)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"287fc038a977d62a20fadc1ed08ee0acdca0d302","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"82665ee4_90169a76","updated":"2024-07-26 11:45:33.000000000","message":"I think this needs more overhaul","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"85401b502abec8758cb91fe6ee35b22985aac00d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"0bd8f811_df020c84","updated":"2024-07-26 09:42:44.000000000","message":"Only looked through it superficially. Aside from the comments it would be good if we could have some kind of unit-test for the parsing code.","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000041,"name":"ralf_lici","display_name":"Ralf Lici","email":"ralf@mandelbit.com","username":"ralf_lici"},"change_message_id":"b0df44285c546ae376188aa9832200c1e37dc01d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"d06b6848_bf0045d7","in_reply_to":"0bd8f811_df020c84","updated":"2024-07-26 13:27:26.000000000","message":"Sure, I\u0027m working on it","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"68cbc47200e143d386c75288630149dc57cb9227","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"fa93da37_ebe7afd3","updated":"2025-01-08 11:51:22.000000000","message":"Needs uncrustify fix\nNeeds rebase to fix issue with t_server_null tests","commit_id":"c1460eb260306b9e0a5e689880cc5ac900784a22"},{"author":{"_account_id":1000041,"name":"ralf_lici","display_name":"Ralf Lici","email":"ralf@mandelbit.com","username":"ralf_lici"},"change_message_id":"859799de0adb4f3ef7a4c1d8bf522c2dd1ddf14c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"fd6bddd6_6d0a313d","in_reply_to":"fa93da37_ebe7afd3","updated":"2025-01-09 14:46:35.000000000","message":"Done","commit_id":"c1460eb260306b9e0a5e689880cc5ac900784a22"}],"CMakeLists.txt":[{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"287fc038a977d62a20fadc1ed08ee0acdca0d302","unresolved":true,"context_lines":[{"line_number":491,"context_line":"    src/openvpn/proxy.c"},{"line_number":492,"context_line":"    src/openvpn/proxy.h"},{"line_number":493,"context_line":"    src/openvpn/proxy_protocol.c"},{"line_number":494,"context_line":"    src/openvpn/proxy_protocol.h"},{"line_number":495,"context_line":"    src/openvpn/ps.c"},{"line_number":496,"context_line":"    src/openvpn/ps.h"},{"line_number":497,"context_line":"    src/openvpn/push.c"}],"source_content_type":"text/x-cmake","patch_set":1,"id":"59d24823_1499669a","line":494,"updated":"2024-07-26 11:45:33.000000000","message":"haproxy_protocol.c/haproxy_protol.h\n\nCurrently it looks like they are related to the other proxy code which they are not.","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000041,"name":"ralf_lici","display_name":"Ralf Lici","email":"ralf@mandelbit.com","username":"ralf_lici"},"change_message_id":"b0df44285c546ae376188aa9832200c1e37dc01d","unresolved":false,"context_lines":[{"line_number":491,"context_line":"    src/openvpn/proxy.c"},{"line_number":492,"context_line":"    src/openvpn/proxy.h"},{"line_number":493,"context_line":"    src/openvpn/proxy_protocol.c"},{"line_number":494,"context_line":"    src/openvpn/proxy_protocol.h"},{"line_number":495,"context_line":"    src/openvpn/ps.c"},{"line_number":496,"context_line":"    src/openvpn/ps.h"},{"line_number":497,"context_line":"    src/openvpn/push.c"}],"source_content_type":"text/x-cmake","patch_set":1,"id":"7290bcc7_a1b2bf59","line":494,"in_reply_to":"59d24823_1499669a","updated":"2024-07-26 13:27:26.000000000","message":"Acknowledged","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"}],"doc/proxy-protocol.txt":[{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"287fc038a977d62a20fadc1ed08ee0acdca0d302","unresolved":true,"context_lines":[{"line_number":5,"context_line":"original source address of a connection that has been proxied. Every connection"},{"line_number":6,"context_line":"is prepended with a header reporting the client IP address and port. The"},{"line_number":7,"context_line":"protocol specification is available at:"},{"line_number":8,"context_line":"https://www.haproxy.org/download/2.4/doc/proxy-protocol.txt"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"Currently there are two versions of the protocol, a text based version (v1) and"},{"line_number":11,"context_line":"a binary version (v2)."