Authentication-Results: mail-b.sr.ht; dkim=pass header.d=gmail.com header.i=@gmail.com Received: from mail-ed1-f44.google.com (mail-ed1-f44.google.com [209.85.208.44]) by mail-b.sr.ht (Postfix) with ESMTPS id 9780811EEB5 for <~emersion/soju-dev@lists.sr.ht>; Tue, 11 Oct 2022 07:12:45 +0000 (UTC) Received: by mail-ed1-f44.google.com with SMTP id w10so18836830edd.4 for <~emersion/soju-dev@lists.sr.ht>; Tue, 11 Oct 2022 00:12:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=6Nv95WuPW7PwmGfeT5QQSVZ0BcCvDrrMAPf/FeDPBbs=; b=KIKzXJCQRF3nSRSq5BW8BJ/V/CTD1fnumufnXRGtV31njkxP7nb049h9NnNMD9mMCB un9qFSQpkRbvR1RLxKhmj06tl7S8d25l8DU0tNrBSq1+kKHDYTiFaDOs/0SR7aZENowr WUEYSRNpxouvQdEl5aTUUFa0rACHSjRxeRYKHmAma06OwLaZLiTohRXRa5MMYJ9ulKHL michjfoyGElMxMRf5bxdveZP/qOMgeZ7o76Vju8uvWYNvU9+fDY2IoUjM0ABxa0LUDtC uZj3D/RHK06xFEUw0R09+CT+6PETt4Pay3o+2Nj1Kf6/OT+g2C+1XFvXeLAJj645uqED LZxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6Nv95WuPW7PwmGfeT5QQSVZ0BcCvDrrMAPf/FeDPBbs=; b=skyCf62BTDWLHZEYvXPMrqKfqcnMp5qsMUmii5tHkY3IYKUJ8f+igBhDt2lIJoK5fl Cr8coEOOuuLUbLgKo5xALEuioRbZrbLAAWSt/nrvYhaS7j3QqCP/pBWkZ5VxqB1OsFR8 rrWBBrJfEJaIJ02iffd1H4UFHvSPUNBZSEc1UvmuV/XpT7CiAHXf1SrMTkeYvcJTeydm g1xtNudae/f5gqCdPi6sPNJXdjdZuQVRTR+XbLallcA9g02Jj0/8a3UDmI1mVRV9hw2k AWEGxG0BjrgPtxKcz2h9ExkofLyoFuHHNNu7TzyKe8HdWJd3Y5K3DUQ3L0BI5SoZg6LF UP5Q== X-Gm-Message-State: ACrzQf0g/efVG5gQWcJNwrmqmIHhi1f1rMsbQVjn+gkD6RbdMUuAKo09 78D5BymopK5aq9TKxFwFO8/oCH5tWNI= X-Google-Smtp-Source: AMsMyM4ftLHdstIfGE3wtGTWJOX+mobjta50plcxvh8MYf+tRFbF63OTOFxORgDsqXNqIRZU8/shSA== X-Received: by 2002:a05:6402:430a:b0:459:a049:76da with SMTP id m10-20020a056402430a00b00459a04976damr20905979edc.272.1665472364396; Tue, 11 Oct 2022 00:12:44 -0700 (PDT) Received: from localhost (adsl-138.176.58.194.tellas.gr. [176.58.194.138]) by smtp.gmail.com with ESMTPSA id j9-20020a17090623e900b0078a543e9301sm6315441ejg.200.2022.10.11.00.12.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Oct 2022 00:12:43 -0700 (PDT) From: Julio B To: ~emersion/soju-dev@lists.sr.ht Cc: Julio B Subject: [PATCH] Accept proxy protocol on unix sockets by default Date: Tue, 11 Oct 2022 10:12:30 +0300 Message-Id: <20221011071230.247042-1-julio.bacel@gmail.com> X-Mailer: git-send-email 2.38.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit --- Usually we use unix sockets behind reverse proxies on local machines. It makes sense to trust the proxy protocol we it is available. Minimal nginx config .. stream { server { listen 6697; proxy_pass unix:/run/soju/bouncer.socket; proxy_protocol on; } } .. cmd/soju/main.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cmd/soju/main.go b/cmd/soju/main.go index 0094381..920e909 100644 --- a/cmd/soju/main.go +++ b/cmd/soju/main.go @@ -345,10 +345,11 @@ func proxyProtoListener(ln net.Listener, srv *soju.Server) net.Listener { Listener: ln, Policy: func(upstream net.Addr) (proxyproto.Policy, error) { tcpAddr, ok := upstream.(*net.TCPAddr) - if !ok { - return proxyproto.IGNORE, nil + if ok && srv.Config().AcceptProxyIPs.Contains(tcpAddr.IP) { + return proxyproto.USE, nil } - if srv.Config().AcceptProxyIPs.Contains(tcpAddr.IP) { + unixAddr, ok := upstream.(*net.UnixAddr) + if ok && unixAddr.Network() == "unix" { return proxyproto.USE, nil } return proxyproto.IGNORE, nil -- 2.38.0