mirror/Easytier
1
0
Fork 0
mirror of https://github.com/EasyTier/EasyTier.git synced 2026-05-07 10:14:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: append address of reverse proxy to remote_addr (#2034)

Browse Source 
* append address of reverse proxy to remote_addr
* validate proxy address in test
This commit is contained in:
Luna Yao
2026-03-30 10:48:23 +02:00
committed by GitHub
parent 55a0e5952c
commit 443c3ca0b3
1 changed files with 23 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
easytier/src/tunnel/websocket.rs
+23 -11
View File
@@ -91,7 +91,9 @@ impl WSTunnelListener {
} }
async fn try_accept(&self, stream: TcpStream) -> Result<Box<dyn Tunnel>, TunnelError> { async fn try_accept(&self, stream: TcpStream) -> Result<Box<dyn Tunnel>, TunnelError> {
let mut remote_addr = stream.peer_addr()?; let peer_addr = stream.peer_addr()?;
let mut remote_addr =
super::build_url_from_socket_addr(&peer_addr.to_string(), self.addr.scheme());
let stream = if is_wss(&self.addr)? { let stream = if is_wss(&self.addr)? {
init_crypto_provider(); init_crypto_provider();
@@ -114,7 +116,7 @@ impl WSTunnelListener {
if TRUSTED_PROXIES if TRUSTED_PROXIES
.iter() .iter()
.any(|net| net.contains(remote_addr.ip())) .any(|net| net.contains(peer_addr.ip()))
{ {
if let Some(forwarded) = request if let Some(forwarded) = request
.headers() .headers()
@@ -130,7 +132,12 @@ impl WSTunnelListener {
}) })
{ {
if let Some(ip) = forwarded.remotest_forwarded_for_ip() { if let Some(ip) = forwarded.remotest_forwarded_for_ip() {
remote_addr = SocketAddr::new(ip, 0); remote_addr.set_host(Some(&ip.to_string())).map_err(|_| {
TunnelError::InvalidAddr(format!("invalid forwarded ip {}", ip))
})?;
remote_addr
.query_pairs_mut()
.append_pair("proxy", &peer_addr.to_string());
} }
} }
} }
@@ -140,13 +147,7 @@ impl WSTunnelListener {
let info = TunnelInfo { let info = TunnelInfo {
tunnel_type: self.addr.scheme().to_owned(), tunnel_type: self.addr.scheme().to_owned(),
local_addr: Some(self.local_url().into()), local_addr: Some(self.local_url().into()),
remote_addr: Some( remote_addr: Some(remote_addr.into()),
super::build_url_from_socket_addr(
&remote_addr.to_string(),
self.addr.scheme().to_string().as_str(),
)
.into(),
),
}; };
Ok(Box::new(TunnelWrapper::new( Ok(Box::new(TunnelWrapper::new(
@@ -403,11 +404,22 @@ pub mod tests {
.unwrap(); .unwrap();
assert_eq!(remote_addr.host_str().unwrap(), "203.0.113.5"); assert_eq!(remote_addr.host_str().unwrap(), "203.0.113.5");
let proxy_addr = remote_addr
.query_pairs()
.find(|(k, _)| k == "proxy")
.map(|(_, v)| v.into_owned())
.unwrap();
assert_eq!(proxy_addr, "127.0.0.1:25560");
tunnel tunnel
}); });
let mut stream = TcpStream::connect("127.0.0.1:25559").await.unwrap(); let socket = TcpSocket::new_v4().unwrap();
socket.bind("127.0.0.1:25560".parse().unwrap()).unwrap();
let mut stream = socket
.connect("127.0.0.1:25559".parse().unwrap())
.await
.unwrap();
let handshake = "GET / HTTP/1.1\r\n\ let handshake = "GET / HTTP/1.1\r\n\
Host: 127.0.0.1:25559\r\n\ Host: 127.0.0.1:25559\r\n\