}],"source_content_type":"text/plain","patch_set":1,"id":"4932a48c_3085af39","line":8,"updated":"2024-07-26 11:45:33.000000000","message":"Is this just a copy and paste of the document or is this addition to that document? It would be good to clarify the relationship between these docuemnts.","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000041,"name":"ralf_lici","display_name":"Ralf Lici","email":"ralf@mandelbit.com","username":"ralf_lici"},"change_message_id":"b0df44285c546ae376188aa9832200c1e37dc01d","unresolved":false,"context_lines":[{"line_number":5,"context_line":"original source address of a connection that has been proxied. Every connection"},{"line_number":6,"context_line":"is prepended with a header reporting the client IP address and port. The"},{"line_number":7,"context_line":"protocol specification is available at:"},{"line_number":8,"context_line":"https://www.haproxy.org/download/2.4/doc/proxy-protocol.txt"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"Currently there are two versions of the protocol, a text based version (v1) and"},{"line_number":11,"context_line":"a binary version (v2)."}],"source_content_type":"text/plain","patch_set":1,"id":"98eb2e63_aa08eed1","line":8,"in_reply_to":"4932a48c_3085af39","updated":"2024-07-26 13:27:26.000000000","message":"Acknowledged","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"287fc038a977d62a20fadc1ed08ee0acdca0d302","unresolved":true,"context_lines":[{"line_number":8,"context_line":"https://www.haproxy.org/download/2.4/doc/proxy-protocol.txt"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"Currently there are two versions of the protocol, a text based version (v1) and"},{"line_number":11,"context_line":"a binary version (v2)."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Version 1"},{"line_number":14,"context_line":"---------"}],"source_content_type":"text/plain","patch_set":1,"id":"4a84e43a_90eb3cad","line":11,"updated":"2024-07-26 11:45:33.000000000","message":"Is this protocol TCP only? I assume so, so would be good to mention this.","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000041,"name":"ralf_lici","display_name":"Ralf Lici","email":"ralf@mandelbit.com","username":"ralf_lici"},"change_message_id":"b0df44285c546ae376188aa9832200c1e37dc01d","unresolved":true,"context_lines":[{"line_number":8,"context_line":"https://www.haproxy.org/download/2.4/doc/proxy-protocol.txt"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"Currently there are two versions of the protocol, a text based version (v1) and"},{"line_number":11,"context_line":"a binary version (v2)."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Version 1"},{"line_number":14,"context_line":"---------"}],"source_content_type":"text/plain","patch_set":1,"id":"7d238309_2cbc8ac3","line":11,"in_reply_to":"4a84e43a_90eb3cad","updated":"2024-07-26 13:27:26.000000000","message":"It also supports UDP but we only handle the TCP case so I will state it more clearly in the document.","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000041,"name":"ralf_lici","display_name":"Ralf Lici","email":"ralf@mandelbit.com","username":"ralf_lici"},"change_message_id":"859799de0adb4f3ef7a4c1d8bf522c2dd1ddf14c","unresolved":false,"context_lines":[{"line_number":8,"context_line":"https://www.haproxy.org/download/2.4/doc/proxy-protocol.txt"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"Currently there are two versions of the protocol, a text based version (v1) and"},{"line_number":11,"context_line":"a binary version (v2)."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Version 1"},{"line_number":14,"context_line":"---------"}],"source_content_type":"text/plain","patch_set":1,"id":"3fa8c036_061fb696","line":11,"in_reply_to":"7d238309_2cbc8ac3","updated":"2025-01-09 14:46:35.000000000","message":"Done","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"287fc038a977d62a20fadc1ed08ee0acdca0d302","unresolved":true,"context_lines":[{"line_number":23,"context_line":"The only supported INET_PROTOCOL in version 1 are \"TCP4\" and \"TCP6\"."