Skip to content

Commit

Permalink
proxy_protocol: use no-throw addresses to remove exception handling
Browse files Browse the repository at this point in the history 
Signed-off-by: Greg Greenway <[email protected]>
  • Loading branch information
@ggreenway
ggreenway committed Oct 24, 2024
1 parent dbf1fc8 commit 1939458
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 23 deletions.
3 changes: 0 additions & 3 deletions source/common/network/address_impl.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,6 @@ namespace Envoy {
namespace Network {
namespace Address {

// Add an address-specific version for easier searching.
#define TRY_NEEDS_AUDIT_ADDRESS TRY_NEEDS_AUDIT

/**
* Check whether we are a) on Android or an Apple platform and b) configured via runtime to always
* use v6 sockets.
Expand Down
52 changes: 32 additions & 20 deletions source/extensions/filters/listener/proxy_protocol/proxy_protocol.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -378,19 +378,25 @@ bool Filter::parseV2Header(const char* buf) {
la4.sin_port = v4->dst_port;
la4.sin_addr.s_addr = v4->dst_addr;

TRY_NEEDS_AUDIT_ADDRESS {
auto remote_address_status =
Network::Address::InstanceFactory::createInstancePtr<Network::Address::Ipv4Instance>(
&ra4);
auto local_address_status =
Network::Address::InstanceFactory::createInstancePtr<Network::Address::Ipv4Instance>(
&la4);
if (!remote_address_status.ok() || !local_address_status.ok()) {
// TODO(ggreenway): make this work without requiring operating system support for an
// address family.
proxy_protocol_header_.emplace(WireHeader{
PROXY_PROTO_V2_HEADER_LEN, hdr_addr_len, PROXY_PROTO_V2_ADDR_LEN_INET,
hdr_addr_len - PROXY_PROTO_V2_ADDR_LEN_INET, Network::Address::IpVersion::v4,
std::make_shared<Network::Address::Ipv4Instance>(&ra4),
std::make_shared<Network::Address::Ipv4Instance>(&la4)});
}
END_TRY CATCH(const EnvoyException& e, {
ENVOY_LOG(debug, "Proxy protocol failure: {}", e.what());
ENVOY_LOG(debug, "Proxy protocol failure: {}",
!remote_address_status.ok() ? remote_address_status.status()
: local_address_status.status());
return false;
});
}

proxy_protocol_header_.emplace(
WireHeader{PROXY_PROTO_V2_HEADER_LEN, hdr_addr_len, PROXY_PROTO_V2_ADDR_LEN_INET,
hdr_addr_len - PROXY_PROTO_V2_ADDR_LEN_INET, Network::Address::IpVersion::v4,
*remote_address_status, *local_address_status});

return true;
} else if (((proto_family & 0xf0) >> 4) == PROXY_PROTO_V2_AF_INET6) {
Expand All @@ -413,19 +419,25 @@ bool Filter::parseV2Header(const char* buf) {
la6.sin6_port = v6->dst_port;
safeMemcpy(&(la6.sin6_addr.s6_addr), &(v6->dst_addr));

TRY_NEEDS_AUDIT_ADDRESS {
proxy_protocol_header_.emplace(WireHeader{
PROXY_PROTO_V2_HEADER_LEN, hdr_addr_len, PROXY_PROTO_V2_ADDR_LEN_INET6,
hdr_addr_len - PROXY_PROTO_V2_ADDR_LEN_INET6, Network::Address::IpVersion::v6,
std::make_shared<Network::Address::Ipv6Instance>(ra6),
std::make_shared<Network::Address::Ipv6Instance>(la6)});
}
END_TRY CATCH(const EnvoyException& e, {
auto remote_address_status =
Network::Address::InstanceFactory::createInstancePtr<Network::Address::Ipv6Instance>(
ra6);
auto local_address_status =
Network::Address::InstanceFactory::createInstancePtr<Network::Address::Ipv6Instance>(
la6);
if (!remote_address_status.ok() || !local_address_status.ok()) {
// TODO(ggreenway): make this work without requiring operating system support for an
// address family.
ENVOY_LOG(debug, "Proxy protocol failure: {}", e.what());
ENVOY_LOG(debug, "Proxy protocol failure: {}",
!remote_address_status.ok() ? remote_address_status.status()
: local_address_status.status());
return false;
});
}

proxy_protocol_header_.emplace(WireHeader{
PROXY_PROTO_V2_HEADER_LEN, hdr_addr_len, PROXY_PROTO_V2_ADDR_LEN_INET6,
hdr_addr_len - PROXY_PROTO_V2_ADDR_LEN_INET6, Network::Address::IpVersion::v6,
*remote_address_status, *local_address_status});
return true;
}
}
Expand Down

0 comments on commit 1939458

Please sign in to comment.