blasthavers/blastmud
2
1
Fork 1
Code Issues 2 Pull Requests Packages Projects 1 Releases Wiki Activity

Add option to receive real IP first from select hosts.

Browse Source
This commit is contained in:
Condorra 2024-11-03 22:23:31 +11:00
parent b8011420e6
commit 9261937098
3 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.ci/deploy-baseimage/build-push
View File

@ -1,2 +1,2 @@
docker build -t blasthavers/deploy-base:latest . buildah build -t registry:8080/blasthavers/deploy-base:latest .
docker push blasthavers/deploy-base:latest podman push registry:8080/blasthavers/deploy-base:latest

1
blastmud_listener/rustfmt.toml Normal file
View File

@ -0,0 +1 @@
edition = "2021"

18
blastmud_listener/src/main.rs
View File

@ -31,6 +31,7 @@ use warp::{self, filters::ws, Filter, Reply};
#[derive(Deserialize, Debug)] #[derive(Deserialize, Debug)]
struct Config { struct Config {
listeners: Vec<String>, listeners: Vec<String>,
ips_trusted_to_send_real_ip: Vec<String>,
ws_listener: String, ws_listener: String,
gameserver: String, gameserver: String,
pidfile: String, pidfile: String,
@ -349,6 +350,7 @@ async fn handle_client_socket(
active_sessions: SessionMap, active_sessions: SessionMap,
mut stream: TcpStream, mut stream: TcpStream,
addr: SocketAddr, addr: SocketAddr,
trusted_ips_for_realip: Vec<String>,
) { ) {
let (rstream, mut wstream) = stream.split(); let (rstream, mut wstream) = stream.split();
let mut rbuf = codec::FramedRead::new( let mut rbuf = codec::FramedRead::new(
@ -364,7 +366,18 @@ async fn handle_client_socket(
let (discon_sender, mut discon_receiver) = mpsc::unbounded_channel(); let (discon_sender, mut discon_receiver) = mpsc::unbounded_channel();
let mut sess_idx_lock = active_sessions.lock().await; let mut sess_idx_lock = active_sessions.lock().await;
let addr_str = addr.ip().to_string(); let mut addr_str = addr.ip().to_string();
if trusted_ips_for_realip.contains(&addr_str) {
if let Some(Ok(real_ip)) = rbuf.next().await {
info!(
"Real IP sent by upstream for session {} is {}",
session, real_ip
);
addr_str = real_ip;
}
}
if *sess_idx_lock.count_by_source.get(&addr_str).unwrap_or(&0) >= MAX_CONNS_PER_IP { if *sess_idx_lock.count_by_source.get(&addr_str).unwrap_or(&0) >= MAX_CONNS_PER_IP {
drop(sess_idx_lock); drop(sess_idx_lock);
info!( info!(
@ -788,6 +801,7 @@ async fn main() -> Result<(), Box<dyn Error + Send + Sync>> {
for listener in config.listeners.clone() { for listener in config.listeners.clone() {
let server_sender_for_listener = server_sender.clone(); let server_sender_for_listener = server_sender.clone();
let active_sessions_for_listener = active_sessions.clone(); let active_sessions_for_listener = active_sessions.clone();
let trusted_ips_for_listener = config.ips_trusted_to_send_real_ip.clone();
listen_handles.push(task::spawn(async move { listen_handles.push(task::spawn(async move {
match TcpListener::bind(&listener).await { match TcpListener::bind(&listener).await {
Err(e) => { Err(e) => {
@ -802,12 +816,14 @@ async fn main() -> Result<(), Box<dyn Error + Send + Sync>> {
let server_sender_for_client = server_sender_for_listener.clone(); let server_sender_for_client = server_sender_for_listener.clone();
let active_sessions_for_client = let active_sessions_for_client =
active_sessions_for_listener.clone(); active_sessions_for_listener.clone();
let trusted_ips_for_client = trusted_ips_for_listener.clone();
task::spawn(async move { task::spawn(async move {
handle_client_socket( handle_client_socket(
server_sender_for_client, server_sender_for_client,
active_sessions_for_client, active_sessions_for_client,
stream, stream,
addr, addr,
trusted_ips_for_client,
) )
.await; .await;
}); });