},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"Version 2"},{"line_number":26,"context_line":"---------"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"The binary version is a more efficient protocol that is more suitable for"},{"line_number":29,"context_line":"production use. It consists of a fixed length header followed by the original"}],"source_content_type":"text/plain","patch_set":1,"id":"1508ed20_2e564dcb","line":26,"updated":"2024-07-26 11:45:33.000000000","message":"Why are supporting two new protocls? Is there a need to introduce an already deprecated protocol to OpenVPN?","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000041,"name":"ralf_lici","display_name":"Ralf Lici","email":"ralf@mandelbit.com","username":"ralf_lici"},"change_message_id":"b0df44285c546ae376188aa9832200c1e37dc01d","unresolved":true,"context_lines":[{"line_number":23,"context_line":"The only supported INET_PROTOCOL in version 1 are \"TCP4\" and \"TCP6\"."},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"Version 2"},{"line_number":26,"context_line":"---------"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"The binary version is a more efficient protocol that is more suitable for"},{"line_number":29,"context_line":"production use. It consists of a fixed length header followed by the original"}],"source_content_type":"text/plain","patch_set":1,"id":"83291020_4f4e27ad","line":26,"in_reply_to":"1508ed20_2e564dcb","updated":"2024-07-26 13:27:26.000000000","message":"Actually, as far as I have seen, currently some proxies only support v1 (eg. stunnel) so I don\u0027t think this version can be considered deprecated yet.","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"287fc038a977d62a20fadc1ed08ee0acdca0d302","unresolved":true,"context_lines":[{"line_number":94,"context_line":"The fields are as follows:"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":"- Proxy Protocol v2 Signature: 12 bytes"},{"line_number":97,"context_line":"  The v2 signature of the protocol: \"\\x0D\\x0A\\x0D\\x0A\\x00\\x0D\\x0A\\x51\\x55\\x49\\x54\\x0A\\x20\"."},{"line_number":98,"context_line":""},{"line_number":99,"context_line":"- Version: 4 bits"},{"line_number":100,"context_line":"  The version of the PROXY protocol (0x2)."}],"source_content_type":"text/plain","patch_set":1,"id":"f26ed461_54c16e70","line":97,"updated":"2024-07-26 11:45:33.000000000","message":"Really? The singnature is \u0027\\r\\n\\r\\n\\x00\\r\\nQUIT\\n\u0027?","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000041,"name":"ralf_lici","display_name":"Ralf Lici","email":"ralf@mandelbit.com","username":"ralf_lici"},"change_message_id":"b0df44285c546ae376188aa9832200c1e37dc01d","unresolved":true,"context_lines":[{"line_number":94,"context_line":"The fields are as follows:"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":"- Proxy Protocol v2 Signature: 12 bytes"},{"line_number":97,"context_line":"  The v2 signature of the protocol: \"\\x0D\\x0A\\x0D\\x0A\\x00\\x0D\\x0A\\x51\\x55\\x49\\x54\\x0A\\x20\"."},{"line_number":98,"context_line":""},{"line_number":99,"context_line":"- Version: 4 bits"},{"line_number":100,"context_line":"  The version of the PROXY protocol (0x2)."}],"source_content_type":"text/plain","patch_set":1,"id":"e62ae60e_87dd1528","line":97,"in_reply_to":"f26ed461_54c16e70","updated":"2024-07-26 13:27:26.000000000","message":"Yes. Citing the specification (section 6):\nThis means that most protocols and implementations will not be confused by an incoming connection exhibiting the protocol signature, which avoids issues when facing misconfigurations.","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"287fc038a977d62a20fadc1ed08ee0acdca0d302","unresolved":true,"context_lines":[{"line_number":105,"context_line":"      The connection was initiated by the proxy."},{"line_number":106,"context_line":"    - PROXY: 0x1"},{"line_number":107,"context_line":"      The connection was initiated by the client."},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"- AF: 4 bits"},{"line_number":110,"context_line":"    The address family of the connection can be: AF_UNSPEC (0x0), AF_INET (0x1),"},{"line_number":111,"context_line":"    AF_INET6 (0x2) or AF_UNIX (0x3)."}],"source_content_type":"text/plain","patch_set":1,"id":"28038db2_443fb0fb","line":108,"updated":"2024-07-26 11:45:33.000000000","message":"What does this mean in the openvpn context?","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000041,"name":"ralf_lici","display_name":"Ralf Lici","email":"ralf@mandelbit.com","username":"ralf_lici"},"change_message_id":"b0df44285c546ae376188aa9832200c1e37dc01d","unresolved":true,"context_lines":[{"line_number":105,"context_line":"      The connection was initiated by the proxy."},{"line_number":106,"context_line":"    - PROXY: 0x1"},{"line_number":107,"context_line":"      The connection was initiated by the client."},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"- AF: 4 bits"},{"line_number":110,"context_line":"    The address family of the connection can be: AF_UNSPEC (0x0), AF_INET (0x1),"},{"line_number":111,"context_line":"    AF_INET6 (0x2) or AF_UNIX (0x3)."}],"source_content_type":"text/plain","patch_set":1,"id":"55c354bf_e38e4ac0","line":108,"in_reply_to":"28038db2_443fb0fb","updated":"2024-07-26 13:27:26.000000000","message":"Basically LOCAL commands are used when the proxy sends health-checks to the server and therefore I guess these should never arrive to an openvpn server and should be ignored. I will add this info to the document","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000041,"name":"ralf_lici","display_name":"Ralf Lici","email":"ralf@mandelbit.com","username":"ralf_lici"},"change_message_id":"859799de0adb4f3ef7a4c1d8bf522c2dd1ddf14c","unresolved":false,"context_lines":[{"line_number":105,"context_line":"      The connection was initiated by the proxy."},{"line_number":106,"context_line":"    - PROXY: 0x1"},{"line_number":107,"context_line":"      The connection was initiated by the client."},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"- AF: 4 bits"},{"line_number":110,"context_line":"    The address family of the connection can be: AF_UNSPEC (0x0), AF_INET (0x1),"},{"line_number":111,"context_line":"    AF_INET6 (0x2) or AF_UNIX (0x3)."}],"source_content_type":"text/plain","patch_set":1,"id":"bdb719ac_ff4981c5","line":108,"in_reply_to":"55c354bf_e38e4ac0","updated":"2025-01-09 14:46:35.000000000","message":"Done","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"287fc038a977d62a20fadc1ed08ee0acdca0d302","unresolved":true,"context_lines":[{"line_number":112,"context_line":""},{"line_number":113,"context_line":"- Proto: 4 bits"},{"line_number":114,"context_line":"    The protocol of the connection can be: UNSPEC (0x0), STREAM (0x1) or"},{"line_number":115,"context_line":"    DGRAM (0x2)."},{"line_number":116,"context_line":""},{"line_number":117,"context_line":"- Address Length: 16 bits"},{"line_number":118,"context_line":"    The length of the rest of the header in bytes."}],"source_content_type":"text/plain","patch_set":1,"id":"aff6de14_525b6ce9","line":115,"updated":"2024-07-26 11:45:33.000000000","message":"if this is dgram, is the protocol still over tcp or does it use UDP then?","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000041,"name":"ralf_lici","display_name":"Ralf Lici","email":"ralf@mandelbit.com","username":"ralf_lici"},"change_message_id":"859799de0adb4f3ef7a4c1d8bf522c2dd1ddf14c","unresolved":false,"context_lines":[{"line_number":112,"context_line":""},{"line_number":113,"context_line":"- Proto: 4 bits"},{"line_number":114,"context_line":"    The protocol of the connection can be: UNSPEC (0x0), STREAM (0x1) or"},{"line_number":115,"context_line":"    DGRAM (0x2)."},{"line_number":116,"context_line":""},{"line_number":117,"context_line":"- Address Length: 16 bits"},{"line_number":118,"context_line":"    The length of the rest of the header in bytes."}],"source_content_type":"text/plain","patch_set":1,"id":"1c49ef62_150309e4","line":115,"in_reply_to":"a24cdcda_47d21b79","updated":"2025-01-09 14:46:35.000000000","message":"Done","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000041,"name":"ralf_lici","display_name":"Ralf Lici","email":"ralf@mandelbit.com","username":"ralf_lici"},"change_message_id":"b0df44285c546ae376188aa9832200c1e37dc01d","unresolved":true,"context_lines":[{"line_number":112,"context_line":""},{"line_number":113,"context_line":"- Proto: 4 bits"},{"line_number":114,"context_line":"    The protocol of the connection can be: UNSPEC (0x0), STREAM (0x1) or"},{"line_number":115,"context_line":"    DGRAM (0x2)."