Support the proxy protocol, close bfenetworks#11

Author: iyangsj

bfe_basic/request.go

@@ -113,8 +113,8 @@ func NewRequest(request *bfe_http.Request, conn net.Conn, stat *RequestStat,
 	fReq.Context = make(map[interface{}]interface{})
 	fReq.Tags.TagTable = make(map[string][]string)
 
-	if conn != nil {
-		fReq.RemoteAddr = conn.RemoteAddr().(*net.TCPAddr)
+	if session != nil {
+		fReq.RemoteAddr = session.RemoteAddr
 	}
 
 	fReq.SvrDataConf = svrDataConf

bfe_config/bfe_conf/conf_basic.go

@@ -27,6 +27,12 @@ import (
 	"github.com/baidu/bfe/bfe_util"
 )
 
+const (
+	BALANCER_BGW   = "BGW"   // layer4 balancer in baidu
+	BALANCER_PROXY = "PROXY" // layer4 balancer working in PROXY mode (eg. F5, Ctrix, ELB etc)
+	BALANCER_NONE  = "NONE"  // layer4 balancer not used
+)
+
 type ConfigBasic struct {
 	HttpPort    int // listen port for http
 	HttpsPort   int // listen port for https
@@ -43,6 +49,7 @@ type ConfigBasic struct {
 	GracefulShutdownTimeout int  // graceful shutdown timeout, in seconds
 	MaxHeaderBytes          int  // max header length in bytes in request
 	MaxHeaderUriBytes       int  // max URI(in header) length in bytes in request
+	MaxProxyHeaderBytes     int  // max header lenght in bytes in Proxy protocol
 	KeepAliveEnabled        bool // if false, client connection is shutdown disregard of http headers
 
 	Modules []string // modules to load
@@ -117,8 +124,8 @@ func basicConfCheck(cfg *ConfigBasic) error {
 	}
 
 	// check Layer4LoadBalancer
-	if cfg.Layer4LoadBalancer != "BGW" && cfg.Layer4LoadBalancer != "" {
-		return fmt.Errorf("Layer4LoadBalancer[%s] not support", cfg.Layer4LoadBalancer)
+	if err := checkLayer4LoadBalancer(cfg); err != nil {
+		return err
 	}
 
 	// check TlsHandshakeTimeout
@@ -175,6 +182,23 @@ func basicConfCheck(cfg *ConfigBasic) error {
 	return nil
 }
 
+func checkLayer4LoadBalancer(cfg *ConfigBasic) error {
+	if len(cfg.Layer4LoadBalancer) == 0 {
+		cfg.Layer4LoadBalancer = BALANCER_BGW // default BGW
+	}
+
+	switch cfg.Layer4LoadBalancer {
+	case BALANCER_BGW:
+		return nil
+	case BALANCER_PROXY:
+		return nil
+	case BALANCER_NONE:
+		return nil
+	default:
+		return fmt.Errorf("Layer4LoadBalancer[%s] should be BGW/PROXY/NONE", cfg.Layer4LoadBalancer)
+	}
+}
+
 func dataFileConfCheck(cfg *ConfigBasic, confRoot string) error {
 	// check HostRuleConf
 	if cfg.HostRuleConf == "" {

bfe_modules/mod_header/action_header_var.go

@@ -19,24 +19,35 @@ import (
 	"encoding/asn1"
 	"encoding/hex"
 	"fmt"
+	"net"
 	"os"
 	"strconv"
 )
 
 import (
 	"github.com/baidu/bfe/bfe_basic"
 	"github.com/baidu/bfe/bfe_tls"
+	"github.com/baidu/bfe/bfe_util"
 )
 
 type HeaderValueHandler func(req *bfe_basic.Request) string
 
+const (
+	UNKNOWN = "unknown"
+)
+
 var VariableHandlers = map[string]HeaderValueHandler{
 	// for client
 	"bfe_client_ip":    getClientIp,
 	"bfe_client_port":  getClientPort,
 	"bfe_request_host": getRequestHost,
-	"bfe_session_id":   getSessionId,
-	"bfe_vip":          getBfeVip,
+
+	// for conn info
+	"bfe_session_id": getSessionId,
+	"bfe_cip":        getClientIp, // client ip (alias for bfe_clientip)
+	"bfe_vip":        getBfeVip,   // virtual ip
+	"bfe_bip":        getBfeBip,   // balancer ip
+	"bfe_rip":        getBfeRip,   // bfe ip
 
 	// for bfe
 	"bfe_server_name": getBfeServerName,
@@ -240,7 +251,46 @@ func getBfeVip(req *bfe_basic.Request) string {
 		return req.Session.Vip.String()
 	}
 
