Re: [sr-dev] [kamailio/kamailio] core: tcp - add alias for cinfo dst IP (PR #2888)

Hello Federico @grumvalski I tried before use `haproxy` protocol and found Kamailio implementation is very restrictive. As example 1) CPU 100% usage when created TCP connection and data do not send #2658 2) no ability to define a list of trusted sources, because now any fraud host can send crafted haproxy packet and break ACL rules used on Kamailio side. Relevant feature `set_real_ip_from` exist in nginx ([Link](https://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_i…). From my point of view it is a big security hole. Could you also look for limitations described above. Just for info, nginx config snippet with haproxy feature. ``` server { listen 0.0.0.0:3128 proxy_protocol; listen [::]:3128 proxy_protocol; set_real_ip_from 4.101.84.5/32; set_real_ip_from 4.101.84.133/32; set_real_ip_from 4.236.25.5/32; set_real_ip_from 4.236.25.133/32; real_ip_header proxy_protocol; ... ``` -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/2888#issuecomment-947575963