Strip PROXY protocol header on the MQTT/secure-socket UDS mirror#877
Strip PROXY protocol header on the MQTT/secure-socket UDS mirror#877kriszyp wants to merge 1 commit into
Conversation
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
This comment has been minimized.
This comment has been minimized.
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
| // Strip the PROXY v1 header a fronting proxy (e.g. symphony) prepends, same as the | ||
| // HTTP UDS mirror. Without this the header is fed to the protocol parser (e.g. MQTT), | ||
| // corrupting the first packet. | ||
| httpComponent.enableProxyProtocol(udsServer); |
There was a problem hiding this comment.
Blocker: enableProxyProtocol is not exported — this will throw at runtime.
Commit dbe5d734 removed the export keyword from enableProxyProtocol in server/http.ts, but this call in threadServer.js was not removed. At runtime httpComponent.enableProxyProtocol is undefined, so the first time a secure-socket UDS connection arrives this will throw TypeError: httpComponent.enableProxyProtocol is not a function and the connection will be dropped.
Fix: restore the export in server/http.ts:
| httpComponent.enableProxyProtocol(udsServer); | |
| httpComponent.enableProxyProtocol(udsServer); |
(server/http.ts line 990 needs export function enableProxyProtocol(...).)
The HTTP UDS mirror strips a fronting proxy's PROXY v1 header (enableProxyProtocol) but the raw secure-socket UDS mirror (MQTT, replication) did not, so the header was fed to the protocol parser and corrupted the first packet (an MQTT CONNECT's first byte 0x50 'P' parses as a PUBREC). Apply the same wrapper to the secure-socket UDS server (and export it), and harden enableProxyProtocol to buffer a PROXY header that arrives split across data events (or a first chunk shorter than "PROXY ") rather than forwarding partial header bytes — raw protocols can't recover from a corrupted first packet. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
kriszyp
force-pushed
the
kris/mqtt-uds-proxy-protocol
branch
from
dbe5d73 to
cc8dafe
Compare
|
Force-pushed Note on red CI (pre-existing on 🤖 Generated by Claude (Opus 4.7). |
1 participant
Summary
The per-worker UDS mirrors (created when
tls.unixDomainSocketsis enabled) let a fronting proxy (symphony) reach a worker directly and convey the real client address via a PROXY v1 header. The HTTP UDS mirror already strips that header (enableProxyProtocol), but the raw secure-socket UDS mirror (MQTT, replication) did not — so the header was delivered to the protocol parser and corrupted the first packet. For MQTT the first byte0x50('P' of "PROXY ") parses as a PUBREC →Invalid pubrec reason code, connection dropped.Fix: apply the same
enableProxyProtocolwrapper to the secure-socket UDS server inthreadServer.js onSocket(), andexportit fromserver/http.ts.Why
Found while bringing up symphony→instance MQTT over UDS: MQTT CONNECTs never got a CONNACK. (Discovered via load testing; a host-manager-side workaround sets the MQTT route's source header to
none, but the proper fix is here so MQTT keeps the real client IP.)Where to look
server/http.ts—enableProxyProtocolis now exported (no logic change).server/threads/threadServer.js— one call added in the secure-socket UDS block, mirroring the existing HTTP UDS call.unitTests/server/udsMirror.test.js— strips a PROXY v1 header / passes a non-PROXY chunk through.🤖 Generated by Claude (Opus 4.7).
test:unit:serverudsMirror suite passes (15/15).