-
Notifications
You must be signed in to change notification settings - Fork 3.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
130707: server: add proxy protocol support r=DuskEagle a=DuskEagle This commit adds an `--accept-proxy-protocol-headers` flag to CockroachDB startup commands. When set, it allows CockroachDB to parse proxy protocol headers and use the client IP information therein. Resolves #130706 Release note: None 131358: backupccl: fix scheduled backup pts pushing race r=msbutler a=msbutler Informs #128013 Epic: none Co-authored-by: Joel Kenny <[email protected]> Co-authored-by: Michael Butler <[email protected]>
- Loading branch information
Showing
11 changed files
with
163 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
// Copyright 2024 The Cockroach Authors. | ||
// | ||
// Use of this software is governed by the Business Source License | ||
// included in the file licenses/BSL.txt. | ||
// | ||
// As of the Change Date specified in that file, in accordance with | ||
// the Business Source License, use of this software will be governed | ||
// by the Apache License, Version 2.0, included in the file | ||
// licenses/APL.txt. | ||
|
||
package server | ||
|
||
import ( | ||
"context" | ||
"net" | ||
"sync" | ||
"testing" | ||
|
||
"github.com/cockroachdb/cockroach/pkg/util/leaktest" | ||
"github.com/pires/go-proxyproto" | ||
"github.com/stretchr/testify/assert" | ||
"github.com/stretchr/testify/require" | ||
) | ||
|
||
func TestListenAndUpdateAddrs(t *testing.T) { | ||
defer leaktest.AfterTest(t)() | ||
|
||
ctx := context.Background() | ||
|
||
t.Run("don't accept proxy protocol headers", func(t *testing.T) { | ||
addr := "127.0.0.1:0" | ||
advertiseAddr := "127.0.0.1:0" | ||
ln, err := ListenAndUpdateAddrs(ctx, &addr, &advertiseAddr, "sql", false) | ||
require.NoError(t, err) | ||
require.NotNil(t, ln) | ||
_, addrPort, err := net.SplitHostPort(addr) | ||
require.NoError(t, err) | ||
require.NotZero(t, addrPort) | ||
_, advertiseAddrPort, err := net.SplitHostPort(addr) | ||
require.NoError(t, err) | ||
require.NotZero(t, advertiseAddrPort) | ||
require.NoError(t, ln.Close()) | ||
}) | ||
|
||
t.Run("accept proxy protocol headers", func(t *testing.T) { | ||
addr := "127.0.0.1:0" | ||
advertiseAddr := "127.0.0.1:0" | ||
proxyLn, err := ListenAndUpdateAddrs(ctx, &addr, &advertiseAddr, "sql", true) | ||
require.NoError(t, err) | ||
require.NotNil(t, proxyLn) | ||
|
||
proxyLn, ok := proxyLn.(*proxyproto.Listener) | ||
require.True(t, ok) | ||
|
||
sourceAddr := &net.TCPAddr{ | ||
IP: net.ParseIP("10.20.30.40").To4(), | ||
Port: 4242, | ||
} | ||
|
||
var wg sync.WaitGroup | ||
wg.Add(1) | ||
go func() { | ||
defer wg.Done() | ||
conn, err := proxyLn.Accept() | ||
require.NoError(t, err) | ||
|
||
header := conn.(*proxyproto.Conn).ProxyHeader() | ||
assert.NotNil(t, header) | ||
assert.Equal(t, sourceAddr, header.SourceAddr) | ||
}() | ||
|
||
conn, err := net.Dial("tcp", addr) | ||
require.NoError(t, err) | ||
defer conn.Close() | ||
|
||
header := &proxyproto.Header{ | ||
Version: 2, | ||
Command: proxyproto.PROXY, | ||
TransportProtocol: proxyproto.TCPv4, | ||
SourceAddr: sourceAddr, | ||
DestinationAddr: conn.RemoteAddr(), | ||
} | ||
_, err = header.WriteTo(conn) | ||
require.NoError(t, err) | ||
_, err = conn.Write([]byte("ping")) | ||
require.NoError(t, err) | ||
|
||
wg.Wait() | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters