def new_setHost(self, host, port, ssl=0):
try:
ip = IPAddress(host.decode("idna"))
except AddrFormatError:
ip = None # `host` is a host or domain name.
self._forceSSL = ssl # set first so isSecure will work
if self.isSecure():
default = 443
else:
default = 80
if ip is None:
hostHeader = host
elif ip.version == 4:
hostHeader = host
else:
hostHeader = b"[" + host + b"]"
if port != default:
hostHeader += b":" + intToBytes(port)
self.requestHeaders.setRawHeaders(b"host", [hostHeader])
if ip is None:
# Pretend that a host or domain name is an IPv4 address.
self.host = address.IPv4Address("TCP", host, port)
elif ip.version == 4:
self.host = address.IPv4Address("TCP", host, port)
else:
self.host = address.IPv6Address("TCP", host, port)
def getHost(self):
"""
Returns an IPv6Address.
This indicates the address from which I am connecting.
"""
return address.IPv6Address('TCP', *(self.socket.getsockname()))
def fix_twisted_web_server_addressToTuple():
"""Add ipv6 support to t.w.server._addressToTuple()
Return address.IPv6Address where appropriate.
See https://bugs.launchpad.net/ubuntu/+source/twisted/+bug/1604608
"""
import twisted.web.server
from twisted.internet import address
def new_addressToTuple(addr):
if isinstance(addr, address.IPv4Address):
return ("INET", addr.host, addr.port)
elif isinstance(addr, address.IPv6Address):
return ("INET6", addr.host, addr.port)
elif isinstance(addr, address.UNIXAddress):
return ("UNIX", addr.name)
else:
return tuple(addr)
test = address.IPv6Address("TCP", "fe80::1", "80")
try:
twisted.web.server._addressToTuple(test)
except TypeError:
twisted.web.server._addressToTuple = new_addressToTuple
def test_validIPv6HeaderResolves_getPeerHost(self):
"""
Test if IPv6 headers result in the correct host and peer data.
"""
factory = HAProxyWrappingFactory(Factory.forProtocol(StaticProtocol))
proto = factory.buildProtocol(address.IPv6Address('TCP', b'::1',
8080), )
transport = StringTransportWithDisconnection()
proto.makeConnection(transport)
proto.dataReceived(b'PROXY TCP6 ::1 ::2 8080 8888\r\n')
self.assertEqual(proto.getPeer().host, b'::1')
self.assertEqual(proto.getPeer().port, 8080)
self.assertEqual(
proto.wrappedProtocol.transport.getPeer().host,
b'::1',
)
self.assertEqual(
proto.wrappedProtocol.transport.getPeer().port,
8080,
)
self.assertEqual(proto.getHost().host, b'::2')
self.assertEqual(proto.getHost().port, 8888)
self.assertEqual(
proto.wrappedProtocol.transport.getHost().host,
b'::2',
)
self.assertEqual(
proto.wrappedProtocol.transport.getHost().port,
8888,
)
def getPeer(self):
if self.parent._options["proxy_header"] and self.request.requestHeaders.hasHeader(self.parent._options["proxy_header"]):
ip = self.request.requestHeaders.getRawHeaders(self.parent._options["proxy_header"])[0].decode().split(",")[-1].strip()
if re.match("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", ip):
return address.IPv4Address("TCP", ip, None)
else:
return address.IPv6Address("TCP", ip, None)
return ProtocolWrapper.getPeer(self)
def test_describe(self):
f = transit.InboundConnectionFactory(None)
addrH = address.HostnameAddress("example.com", 1234)
self.assertEqual(f._describePeer(addrH), "<-example.com:1234")
addr4 = address.IPv4Address("TCP", "1.2.3.4", 1234)
self.assertEqual(f._describePeer(addr4), "<-1.2.3.4:1234")
addr6 = address.IPv6Address("TCP", "::1", 1234)
self.assertEqual(f._describePeer(addr6), "<-::1:1234")
addrU = address.UNIXAddress("/dev/unlikely")
self.assertEqual(f._describePeer(addrU),
"<-UNIXAddress('/dev/unlikely')")
def test_overflowBytesSentToWrappedProtocol(self):
"""
Test if non-header bytes are passed to the wrapped protocol.
