89d51d5f29
Because this exploit has been widely known for years and has not been fixed by Mojang, we decided that it was worth allowing people to toggle it on/off due to how easy it is to make it configurable. It should be noted that this decision does not promise all future exploits will be configurable.
52 lines
3.6 KiB
Diff
52 lines
3.6 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: PanSzelescik <panszelescik@gmail.com>
|
|
Date: Thu, 7 Apr 2022 16:13:39 +0200
|
|
Subject: [PATCH] Add support for Proxy Protocol
|
|
|
|
|
|
diff --git a/build.gradle.kts b/build.gradle.kts
|
|
index e7ea6d57488cbde806b7d5febd48c42dfe3c5195..b5f31e210f2ca4bdfe9957d44780d89240da6269 100644
|
|
--- a/build.gradle.kts
|
|
+++ b/build.gradle.kts
|
|
@@ -30,6 +30,7 @@ dependencies {
|
|
log4jPlugins.annotationProcessorConfigurationName("org.apache.logging.log4j:log4j-core:2.19.0") // Paper - Needed to generate meta for our Log4j plugins
|
|
runtimeOnly(log4jPlugins.output)
|
|
alsoShade(log4jPlugins.output)
|
|
+ implementation("io.netty:netty-codec-haproxy:4.1.97.Final") // Paper - Add support for proxy protocol
|
|
// Paper end
|
|
implementation("org.apache.logging.log4j:log4j-iostreams:2.19.0") // Paper - remove exclusion
|
|
implementation("org.ow2.asm:asm-commons:9.5")
|
|
diff --git a/src/main/java/net/minecraft/server/network/ServerConnectionListener.java b/src/main/java/net/minecraft/server/network/ServerConnectionListener.java
|
|
index 87abd6274f9da9367094bad0c28acfa47e01c50e..4f330a44c77a7ec3237a86fda04921a8c4a1c00f 100644
|
|
--- a/src/main/java/net/minecraft/server/network/ServerConnectionListener.java
|
|
+++ b/src/main/java/net/minecraft/server/network/ServerConnectionListener.java
|
|
@@ -121,6 +121,29 @@ public class ServerConnectionListener {
|
|
Connection object = j > 0 ? new RateKickingConnection(j) : new Connection(PacketFlow.SERVERBOUND); // CraftBukkit - decompile error
|
|
|
|
//ServerConnectionListener.this.connections.add(object); // Paper
|
|
+ // Paper start - Add support for Proxy Protocol
|
|
+ if (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.proxyProtocol) {
|
|
+ channel.pipeline().addAfter("timeout", "haproxy-decoder", new io.netty.handler.codec.haproxy.HAProxyMessageDecoder());
|
|
+ channel.pipeline().addAfter("haproxy-decoder", "haproxy-handler", new ChannelInboundHandlerAdapter() {
|
|
+ @Override
|
|
+ public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
|
|
+ if (msg instanceof io.netty.handler.codec.haproxy.HAProxyMessage message) {
|
|
+ if (message.command() == io.netty.handler.codec.haproxy.HAProxyCommand.PROXY) {
|
|
+ String realaddress = message.sourceAddress();
|
|
+ int realport = message.sourcePort();
|
|
+
|
|
+ SocketAddress socketaddr = new java.net.InetSocketAddress(realaddress, realport);
|
|
+
|
|
+ Connection connection = (Connection) channel.pipeline().get("packet_handler");
|
|
+ connection.address = socketaddr;
|
|
+ }
|
|
+ } else {
|
|
+ super.channelRead(ctx, msg);
|
|
+ }
|
|
+ }
|
|
+ });
|
|
+ }
|
|
+ // Paper end - Add support for proxy protocol
|
|
pending.add(object); // Paper - prevent blocking on adding a new connection while the server is ticking
|
|
((Connection) object).configurePacketHandler(channelpipeline);
|
|
((Connection) object).setListenerForServerboundHandshake(new ServerHandshakePacketListenerImpl(ServerConnectionListener.this.server, (Connection) object));
|