Skip to content

Fix %<chi> with PROXY Protocol #8893

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
masaori335 merged 1 commit into from
Jul 5, 2022
Merged

Fix %<chi> with PROXY Protocol #8893

masaori335 merged 1 commit into from
Jul 5, 2022

Conversation

@masaori335
Copy link
Contributor

@masaori335 masaori335 commented Jun 8, 2022

Fix #8544.

Prior to this change, the source address in the PROXY Protocol message was set as the remote address when it was parsed.
Now, %<chi> always represents the previous hop.

@masaori335 masaori335 added this to the 10.0.0 milestone Jun 8, 2022
@masaori335 masaori335 self-assigned this Jun 8, 2022
masaori335
masaori335 commented Jun 8, 2022
View reviewed changes
proxy/ProtocolProbeSessionAccept.cc

if (netvc->has_proxy_protocol(reader)) {
Debug("proxyprotocol", "ioCompletionEvent: http has proxy protocol header");
netvc->set_remote_addr(netvc->get_proxy_protocol_src_addr());
Copy link
Contributor Author

@masaori335 masaori335 Jun 8, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the main change.

masaori335
masaori335 commented Jun 8, 2022
View reviewed changes
iocore/net/SSLNetVConnection.cc

if (this->has_proxy_protocol(buffer, &r)) {
Debug("proxyprotocol", "ssl has proxy protocol header");
set_remote_addr(get_proxy_protocol_src_addr());
Copy link
Contributor Author

@masaori335 masaori335 Jun 8, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the main change.

Copy link
Contributor Author

@masaori335 masaori335 Jun 8, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm wondering if we can unify these code in the SSLNetVConnection and ProtocolProbeSessionAccept, but it's out of scope from this PR.

@bryancall bryancall self-requested a review June 13, 2022 23:23
@masaori335
Copy link
Contributor Author

masaori335 commented Jun 13, 2022

The doc of %<chi> is updated.

@masaori335 masaori335 merged commit cc2979d into apache:master Jul 5, 2022
@zwoop
Copy link
Contributor

zwoop commented Jul 7, 2022

It kinda feels like this is borderline incompatible change, in that the logging behavior of %{chi} could possibly change. The odds of this happening is small, but we should consider this and make sure we don't break the compatibility contracts.

@bryancall bryancall mentioned this pull request Aug 14, 2024
Open
91 tasks
@cmcfarlen cmcfarlen mentioned this pull request Aug 16, 2024
Merged
@cmcfarlen cmcfarlen mentioned this pull request Dec 16, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ywkaras ywkaras ywkaras approved these changes

@SolidWallOfCode SolidWallOfCode Awaiting requested review from SolidWallOfCode

@reveller reveller Awaiting requested review from reveller

@bryancall bryancall Awaiting requested review from bryancall

Assignees

@masaori335 masaori335

Labels

Incompatible Logging PROXY Protocol Release Doc Done

Projects

None yet

Milestone

10.0.0

Development

Successfully merging this pull request may close these issues.

Feature: Add "logging field" to identify proxy protocol client's IP address (previous proxy hop)

4 participants

@masaori335 @zwoop @ywkaras @cmcfarlen