#### Pre-Submission Checklist <!-- Go over all points below, and after creating the PR, tick all the checkboxes that apply --> <!-- All points should be verified, otherwise, read the CONTRIBUTING guidelines from above--> <!-- If you're unsure about any of these, don't hesitate to ask on sr-dev mailing list --> - [X] Commit message has the format required by CONTRIBUTING guide - [X] Commits are split per component (core, individual modules, libs, utils, ...) - [ ] Each component has a single commit (if not, squash them into one commit) - [X] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change - [ ] Small bug fix (non-breaking change which fixes an issue) - [X] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist: <!-- Go over all points below, and after creating the PR, tick the checkboxes that apply --> - [ ] PR should be backported to stable branches - [X] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number) #### Description (I've left the `su2a()` change in a separate commit even though it's also for the core, as it really is a separate change) This adds a new core variable `udp_accept_proxy` which serves a purpose similar to `tcp_accept_haproxy` but for UDP. Two protocols are supported: The HAproxy v2 protocol (v1 is not available for UDP), and the "simple" proxy protocol used by CloudFlare. Bit value 1 enables the HAproxy protocol, bit value 2 enables the "simple" protocol, and so value 3 enables both. The default is zero which disables the support and leaves existing behaviour unchanged. If a proxy protocol header is detected on a received UDP packet, the reported "real" address is extracted and substituted as source address for this UDP packet. Since UDP is connectionless, sending responses or any other packets in the opposite direction requires the reverse operation (substituting the real address for the proxy peer address). For this purposes, real-to-proxy mappings and proxy-to-real mappings are kept in a hash table. This is hooked into `udp_send()` when either protocol is enabled. The proxy-to-real mapping hash table is needed because the HAproxy protocol (optionally) only sends the HAproxy header in the first packet of a UDP flow. Therefore, for any subsequent packet, substitution of the real address must be done from the hash table based on the proxy source address. Each hash table entry has a "last accessed" time stamp and entries older than 2 hours are removed when encountered during a lookup. No other expiry mechanism is currently in place. Two new RPC commands are included, one to dump the full contents of the hash tables, and one to flush out all entries and reset them to empty. Protocol refs: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt https://developers.cloudflare.com/spectrum/reference/simple-proxy-protocol-header/ You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/4625 -- Commit Summary -- * core: double-buffering for su2a() * core: add udp_accept_proxy variable -- File Changes -- M src/core/cfg.lex (2) M src/core/cfg.y (3) M src/core/globals.h (1) M src/core/ip_addr.c (14) M src/core/udp_server.c (562) M src/core/udp_server.h (1) M src/main.c (5) -- Patch Links -- https://github.com/kamailio/kamailio/pull/4625.patch https://github.com/kamailio/kamailio/pull/4625.diff -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/4625 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/pull/[email protected]>
_______________________________________________ Kamailio - Development Mailing List -- [email protected] To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender!
