diff --git a/src/proxy/masking.rs b/src/proxy/masking.rs index b1e69d4..318071b 100644 --- a/src/proxy/masking.rs +++ b/src/proxy/masking.rs @@ -88,7 +88,29 @@ where let connect_result = timeout(MASK_TIMEOUT, UnixStream::connect(sock_path)).await; match connect_result { Ok(Ok(stream)) => { - let (mask_read, mask_write) = stream.into_split(); + let (mask_read, mut mask_write) = stream.into_split(); + let proxy_header: Option> = match config.censorship.mask_proxy_protocol { + 0 => None, + version => { + let header = match version { + 2 => ProxyProtocolV2Builder::new().with_addrs(peer, local_addr).build(), + _ => match (peer, local_addr) { + (SocketAddr::V4(src), SocketAddr::V4(dst)) => + ProxyProtocolV1Builder::new().tcp4(src.into(), dst.into()).build(), + (SocketAddr::V6(src), SocketAddr::V6(dst)) => + ProxyProtocolV1Builder::new().tcp6(src.into(), dst.into()).build(), + _ => + ProxyProtocolV1Builder::new().build(), + }, + }; + Some(header) + } + }; + if let Some(header) = proxy_header { + if mask_write.write_all(&header).await.is_err() { + return; + } + } if timeout(MASK_RELAY_TIMEOUT, relay_to_mask(reader, writer, mask_read, mask_write, initial_data)).await.is_err() { debug!("Mask relay timed out (unix socket)"); } diff --git a/src/tls_front/fetcher.rs b/src/tls_front/fetcher.rs index 1731cdc..4d9067c 100644 --- a/src/tls_front/fetcher.rs +++ b/src/tls_front/fetcher.rs @@ -499,7 +499,7 @@ async fn fetch_via_raw_tls( sock = %sock_path, "Raw TLS fetch using mask unix socket" ); - return fetch_via_raw_tls_stream(stream, sni, connect_timeout, 0).await; + return fetch_via_raw_tls_stream(stream, sni, connect_timeout, proxy_protocol).await; } Ok(Err(e)) => { warn!( @@ -631,7 +631,7 @@ async fn fetch_via_rustls( sock = %sock_path, "Rustls fetch using mask unix socket" ); - return fetch_via_rustls_stream(stream, host, sni, 0).await; + return fetch_via_rustls_stream(stream, host, sni, proxy_protocol).await; } Ok(Err(e)) => { warn!(