Welcome! Log In Create A New Profile

Advanced

Re: [PATCH] Avoiding mixed socket families in PROXY protocol v1 (ticket #2594)

Maxim Dounin
January 22, 2024 07:00AM
Hello!

On Mon, Jan 22, 2024 at 02:49:54PM +0400, Roman Arutyunyan wrote:

> # HG changeset patch
> # User Roman Arutyunyan <arut@nginx.com>
> # Date 1705916128 -14400
> # Mon Jan 22 13:35:28 2024 +0400
> # Node ID 2f12c929527b2337c15ef99d3a4dc97819b61fbd
> # Parent ee40e2b1d0833b46128a357fbc84c6e23be9be07
> Avoiding mixed socket families in PROXY protocol v1 (ticket #2594).
>
> When using realip module, remote and local addreses of a connection can belong
> to different address families. This previously resulted in generating PROXY
> protocol headers like this:
>
> PROXY TCP4 127.0.0.1 unix:/tmp/nginx1.sock 55544 0
>
> The PROXY protocol v1 specification does not allow mixed families. The change
> will generate the unknown PROXY protocol header in this case:
>
> PROXY UNKNOWN
>
> Also, the above mentioned format for unix socket address is not specified in
> PROXY protocol v1 and is a by-product of internal nginx representation of it.
> The change eliminates such addresses from PROXY protocol headers as well.

Nitpicking: double space in "from PROXY".

This change will essentially disable use of PROXY protocol in such
configurations. While it is probably good enough from formal
point of view, and better that what we have now, this might still
be a surprise, especially when multiple address families are used
on the original proxy server, and the configuration works for some
of them, but not for others.

Wouldn't it be better to remember if the PROXY protocol was used
to set the address, and use $proxy_protocol_server_addr /
$proxy_protocol_server_port in this case?

Alternatively, we can use some dummy server address instead, so
the client address will be still sent.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH] Avoiding mixed socket families in PROXY protocol v1 (ticket #2594)

Roman Arutyunyan 362 January 22, 2024 05:52AM

Re: [PATCH] Avoiding mixed socket families in PROXY protocol v1 (ticket #2594)

Maxim Dounin 78 January 22, 2024 07:00AM

Re: [PATCH] Avoiding mixed socket families in PROXY protocol v1 (ticket #2594)

Roman Arutyunyan 72 January 22, 2024 10:50AM

Re: [PATCH] Avoiding mixed socket families in PROXY protocol v1 (ticket #2594)

Maxim Dounin 77 January 23, 2024 04:04PM

Re: [PATCH] Avoiding mixed socket families in PROXY protocol v1 (ticket #2594)

Roman Arutyunyan 69 February 21, 2024 08:32AM

Re: [PATCH] Avoiding mixed socket families in PROXY protocol v1 (ticket #2594)

J Carter 80 February 21, 2024 09:00PM

Re: [PATCH] Avoiding mixed socket families in PROXY protocol v1 (ticket #2594)

Roman Arutyunyan 73 February 22, 2024 10:18AM

Re: [PATCH] Avoiding mixed socket families in PROXY protocol v1 (ticket #2594)

Sergey Kandaurov 70 March 06, 2024 09:52AM

Re: [PATCH] Avoiding mixed socket families in PROXY protocol v1 (ticket #2594)

Roman Arutyunyan 82 March 11, 2024 08:46AM

Re: [PATCH] Avoiding mixed socket families in PROXY protocol v1 (ticket #2594)

Sergey Kandaurov 76 March 13, 2024 01:10PM

Re: [PATCH] Avoiding mixed socket families in PROXY protocol v1 (ticket #2594)

Roman Arutyunyan 89 March 21, 2024 10:58AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 243
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready