beenull/sftpgo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

proxy protocol: fix require policy in some edge cases

Browse source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino 2023-05-20 16:08:57 +02:00
parent d28a53a6cf
commit 3f94f6d0e7
No known key found for this signature in database
GPG key ID: 935D2952DEC4EECF
4 changed files with 19 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
go.mod
View file

@ -36,7 +36,7 @@ require (
github.com/hashicorp/go-hclog v1.5.0
github.com/hashicorp/go-plugin v1.4.10-0.20230403150917-e889c1ba1044
github.com/hashicorp/go-retryablehttp v0.7.2
github.com/jackc/pgx/v5 v5.3.2-0.20230428020358-f59e8bf5551f
github.com/jackc/pgx/v5 v5.3.2-0.20230520130935-9de41fac7533
github.com/jlaffaye/ftp v0.0.0-20201112195030-9aae4d151126
github.com/klauspost/compress v1.16.5
github.com/lestrrat-go/jwx/v2 v2.0.9

4
go.sum
View file

@ -1394,8 +1394,8 @@ github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9
github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc=
github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs=
github.com/jackc/pgx/v4 v4.17.2/go.mod h1:lcxIZN44yMIrWI78a5CpucdD14hX0SBDbNRvjDBItsw=
github.com/jackc/pgx/v5 v5.3.2-0.20230428020358-f59e8bf5551f h1:fs2GT/BQiXFnpvTQZK2tHLyw6ZoQQh0/5w8x/Lri7Jk=
github.com/jackc/pgx/v5 v5.3.2-0.20230428020358-f59e8bf5551f/go.mod h1:sU+RaYl9qnhD3Ce+mwnFii6YEPx70mCYghBzKvqq4qo=
github.com/jackc/pgx/v5 v5.3.2-0.20230520130935-9de41fac7533 h1:xro2Upd4gLZnXU07yOPkL3AYEOt3gnXtU10LY+N2+nc=
github.com/jackc/pgx/v5 v5.3.2-0.20230520130935-9de41fac7533/go.mod h1:sU+RaYl9qnhD3Ce+mwnFii6YEPx70mCYghBzKvqq4qo=
github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=

3
internal/common/common.go
View file

@ -802,6 +802,9 @@ func getProxyPolicy(allowed, skipped []func(net.IP) bool, def proxyproto.Policy)
for _, allowFrom := range allowed {
if allowFrom(upstreamIP) {
if def == proxyproto.REQUIRE {
return proxyproto.REQUIRE, nil
}
return proxyproto.USE, nil
}
}

13
internal/common/common_test.go
View file

@ -1012,6 +1012,19 @@ func TestProxyPolicy(t *testing.T) {
policy, err = p(&net.TCPAddr{IP: net.ParseIP("10.8.1.4")})
assert.NoError(t, err)
assert.Equal(t, proxyproto.IGNORE, policy)
p = getProxyPolicy(allowed, skipped, proxyproto.REQUIRE)
policy, err = p(&net.TCPAddr{IP: ip1})
assert.NoError(t, err)
assert.Equal(t, proxyproto.REQUIRE, policy)
policy, err = p(&net.TCPAddr{IP: ip2})
assert.NoError(t, err)
assert.Equal(t, proxyproto.SKIP, policy)
policy, err = p(&net.TCPAddr{IP: ip3})
assert.NoError(t, err)
assert.Equal(t, proxyproto.SKIP, policy)
policy, err = p(&net.TCPAddr{IP: net.ParseIP("10.8.1.5")})
assert.NoError(t, err)
assert.Equal(t, proxyproto.REQUIRE, policy)
}
func TestProxyProtocolVersion(t *testing.T) {