astelm
/
telemt
mirror of https://github.com/telemt/telemt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

PROXY Real IP in logs

This commit is contained in:
Alexey 2026-03-09 01:55:07 +03:00
parent ef2ed3daa0
commit d0f253b49b
No known key found for this signature in database
2 changed files with 50 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/main.rs
View File

@ -2121,6 +2121,8 @@ async fn main() -> std::result::Result<(), Box<dyn std::error::Error>> {
let ip_tracker = ip_tracker.clone(); let ip_tracker = ip_tracker.clone();
let beobachten = beobachten.clone(); let beobachten = beobachten.clone();
let proxy_protocol_enabled = listener_proxy_protocol; let proxy_protocol_enabled = listener_proxy_protocol;
let real_peer_report = Arc::new(std::sync::Mutex::new(None));
let real_peer_report_for_handler = real_peer_report.clone();
tokio::spawn(async move { tokio::spawn(async move {
let _permit = permit; let _permit = permit;
@ -2139,10 +2141,15 @@ async fn main() -> std::result::Result<(), Box<dyn std::error::Error>> {
ip_tracker, ip_tracker,
beobachten, beobachten,
proxy_protocol_enabled, proxy_protocol_enabled,
real_peer_report_for_handler,
) )
.run() .run()
.await .await
{ {
let real_peer = match real_peer_report.lock() {
Ok(guard) => *guard,
Err(_) => None,
};
let peer_closed = matches!( let peer_closed = matches!(
&e, &e,
crate::error::ProxyError::Io(ioe) crate::error::ProxyError::Io(ioe)
@ -2177,15 +2184,41 @@ async fn main() -> std::result::Result<(), Box<dyn std::error::Error>> {
); );
match (peer_closed, me_closed) { match (peer_closed, me_closed) {
(true, _) => debug!(peer = %peer_addr, error = %e, "Connection closed by client"), (true, _) => {
(_, true) => warn!(peer = %peer_addr, error = %e, "Connection closed: Middle-End dropped session"), if let Some(real_peer) = real_peer {
debug!(peer = %peer_addr, real_peer = %real_peer, error = %e, "Connection closed by client");
} else {
debug!(peer = %peer_addr, error = %e, "Connection closed by client");
}
}
(_, true) => {
if let Some(real_peer) = real_peer {
warn!(peer = %peer_addr, real_peer = %real_peer, error = %e, "Connection closed: Middle-End dropped session");
} else {
warn!(peer = %peer_addr, error = %e, "Connection closed: Middle-End dropped session");
}
}
_ if route_switched => { _ if route_switched => {
info!(peer = %peer_addr, error = %e, "Connection closed by controlled route cutover") if let Some(real_peer) = real_peer {
info!(peer = %peer_addr, real_peer = %real_peer, error = %e, "Connection closed by controlled route cutover");
} else {
info!(peer = %peer_addr, error = %e, "Connection closed by controlled route cutover");
}
} }
_ if is_expected_handshake_eof(&e) => { _ if is_expected_handshake_eof(&e) => {
info!(peer = %peer_addr, error = %e, "Connection closed during initial handshake") if let Some(real_peer) = real_peer {
info!(peer = %peer_addr, real_peer = %real_peer, error = %e, "Connection closed during initial handshake");
} else {
info!(peer = %peer_addr, error = %e, "Connection closed during initial handshake");
}
}
_ => {
if let Some(real_peer) = real_peer {
warn!(peer = %peer_addr, real_peer = %real_peer, error = %e, "Connection closed with error");
} else {
warn!(peer = %peer_addr, error = %e, "Connection closed with error");
}
} }
_ => warn!(peer = %peer_addr, error = %e, "Connection closed with error"),
} }
} }
}); });

16
src/proxy/client.rs
View File

@ -321,6 +321,8 @@ pub struct ClientHandler;
pub struct RunningClientHandler { pub struct RunningClientHandler {
stream: TcpStream, stream: TcpStream,
peer: SocketAddr, peer: SocketAddr,
real_peer_from_proxy: Option<SocketAddr>,
real_peer_report: Arc<std::sync::Mutex<Option<SocketAddr>>>,
config: Arc<ProxyConfig>, config: Arc<ProxyConfig>,
stats: Arc<Stats>, stats: Arc<Stats>,
replay_checker: Arc<ReplayChecker>, replay_checker: Arc<ReplayChecker>,
@ -351,10 +353,14 @@ impl ClientHandler {
ip_tracker: Arc<UserIpTracker>, ip_tracker: Arc<UserIpTracker>,
beobachten: Arc<BeobachtenStore>, beobachten: Arc<BeobachtenStore>,
proxy_protocol_enabled: bool, proxy_protocol_enabled: bool,
real_peer_report: Arc<std::sync::Mutex<Option<SocketAddr>>>,
) -> RunningClientHandler { ) -> RunningClientHandler {
let normalized_peer = normalize_ip(peer);
RunningClientHandler { RunningClientHandler {
stream, stream,
peer, peer: normalized_peer,
real_peer_from_proxy: None,
real_peer_report,
config, config,
stats, stats,
replay_checker, replay_checker,
@ -372,10 +378,8 @@ impl ClientHandler {
} }
impl RunningClientHandler { impl RunningClientHandler {
pub async fn run(mut self) -> Result<()> { pub async fn run(self) -> Result<()> {
self.stats.increment_connects_all(); self.stats.increment_connects_all();
self.peer = normalize_ip(self.peer);
let peer = self.peer; let peer = self.peer;
let _ip_tracker = self.ip_tracker.clone(); let _ip_tracker = self.ip_tracker.clone();
debug!(peer = %peer, "New connection"); debug!(peer = %peer, "New connection");
@ -448,6 +452,10 @@ impl RunningClientHandler {
"PROXY protocol header parsed" "PROXY protocol header parsed"
); );
self.peer = normalize_ip(info.src_addr); self.peer = normalize_ip(info.src_addr);
self.real_peer_from_proxy = Some(self.peer);
if let Ok(mut slot) = self.real_peer_report.lock() {
*slot = Some(self.peer);
}
if let Some(dst) = info.dst_addr { if let Some(dst) = info.dst_addr {
local_addr = dst; local_addr = dst;
} }