{
channel_t *ch = (channel_t *)self;
+ tvhdebug(LS_CHANNEL, "channel '%s' changed", channel_get_name(ch));
+
/* update the EPG channel <-> channel mapping here */
if (ch->ch_enabled && ch->ch_epgauto)
epggrab_channel_add(ch);
char ubuf[UUID_HEX_SIZE];
/* save channel (on demand) */
if (ch->ch_dont_save == 0) {
+ tvhdebug(LS_CHANNEL, "channel '%s' save", channel_get_name(ch));
c = htsmsg_create_map();
idnode_save(&ch->ch_id, c);
snprintf(filename, fsize, "channel/config/%s", idnode_uuid_as_str(&ch->ch_id, ubuf));
config.idnode.in_class = &config_class;
config.ui_quicktips = 1;
config.digest = 1;
+ config.proxy = 0;
config.realm = strdup("tvheadend");
config.info_area = strdup("login,storage,time");
config.cookie_expires = 7;
.opts = PO_EXPERT,
.group = 1
},
+ {
+ .type = PT_BOOL,
+ .id = "proxy",
+ .name = N_("Use PROXY protocol & X-Forwarded-For"),
+ .desc = N_("PROXY protocol is an extension for support incoming "
+ "TCP connections from a remote server (like a firewall) "
+ "sending the original IP address of the client. "
+ "The HTTP header 'X-Forwarded-For' do the same with "
+ "HTTP connections. Both enable tunneled connections."
+ "This option should be disabled for standard usage."),
+ .off = offsetof(config_t, proxy),
+ .opts = PO_EXPERT,
+ .group = 1
+ },
{
.type = PT_U32,
.intextra = INTEXTRA_RANGE(1, 0x7ff, 1),
char authbuf[150];
hc->hc_url_orig = tvh_strdupa(hc->hc_url);
+
+ v = (config.proxy) ? http_arg_get(&hc->hc_args, "X-Forwarded-For") : NULL;
+ if (v)
+ tcp_get_ip_from_str(v, (struct sockaddr*)hc->hc_peer);
+
tcp_get_str_from_ip((struct sockaddr*)hc->hc_peer, authbuf, sizeof(authbuf));
+
hc->hc_peer_ipstr = tvh_strdupa(authbuf);
hc->hc_representative = hc->hc_peer_ipstr;
hc->hc_username = NULL;
if ((cmdline = tcp_read_line(hc->hc_fd, &spill)) == NULL)
goto error;
+ // PROXY Protocol v1 support
+ // Format: 'PROXY TCP4 192.168.0.1 192.168.0.11 56324 9981\r\n'
+ // SRC-ADDRESS DST-ADDRESS SPORT DPORT
+ //
+ if ((config.proxy) && (strlen(cmdline) >= 6) && (strncmp(cmdline,"PROXY ",6) == 0 )) {
+ tvhinfo(LS_HTTP, "[PROXY] PROXY protocol detected! cmdline='%s'",cmdline);
+
+ char* pl = cmdline + 6;
+
+ if ((cmdline = tcp_read_line(hc->hc_fd, &spill)) == NULL) {
+ goto error; // No more data after the PROXY protocol
+ }
+
+ if ( (strlen(pl) >= 7) && (strncmp(pl,"UNKNOWN",7) == 0))
+ goto error; // Unknown PROXY protocol
+
+ if ( (strlen(pl) < 5) || (strncmp(pl,"TCP4 ",5) != 0))
+ goto error; // Only IPv4 supported
+ pl += 5;
+
+ // Check the SRC-ADDRESS
+ c = pl;
+ char ch;
+ for ( ;; ) {
+ if (strlen(pl) == 0) goto error; // Incomplete PROXY format
+ ch = *pl++;
+ if (ch == ' ') break;
+ if (ch != '.' && (ch < '0' || ch > '9')) goto error; // Not valid IP address
+ }
+ if (((pl-c) < 8) || ((pl-c) > 16)) goto error; // Not valid IP address
+
+ // Here 'c' points to a dotted IPv4 SRC-ADRRESS
+ char srcaddr[16];
+ memset(srcaddr, 0, 16);
+ strncpy(srcaddr, c, (pl-c)-1);
+
+ // Don't care about DST-ADDRESS, SRC-PORT & DST-PORT
+ // All it's OK, push the original client IP
+ tvhinfo(LS_HTTP, "[PROXY] Original source='%s'",srcaddr);
+ http_arg_set(&hc->hc_args, "X-Forwarded-For", srcaddr);
+ }
+
if((n = http_tokenize(cmdline, argv, 3, -1)) != 3)
goto error;
projects / thirdparty / tvheadend.git / commitdiff
