From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 29 Jul 2021 21:37:15 +0000 (-0400)
Subject: print out things before mangling them
X-Git-Tag: release_3_0_24~84
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a4470c014cb8ee3cf2d3f90a4a7728f91b52f89e;p=thirdparty%2Ffreeradius-server.git

print out things before mangling them
---

diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c
index 8dfcf56b7f3..ba1bea9c2dd 100644
--- a/src/main/tls_listen.c
+++ b/src/main/tls_listen.c
@@ -261,19 +261,9 @@ static int proxy_protocol_check(rad_listen_t *listener, REQUEST *request)
 	sock->other_port = src_port;
 
 	/*
-	 *	Move any remaining TLS data to the start of the buffer.
-	 */
-	eol += 2;
-	end = sock->ssn->dirty_in.data + sock->ssn->dirty_in.used;
-	if (eol < end) {
-		memmove(sock->ssn->dirty_in.data, eol, end - eol);
-		sock->ssn->dirty_in.used = end - eol;
-	} else {
-		sock->ssn->dirty_in.used = 0;
-	}
-		
-	/*
-	 *	Print out what we've changed.  Note that the address families may be different!
+	 *	Print out what we've changed.  Note that the TCP
+	 *	socket address family and the PROXY address family may
+	 *	be different!
 	 */
 	if (RDEBUG_ENABLED) {
 		char src_buf[128], dst_buf[128];
@@ -286,6 +276,18 @@ static int proxy_protocol_check(rad_listen_t *listener, REQUEST *request)
 		       sock->haproxy_dst_port);
 	}
 
+	/*
+	 *	Move any remaining TLS data to the start of the buffer.
+	 */
+	eol += 2;
+	end = sock->ssn->dirty_in.data + sock->ssn->dirty_in.used;
+	if (eol < end) {
+		memmove(sock->ssn->dirty_in.data, eol, end - eol);
+		sock->ssn->dirty_in.used = end - eol;
+	} else {
+		sock->ssn->dirty_in.used = 0;
+	}
+		
 	/*
 	 *	It's no longer a PROXY protocol, but just straight TLS.
 	 */