smokescreen refuses to use upstream proxy with internal address #191
Description
Run smokescreen as follows:
$ http_proxy=http://localhost:1234/ ./smokescreenNow try to tunnel a request through it:
$ http_proxy=http://localhost:4750/ curl http://yahoo.com/
Failed to connect to remote host: proxyconnect tcp: The destination address (127.0.0.1) was denied by rule 'Deny: Not Global Unicast'The smokescreen log is as follows:
{"level":"info","msg":"starting","time":"2023-06-22T12:09:26+03:00"}
{"address":"localhost:1234","error":"The destination address (127.0.0.1) was denied by rule 'Deny: Not Global Unicast'","level":"error","msg":"unexpected illegal address in dialer","time":"2023-06-22T12:10:39+03:00"}
{"id":"cia103qhq4rca8e50ep0","inbound_remote_addr":"127.0.0.1:52026","level":"error","msg":"Failed to connect to remote host: proxyconnect tcp: The destination address (127.0.0.1) was denied by rule 'Deny: Not Global Unicast'","proxy_type":"http","requested_host":"yahoo.com","start_time":"2023-06-22T09:10:39.498762117Z","time":"2023-06-22T12:10:39+03:00","trace_id":""}
{"allow":true,"content_length":134,"decision_reason":"destination address was denied by rule, see error","dns_lookup_time_ms":9,"enforce_would_deny":false,"error":"proxyconnect tcp: The destination address (127.0.0.1) was denied by rule 'Deny: Not Global Unicast'","id":"cia103qhq4rca8e50ep0","inbound_remote_addr":"127.0.0.1:52026","level":"error","msg":"CANONICAL-PROXY-DECISION","project":"","proxy_type":"http","requested_host":"yahoo.com","role":"","start_time":"2023-06-22T09:10:39.498762117Z","time":"2023-06-22T12:10:39+03:00","trace_id":""}I think this behavior is incorrect, because the address of the proxy is supplied by the system administrator, and so should be considered trusted. The request should thus be allowed to go through.
Reproduced on 8dd3072.