From af8dd78669c2badfd6a6cf5e4724500a78da2d0d Mon Sep 17 00:00:00 2001 From: Dirk Koopman Date: Sun, 5 Jul 2020 16:21:43 +0100 Subject: [PATCH] Add HAProxy type 1 "real ip" address changes --- Changes | 1 + perl/DXUser.pm | 2 +- perl/ExtMsg.pm | 14 +++++++++++++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/Changes b/Changes index 8c663a2a..919971b9 100644 --- a/Changes +++ b/Changes @@ -1,5 +1,6 @@ 05Jul20======================================================================= 1. Fix show/dxcc. +2. Add HAPROXY "real ip" type 1 handling for incoming connections. 04Jul20======================================================================= 1. Give console.pl (or dx) a good going over with a bog brush to *finally* (cough) make it work correctly with a full 80 column window (and not just diff --git a/perl/DXUser.pm b/perl/DXUser.pm index 642649e8..bfc06b75 100644 --- a/perl/DXUser.pm +++ b/perl/DXUser.pm @@ -107,7 +107,7 @@ my $json; maxconnect => '1,Max Connections', startt => '0,Start Time,cldatetime', connlist => '1,Connections,parraydifft', - width => '0,Preferred Width' + width => '0,Preferred Width', ); #no strict; diff --git a/perl/ExtMsg.pm b/perl/ExtMsg.pm index 44846c53..c5d6d854 100644 --- a/perl/ExtMsg.pm +++ b/perl/ExtMsg.pm @@ -99,7 +99,19 @@ sub dequeue &{$conn->{rproc}}($conn, "I$conn->{call}|$msg"); } elsif ($conn->{state} eq 'WL' ) { $msg = uc $msg; - if (is_callsign($msg)) { + if ($conn->{sort} =~ /^I/ && (my ($ip, $from) = $msg =~ /^PROXY TCP[46] ([\da-fA-F:\.]+) ([\da-fA-F:\.]+)/) ) { + # SOMEONE appears to have affixed an HA Proxy to my connection + $ip =~ s|^::ffff:||; # chop off leading pseudo IPV6 stuff on dual stack listeners + $from =~ s|^::ffff:||; + if ($from eq $conn->{peerhost}) { + dbg("ExtMsg: connect - PROXY IP change from '$conn->{peerhost}' -> '$ip'"); + $conn->{peerhost} = $ip; + } else { + dbg("ExtMsg: connect - PROXY someone ($from) is trying to spoof '$ip'"); + $conn->send_now("Sorry $msg is an invalid callsign"); + $conn->disconnect; + } + } elsif (is_callsign($msg)) { if ($main::allowslashcall || $msg !~ m|/|) { my $sort = $conn->{csort}; $sort = 'local' if $conn->{peerhost} =~ /127\.\d+\.\d+\.\d+$/ || $conn->{peerhost} eq '::1'; -- 2.34.1