PoC proxy protocol stream wrapper

Author: robjtede

Cargo.toml

@@ -2,6 +2,7 @@
 members = [
   "actix-codec",
   "actix-macros",
+  "actix-proxy-protocol",
   "actix-rt",
   "actix-server",
   "actix-service",
@@ -16,6 +17,7 @@ members = [
 [patch.crates-io]
 actix-codec = { path = "actix-codec" }
 actix-macros = { path = "actix-macros" }
+actix-proxy-protocol = { path = "actix-proxy-protocol" }
 actix-rt = { path = "actix-rt" }
 actix-server = { path = "actix-server" }
 actix-service = { path = "actix-service" }

actix-proxy-protocol/CHANGES.md

@@ -0,0 +1,7 @@
+# Changes
+
+## Unreleased - 2022-xx-xx
+
+## 0.0.1 - 2022-xx-xx
+
+- delete me

actix-proxy-protocol/Cargo.toml

@@ -0,0 +1,38 @@
+[package]
+name = "actix-proxy-protocol"
+version = "0.0.1"
+authors = [
+    "Rob Ede <robjtede@icloud.com>",
+]
+description = "PROXY protocol utilities"
+keywords = ["proxy", "protocol", "network", "haproxy", "tcp"]
+categories = ["network-programming", "asynchronous"]
+homepage = "https://actix.rs"
+repository = "https://github.com/actix/actix-net.git"
+license = "MIT OR Apache-2.0"
+edition = "2018"
+
+[dependencies]
+actix-service = "2"
+actix-utils = "3"
+
+arrayvec = "0.7"
+crc32fast = "1"
+futures-core = { version = "0.3.17", default-features = false, features = ["std"] }
+futures-util = { version = "0.3.17", default-features = false, features = ["std"] }
+itoa = "1"
+tokio = { version = "1.13.1", features = ["sync", "io-util"] }
+tracing = { version = "0.1.30", default-features = false, features = ["log"] }
+
+[dev-dependencies]
+actix-codec = "0.5"
+actix-rt = "2.6"
+actix-server = "2"
+
+bytes = "1"
+const-str = "0.5"
+env_logger = "0.9"
+futures-util = { version = "0.3.7", default-features = false, features = ["sink", "async-await-macro"] }
+once_cell = "1"
+pretty_assertions = "1"
+tokio = { version = "1.13.1", features = ["io-util", "rt-multi-thread", "macros", "fs"] }

actix-proxy-protocol/LICENSE-APACHE

@@ -0,0 +1 @@
+../LICENSE-APACHE

actix-proxy-protocol/LICENSE-MIT

@@ -0,0 +1 @@
+../LICENSE-MIT

actix-proxy-protocol/README.md

@@ -0,0 +1,17 @@
+# actix-proxy-protocol
+
+> Implementation of the [PROXY protocol].
+
+[![crates.io](https://img.shields.io/crates/v/actix-proxy-protocol?label=latest)](https://crates.io/crates/actix-proxy-protocol)
+[![Documentation](https://docs.rs/actix-proxy-protocol/badge.svg?version=0.1.0)](https://docs.rs/actix-proxy-protocol/0.1.0)
+[![Version](https://img.shields.io/badge/rustc-1.52+-ab6000.svg)](https://blog.rust-lang.org/2021/05/06/Rust-1.52.0.html)
+![License](https://img.shields.io/crates/l/actix-proxy-protocol.svg)
+[![Dependency Status](https://deps.rs/crate/actix-proxy-protocol/0.1.0/status.svg)](https://deps.rs/crate/actix-proxy-protocol/0.1.0)
+![Downloads](https://img.shields.io/crates/d/actix-proxy-protocol.svg)
+[![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)
+
+## Resources
+
+- [Examples](./examples)
+
+[proxy protocol]: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt

