ARCHIVE/rippled
1
0
Fork 0
mirror of https://github.com/XRPLF/rippled.git synced 2025-12-06 17:27:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Set remote IP on PROXY handshake

Browse Source
This commit is contained in:
Vinnie Falco
2013-08-25 01:13:22 -07:00
parent 4170bcd294
commit b37c537b4a
4 changed files with 77 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
modules/ripple_app/peers/ripple_Peer.cpp
View File

@@ -73,7 +73,7 @@ public:
return m_ssl_stream;
}
#endif^
#endif
//
//
@@ -303,8 +303,59 @@ private:
startReadHeader ();
}
// We have an encrypted connection to the peer.
// Have it say who it is so we know to avoid redundant connections.
// Establish that it really who we are talking to by having it sign a connection detail.
// Also need to establish no man in the middle attack is in progress.
void handleStart (const boost::system::error_code& error)
{
if (error)
{
WriteLog (lsINFO, Peer) << "Peer: Handshake: Error: " << error.category ().name () << ": " << error.message () << ": " << error;
detach ("hs", true);
}
else
{
#if RIPPLE_PEER_USES_BEAST_MULTISOCKET
if (m_socket->getFlags ().set (MultiSocket::Flag::proxy) && m_isInbound)
{
MultiSocket::ProxyInfo const proxyInfo (m_socket->getProxyInfo ());
if (proxyInfo.protocol == "TCP4")
{
// Set remote IP and port number from PROXY handshake
mIpPort.first = proxyInfo.sourceAddress.toString ().toStdString ();
mIpPort.second = proxyInfo.sourcePort;
// Must compute mCookieHash before receiving a hello.
sendHello ();
startReadHeader ();
}
else
{
if (proxyInfo.protocol != String::empty)
{
WriteLog (lsINFO, Peer) << "Peer: Unknown PROXY protocol " <<
proxyInfo.protocol.toStdString ();
}
else
{
WriteLog (lsINFO, Peer) << "Peer: Missing PROXY handshake";
}
detach ("pi", true);
}
}
else
#endif
{
// Must compute mCookieHash before receiving a hello.
sendHello ();
startReadHeader ();
}
}
}
void handleStart (const boost::system::error_code & ecResult);
void handleVerifyTimer (const boost::system::error_code & ecResult);
void handlePingTimer (const boost::system::error_code & ecResult);
@@ -556,24 +607,6 @@ void PeerImp::connect (const std::string& strIp, int iPort)
}
}
// We have an encrypted connection to the peer.
// Have it say who it is so we know to avoid redundant connections.
// Establish that it really who we are talking to by having it sign a connection detail.
// Also need to establish no man in the middle attack is in progress.
void PeerImp::handleStart (const boost::system::error_code& error)
{
if (error)
{
WriteLog (lsINFO, Peer) << "Peer: Handshake: Error: " << error.category ().name () << ": " << error.message () << ": " << error;
detach ("hs", true);
}
else
{
sendHello (); // Must compute mCookieHash before receiving a hello.
startReadHeader ();
}
}
// Connect ssl as client.
void PeerImp::handleConnect (const boost::system::error_code& error, boost::asio::ip::tcp::resolver::iterator it)
{

4
modules/ripple_app/websocket/WSServerHandler.h
View File

@@ -58,8 +58,8 @@ protected:
public:
WSServerHandler (boost::asio::ssl::context& ssl_context, bool bPublic)
: m_ssl_context (ssl_context)
, mLock (static_cast <WSServerHandlerBase*> (this), "WSServerHandler", __FILE__, __LINE__)
: mLock (static_cast <WSServerHandlerBase*> (this), "WSServerHandler", __FILE__, __LINE__)
, m_ssl_context (ssl_context)
, mPublic (bPublic)
{
}

7
modules/ripple_asio/sockets/ripple_MultiSocket.h
View File

@@ -85,6 +85,13 @@ public:
server_proxy = 8
};
typedef HandshakeDetectLogicPROXY::ProxyInfo ProxyInfo;
// Note that this returns the original flags
virtual Flag getFlags () = 0;
virtual ProxyInfo getProxyInfo () = 0;
virtual SSL* native_handle () = 0;
static MultiSocket* New (

24
modules/ripple_asio/sockets/ripple_MultiSocketType.h
View File

@@ -31,6 +31,7 @@ public:
, m_needsShutdown (false)
, m_next_layer (arg)
, m_native_ssl_handle (nullptr)
, m_origFlags (cleaned_flags (flags))
{
// See if our flags allow us to go directly
// into the ready state with an active stream.
@@ -55,6 +56,16 @@ protected:
// MultiSocket
//
Flag getFlags ()
{
return m_origFlags;
}
ProxyInfo getProxyInfo ()
{
return m_proxyInfo;
}
SSL* native_handle ()
{
bassert (m_native_ssl_handle != nullptr);
@@ -612,13 +623,6 @@ protected:
return new_ssl_stream ();
}
//--------------------------------------------------------------------------
void setProxyInfo (HandshakeDetectLogicPROXY::ProxyInfo const proxyInfo)
{
// Do something with it
}
//--------------------------------------------------------------------------
//
// Synchronous handshake operation
@@ -670,7 +674,7 @@ protected:
if (op.getLogic ().success ())
{
setProxyInfo (op.getLogic ().getInfo ());
m_proxyInfo = op.getLogic ().getInfo ();
// Strip off the PROXY flag.
m_flags = m_flags.without (Flag::proxy);
@@ -846,7 +850,7 @@ protected:
{
if (m_proxy.getLogic ().success ())
{
m_owner.setProxyInfo (m_proxy.getLogic ().getInfo ());
m_owner.m_proxyInfo = m_proxy.getLogic ().getInfo ();
// Strip off the PROXY flag.
m_owner.m_flags = m_owner.m_flags.without (Flag::proxy);
@@ -936,7 +940,9 @@ private:
ScopedPointer <Socket> m_ssl_stream; // the ssl portion of our stream if it exists
bool m_needsShutdown;
StreamSocket m_next_layer;
ProxyInfo m_proxyInfo;
SSL* m_native_ssl_handle;
Flag m_origFlags;
};
#endif