From b37c537b4aacdb26067fb62b7a4bce5facfebf2d Mon Sep 17 00:00:00 2001
From: Vinnie Falco <vinnie.falco@gmail.com>
Date: Sun, 25 Aug 2013 01:13:22 -0700
Subject: [PATCH] Set remote IP on PROXY handshake

---
 modules/ripple_app/peers/ripple_Peer.cpp      | 73 ++++++++++++++-----
 .../ripple_app/websocket/WSServerHandler.h    |  4 +-
 .../ripple_asio/sockets/ripple_MultiSocket.h  |  7 ++
 .../sockets/ripple_MultiSocketType.h          | 24 +++---
 4 files changed, 77 insertions(+), 31 deletions(-)

diff --git a/modules/ripple_app/peers/ripple_Peer.cpp b/modules/ripple_app/peers/ripple_Peer.cpp
index 051f00366f..d330555aba 100644
--- a/modules/ripple_app/peers/ripple_Peer.cpp
+++ b/modules/ripple_app/peers/ripple_Peer.cpp
@@ -73,7 +73,7 @@ public:
         return m_ssl_stream;
     }
 
-#endif^
+#endif
 
     //
     //
@@ -303,8 +303,59 @@ private:
         startReadHeader ();
     }
 
+    // We have an encrypted connection to the peer.
+    // Have it say who it is so we know to avoid redundant connections.
+    // Establish that it really who we are talking to by having it sign a connection detail.
+    // Also need to establish no man in the middle attack is in progress.
+    void handleStart (const boost::system::error_code& error)
+    {
+        if (error)
+        {
+            WriteLog (lsINFO, Peer) << "Peer: Handshake: Error: " << error.category ().name () << ": " << error.message () << ": " << error;
+            detach ("hs", true);
+        }
+        else
+        {
+        #if RIPPLE_PEER_USES_BEAST_MULTISOCKET
+            if (m_socket->getFlags ().set (MultiSocket::Flag::proxy) && m_isInbound)
+            {
+                MultiSocket::ProxyInfo const proxyInfo (m_socket->getProxyInfo ());
+
+                if (proxyInfo.protocol == "TCP4")
+                {
+                    // Set remote IP and port number from PROXY handshake
+                    mIpPort.first = proxyInfo.sourceAddress.toString ().toStdString ();
+                    mIpPort.second = proxyInfo.sourcePort;
+
+                    // Must compute mCookieHash before receiving a hello.
+                    sendHello ();
+                    startReadHeader ();
+                }
+                else
+                {
+                    if (proxyInfo.protocol != String::empty)
+                    {
+                        WriteLog (lsINFO, Peer) << "Peer: Unknown PROXY protocol " <<
+                            proxyInfo.protocol.toStdString ();
+                    }
+                    else
+                    {
+                        WriteLog (lsINFO, Peer) << "Peer: Missing PROXY handshake";
+                    }
+
+                    detach ("pi", true);
+                }
+            }
+            else
+        #endif
+            {
+                // Must compute mCookieHash before receiving a hello.
+                sendHello ();
+                startReadHeader ();
+            }
+        }
+    }
 
-    void handleStart (const boost::system::error_code & ecResult);
     void handleVerifyTimer (const boost::system::error_code & ecResult);
     void handlePingTimer (const boost::system::error_code & ecResult);
 
@@ -556,24 +607,6 @@ void PeerImp::connect (const std::string& strIp, int iPort)
     }
 }
 
-// We have an encrypted connection to the peer.
-// Have it say who it is so we know to avoid redundant connections.
-// Establish that it really who we are talking to by having it sign a connection detail.
-// Also need to establish no man in the middle attack is in progress.
-void PeerImp::handleStart (const boost::system::error_code& error)
-{
-    if (error)
-    {
-        WriteLog (lsINFO, Peer) << "Peer: Handshake: Error: " << error.category ().name () << ": " << error.message () << ": " << error;
-        detach ("hs", true);
-    }
-    else
-    {
-        sendHello ();           // Must compute mCookieHash before receiving a hello.
-        startReadHeader ();
-    }
-}
-
 // Connect ssl as client.
 void PeerImp::handleConnect (const boost::system::error_code& error, boost::asio::ip::tcp::resolver::iterator it)
 {
diff --git a/modules/ripple_app/websocket/WSServerHandler.h b/modules/ripple_app/websocket/WSServerHandler.h
index e155290bcf..ea89788808 100644
--- a/modules/ripple_app/websocket/WSServerHandler.h
+++ b/modules/ripple_app/websocket/WSServerHandler.h
@@ -58,8 +58,8 @@ protected:
 
