Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PROXY protocol support #4

Merged
merged 25 commits into from
Jul 29, 2024
Merged

PROXY protocol support #4

merged 25 commits into from
Jul 29, 2024

Conversation

stevapple
Copy link
Contributor

@stevapple stevapple commented Jul 19, 2024
edited
Loading

PROXY protocol, originally developed by HAProxy, extends the TCP protocol to explicitly preserve source (and destination) IPs when it's proxied.

This PR adds bidirectional PROXY protocol support to sshmux, opt-in by the API server and configuration file.

@stevapple stevapple marked this pull request as draft July 19, 2024 15:48
@stevapple
Copy link
Contributor Author

This PR is almost finished and ready for review. It was marked as draft because I may want to discuss how extra functionalities may be integrated into upstream sshmux.

@iBug
Copy link
Member

iBug commented Jul 20, 2024

I prefer having proxy_protocol as a boolean flag so that both modes (non-PROXY and PROXY) can be managed separately by starting two processes. This should also eliminate the need to start two servers in one process.

@stevapple
Copy link
Contributor Author

Since proxyproto.Listener can accept connections both with and without PROXY protocol headers, another solution might be that we let the API server decide whether the connection should use PROXY protocol.

In this way only one server instance is required, and users can mux standard and proxied downstream with custom strategies.

@iBug
Copy link
Member

iBug commented Jul 21, 2024

we let the API server decide whether

This is a much better idea. I'd love to see it implemented this way.

@stevapple stevapple marked this pull request as ready for review July 21, 2024 14:01
@stevapple stevapple changed the title [PoC] PROXY protocol support PROXY protocol support Jul 21, 2024
stevapple
stevapple commented Jul 21, 2024
View reviewed changes
sshmux.go Outdated Show resolved Hide resolved
@stevapple
Copy link
Contributor Author

Note that this PR doesn't have a clean commit history so a squash merge should be preferred.

iBug
iBug requested changes Jul 21, 2024
View reviewed changes
sshmux.go Outdated Show resolved Hide resolved
sshmux.go Outdated Show resolved Hide resolved
@stevapple stevapple requested a review from iBug July 27, 2024 15:33
stevapple
stevapple commented Jul 27, 2024
View reviewed changes
sshmux.go Outdated Show resolved Hide resolved
iBug
iBug requested changes Jul 27, 2024
View reviewed changes
sshmux_test.go Outdated Show resolved Hide resolved
sshmux_test.go Outdated Show resolved Hide resolved
@stevapple stevapple requested a review from iBug July 28, 2024 06:39
iBug
iBug reviewed Jul 28, 2024
View reviewed changes
sshmux.go Outdated Show resolved Hide resolved
iBug
iBug requested changes Jul 28, 2024
View reviewed changes
sshmux.go Outdated Show resolved Hide resolved
@iBug iBug requested a review from taoky July 28, 2024 08:23
@stevapple
Copy link
Contributor Author

@iBug @taoky IMHO 2ce97ce provides a much nicer interface without all the messes caused by running multiple TCP listeners and with fine-grained control over PROXY protocol. Check it out if you have time.

@iBug
Copy link
Member

iBug commented Jul 28, 2024

IMHO 2ce97ce provides a much nicer interface

Yep, this is certainly better. At least it no longer runs two TCP listeners in one process. Bring it in if you'd like.

@taoky
Copy link
Member

taoky commented Jul 28, 2024

I would suggest add a simple documentation (README?) for current config and HTTP API. It looks like a bit more complex than before.

@stevapple
Copy link
Contributor Author

I would suggest add a simple documentation (README?) for current config and HTTP API. It looks like a bit more complex than before.

Maybe in a separate PR? Changes in this PR is fully opt-in, and existing users don't need to change anything after upgrading.

@stevapple
Copy link
Contributor Author

@taoky Is it okay to merge in the current state? I'm working on gardening the whole package (including splitting helpers into different files) which should be suitable of adding documentations.

@taoky taoky merged commit 0438321 into USTC-vlab:master Jul 29, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iBug iBug iBug approved these changes

@taoky taoky taoky approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stevapple @iBug @taoky