries. So just writing the code myself seemed like the quickest way to me. So let me know what you and your colleagues consider the best way forward here 👍🏻 |
bbe19d6
to
74c5cff
Compare
@kesselb could you please approve running the workflows again? 😅 |
@kesselb Can you give an ETA for the reviews? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code looks good
@sleiner Hello, in the end we added symfony/http-foundation as a dependency because we needed the same functionnality in other parts of the code and felt it was better to rely on symfony rather than maintain our own copy. I could do that in an other PR but I think your tests can work the same and this is valuable. |
Sure thing 👍🏻 (though it will probably take a few days before I'll get to it) |
74c5cff
to
abece9b
Compare
@come-nc done 😊 |
@sleiner Can you rebase on master to retrigger CI? |
Previously, it was not possible to use CIDR notation for IPv6 proxies in the trusted_proxies parameter of config.php [1]. This patch adds support for that. [1]: https://docs.nextcloud.com/server/24/admin_manual/configuration_server/reverse_proxy_configuration.html#defining-trusted-proxies Signed-off-by: Simon Leiner <simon@leiner.me>
abece9b
to
09362ea
Compare
@come-nc done 👍🏻 |
we still have some failing runs :/
|
Thanks for your first pull request and welcome to the community! Feel free to keep them coming! If you are looking for issues to tackle then have a look at this selection: https://github.com/nextcloud/server/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22 |
Yeah seems unrelated, I merged it. |
Support for IPv6 ranges was added by #32615 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
Support for IPv6 ranges was added by #32615 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
Support for IPv6 ranges was added by #32615 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
Support for IPv6 ranges was added by nextcloud#32615 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de> Signed-off-by: Akhil <akhil@e.email>
Previously, it was not possible to use CIDR notation for IPv6 proxies in the trusted_proxies parameter of config.php. This patch adds support for that, mainly by relying on inet_pton and a custom bitwise string comparison function instead of ip2long (which does not work for IPv6 because of its 128 bit address space).
It is worth noting that the bitwise comparison could be implemented a bit more straightforward using GMP, but since Nextcloud does not currently require GMP to be available, this alternative implementation was chosen instead.
The patch fixes issue #32253.