Add option to receive real IP first from select hosts.
This commit is contained in:
parent
b8011420e6
commit
9261937098
@ -1,2 +1,2 @@
|
|||||||
docker build -t blasthavers/deploy-base:latest .
|
buildah build -t registry:8080/blasthavers/deploy-base:latest .
|
||||||
docker push blasthavers/deploy-base:latest
|
podman push registry:8080/blasthavers/deploy-base:latest
|
||||||
|
1
blastmud_listener/rustfmt.toml
Normal file
1
blastmud_listener/rustfmt.toml
Normal file
@ -0,0 +1 @@
|
|||||||
|
edition = "2021"
|
@ -31,6 +31,7 @@ use warp::{self, filters::ws, Filter, Reply};
|
|||||||
#[derive(Deserialize, Debug)]
|
#[derive(Deserialize, Debug)]
|
||||||
struct Config {
|
struct Config {
|
||||||
listeners: Vec<String>,
|
listeners: Vec<String>,
|
||||||
|
ips_trusted_to_send_real_ip: Vec<String>,
|
||||||
ws_listener: String,
|
ws_listener: String,
|
||||||
gameserver: String,
|
gameserver: String,
|
||||||
pidfile: String,
|
pidfile: String,
|
||||||
@ -349,6 +350,7 @@ async fn handle_client_socket(
|
|||||||
active_sessions: SessionMap,
|
active_sessions: SessionMap,
|
||||||
mut stream: TcpStream,
|
mut stream: TcpStream,
|
||||||
addr: SocketAddr,
|
addr: SocketAddr,
|
||||||
|
trusted_ips_for_realip: Vec<String>,
|
||||||
) {
|
) {
|
||||||
let (rstream, mut wstream) = stream.split();
|
let (rstream, mut wstream) = stream.split();
|
||||||
let mut rbuf = codec::FramedRead::new(
|
let mut rbuf = codec::FramedRead::new(
|
||||||
@ -364,7 +366,18 @@ async fn handle_client_socket(
|
|||||||
let (discon_sender, mut discon_receiver) = mpsc::unbounded_channel();
|
let (discon_sender, mut discon_receiver) = mpsc::unbounded_channel();
|
||||||
|
|
||||||
let mut sess_idx_lock = active_sessions.lock().await;
|
let mut sess_idx_lock = active_sessions.lock().await;
|
||||||
let addr_str = addr.ip().to_string();
|
let mut addr_str = addr.ip().to_string();
|
||||||
|
|
||||||
|
if trusted_ips_for_realip.contains(&addr_str) {
|
||||||
|
if let Some(Ok(real_ip)) = rbuf.next().await {
|
||||||
|
info!(
|
||||||
|
"Real IP sent by upstream for session {} is {}",
|
||||||
|
session, real_ip
|
||||||
|
);
|
||||||
|
addr_str = real_ip;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if *sess_idx_lock.count_by_source.get(&addr_str).unwrap_or(&0) >= MAX_CONNS_PER_IP {
|
if *sess_idx_lock.count_by_source.get(&addr_str).unwrap_or(&0) >= MAX_CONNS_PER_IP {
|
||||||
drop(sess_idx_lock);
|
drop(sess_idx_lock);
|
||||||
info!(
|
info!(
|
||||||
@ -788,6 +801,7 @@ async fn main() -> Result<(), Box<dyn Error + Send + Sync>> {
|
|||||||
for listener in config.listeners.clone() {
|
for listener in config.listeners.clone() {
|
||||||
let server_sender_for_listener = server_sender.clone();
|
let server_sender_for_listener = server_sender.clone();
|
||||||
let active_sessions_for_listener = active_sessions.clone();
|
let active_sessions_for_listener = active_sessions.clone();
|
||||||
|
let trusted_ips_for_listener = config.ips_trusted_to_send_real_ip.clone();
|
||||||
listen_handles.push(task::spawn(async move {
|
listen_handles.push(task::spawn(async move {
|
||||||
match TcpListener::bind(&listener).await {
|
match TcpListener::bind(&listener).await {
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
@ -802,12 +816,14 @@ async fn main() -> Result<(), Box<dyn Error + Send + Sync>> {
|
|||||||
let server_sender_for_client = server_sender_for_listener.clone();
|
let server_sender_for_client = server_sender_for_listener.clone();
|
||||||
let active_sessions_for_client =
|
let active_sessions_for_client =
|
||||||
active_sessions_for_listener.clone();
|
active_sessions_for_listener.clone();
|
||||||
|
let trusted_ips_for_client = trusted_ips_for_listener.clone();
|
||||||
task::spawn(async move {
|
task::spawn(async move {
|
||||||
handle_client_socket(
|
handle_client_socket(
|
||||||
server_sender_for_client,
|
server_sender_for_client,
|
||||||
active_sessions_for_client,
|
active_sessions_for_client,
|
||||||
stream,
|
stream,
|
||||||
addr,
|
addr,
|
||||||
|
trusted_ips_for_client,
|
||||||
)
|
)
|
||||||
.await;
|
.await;
|
||||||
});
|
});
|
||||||
|
Loading…
Reference in New Issue
Block a user