 public:
     WSServerHandler (boost::asio::ssl::context& ssl_context, bool bPublic)
-        : m_ssl_context (ssl_context)
-        , mLock (static_cast <WSServerHandlerBase*> (this), "WSServerHandler", __FILE__, __LINE__)
+        : mLock (static_cast <WSServerHandlerBase*> (this), "WSServerHandler", __FILE__, __LINE__)
+        , m_ssl_context (ssl_context)
         , mPublic (bPublic)
     {
     }
diff --git a/modules/ripple_asio/sockets/ripple_MultiSocket.h b/modules/ripple_asio/sockets/ripple_MultiSocket.h
index 48a12019c5..f138325712 100644
--- a/modules/ripple_asio/sockets/ripple_MultiSocket.h
+++ b/modules/ripple_asio/sockets/ripple_MultiSocket.h
@@ -85,6 +85,13 @@ public:
         server_proxy = 8
     };
 
+    typedef HandshakeDetectLogicPROXY::ProxyInfo ProxyInfo;
+
+    // Note that this returns the original flags
+    virtual Flag getFlags () = 0;
+
+    virtual ProxyInfo getProxyInfo () = 0;
+
     virtual SSL* native_handle () = 0;
 
     static MultiSocket* New (
diff --git a/modules/ripple_asio/sockets/ripple_MultiSocketType.h b/modules/ripple_asio/sockets/ripple_MultiSocketType.h
index 14d50ad7df..4c0b9af51c 100644
--- a/modules/ripple_asio/sockets/ripple_MultiSocketType.h
+++ b/modules/ripple_asio/sockets/ripple_MultiSocketType.h
@@ -31,6 +31,7 @@ public:
         , m_needsShutdown (false)
         , m_next_layer (arg)
         , m_native_ssl_handle (nullptr)
+        , m_origFlags (cleaned_flags (flags))
     {
         // See if our flags allow us to go directly
         // into the ready state with an active stream.
@@ -55,6 +56,16 @@ protected:
     // MultiSocket
     //
 
+    Flag getFlags ()
+    {
+        return m_origFlags;
+    }
+
+    ProxyInfo getProxyInfo ()
+    {
+        return m_proxyInfo;
+    }
+
     SSL* native_handle ()
     {
         bassert (m_native_ssl_handle != nullptr);
@@ -612,13 +623,6 @@ protected:
         return new_ssl_stream ();
     }
 
-    //--------------------------------------------------------------------------
-
-    void setProxyInfo (HandshakeDetectLogicPROXY::ProxyInfo const proxyInfo)
-    {
-        // Do something with it
-    }
-
     //--------------------------------------------------------------------------
     //
     // Synchronous handshake operation
@@ -670,7 +674,7 @@ protected:
 
                         if (op.getLogic ().success ())
                         {
-                            setProxyInfo (op.getLogic ().getInfo ());
+                            m_proxyInfo = op.getLogic ().getInfo ();
 
                             // Strip off the PROXY flag.
                             m_flags = m_flags.without (Flag::proxy);
@@ -846,7 +850,7 @@ protected:
                         {
                             if (m_proxy.getLogic ().success ())
                             {
-                                m_owner.setProxyInfo (m_proxy.getLogic ().getInfo ());
+                                m_owner.m_proxyInfo = m_proxy.getLogic ().getInfo ();
 
                                 // Strip off the PROXY flag.
                                 m_owner.m_flags = m_owner.m_flags.without (Flag::proxy);
@@ -936,7 +940,9 @@ private:
     ScopedPointer <Socket> m_ssl_stream; // the ssl portion of our stream if it exists
     bool m_needsShutdown;
     StreamSocket m_next_layer;
+    ProxyInfo m_proxyInfo;
     SSL* m_native_ssl_handle;
+    Flag m_origFlags;
 };
 
 #endif