actix-proxy-protocol/examples/proxy-server.rs

@@ -0,0 +1,118 @@
+//! Adds PROXY protocol v1 prelude to connections.
+
+#![allow(unused)]
+
+use std::{
+    io, mem,
+    net::{IpAddr, Ipv4Addr, SocketAddr},
+    sync::{
+        atomic::{AtomicUsize, Ordering},
+        Arc,
+    },
+};
+
+use actix_proxy_protocol::{v1, v2, AddressFamily, Command, Tlv, TransportProtocol};
+use actix_rt::net::TcpStream;
+use actix_server::Server;
+use actix_service::{fn_service, ServiceFactoryExt as _};
+use bytes::BytesMut;
+use const_str::concat_bytes;
+use once_cell::sync::Lazy;
+use tokio::io::{copy_bidirectional, AsyncReadExt as _, AsyncWriteExt as _};
+
+static UPSTREAM: Lazy<SocketAddr> = Lazy::new(|| SocketAddr::from(([127, 0, 0, 1], 8080)));
+
+/*
+NOTES:
+108 byte buffer on receiver side is enough for any PROXY header
+after PROXY, receive until CRLF, *then* decode parts
+TLV = type-length-value
+
+TO DO:
+handle UNKNOWN transport
+v2 UNSPEC mode
+*/
+
+fn extend_with_ip_bytes(buf: &mut Vec<u8>, ip: IpAddr) {
+    match ip {
+        IpAddr::V4(ip) => buf.extend_from_slice(&ip.octets()),
+        IpAddr::V6(ip) => buf.extend_from_slice(&ip.octets()),
+    }
+}
+
+async fn wrap_with_proxy_protocol_v1(mut stream: TcpStream) -> io::Result<()> {
+    let mut upstream = TcpStream::connect(("127.0.0.1", 8080)).await?;
+
+    tracing::info!(
+        "PROXYv1 {} -> {}",
+        stream.peer_addr().unwrap(),
+        UPSTREAM.to_string()
+    );
+
+    let proxy_header = v1::Header::new(
+        AddressFamily::Inet,
+        SocketAddr::from(([127, 0, 0, 1], 8081)),
+        *UPSTREAM,
+    );
+
+    proxy_header.write_to_tokio(&mut upstream).await?;
+
+    let (_bytes_read, _bytes_written) = copy_bidirectional(&mut stream, &mut upstream).await?;
+
+    Ok(())
+}
+
+async fn wrap_with_proxy_protocol_v2(mut stream: TcpStream) -> io::Result<()> {
+    let mut upstream = TcpStream::connect(("127.0.0.1", 8080)).await?;
+
+    tracing::info!(
+        "PROXYv2 {} -> {}",
+        stream.peer_addr().unwrap(),
+        UPSTREAM.to_string()
+    );
+
+    let mut proxy_header = v2::Header::new(
+        Command::Proxy,
+        TransportProtocol::Stream,
+        AddressFamily::Inet,
+        SocketAddr::from(([127, 0, 0, 1], 8082)),
+        *UPSTREAM,
+        vec![
+            Tlv::new(0x05, [0x34, 0x32, 0x36, 0x39]), // UNIQUE_ID
+            Tlv::new(0x04, "NOOP m9"),                // NOOP
+        ],
+    );
+
+    proxy_header.add_crc23c_checksum_tlv();
+
+    proxy_header.write_to_tokio(&mut upstream).await?;
+
+    let (_bytes_read, _bytes_written) = copy_bidirectional(&mut stream, &mut upstream).await?;
+
+    Ok(())
+}
+
+fn start_server() -> io::Result<Server> {
+    let addr = ("127.0.0.1", 8082);
+    tracing::info!("starting proxy server on port: {}", &addr.0);
+    tracing::info!("proxying to 127.0.0.1:8080");
+
+    Ok(Server::build()
+        .bind("proxy-protocol-v1", ("127.0.0.1", 8081), move || {
+            fn_service(wrap_with_proxy_protocol_v1)
+                .map_err(|err| tracing::error!("service error: {:?}", err))
+        })?
+        .bind("proxy-protocol-v2", addr, move || {
+            fn_service(wrap_with_proxy_protocol_v2)
+                .map_err(|err| tracing::error!("service error: {:?}", err))
+        })?
+        .workers(2)
+        .run())
+}
+
+#[tokio::main]
+async fn main() -> io::Result<()> {
+    env_logger::init_from_env(env_logger::Env::default().default_filter_or("info"));
+    start_server()?.await?;
+    Ok(())
+}