From: Aleš Mrázek <ales.mrazek@nic.cz>
Date: Fri, 22 Apr 2022 08:29:47 +0000 (+0200)
Subject: manager: datamodel: PROXYv2 schema created
X-Git-Tag: v6.0.0a1~36^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa40df499501c106953bd3afecdad862c0d82b75;p=thirdparty%2Fknot-resolver.git

manager: datamodel: PROXYv2 schema created
---

diff --git a/manager/knot_resolver_manager/datamodel/network_schema.py b/manager/knot_resolver_manager/datamodel/network_schema.py
index 91475dfc2..b7bdd298f 100644
--- a/manager/knot_resolver_manager/datamodel/network_schema.py
+++ b/manager/knot_resolver_manager/datamodel/network_schema.py
@@ -134,6 +134,17 @@ class ListenSchema(SchemaNode):
             )
 
 
+class PROXYv2Schema(SchemaNode):
+    """
+    PROXYv2 protocol configuration.
+
+    ---
+    allow: Allow usage of the PROXYv2 protocol headers by clients on the specified addresses.
+    """
+
+    allow: List[Union[IPAddress, IPNetwork]]
+
+
 class NetworkSchema(SchemaNode):
     """
     Network connections and protocols configuration.
@@ -148,6 +159,7 @@ class NetworkSchema(SchemaNode):
     edns_buffer_size: Maximum EDNS payload size advertised in DNS packets. Different values can be configured for communication downstream (towards clients) and upstream (towards other DNS servers).
     address_renumbering: Renumbers addresses in answers to different address space.
     tls: TLS configuration, also affects DNS over TLS and DNS over HTTPS.
+    proxy_v2: PROXYv2 protocol configuration.
     listen: List of interfaces to listen to and its configuration.
     """
 
@@ -160,6 +172,7 @@ class NetworkSchema(SchemaNode):
     edns_buffer_size: EdnsBufferSizeSchema = EdnsBufferSizeSchema()
     address_renumbering: Optional[List[AddressRenumberingSchema]] = None
     tls: TLSSchema = TLSSchema()
+    proxy_v2: Union[Literal[False], PROXYv2Schema] = False
     listen: List[ListenSchema] = [
         ListenSchema({"interface": "127.0.0.1"}),
         ListenSchema({"interface": "::1", "freebind": True}),
diff --git a/manager/knot_resolver_manager/datamodel/templates/network.lua.j2 b/manager/knot_resolver_manager/datamodel/templates/network.lua.j2
index 1ab6b2814..229777534 100644
--- a/manager/knot_resolver_manager/datamodel/templates/network.lua.j2
+++ b/manager/knot_resolver_manager/datamodel/templates/network.lua.j2
@@ -84,6 +84,17 @@ modules.load('http')
 {{ http_config(cfg.network.tls,"doh_legacy") }}
 {% endif %}
 
+{% if cfg.network.proxy_v2 %}
+-- network.proxy-v2
+net.proxy_allowed({
+{% for item in cfg.network.proxy_v2.allow %}
+'{{ item }}',
+{% endfor %}
+})
+{% else %}
+net.proxy_allowed({})
+{% endif %}
+
 -- network.listen
 {% for listen in cfg.network.listen %}
 {{ network_listen(listen) }}