},{"line_number":116,"context_line":""},{"line_number":117,"context_line":"- Address Length: 16 bits"},{"line_number":118,"context_line":"    The length of the rest of the header in bytes."}],"source_content_type":"text/plain","patch_set":1,"id":"a24cdcda_47d21b79","line":115,"in_reply_to":"aff6de14_525b6ce9","updated":"2024-07-26 13:27:26.000000000","message":"The PROXY protocol works both with TCP and with UDP but we support only TCP. I will write in the document that we support only TCP.","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"}],"src/openvpn/proxy_protocol.c":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"85401b502abec8758cb91fe6ee35b22985aac00d","unresolved":true,"context_lines":[{"line_number":5,"context_line":" *             packet encryption, packet authentication, and"},{"line_number":6,"context_line":" *             packet compression."},{"line_number":7,"context_line":" *"},{"line_number":8,"context_line":" *  Copyright (C) 2002-2024 OpenVPN Inc \u003csales@openvpn.net\u003e"},{"line_number":9,"context_line":" *"},{"line_number":10,"context_line":" *  This program is free software; you can redistribute it and/or modify"},{"line_number":11,"context_line":" *  it under the terms of the GNU General Public License version 2"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"f678bd92_399015cd","line":8,"updated":"2024-07-26 09:42:44.000000000","message":"Wrong copyright","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000041,"name":"ralf_lici","display_name":"Ralf Lici","email":"ralf@mandelbit.com","username":"ralf_lici"},"change_message_id":"b0df44285c546ae376188aa9832200c1e37dc01d","unresolved":false,"context_lines":[{"line_number":5,"context_line":" *             packet encryption, packet authentication, and"},{"line_number":6,"context_line":" *             packet compression."},{"line_number":7,"context_line":" *"},{"line_number":8,"context_line":" *  Copyright (C) 2002-2024 OpenVPN Inc \u003csales@openvpn.net\u003e"},{"line_number":9,"context_line":" *"},{"line_number":10,"context_line":" *  This program is free software; you can redistribute it and/or modify"},{"line_number":11,"context_line":" *  it under the terms of the GNU General Public License version 2"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"af015d00_a4fef0e9","line":8,"in_reply_to":"f678bd92_399015cd","updated":"2024-07-26 13:27:26.000000000","message":"Acknowledged","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"}],"src/openvpn/proxy_protocol.h":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"85401b502abec8758cb91fe6ee35b22985aac00d","unresolved":true,"context_lines":[{"line_number":5,"context_line":" *             packet encryption, packet authentication, and"},{"line_number":6,"context_line":" *             packet compression."},{"line_number":7,"context_line":" *"},{"line_number":8,"context_line":" *  Copyright (C) 2002-2024 OpenVPN Inc \u003csales@openvpn.net\u003e"},{"line_number":9,"context_line":" *"},{"line_number":10,"context_line":" *  This program is free software; you can redistribute it and/or modify"},{"line_number":11,"context_line":" *  it under the terms of the GNU General Public License version 2"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"364aa307_26397b78","line":8,"updated":"2024-07-26 09:42:44.000000000","message":"Wrong copyright","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000041,"name":"ralf_lici","display_name":"Ralf Lici","email":"ralf@mandelbit.com","username":"ralf_lici"},"change_message_id":"b0df44285c546ae376188aa9832200c1e37dc01d","unresolved":false,"context_lines":[{"line_number":5,"context_line":" *             packet encryption, packet authentication, and"},{"line_number":6,"context_line":" *             packet compression."