"""
factory = HAProxyWrappingFactory(Factory.forProtocol(StaticProtocol))
proto = factory.buildProtocol(address.IPv6Address("TCP", b"::1",
8080), )
transport = StringTransportWithDisconnection()
proto.makeConnection(transport)
proto.dataReceived(b"PROXY TCP6 ::1 ::2 8080 8888\r\nHTTP/1.1 / GET")
self.assertEqual(proto.wrappedProtocol.data, b"HTTP/1.1 / GET")
def test_overflowBytesSentToWrappedProtocol(self):
"""
Test if non-header bytes are passed to the wrapped protocol.
"""
factory = HAProxyWrappingFactory(Factory.forProtocol(StaticProtocol))
proto = factory.buildProtocol(address.IPv6Address('TCP', b'::1',
8080), )
transport = StringTransportWithDisconnection()
proto.makeConnection(transport)
proto.dataReceived(self.IPV6HEADER + b'HTTP/1.1 / GET')
self.assertEqual(proto.wrappedProtocol.data, b'HTTP/1.1 / GET')
def test_overflowBytesSentToWrappedProtocolChunks(self):
"""
Test if header streaming passes extra data appropriately.
"""
factory = HAProxyWrappingFactory(Factory.forProtocol(StaticProtocol))
proto = factory.buildProtocol(address.IPv6Address("TCP", b"::1",
8080), )
transport = StringTransportWithDisconnection()
proto.makeConnection(transport)
proto.dataReceived(b"PROXY TCP6 ::1 ::2 ")
proto.dataReceived(b"8080 8888\r\nHTTP/1.1 / GET")
self.assertEqual(proto.wrappedProtocol.data, b"HTTP/1.1 / GET")
def getHost(self):
"""
Return the local address of the UDP connection
@returns: the local address of the UDP connection
@rtype: L{IPv4Address} or L{IPv6Address}
"""
addr = self.socket.getsockname()
if self.addressFamily == socket.AF_INET:
return address.IPv4Address('UDP', *addr)
elif self.addressFamily == socket.AF_INET6:
return address.IPv6Address('UDP', *(addr[:2]))
def test_overflowBytesSentToWrappedProtocolChunks(self):
"""
Test if header streaming passes extra data appropriately.
"""
factory = HAProxyWrappingFactory(Factory.forProtocol(StaticProtocol))
proto = factory.buildProtocol(address.IPv6Address('TCP', b'::1',
8080), )
transport = StringTransportWithDisconnection()
proto.makeConnection(transport)
proto.dataReceived(self.IPV6HEADER[:18])
proto.dataReceived(self.IPV6HEADER[18:] + b'HTTP/1.1 / GET')
self.assertEqual(proto.wrappedProtocol.data, b'HTTP/1.1 / GET')
def test_invalidHeaderDisconnects(self):
"""
Test if invalid headers result in connectionLost events.
"""
factory = HAProxyWrappingFactory(Factory.forProtocol(StaticProtocol))
proto = factory.buildProtocol(address.IPv6Address('TCP', b'::1',
8080), )
transport = StringTransportWithDisconnection()
transport.protocol = proto
proto.makeConnection(transport)
proto.dataReceived(b'\x00' + self.IPV4HEADER[1:])
self.assertFalse(transport.connected)
def test_overflowBytesSentToWrappedProtocolAfter(self):
"""
Test if wrapper writes all data to wrapped protocol after parsing.
"""
factory = HAProxyWrappingFactory(Factory.forProtocol(StaticProtocol))
proto = factory.buildProtocol(address.IPv6Address('TCP', b'::1',
8080), )
transport = StringTransportWithDisconnection()
proto.makeConnection(transport)
proto.dataReceived(b'PROXY TCP6 ::1 ::2 ')
proto.dataReceived(b'8080 8888\r\nHTTP/1.1 / GET')
proto.dataReceived(b'\r\n\r\n')
self.assertEqual(proto.wrappedProtocol.data, b'HTTP/1.1 / GET\r\n\r\n')
def __call__(self, arglist, line):
# RFC 2821 4.5.3.1
if len(line) > 256:
raise AddressTooLong()
match = self.address.match(line)
if match is None:
raise InvalidAddress()
d = match.groupdict()
if d['adl']:
route = d['adl'][1:].split(',@')
else:
route = None
localpart = d['localPart']
if d['domain']:
domain = d['domain']
elif d['ipv4Literal']:
domain = address.IPv4Address(d['ipv4Literal'])
elif d['ipv6Literal']:
# Chop off the leading 'IPv6:'
domain = address.IPv6Address(d['ipv6Literal'][5:])
else:
domain = d['generalLiteral']
at = d['at']
if at:
localpart = localpart or ''
domain = domain or ''
arglist.append(Address(route, localpart, domain))
return match.end()
def parse(cls, line):
"""
Parse a bytestring as a full PROXY protocol header line.
