diff options
| author | Todd Lyons <tlyons@exim.org> | 2014-04-17 11:58:09 -0700 |
|---|---|---|
| committer | Todd Lyons <tlyons@exim.org> | 2014-04-19 08:32:09 -0700 |
| commit | eb57651e8badf0b65af0371732e42f2ee5c7772c (patch) | |
| tree | 0bc0f5ddf2deb86cf11e1063e5b28942009e36b8 /doc/doc-txt | |
| parent | 887291d23b561d0bb8cf43db80c191810e2d8ce3 (diff) | |
Fix Proxy Protocol v2 handling
Change recv() to not use MSGPEEK and eliminated flush_input().
Add proxy_target_address/port expansions.
Convert ipv6 decoding to memmove().
Use sizeof() for variable sizing.
Correct struct member access.
Enhance debug output when passed invalid command/family.
Add to and enhance documentation.
Client script to test Proxy Protocol, interactive on STDIN/STDOUT,
so can be chained (ie a swaks pipe), useful for any service, not
just Exim and/or smtp.
Diffstat (limited to 'doc/doc-txt')
| -rw-r--r-- | doc/doc-txt/experimental-spec.txt | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 265e1211b..f21609662 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -1087,10 +1087,16 @@ Proxy Protocol server at 192.168.1.2 will look like this: 3. In the ACL's the following expansion variables are available. -proxy_host_address The src IP of the proxy server making the connection -proxy_host_port The src port the proxy server is using -proxy_session Boolean, yes/no, the connected host is required to use - Proxy Protocol. +proxy_host_address The (internal) src IP of the proxy server + making the connection to the Exim server. +proxy_host_port The (internal) src port the proxy server is + using to connect to the Exim server. +proxy_target_address The dest (public) IP of the remote host to + the proxy server. +proxy_target_port The dest port the remote host is using to + connect to the proxy server. +proxy_session Boolean, yes/no, the connected host is required + to use Proxy Protocol. There is no expansion for a failed proxy session, however you can detect it by checking if $proxy_session is true but $proxy_host is empty. As @@ -1110,6 +1116,13 @@ an example, in my connect ACL, I have: [$sender_host_address] through proxy protocol \ host $proxy_host_address + # Possibly more clear + warn logwrite = Remote Source Address: $sender_host_address:$sender_host_port + logwrite = Proxy Target Address: $proxy_target_address:$proxy_target_port + logwrite = Proxy Internal Address: $proxy_host_address:$proxy_host_port + logwrite = Internal Server Address: $received_ip_address:$received_port + + 4. Runtime issues to be aware of: - Since the real connections are all coming from your proxy, and the per host connection tracking is done before Proxy Protocol is |