-	return "unknown"
+	return UNKNOWN
+}
+
+func getAddressFetcher(conn net.Conn) bfe_util.AddressFetcher {
+	if c, ok := conn.(*bfe_tls.Conn); ok {
+		conn = c.GetNetConn()
+	}
+	if f, ok := conn.(bfe_util.AddressFetcher); ok {
+		return f
+	}
+	return nil
+}
+
+func getBfeBip(req *bfe_basic.Request) string {
+	f := getAddressFetcher(req.Session.Connection)
+	if f == nil {
+		return UNKNOWN
+	}
+
+	baddr := f.BalancerAddr()
+	if baddr == nil {
+		return UNKNOWN
+	}
+	bip, _, err := net.SplitHostPort(baddr.String())
+	if err != nil { /* never come here */
+		return UNKNOWN
+	}
+
+	return bip
+}
+
+func getBfeRip(req *bfe_basic.Request) string {
+	conn := req.Session.Connection
+	raddr := conn.LocalAddr()
+	rip, _, err := net.SplitHostPort(raddr.String())
+	if err != nil { /* never come here */
+		return UNKNOWN
+	}
+
+	return rip
 }
 
 func getBfeBackendInfo(req *bfe_basic.Request) string {
@@ -252,7 +302,7 @@ func getBfeBackendInfo(req *bfe_basic.Request) string {
 func getBfeServerName(req *bfe_basic.Request) string {
 	hostname, err := os.Hostname()
 	if err != nil {
-		return "unknown"
+		return UNKNOWN
 	}
 
 	return hostname

bfe_proxy/addr_proto.go

@@ -0,0 +1,116 @@
+// Copyright (c) 2019 Baidu, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Copyright (c) pires.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package bfe_proxy
+
+// AddressFamilyAndProtocol represents address family and transport protocol.
+type AddressFamilyAndProtocol byte
+
+const (
+	UNSPEC       = '\x00'
+	TCPv4        = '\x11'
+	UDPv4        = '\x12'
+	TCPv6        = '\x21'
+	UDPv6        = '\x22'
+	UnixStream   = '\x31'
+	UnixDatagram = '\x32'
+)
+
+var supportedTransportProtocol = map[AddressFamilyAndProtocol]bool{
+	TCPv4:        true,
+	UDPv4:        true,
+	TCPv6:        true,
+	UDPv6:        true,
+	UnixStream:   true,
+	UnixDatagram: true,
+}
+
+// IsIPv4 returns true if the address family is IPv4 (AF_INET4), false otherwise.
+func (ap AddressFamilyAndProtocol) IsIPv4() bool {
+	return 0x10 == ap&0xF0
+}
+
+// IsIPv6 returns true if the address family is IPv6 (AF_INET6), false otherwise.
+func (ap AddressFamilyAndProtocol) IsIPv6() bool {
+	return 0x20 == ap&0xF0
+}
+
+// IsUnix returns true if the address family is UNIX (AF_UNIX), false otherwise.
+func (ap AddressFamilyAndProtocol) IsUnix() bool {
+	return 0x30 == ap&0xF0
+}
+
+// IsStream returns true if the transport protocol is TCP or STREAM (SOCK_STREAM), false otherwise.
+func (ap AddressFamilyAndProtocol) IsStream() bool {
+	return 0x01 == ap&0x0F
+}
+
+// IsDatagram returns true if the transport protocol is UDP or DGRAM (SOCK_DGRAM), false otherwise.
+func (ap AddressFamilyAndProtocol) IsDatagram() bool {
+	return 0x02 == ap&0x0F
+}
+
+// IsUnspec returns true if the transport protocol or address family is unspecified, false otherwise.
+func (ap AddressFamilyAndProtocol) IsUnspec() bool {
+	return (0x00 == ap&0xF0) || (0x00 == ap&0x0F)
+}
+
+func (ap AddressFamilyAndProtocol) toByte() byte {
+	if ap.IsIPv4() && ap.IsStream() {
+		return TCPv4
+	} else if ap.IsIPv4() && ap.IsDatagram() {
+		return UDPv4
+	} else if ap.IsIPv6() && ap.IsStream() {
+		return TCPv6
+	} else if ap.IsIPv6() && ap.IsDatagram() {
+		return UDPv6
+	} else if ap.IsUnix() && ap.IsStream() {
+		return UnixStream
+	} else if ap.IsUnix() && ap.IsDatagram() {
+		return UnixDatagram
+	}
+
+	return UNSPEC
+}
+
+func (ap AddressFamilyAndProtocol) String() string {
+	if ap.IsIPv4() && ap.IsStream() {
+		return "tcp4"
+	} else if ap.IsIPv4() && ap.IsDatagram() {
+		return "udp4"
+	} else if ap.IsIPv6() && ap.IsStream() {
+		return "tcp6"
+	} else if ap.IsIPv6() && ap.IsDatagram() {
+		return "udp6"
+	} else if ap.IsUnix() && ap.IsStream() {
+		return "unix"
+	} else if ap.IsUnix() && ap.IsDatagram() {
+		return "unixgram"
+	}
+	return "unspec"
+}