@param line: A bytestring that represents a valid HAProxy PROXY
protocol header line.
@type line: bytes
@return: A L{_interfaces.IProxyInfo} containing the parsed data.
@raises InvalidProxyHeader: If the bytestring does not represent a
valid PROXY header.
@raises InvalidNetworkProtocol: When no protocol can be parsed or is
not one of the allowed values.
@raises MissingAddressData: When the protocol is TCP* but the header
does not contain a complete set of addresses and ports.
"""
originalLine = line
proxyStr = None
networkProtocol = None
sourceAddr = None
sourcePort = None
destAddr = None
destPort = None
with convertError(ValueError, InvalidProxyHeader):
proxyStr, line = line.split(b" ", 1)
if proxyStr != cls.PROXYSTR:
raise InvalidProxyHeader()
with convertError(ValueError, InvalidNetworkProtocol):
networkProtocol, line = line.split(b" ", 1)
if networkProtocol not in cls.ALLOWED_NET_PROTOS:
raise InvalidNetworkProtocol()
if networkProtocol == cls.UNKNOWN_PROTO:
return _info.ProxyInfo(originalLine, None, None)
with convertError(ValueError, MissingAddressData):
sourceAddr, line = line.split(b" ", 1)
with convertError(ValueError, MissingAddressData):
destAddr, line = line.split(b" ", 1)
with convertError(ValueError, MissingAddressData):
sourcePort, line = line.split(b" ", 1)
with convertError(ValueError, MissingAddressData):
destPort = line.split(b" ")[0]
if networkProtocol == cls.TCP4_PROTO:
return _info.ProxyInfo(
originalLine,
address.IPv4Address("TCP", sourceAddr, int(sourcePort)),
address.IPv4Address("TCP", destAddr, int(destPort)),
)
return _info.ProxyInfo(
originalLine,
address.IPv6Address("TCP", sourceAddr, int(sourcePort)),
address.IPv6Address("TCP", destAddr, int(destPort)),
)
def getDestination(self):
"""
@see twisted.internet.interfaces.IConnector.getDestination
"""
return address.IPv6Address('TCP', self.host, self.port, self.flowinfo,
self.scopeid)
def fix_twisted_web_http_Request():
"""Fix broken IPv6 handling in twisted.web.http.request.Request."""
from netaddr import IPAddress
from netaddr.core import AddrFormatError
from twisted.internet import address
from twisted.python.compat import intToBytes, networkString
import twisted.web.http
from twisted.web.server import Request
from twisted.web.test.requesthelper import DummyChannel
def new_getRequestHostname(self):
# Unlike upstream, support/require IPv6 addresses to be
# [ip:v6:add:ress]:port, with :port being optional.
# IPv6 IP addresses are wrapped in [], to disambigate port numbers.
host = self.getHeader(b"host")
if host:
if host.startswith(b"[") and b"]" in host:
if host.find(b"]") < host.rfind(b":"):
# The format is: [ip:add:ress]:port.
return host[:host.rfind(b":")]
else:
# no :port after [...]
return host
# No brackets, so it must be host:port or IPv4:port.
return host.split(b":", 1)[0]
host = self.getHost().host
try:
if isinstance(host, str):
ip = IPAddress(host)
else:
ip = IPAddress(host.decode("idna"))
except AddrFormatError:
# If we could not convert the hostname to an IPAddress, assume that
# it is a hostname.
return networkString(host)
if ip.version == 4:
return networkString(host)
else:
return networkString("[" + host + "]")
def new_setHost(self, host, port, ssl=0):
try:
ip = IPAddress(host.decode("idna"))
except AddrFormatError:
ip = None # `host` is a host or domain name.
