-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
potential block when using proxy protocol #208
Comments
I'm currently hitting this issue, when spawning unftp behind a digital ocean load balancer with proxy protocol enabled. I'll get a connection, which will permanentely block any other connections. Seems like getting peer never ends. Do you know about any work around, or is there something i can do to help finishing #209 ? |
Hi @Nigma1337. Thank you for reaching out and offering to help. I'm sorry you run into this. I'm now working on a fix, and we intend to build a release this weekend. I hope and expect this fix to be in it. I'll keep you posted. |
Awesome! Apperciate it alot. |
Fixed in v0.18.6 |
In the proxy loop (ftpserver.rs), the function
get_peer_from_proxy_header
is called which blocks until the proxy header has completely been read. When for any reason this happens, new connections can not be accepted.There are several angles to solve this that I've discussed and came up with together with @hannesdejager :
get_peer_from_proxy_header
as wellget_peer_from_proxy_header()
in a async task, and use a channel to pass on the connection information + tcp stream back to the proxy loopget_peer_from_proxy_header()
in a async task, and add this task to a specific task queue, that can then be watched from within theselect!
incoming.next()
arm in an async task, but that will require a concurrent hashmap to replace the current normal hashmap, including a performance penaltyIn addition, a timeout must be introduced to make sure we close the connection if we do not receive the complete proxy header within x amount of time.
The text was updated successfully, but these errors were encountered: