Added %proxy_protocol::>h logformat code for logging received PROXY
protocol TLV values and passing them to adaptation services and helpers.
For simplicity, this implementation treats TLV values as text and reuses
the existing HTTP header field logging interfaces. Support for binary
TLV value logging can be added later if needed.
Also support logging of metadata extracted from the fixed portion of a
PROXY protocol header and referenced as "pseudo headers": :command,
:version, :src_addr, :dst_addr, :src_port, and :dst_port.
Also fixed several bugs in the old PROXY protocol v1/v2 parsing code:
* Buffer overrun in ConnStateData::parseProxy2p0(). The available
local SBuf could be less than sizeof(pax), resulting in copying
excessive bytes with SBuf::rawContent().
* Incorrect processing of malformed v1 headers lacking CRLF in
ConnStateData::parseProxy1p0(), which waited for more data
even if the buffer size already exceeded the maximum v1 header
size.
* Incorrect processing of partial-buffered v1 headers, when only
the initial (magic) part of the header has been received. The old
code resulted with an error instead of waiting for more data in this
case.
* Incorrect v1 header framing for proto=UNKNOWN headers.
The code used only LF while the protocol requires CRLF for it.
* Do not use address information from v2 header if the header
proto is UNSPEC.
* Incorrect v1 magic expectations (a 6-character `PROXY ` instead of the
proper 5-character `PROXY` sequence) leading to mishandling of
non-PROXY input. For example, receiving `PROXY\r\n` would result in
"need more data" outcome (and long timeout) instead of an immediate
error.
Also eliminated code duplication in HttpHeader::getByNameListMember()
and HttpHeader::getListMember(), moving the common part into a
separate getListMember() method.
Also eliminated code duplication and probably fixed a bug with applying
client_netmask parameter in ConnStateData constructor. The mask should
not be applied to localhost and IPv6 addresses but was.
Also parse PROXY protocol v2 LOCAL addresses (for logging purposes). In
compliance with the PROXY protocol specs, LOCAL addresses are still
unused for connection routing.
projects / thirdparty / squid.git / commit
