github.com/matrixorigin/matrixone@v1.2.0/pkg/proxy/ppv2.go (about) 1 // Copyright 2021 - 2023 Matrix Origin 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package proxy 16 17 import ( 18 "bytes" 19 "encoding/binary" 20 "io" 21 "net" 22 23 "github.com/fagongzi/goetty/v2/buf" 24 "github.com/fagongzi/goetty/v2/codec" 25 "github.com/matrixorigin/matrixone/pkg/common/moerr" 26 ) 27 28 const ( 29 // ProxyProtocolV2Signature is the signature of the Proxy Protocol version 2 header. 30 ProxyProtocolV2Signature = "\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A" 31 32 ProxyHeaderLength = 16 33 ) 34 35 const ( 36 unspec = 0x00 37 tcpOverIPv4 = 0x11 38 udpOverIPv4 = 0x12 39 tcpOverIPv6 = 0x21 40 udpOverIPv6 = 0x22 41 unixStream = 0x31 42 unixDatagram = 0x32 43 ) 44 45 const ( 46 ipv4AddrLength = 4 47 ipv6AddrLength = 16 48 ) 49 50 func WithProxyProtocolCodec(c codec.Codec) codec.Codec { 51 return &proxyProtocolCodec{Codec: c} 52 } 53 54 type proxyProtocolCodec struct { 55 codec.Codec 56 } 57 58 // ProxyHeaderV2 is the structure of the Proxy Protocol version 2 header. 59 type ProxyHeaderV2 struct { 60 Signature [12]byte 61 ProtocolVersionCmd uint8 62 ProtocolFamily uint8 63 Length uint16 64 } 65 66 // ProxyAddr contains the source and target address. 67 type ProxyAddr struct { 68 SourceAddress net.IP 69 SourcePort uint16 70 TargetAddress net.IP 71 TargetPort uint16 72 } 73 74 // Decode implements the Codec interface. 75 func (c *proxyProtocolCodec) Decode(in *buf.ByteBuf) (interface{}, bool, error) { 76 proxyAddr, ok, err := parseProxyHeaderV2(in) 77 if err != nil { 78 return nil, false, err 79 } 80 if ok { 81 return proxyAddr, ok, nil 82 } 83 return c.Codec.Decode(in) 84 } 85 86 // Encode implements the Codec interface. 87 func (c *proxyProtocolCodec) Encode(data interface{}, out *buf.ByteBuf, writer io.Writer) error { 88 return c.Codec.Encode(data, out, writer) 89 } 90 91 // parseProxyHeader read potential proxy protocol v2 header from the stream 92 // ref: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt 93 func parseProxyHeaderV2(in *buf.ByteBuf) (*ProxyAddr, bool, error) { 94 // Read the Proxy Protocol header. 95 if in.Readable() < ProxyHeaderLength { 96 return nil, false, nil 97 } 98 headerBytes := in.PeekN(0, ProxyHeaderLength) 99 100 header := &ProxyHeaderV2{} 101 if err := binary.Read(bytes.NewBuffer(headerBytes), binary.BigEndian, header); err != nil { 102 return nil, false, nil 103 } 104 105 // verify the signature of the header 106 if string(header.Signature[:]) != ProxyProtocolV2Signature { 107 return nil, false, nil 108 } 109 110 // valid proxy header, consume the bytes 111 in.Skip(ProxyHeaderLength) 112 113 // According to ppv2: 114 // 115 // When a sender presents a 116 // LOCAL connection, it should not present any address, so it sets this field to 117 // zero. Receivers MUST always consider this field to skip the appropriate number 118 // of bytes and must not assume zero is presented for LOCAL connections. 119 // 120 // In practice, the proxy may add extra information (AWS NLB do this) in the proxy header 121 // which makes the body length > address length. So here we consume the entire body and 122 // read address from it. 123 body := make([]byte, header.Length) 124 if _, err := in.Read(body); err != nil { 125 return nil, false, moerr.NewInternalErrorNoCtx("cannot read proxy address, %s", err.Error()) 126 } 127 bodyBuf := bytes.NewBuffer(body) 128 addr := &ProxyAddr{} 129 switch header.ProtocolFamily { 130 case tcpOverIPv4, udpOverIPv4: 131 if err := readProxyAddr(bodyBuf, ipv4AddrLength, addr); err != nil { 132 return nil, false, err 133 } 134 return addr, true, nil 135 case tcpOverIPv6, udpOverIPv6: 136 if err := readProxyAddr(bodyBuf, ipv6AddrLength, addr); err != nil { 137 return nil, false, err 138 } 139 return addr, true, nil 140 case unspec, unixStream, unixDatagram: 141 // no address to read 142 return addr, false, nil 143 default: 144 return nil, false, moerr.NewInternalErrorNoCtx("unknown protocol family [%x]", header.ProtocolFamily) 145 } 146 } 147 148 func readProxyAddr(in io.Reader, length uint16, addr *ProxyAddr) error { 149 addr.SourceAddress = make(net.IP, length) 150 addr.TargetAddress = make(net.IP, length) 151 if err := binary.Read(in, binary.BigEndian, addr.SourceAddress); err != nil { 152 return err 153 } 154 if err := binary.Read(in, binary.BigEndian, addr.TargetAddress); err != nil { 155 return err 156 } 157 if err := binary.Read(in, binary.BigEndian, &addr.SourcePort); err != nil { 158 return err 159 } 160 if err := binary.Read(in, binary.BigEndian, &addr.TargetPort); err != nil { 161 return err 162 } 163 return nil 164 }