},{"line_number":7,"context_line":" *"},{"line_number":8,"context_line":" *  Copyright (C) 2002-2024 OpenVPN Inc \u003csales@openvpn.net\u003e"},{"line_number":9,"context_line":" *"},{"line_number":10,"context_line":" *  This program is free software; you can redistribute it and/or modify"},{"line_number":11,"context_line":" *  it under the terms of the GNU General Public License version 2"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"9bd9130b_22b62cc0","line":8,"in_reply_to":"364aa307_26397b78","updated":"2024-07-26 13:27:26.000000000","message":"Acknowledged","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"}],"src/openvpn/socket.c":[{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"287fc038a977d62a20fadc1ed08ee0acdca0d302","unresolved":true,"context_lines":[{"line_number":2681,"context_line":""},{"line_number":2682,"context_line":"        if (sb-\u003elen \u003c 1 || sb-\u003elen \u003e sb-\u003emaxlen)"},{"line_number":2683,"context_line":"        {"},{"line_number":2684,"context_line":"            /* check if it\u0027s a PROXY protocol header */"},{"line_number":2685,"context_line":""},{"line_number":2686,"context_line":"            /* undo the reading of net_size */"},{"line_number":2687,"context_line":"            ASSERT(buf_prepend(\u0026sb-\u003ebuf, sizeof(net_size)));"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"9d712c5d_d6c36d0f","line":2684,"updated":"2024-07-26 11:45:33.000000000","message":"I don\u0027t think this is the right place to add this. This will be basically called on every link_socket_read_tcp and not just on the first packets. Also it seems to be enabled always so this might have side effects on non-haproxy operation.","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000041,"name":"ralf_lici","display_name":"Ralf Lici","email":"ralf@mandelbit.com","username":"ralf_lici"},"change_message_id":"b0df44285c546ae376188aa9832200c1e37dc01d","unresolved":true,"context_lines":[{"line_number":2681,"context_line":""},{"line_number":2682,"context_line":"        if (sb-\u003elen \u003c 1 || sb-\u003elen \u003e sb-\u003emaxlen)"},{"line_number":2683,"context_line":"        {"},{"line_number":2684,"context_line":"            /* check if it\u0027s a PROXY protocol header */"},{"line_number":2685,"context_line":""},{"line_number":2686,"context_line":"            /* undo the reading of net_size */"},{"line_number":2687,"context_line":"            ASSERT(buf_prepend(\u0026sb-\u003ebuf, sizeof(net_size)));"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"a5c360d3_bd5f87ca","line":2684,"in_reply_to":"9d712c5d_d6c36d0f","updated":"2024-07-26 13:27:26.000000000","message":"It\u0027s true that it doesn\u0027t get executed only on the first packet. However, there\u0027s a change in multi.c that checks if the header is present only once at the beginning of a TCP connection and parses it. So, even if we were to detect a proxy header later, we would not parse it. Additionally, we don\u0027t expect proxy headers after the connection has begun. Therefore, if we end up in this \"if\" condition, it will probably be due to a malformed packet, and the connection will be dropped.","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"},{"author":{"_account_id":1000041,"name":"ralf_lici","display_name":"Ralf Lici","email":"ralf@mandelbit.com","username":"ralf_lici"},"change_message_id":"54a0c4050059d32530dc09c5bc4c7b9c4edfa715","unresolved":true,"context_lines":[{"line_number":2681,"context_line":""},{"line_number":2682,"context_line":"        if (sb-\u003elen \u003c 1 || sb-\u003elen \u003e sb-\u003emaxlen)"},{"line_number":2683,"context_line":"        {"},{"line_number":2684,"context_line":"            /* check if it\u0027s a PROXY protocol header */"},{"line_number":2685,"context_line":""},{"line_number":2686,"context_line":"            /* undo the reading of net_size */"},{"line_number":2687,"context_line":"            ASSERT(buf_prepend(\u0026sb-\u003ebuf, sizeof(net_size)));"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"52c62000_0d470c9e","line":2684,"in_reply_to":"a5c360d3_bd5f87ca","updated":"2024-07-31 09:20:29.000000000","message":"I added an argument to the function that ensures the haproxy protocol header detection is done only once at the beginning of the connection.","commit_id":"93f5f6b7e531e47b8da3ffc0ed0411c1d083ccb6"}]}