X-Git-Url: http://dxcluster.net/gitweb/gitweb.cgi?a=blobdiff_plain;f=perl%2FExtMsg.pm;h=c5d6d85486ff5092ec958e89f4714ded0ae2743b;hb=af8dd78669c2badfd6a6cf5e4724500a78da2d0d;hp=44846c53312f12a370b2babd6cd5acd888605c4d;hpb=9c2a187b4d9e7b03a963cabc4c7ecf5df5bf1ca5;p=spider.git

diff --git a/perl/ExtMsg.pm b/perl/ExtMsg.pm
index 44846c53..c5d6d854 100644
--- a/perl/ExtMsg.pm
+++ b/perl/ExtMsg.pm
@@ -99,7 +99,19 @@ sub dequeue
 				&{$conn->{rproc}}($conn, "I$conn->{call}|$msg");
 			} elsif ($conn->{state} eq 'WL' ) {
 				$msg = uc $msg;
-				if (is_callsign($msg)) {
+				if ($conn->{sort} =~ /^I/ && (my ($ip, $from) = $msg =~ /^PROXY TCP[46] ([\da-fA-F:\.]+) ([\da-fA-F:\.]+)/) ) {
+					# SOMEONE appears to have affixed an HA Proxy to my connection
+					$ip =~ s|^::ffff:||; # chop off leading pseudo IPV6 stuff on dual stack listeners
+					$from =~ s|^::ffff:||;
+					if ($from eq $conn->{peerhost}) {
+						dbg("ExtMsg: connect - PROXY IP change from '$conn->{peerhost}' -> '$ip'");
+						$conn->{peerhost} = $ip;
+					} else {
+						dbg("ExtMsg: connect - PROXY someone ($from) is trying to spoof '$ip'");
+						$conn->send_now("Sorry $msg is an invalid callsign");
+						$conn->disconnect;
+					}
+				} elsif (is_callsign($msg)) {
 					if ($main::allowslashcall || $msg !~ m|/|) {
 						my $sort = $conn->{csort};
 						$sort = 'local' if $conn->{peerhost} =~ /127\.\d+\.\d+\.\d+$/ || $conn->{peerhost} eq '::1';