[sr-dev] [kamailio/kamailio] core: tcp - add alias for cinfo dst IP (PR #2888)

sergey-safarov notifications at github.com
Wed Oct 20 13:30:14 CEST 2021

Hello Federico @grumvalski 
I tried before use `haproxy` protocol and found Kamailio implementation is very restrictive.

As example
1) CPU 100% usage when created TCP connection and data do not send #2658 
2) no ability to define a list of trusted sources, because now any fraud host can send crafted haproxy packet and break ACL rules used on Kamailio side. Relevant feature `set_real_ip_from` exist in nginx ([Link](https://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from)). From my point of view it is a big security hole.

Could you also look for limitations described above.

Just for info, nginx config snippet with haproxy feature.
 server {
    listen proxy_protocol;
    listen [::]:3128 proxy_protocol;
    real_ip_header proxy_protocol;

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20211020/0e038e34/attachment.htm>

More information about the sr-dev mailing list