WIP add v2 support. #6
Conversation
| @@ -80,9 +69,14 @@ func NewConn(conn net.Conn, timeout time.Duration) *Conn { | |||
| // it is returned and the socket is closed. | |||
| func (p *Conn) Read(b []byte) (int, error) { | |||
| var err error | |||
| p.once.Do(func() { err = p.checkPrefix() }) | |||
| p.once.Do(func() { err = p.checkHeader() }) | |||
There was a problem hiding this comment.
I like your changes so far. Would this violates the spec? http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt
The receiver MUST be configured to only receive the protocol described in this
specification and MUST not try to guess whether the protocol header is present
or not. This means that the protocol explicitly prevents port sharing between
public and private access. Otherwise it would open a major security breach by
allowing untrusted parties to spoof their connection addresses. The receiver
SHOULD ensure proper access filtering so that only trusted proxies are allowed
to use this protocol.
|
Meanwhile, I've made an implementation of my own available, https://github.com/pires/go-proxyproto. |
|
Any hope for this to go further? Do you need any help? This would be very useful for projects we have that are written in Go and use client certificates. |
|
Closing this as the alternative implementation supports v2, TLS and more. |
This is a work-in-progress - more of a proof-of-concept, actually - to fix #5.
I'm very interested in getting feedback about my library implementation and hope that eventually, with your guidance and help, we'll have this merged.