self._forceSSL = ssl # set first so isSecure will work
if self.isSecure():
default = 443
else:
default = 80
if ip is None:
hostHeader = host
elif ip.version == 4:
hostHeader = host
else:
hostHeader = b"[" + host + b"]"
if port != default:
hostHeader += b":" + intToBytes(port)
self.requestHeaders.setRawHeaders(b"host", [hostHeader])
if ip is None:
# Pretend that a host or domain name is an IPv4 address.
self.host = address.IPv4Address("TCP", host, port)
elif ip.version == 4:
self.host = address.IPv4Address("TCP", host, port)
else:
self.host = address.IPv6Address("TCP", host, port)
request = Request(DummyChannel(), False)
request.client = address.IPv6Address("TCP", "fe80::1", "80")
request.setHost(b"fe80::1", 1234)
if isinstance(request.host, address.IPv4Address):
# Buggy code calls fe80::1 an IPv4Address.
twisted.web.http.Request.setHost = new_setHost
if request.getRequestHostname() == b"fe80":
# The fe80::1 test address above was incorrectly interpreted as
# address='fe80', port = ':1', because it does host.split(':', 1)[0].
twisted.web.http.Request.getRequestHostname = new_getRequestHostname
def fix_twisted_web_http_Request():
"""Add ipv6 support to Request.getClientIP()
Specifically, IPv6 IP addresses need to be wrapped in [], and return
address.IPv6Address when needed.
See https://bugs.launchpad.net/ubuntu/+source/twisted/+bug/1604608
"""
from netaddr import IPAddress
from netaddr.core import AddrFormatError
from twisted.internet import address
from twisted.python.compat import (
intToBytes,
networkString,
)
import twisted.web.http
from twisted.web.server import Request
from twisted.web.test.requesthelper import DummyChannel
def new_getClientIP(self):
from twisted.internet import address
# upstream doesn't check for address.IPv6Address
if isinstance(self.client, address.IPv4Address):
return self.client.host
elif isinstance(self.client, address.IPv6Address):
return self.client.host
else:
return None
def new_getRequestHostname(self):
# Unlike upstream, support/require IPv6 addresses to be
# [ip:v6:add:ress]:port, with :port being optional.
# IPv6 IP addresses are wrapped in [], to disambigate port numbers.
host = self.getHeader(b'host')
if host:
if host.startswith(b'[') and b']' in host:
if host.find(b']') < host.rfind(b':'):
# The format is: [ip:add:ress]:port.
return host[:host.rfind(b':')]
else:
# no :port after [...]
return host
# No brackets, so it must be host:port or IPv4:port.
return host.split(b':', 1)[0]
host = self.getHost().host
try:
if isinstance(host, str):
ip = IPAddress(host)
else:
ip = IPAddress(host.decode("idna"))
except AddrFormatError:
# If we could not convert the hostname to an IPAddress, assume that
# it is a hostname.
return networkString(host)
if ip.version == 4:
return networkString(host)
else:
return networkString('[' + host + ']')
def new_setHost(self, host, port, ssl=0):
try:
ip = IPAddress(host.decode("idna"))
except AddrFormatError:
ip = None # `host` is a host or domain name.
self._forceSSL = ssl # set first so isSecure will work
if self.isSecure():
default = 443
else:
default = 80
if ip is None:
hostHeader = host
elif ip.version == 4:
hostHeader = host
else:
hostHeader = b"[" + host + b"]"
if port != default:
hostHeader += b":" + intToBytes(port)
self.requestHeaders.setRawHeaders(b"host", [hostHeader])
if ip is None:
# Pretend that a host or domain name is an IPv4 address.
self.host = address.IPv4Address("TCP", host, port)
elif ip.version == 4:
self.host = address.IPv4Address("TCP", host, port)
else:
self.host = address.IPv6Address("TCP", host, port)
request = Request(DummyChannel(), False)
request.client = address.IPv6Address('TCP', 'fe80::1', '80')
request.setHost(b"fe80::1", 1234)
if request.getClientIP() is None:
# Buggy code returns None for IPv6 addresses.
twisted.web.http.Request.getClientIP = new_getClientIP
if isinstance(request.host, address.IPv4Address):
# Buggy code calls fe80::1 an IPv4Address.
twisted.web.http.Request.setHost = new_setHost
if request.getRequestHostname() == b'fe80':
# The fe80::1 test address above was incorrectly interpreted as
# address='fe80', port = ':1', because it does host.split(':', 1)[0].
twisted.web.http.Request.getRequestHostname = new_getRequestHostname